Welcome to the website of MEININGER Shared Services GmbH. It goes without saying that the protection of your personal data, as well as fair and transparent data processing, are important to us. Below, we wish to provide you with the information which you require to check and claim your rights in relation to data processing.
1. Who is responsible for the processing?
The controller is:
MEININGER Shared Services GmbH
Schoeneberger Strasse 15
10963 Berlin, Germany
2. How can you contact the data protection officer?
You can reach our data protection officer (DPO) as follows:
MEININGER Shared Services GmbH
Data Protection Officer
Schoeneberger Strasse 15
10963 Berlin, Germany
3. For what purposes and on what legal basis do we process personal data?
Should you surf on our website, visit our hotels or otherwise get in touch with us, we receive personal data from you.
We generally process data in accordance with the following legal provisions:
- If you issue us with your express consent (Article 6 Paragraph 1 a) GDPR), if you wish us to contact you directly, take part in competitions, subscribe to our newsletter and wish to receive advertising tailored to you personally. We also process data in order to fulfil our contractual obligations (Article 6 Paragraph 1 b) GDPR), for example should you book an overnight stay with us.
- As a company, we are subject to various legal obligations (Article 1 Paragraph 1 c) GDPR). For example, under tax and commercial laws, we are obliged to retain certain documents.
- We also process data in accordance with our legitimate interest or that of a third party (Article 6 Paragraph 1 f) GDPR). Amongst others, a legitimate interest includes data processing for purposes connected to direct advertising, sales generation, IT security and prevention of fraud, as well as the creation of use profiles in the form of pseudonyms in order to carry out analysis and design the website in line with requirements (tracking). You have the right to raise an objection to the data processing which takes place in accordance with the legitimate interest in accordance with Article 21 Paragraph 1 GDPR.
3.1 Data processing on our website
3.1.1 Hotel bookings
You can book a hotel room directly via our website. So that we can carry out your booking, we require your contact and address data, as well as information concerning the service which is being requested (travel dates, number of travellers, meal requests). The legal basis is Article 6 Paragraph 1 Letter b) GDPR.
In order to carry out payment transactions via our website, we use various payment service providers, which collect your information directly and are therefore recipients of your personal data which is gathered in connection with the payment process.
The payment service provider is responsible for your payment data. You can obtain information, in particular concerning the responsible body of the payment service provider, the contact details of the data protection officers of the payment service providers and the categories of personal data which are processed by the payment service providers from the following addresses:
SIX Payment Services (Europe) S.A.
10, rue Gabriel Lippmann, 5365 Munsbach, Luxembourg
Data privacy statement: https://www.six-payment-services.com/en/services/legal/privacy-statement.html#country=de
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg
Data privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE
An der Welle 4, 60322 Frankfurt/Main, Germany
Data privacy statement: https://www.giropay.de/rechtliches/datenschutz-agb/
3.1.3 Get in touch with MEININGER
You can address queries to us and send messages to us via the contact form, our email address or by telephone. We only process your data in order to get in touch with you by the means you requested and in order to handle your matter (the legal basis is Article 6 Paragraph 1 Letters a) or b) GDPR).
3.1.4 Participation in competitions
Should you participate in competitions, we gather the data which is necessary to perform the competition. This is generally an individual contribution to the competition (for example a commentary or photo), as well as your name and contact details. It may be the case that we pass your data on to our competition partners, for example in order to send you the prize. The data processing and passing on of data can vary depending on the competition and is therefore described in concrete terms in the terms and conditions of participation of the respective competition. The participation in the competition and the associated gathering of data is of course voluntary (legal basis is Article 6 Paragraph 1 Letter a) GDPR).
3.1.5 Sending of our newsletter
You can register for our newsletter in order to receive information concerning new hotels, current offers, events, travel tips and product news of the MEININGER Group and partner companies. Advertising information is only sent to your email address in connection with our newsletter if you have agreed to the use of your email address. It goes without saying that you can revoke your consent to the sending of newsletters at any time by clicking on the unsubscription link in the newsletter, using the unsubscription link on our website, or notifying us of your wish to cancel the subscription by sending an email to email@example.com.
For subscription / unsubscription to our newsletter, we use the so-called double opt in / double opt out procedure. This means that following your registration / cancellation, we send an email to the email address which has been provided, in which we request confirmation that you wish to receive / cancel the newsletter. In addition, we save your respective IP addresses which have been used and the time of registration / cancellation and confirmation. By means of this, we can prove your registration / cancellation and, if applicable, clarify any possible misuse of your personal data by a third party.
