Data Protection Statement

Data Protection Statement

Thank you for your interest in our website and our services. For us, data form the basis of excellent service. However, our most important asset is our customers’ trust. It is our highest priority to protect customer data and to only use them in the way that our customers expect. The data protection information below should therefore inform you about the processing of your personal data and your rights regarding this processing in accordance with the European General Data Protection Regulation (“GDPR”) and other applicable data protection provisions.

1. General Information

Hospitality Digital GmbH, Metro-Straße 1, 40235 Düsseldorf, Germany (hereinafter “H.d”, “we” or “us”) is responsible for the operation of this website. H.d attaches the utmost importance to the protection of your personal data.

If you have questions regarding data protection, you can contact our Data Protection Officer using the contact details below: Hospitality Digital GmbH, Data Protection Officer, Metro-Straße 1, 40235 Düsseldorf, Germany, e-mail: privacy@hd.digital.

In this Data Protection Statement, we outline how we collect, process and use personal data in the context of providing our website. Personal data is individual information about your personal or material circumstances. We process personal data that we collect about you, process and use exclusively within the context of the applicable statutory provisions.

2. Processing of personal data and transfer to third parties

Upon use of our website, some personal data is automatically collected about your device (computer, mobile phone, tablet etc.). The IP address currently being used by your device, date, time, browser, operating system of your device and the pages retrieved are collected. This happens for the purpose of data security, to optimize our range and to improve our website. With the exception of analysis for statistical purposes, which in that case is strictly in an anonymized form, any other analysis is only performed strictly within the scope of this Data Protection Statement. The processing of this personal data is done on the basis of art. 6, para. 1, sentence 1, letter f) GDPR. The protection of our website and the optimization our services represent a legitimate interest on our part.

If you contact us (e.g., via a request to privacy@hd.digital), we will collect, process and use only such personal data that you have communicated to us and is necessary to process and answer your request.

In order to enable the data processing operations stated in this Data Protection Statement, we are deploying service providers as data processors within the meaning of art. 28 GDPR, for example, service providers for cloud hosting, maintenance and other services. The services providers are both external service providers and services providers within the METRO Group that are located in countries within and outside of the European Union (EU) and the European Economic Area (EEC). By way of contractual provisions, we ensure that these service providers process personal data in accordance with the GDPR in order to guarantee a high level of data protection, even when personal data is transferred to another country where another level of data protection is the standard and for which there is no decision on adequacy from the EU Commission. There is no further transfer of personal data to other recipients, unless we are legally obliged to do so. For further information regarding the appropriate security precautions regarding the international transfer of data or a copy of these precautions, please contact our Data Protection Officer per e-mail at: privacy@hd.digital.

3. Cookies

In order to design our services attractively and to enable the use of specific functions, we use so-called cookies. They are small text files that are stored on your device. Some of the cookies used by us are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the use of cookies and can decide in each case whether to accept them, accept cookies in certain cases or generally exclude the acceptance of cookies. You can find further information in this regard in the help tab of your internet browser. If cookies are not accepted, the functionality of the our website may be limited. By accepting our “Cookie-Banner”, you agree to the processing of your personal data by cookies. This personal data is processed on the basis of art. 6, para. 1, sentence 1, letter a) GDPR. In the following, we detail specific cookies.

We deploy Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics also uses cookies. The information generated by the cookies regarding your use of this website is usually transferred to a Google server in the USA and saved there. However, before this transfer, your IP address is shortened by Google within the member states of the European Union or other signatory states to the Agreement on the European Economic Area. The full IP address is only transferred to the Google server in the USA and shortened there by way of an exception. On behalf of the website operator, Google uses this information to evaluate your use of the website, to compile reports on website activity and in order to perform other services connected to the use of the website and the internet with respect to the website operator. The IP address transferred by your browser in the context of Google Analytics is not merged with other Google data. You may prevent the cookies from being saved by way of a corresponding setting in your browser software. Furthermore, you can prevent the collection for Google of the data that is generated by the cookies and based on your use of the website (incl. your IP address) and the processing of this data by Google by downloading and installing the following browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=de.

