Date: May 2018
1. NAMES AND CONTACT DETAILS OF THE CONTROLLER AND THE COMPANY’S DATA PROTECTION OFFICERThe controller for the processing of your data on the website https://www.ibis-hotel-utrecht.nl/ (“website”) is
Rhine Utrecht Opco B.V.
Atlas ArenA – Amerika – 7th Floor
1101 BA Amsterdam
For more information on the controller, please refer to the legal notice.
You can contact our data protection officer at the following address:
Rhine Utrecht Opco B.V.
Atlas ArenA – Amerika – 7th Floor
1101 BA Amsterdam
or by sending an email to: dataprotectionNL@eventhotels.com
2. DATA PROCESSED WHEN OUR WEBSITE IS VISITEDWhen our website is used for information purposes only, thus when you do not register or otherwise provide us with information, we process only the personal data that your browser transmits to our server. When you visit our website, we collect the following data that are technically necessary to display our website to you and to ensure the site’s stability and security (the legal basis is Article 6 (1) f) GDPR):
• IP address
• Date and time of visit
• Time zone difference to Greenwich Mean Time (GMT)
• Content of request (specific site)
• Access status/HTTP status code • The amount of data transferred in each case
• Website from which the request is made
• Operating system and its interface
• Language and version of browser software
We store this information, but without your IP address, in log files and erase it after 338 days for security reasons. The data in the log files are stored separately from your other data. The data are stored for a longer period only in individual cases (e.g. in the event of a suspicion of misuse or fraud). In such cases, the respective log files are stored until the matter has been investigated and any subsequent necessary measures have been completed.
4. USE OF WEB ANALYTICS SERVICES/TRACKINGWhen you visit our website, we collect and process data automatically in order to understand the behaviour of visitors to our website so that we are able to optimise our website and tailor it to the visitors’ interests. The legal basis for the processing of your data is Article 6 (1) f) GDPR. We have a legitimate interest in carrying out web analyses on a pseudonymous basis in order to better understand our users, to optimise our website and to determine whether our internet advertising achieves the desired results. A detailed description of the services we use and on how your personal data are processed can be found in the following relevant descriptions of the services. You can object to the use of these services by way of an opt-out. Please note, however, that you may then not be able to use all of the functions of our website. We use the following web analysis services on our website:
5. USE OF MARKETING SERVICES/TARGETINGWe collect and process data on our website so that we can display suitable advertising on this website and other websites (re-marketing/re-targeting) to you and measure the success of our advertising activities. In doing this, we cooperate with other providers that help us, in particular, to track whether the users find their way to us via certain advertising measures (conversion tracking). In this context, pseudonymous user profiles are also produced. Your consent is obtained in order to allow us to collect and process your data in such way. You may withdraw your consent given in this way at any time with effect for the future. Please note, however, that if you refuse or withdraw your consent you may not be able to use all of the functions of our website. You can object to the use of these services by way of an opt-out. Please note, however, that you may then not be able to use all of the functions of our website.
6. INFORMATION ON THE USE OF SOCIAL PLUG-INSWe use “social plug-ins” from different social networks (“plug-in providers”) on our website. A social network is a social meeting place on the Internet that enables users to communicate with one another and to interact in cyberspace. The legal basis for the processing of your data is Article 6 (1) f) GDPR. We have an interest in making it possible to provide you with the most convenient and best optimised offer on our website by way of the incorporation of social plug-ins and the possible analyses that these make possible and to operate this website commercially. The social plug-ins on our website are usually deactivated on our website to the extent this is technically possible. The social plug-ins therefore do not transmit any data to the respective social plug-in provider without any action on your part. You cannot use the social plug-ins until you activate them by clicking on the buttons. After they are activated, a direct connection is established via your internet browser to the system of the respective social plug-in. The content of the social plug-in is then transmitted directly to your browser and incorporated directly in our website. At the same time, the social plug-in transfers to the respective social plug-in provider the information that you have called up the relevant page of our website. This applies regardless of whether you have a profile with the social plug-in provider or have logged in or subsequently use a social plug-in actively (e.g. by clicking on the “Like” button or by posting a comment). When a social plug-in is used actively, the relevant information is transmitted from your internet browser directly to the respective social plug-in provider and stored there. If you are at the same time logged in at one of the social plug-in providers, that provider can link your visit to our website to your account there. In exceptional cases, a direct connection is established to the systems of the social plug-in provider when you call up a page of our website that contains such a social plug-in. The content of the social plug-in is then transmitted by the respective social plug-in provider directly to your internet browser and integrated directly into our website. At the same time, the social plug-ins transfer to the respective social plug-in provider the information that you have called up the relevant page of our website. This applies regardless of whether you have a profile with the social plug-in provider or have logged in at the social plug-in provider or have used a social plug-in actively (e.g. by clicking on the “Like” button or by posting a comment). When a social plug-in is used actively, the relevant information is transmitted from your internet browser directly to the respective social plug-in provider and stored there. If you are at the same time logged in at one of the social plug-in providers, this provider can link your visit to our website to your account there. We have no influence on the type and scope of the collected and transmitted data. You can find details regarding the scope and purpose of the collection, processing and use of data in the data privacy notices provided by the social plug-in providers. Your rights and settings options regarding the protection of you privacy are also detailed there.
If you do not want the social plug-in providers to link the data collected about your visit to our website to your account, please log out from the social plug-in provider before visiting our website.