3.1.6 Newsletter tracking
Based on your consent, we evaluate your user behaviour when the newsletter is sent in order to be able to improve the tracking of how our newsletter is used. For this evaluation, the emails which are sent contain so-called web beacons, also called tracking pixels. These are one-pixel image files which provide a link to our website and which enable us to evaluate your user behaviour. This takes place by means of the use of the web beacons, which are assigned to your email address and are mapped to your own ID. The links in the newsletter also contain these.
With the data which is gathered in this way, we create a user profile, in order to tailor the newsletter to your individual interests. During this process, we record the time when you read our newsletters and which links you click in these, and are able to determine your personal interests from this information. We combine this data with the actions you carry out on our website.
You can object to this tracking at any time by unsubscribing from the newsletter. The information will be saved for as long as you remain subscribed to the newsletter. Following an unsubscription, we save the data in a purely statistical and anonymous form. Should you have de-activated the display of pictures in your email program in a standard form, such tracking is also not possible. In such a case, the newsletter will not be displayed to you in full and you may not be able to use all of the functions. Should you have the pictures displayed manually, the tracking referred to above takes place.
3.1.7 Other advertising by MEININGER
Should we receive your email address and postal address in connection with a stay in our hotels, we can use this data in order to inform you from then on of similar products and services offered by us. Should you prefer not to receive advertising information by post or email, you can object to the use of your contact data for advertising purposes at any time with effect for the future, without any costs being incurred apart from the transmission costs under the basic tariffs. You should send your objection to the following contact address:
MEININGER Shared Services GmbH
Schoeneberger Straße 15, 10963 Berlin, Germany
You can apply to our companies electronically, via the application form on our website or via email to firstname.lastname@example.org. It goes without saying that we will only use your information in order to process the application and we will not pass this on to third parties. Please bear in mind that emails which are sent in non-encrypted form cannot be protected against unauthorised access.
Should you have applied for a specific position and should this already have been filled or should we consider you to be more suitable for an alternative position, we would be happy to pass on your application within the MEININGER Group. Please let us know if you do not agree to such a passing on of your application.
Your personal data will be deleted immediately after the completion of the application process or after a maximum of 6 months, unless you have issued us with your express consent to a longer duration of saving or unless a contract is concluded. The legal basis is Article 6 Paragraph 1 a), b) and F) GDPR and § 26 of the German Federal Data Protection Act (GDPR).
3.1.9 Use of social plugins
This website uses social plugins of the provider:
- Facebook (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
- Twitter (Operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- Google+ (Operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
- Instagram (Operator: Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA)
These plugins normally record standard data relating to you and transfer this to the server of the respective provider. In order to guarantee the protection of your private sphere, we have taken technical measures which ensure that your data cannot be recorded by the providers of the respective plugin without your agreement. When a page is accessed in which the plugins are integrated, these are initially de-activated. Only when you click on the respective symbol are the plugins activated and you are then issuing your agreement to your data being transferred to the respective provider. The legal basis for the use of the plugins is Article 6 Paragraph 1 a) and f) GDPR.
Once activation has taken place, the plugins also record personal data such as your IP address, and send this to the servers of the respective provider, where it is then saved. When the website concerned is called up, activated plugins also use a cookie with an unambiguous code. By means of this, the providers can also create profiles concerning your use behaviour. This also takes place if you are not a member of the social network of the respective provider. Should you be a member of the social network of the provider and should you be logged in to the social network during your visit to this website, your data and information concerning the visit to this website can be connected to your profile on the social network. We have no control over the precise scope of the data relating to you which is gathered by the respective provider. You can find more detailed information concerning the scope, type and purpose of the data processing and your rights and settings options in order to protect your private sphere in the data protection notices of the respective provider. This can be accessed via the following addresses:
- Facebook: https://www.facebook.com/privacy/explanation
- Twitter: https://twitter.com/en/privacy
- Google+: https://policies.google.com/privacy?hl=en-DE
- Pinterest: https://policy.pinterest.com/en-gb/privacy-policy
- Instagram: help.instagram.com/155833707900388
Videos of YouTube are integrated into the website in the extended data protection mode. When the video is viewed, the following data will be transferred to Google as the operator of YouTube:
- The IP address
- The specific address of our page which has been accessed
- The transmitted name of the browser
- The system date and time of the access
- Cookies which are already present by means of which your browser can be clearly identified.
Only once the video is played are cookies and pixel tags set by YouTube in order to personalise advertising and search results. No information concerning the visitors to the website is saved by Google, unless they are watching the video.
We wish to point out that Google may receive additional data via cookies which have already been saved. We have no influence over the extent to which this data is used by Google. Google Inc is responsible for this data gathering and processing.
3.1.11 Google Maps
3.1.12 How are cookies used on this website?
This website uses the following types of cookies, the scope and functions of which will be explained below.