4. Processing of personal data in connection with digital services

We use the services of Marketo EMEA Limited, Cairn House South County Business Park, Leopardstown Road, Dublin 18 Ireland (“Marketo”), for example, to send our newsletter, to issue invitations to webinars and events, and also for download options for information about our company and our products (“Digital Services”). Upon sending e-mails Marketo analyses your user behavior on our behalf. For this analysis, the sent e-mails contain so-called web beacons or tracking pixels. This single pixel graphic file makes it possible to record your user behavior. Using the data harvested this way, we create a user profile in order to provide you with Digital Services tailored to your interests. In doing so, we record the time that you read our e-mails and which links you click on within the e-mail. From this we draw conclusions about your personal interests. We link these data to the actions performed by you on our website (see also no. 4.2). The information collected in this manner is stored by Marketo on its server in the EU/EEA. If you do not open any e-mails sent by Marketo for over one year and you also do not use any other Digital Services, then your personal data is automatically deleted. Tracking is not possible, if you have deactivated images from being shown as a default setting in your e-mail program. If you manually show the images, the aforementioned tracking is carried out. This personal data isprocessed on the basis of art. 6, para. 1, sentence 1, letter f) GDPR and serves the optimization of our marketing campaigns.

If you use one of our digital services for which you have completed a registration process (for example, our newsletter), Marketo additionally supports us with the analysis of your user behavior on our website. For this a text file (cookie, see also no. 3) is saved on your computer that allows us to recognize you when you visit our website again. We analyse how you use our website and also other digital content, e.g., videos, banners and downloads that are placed on our website. This way, we can individually tailor our offers to your needs, so that you generally receive fewer randomly selected offers. This personal data is processed on the basis of art. 6, para. 1, sentence 1, letter f) GDPR and serves the optimization of our marketing campaigns.

The information collected in this manner is stored by Marketo on a server in the EU/EEA. The cookie expires after 24 months. You may prevent the cookies from being saved by way of a corresponding setting in your browser software or you can click the opt-out button here in order to prevent future usage analysis by Marketo.

When you register for one of our Digital Services and in this context provide personal data via a registration form, we seek a separate declaration of consent. In it, you declare that you agree to the data processing to the extent stated in the declaration and in the context of using our Digital Services, such as newsletters, invitations to webinars and events, and the connected analysis of your user behavior as described in this section. These personal data are processed on the basis of your consent as per art. 6, para. 1, sentence 1, letter a) GDPR.

5. Provision of personal data and storage periods

Your personal data is provided on a voluntary basis. You are not legally obliged to provide us with your personal data. If you do not want to provide us with your personal data, it does not have any consequences for you other than you cannot use our services. Personal data that you provide to us via our website is only saved until the purpose for which it was processed has been served. Deviating storage periods may arise from a legitimate interest on the part of H.d (e.g., to guarantee data security and to prevent abuse). Personal data, which we must save due to statutory or contractual storage obligations, is blocked.

6. Your rights

To exercise your rights as per the GDPR to

– the information on the processing of your personal data and a copy of these data (art. 15 GDPR),

– the correction and completion of incorrect and incomplete personal data (art. 16 GDPR)

– the deletion of your personal data, and if it have been made public, that H.d. informs the other responsible parties of the application for deletion (art. 17 GDPR),

– a restriction regarding the processing of your personal data (art. 18 GDPR),

– the data portability so that you are given your personal data in structured, standard and machine-readable format and the right to transfer this data to another responsible party without obstruction by H.d (art. 20 GDPR),

– the revocation of an issued consent; the revocation does not affect the legality of the processing undertaken on the basis on the consent before the revocation (art. 7 GDPR), and

– an objection to the data processing (art. 21 GDPR),

you can contact the Data Protection Officer of H.d (privacy@hd.digital) at any time. In addition, you have the right to raise a complaint at the competent supervisory authority if you regard the data processing to be incompatible with the GDPR (art. 77 GDPR).

As on: May 2018/ AG