We have no influence on the type and scope of the collected and transmitted data. You can find details regarding the scope and purpose of the collection, processing and use of data in the data privacy notices provided by the social plug-in providers. Your rights and settings options regarding the protection of you privacy are also detailed there. If you do not want a social plug-in provider to link the data collected about your visit to our website to your account, please log out from the respective social plug-in provider before activating the social plug-in. If you do not want the social plug-in provider to receive, store and use any data at all, please do not use or click on the respective social plug-in.
We use the following social plug-ins:
GOOGLE+Plug-ins of the social network Google+ are operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can find an overview of Google+ plug-ins here: https://developers.google.com/+/plugins; you can find information on data protection at Google+ here: https://www.google.com/intl/de/+/policy/+1button.html. If data are processed outside the EEA where the level of data protection does not correspond to the European level of data protection, the processing is based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA. If you wish to object to data collection by Google in the future, you can do so here: https://www.google.com/ads/preferences.
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO. If you wish to object to data collection by Twitter in the future, you can set an “opt-out cookie” here: https://twitter.com/personalization.
8. GOOGLE RECAPTCHAWe use Google’s reCAPTCHA service, which protects our website against spam and misuse. The service prevents automatic software (also known as bots) from carrying out abusive activities on our website, meaning that it checks whether the input provided is in fact typed in by a human being. In doing this, Google collects the following data:
• Referrer (the address of the page on which the captcha is used)
• The user’s IP address
• Google account (if the user is logged in to his Google account, this is recognised and linked)
• The user’s input behaviour (e.g. speed with which the user fills in the boxes of the form, order in which the user selects the text boxes) is used to improve Google’s recognition of patterns
• Browser, browser size and resolution, browser plug-ins, date, language settings
• The website’s document presentation instructions (CSS) and scripts (Java script)
• Mouse and touch events on the website
The legal basis for the processing of your data is Article 6 (1) f) GDPR. We have a legitimate interest in effectively avoiding spam, because sorting out spam manually can involve very great effort and costs. Should you not agree to this, you will unfortunately not be able to use the comment function.
9. EMAIL AND CONTACT FORMThe personal data relating to general enquires sent to us by email or via the contact form are stored only for the purpose of the relevant correspondence. The data we receive are stored only for the period of time required for the relevant correspondence. The legal basis for the processing of your data in connection with general enquiries is Article 6 (1) f) GDPR. We have a legitimate interest in processing your data in order to ensure that you can contact us quickly and that your enquiry is processed in accordance with your interests. If you send us specific enquires regarding your booking or our offers by email or via the contact form, the relevant personal data are processed only for the purpose of initiating the contract or implementing your booking. The legal basis for this processing is Article 6 (1) b) GDPR.
10. DATA PROCESSING FOR ADVERTISING PURPOSES
SENDING OUT NEWSLETTERSWe use your email address for advertising and marketing purposes in the context of our newsletter if you have consented to this. Your consent is obtained in accordance with statutory provisions exclusively via the double opt-in procedure. Therefore, you will not receive our newsletter before clicking on the confirmation link that is sent to you by email at your request. You may withdraw your consent given in this way at any time with effect for the future. Clicking on the unsubscribe link is sufficient for this.
PRODUCT RECOMMENDATIONSWe will send you emails including product recommendations. You will receive these product recommendations regardless of whether you have subscribed to a newsletter if you consent to receiving product recommendations by ticking the relevant check box during the booking process. You may withdraw your consent given in this way at any time with effect for the future. Clicking on the unsubscribe link is sufficient for this.
11. DATA TRANSFER TO THIRD PARTIES AND ACROSS INTERNATIONAL BORDERSWe are a part of EVENT Hotels. As a worldwide operating group of companies, EVENT Hotels intends to provide services in Sweden, for example, that are as excellent as the services provided in Paris. In order to achieve this goal, we have established a global network of branches, data processing centres, trustworthy marketing partners, service providers, customer service centres and highly qualified employees across the world. Your data, including your personal data, are therefore forwarded in compliance with statutory requirements to other group companies, branches, sites, data processing centres or service providers that may not be based in your home country. For this purpose, either we conclude corresponding agreements regarding the processing of data on behalf of the controller pursuant to Article 28 GDPR or the data are processed for the purpose of performing or initiating the contract (the legal basis for this is Article 6 (1) b) GDPR).
12. SECURITYAs a member of EVENT Hotels, our company is committed to the high standards of EVENT Hotels. In particular, we implement the technical and organisational measures required pursuant to Article 32 GDPR in order to protect your personal data administered by us against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security measures are continually improved in accordance with technological developments. Only few authorised persons and persons subject to special data protection obligations who generally deal with data in technical or editorial terms have administrative access to the data. Otherwise, data protection for employees in our company is strictly separated according to the respective functional areas.
13. YOUR RIGHTS
WITHDRAWAL OF CONSENTYou may withdraw your consent to the processing of your data at any time with effect for the future. This does not affect the legitimacy of the processing of your personal data prior to the date of withdrawal.
YOUR OTHER RIGHTSYou have the following rights with respect to your personal data:
• Right of access (Articles 15 (1) and 15 (2) GDPR)
• Right to rectification (Article 16 (1) GDPR)
• Right to erasure (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to object to the processing (Article 21 GDPR)
• Right to data portability (Article 20 GDPR)
To assert your rights, please contact our data protection officer at the address provided above.