These cookies are automatically deleted once you close the browser. These include the session cookies in particular. These save a so-called session ID, by means of which various requests of your browser can be assigned to the session. By means of this process, your computer can be recognised once again if you return to our website. The session cookies are deleted when you log out or close the browser.
These cookies are automatically deleted after a prescribed period of time, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
The flash cookies which are used are not recorded by your browser, rather by your flash plugin. We also use HTML 5 storage objects, which are deposited on your end device. These objects save the necessary data regardless of the browser which you use and do not have an automatic expiry date. Should you not wish the processing of the flash cookies to take place, you need to install a corresponding add on, for example "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. The use of HTML 1 storage objects can be prevented by using the private mode in your browser. We would also recommend that you regularly delete your cookies and browser history manually.
Prevention of cookies
You can configure your browser setting in accordance with your wishes and you can, for example, reject the acceptance of third party cookies or all cookies. However, we wish to point out that in such a case, you may not be able to use all functions of this website.
3.1.13 Analysis of websites
For the analysis and optimisation of our websites, we use various services which are set out below. For example, by means of these we can analyse how many users are visiting our website, what information is the most popular or how users find the service. Amongst other things, we record the website where a data subject came across a website (so-called referrer), which sub-pages of the website are accessed or how often and for how long a sub-page was viewed. This helps us make our services user friendly and helps us to improve them. The data which is gathered during this process is not used to personally identify individual users. Anonymous data or data with the highest level of pseudonymisation is gathered. The legal basis is Article 6 Paragraph 1 Letter f) GDPR. We consider the optimisation of our website to be a legitimate interest. Your basic rights and basic freedoms do not outweigh our interests, as we comprehensively inform you of the data gathering in our data protection declaration and you have the opt out option at any time (via link or browser settings). We also only used pseudonymised tracking.
This website uses Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The use includes the Universal Analytics operating type. By means of this, it is possible to assign data, sessions and interactions via more than one device to a pseudonymous user ID and thus to analyse the activities of a user across several devices.
You can prevent the saving of cookies by setting your browser software accordingly. However, we wish to point out that in such a case, you may not be able to fully use all functions of this website. In addition, you can prevent the recording of the data which is generated by the cookie and which relates to your use of the website (including your IP address) by Google, as well as the processing of this data by Google by downloading and installing the browser plugin which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. Opt out cookies prevent the future recording of your data when you visit this website. In order to prevent the recording by Universal Analytics via various devices, you need to carry out the opt out on all systems which you are using.
3.1.14 Cookies for marketing purposes
Alternatively, you can prevent the setting of cookies in your browser settings:
Google Chrome: https://support.google.com/chrome/answer/95647
Google AdWords and conversion tracking
In order to increase awareness of our services, we use Google AdWords adverts and use conversion tracking and the Google Tag Manager within the framework of this, for the purpose of personalised online advertising which is tailored to interests and location. The option of anonymising the IP address is m by an internal setting in Google Tag Manager, which cannot be viewed in the source of this website. This internal setting is placed in such a way that the anonymisation of the IP addresses which is required under the German Federal Data Protection Act (Bundesdatenschutzgesetz) is attained.
Google Dynamic Remarketing
This website uses Bing Ads, a service of Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). A cookie is set by Microsoft Bing Ads if you have come across our website via a Microsoft Bing advert. In this way, it can be shown that a person has clicked on an advert, was redirected to our website and has reached a pre-determined target page (conversion page). We are only informed of the total number of users who have clicked on a Bing advert and were then redirected to the conversion page. No personal information concerning the identity of the user is disclosed. Further information concerning data protection and the cookies used by Microsoft Bing can be found on the website of Microsoft.
Facebook Custom Audiences
Custom Audience Pixel, a service of Facebook Inc., (1601 S. California Ave, Palo Alto, CA 94304, USA), is a small piece of Java script code which we have integrated into all of our websites. This piece of code provides a number of functions for the sending of application specific events and user defined data to Facebook. We use Custom Audience pixels in order to record information concerning the way in which visitors use our website. This pixel records and provides Facebook with information concerning the browser setting of the user, a hashed version of the Facebook ID and the URL which is being visited. Each Facebook user thus possesses a clear and device-independent Facebook ID, whereby it is possible to address the user via more than one device on the social network Facebook and to recognise him or her, so that we can target our visitors again for advertising purposes by means of Facebook adverts. After 180 days, the user information is deleted until the visitor accesses our website again. Therefore, no personal information is disclosed to MEININGER in relation to the individual website visitors and we can only solicit website customer target groups once the target customer group has reached a critical mass in terms of numbers.
3.2 Data processing at our hotels
When you stay with us, we gather personal data about you. More information can be found in our customer information receipt, which you receive at check in or can download here.
3.3 Data processing at trade fairs
Should you provide us with your contact data at a trade fair, for example by handing your visitor card to us, participating in a competition (see 3.1.2) or subscribing to our newsletter (see 3.1.3), we record this data in our CRM system. We use this data to get in touch with you as requested, to enter into a business relationship and to provide you with information material.
3.4 Data processing at our Service Center / Reservation Department
If you contact us by telephone or in writing with support issues or reservation requests, we record your name, company name, query and, if applicable contact details for a response or return call, should the gathering of this information be necessary in order to carry out the processing. Your data is used to process your query. The legal basis is Article 6 Paragraph 1 b) and f) GDPR.
A call is only recorded if you have issued your express agreement to this (§ 6 Paragraph 1 a) GDPR). The recording takes place in order to check the quality of our customer support and to improve it.
4. Will my data be passed on to third parties?
So that MEININGER can process your data for the purposes described above, it may be necessary for other recipients also to view and process your data.
4.1 Recipients within the MEININGER Group
In certain cases, it may be necessary for us to distribute your data across the Group. However, data processing within the MEININGER Group only takes place if this is permitted by law. For example, this is the case if other companies of the MEININGER Group work for us in connection with the processing of an order or if a legitimate interest under Article 6 Paragraph1 f) GDPR is present. You can find a list of other companies of the MEININGER Group here.
4.2 External service providers (processors)
Your data will be passed on to service partners, should these work on our behalf and support MEININGER in the provision of its services. For example, should you subscribe to our newsletter, we have engaged a service provider in relation to the sending of the newsletter. Processing of your personal data by commissioned service providers takes place within the framework of order processing in accordance with Article 28 GDPR.
4.3 Other service providers, partners and third parties
MEININGER can co-operate with other partners, should this be necessary in order to fulfil the services which we offer or should we be legally obliged to hand over data. This can include the following partners or third parties:
- Banks and payment providers
- Public sector entities / authorities or by court order
5. Will my data be processed outside of the EU / EEA and how is data protection ensured?
We prefer to process your data within the EU / EEA. However, it may be the case that we use service providers which are located outside of the EU / EEA. In such cases, we ensure that prior to the transfer of your personal data, a reasonable level of data protection is guaranteed. This means that by means of EU standard contracts or adequacy resolutions, such as the EU Privacy Shield, a data protection level which is comparable to the standards within the EU is attained.
6. How long will my data be saved for?
We delete personal data of the data subject once the purpose of the storage no longer applies and provided that statutory retention obligations do not prevent a deletion.
7. What rights do I have and how can I claim these?
You have the following rights in relation to us concerning your personal data:
7.1 General rights
You have the right of access, correction, erasure, restriction of processing, objection to the processing and of data portability. Should processing take place with your consent, you have the right to revoke this in relation to us with effect for the future.
7.2 Rights in the case of data processing based on a legitimate interest
In accordance with Article 21 Paragraph 1 GDPR, you have the right at any time, for reasons connected to your specific situation, to raise an objection to the processing of personal data relating to you, which takes place under Article 6 Paragraph 1 e) GDPR (data processing in the public interest), or under Article 6 Paragraph 1 f) GDPR (data processing in order to safeguard a legitimate interest). This also applies to profiling which is based on this regulation. In the event that you raise an objection, we will no longer process your personal data, unless we can provide proof of mandatory protectable reasons for the processing which take priority over your interests, rights and freedoms or the processing takes place in order to assert, exercise or defend legal claims.
7.3 Rights in the case of direct advertising
Should we process your personal data in order to carry out direct advertising, then in accordance with Article 21 Paragraph 2 GDPR you have the right to raise an objection at any time to the processing of the personal data relating to you for the purpose of such advertising. This also applies to the profiling, should it be connected with such direct advertising.
Should you raise an objection against the processing for the purpose of direct advertising, we will no longer process your personal data for these purposes.
7.4 Right to complain to a supervisory authority
You also have the right to complain to a competent data protection supervisory authority in relation to the processing of your personal data by us.
8.1 Changes to the data protection declaration
This data protection declaration which has been issued is continually adjusted in the course of further developments related to the Internet or the services we offer. We will provide timely notification of such changes on this page. In order to remain up-to-date concerning the current status of our data protection provisions, please visit this page regularly.
8.2 Links to other websites
Our websites may contain links to websites of other providers. We wish to point out that this data protection declaration only applies to the websites of MEININGER. We have no influence over whether other providers comply with the applicable data protection provisions and do not monitor this.