Privacy Policy for events
Thank you for visiting our website. In the privacy policy, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
I. Controller
The controller for the data processing described below is named in the imprint.
II. Purpose and Legal Basis of Data Processing
In the context of the reservation process and the handling of your event inquiries, we process personal data. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. The necessity of data processing arises either from the implementation of pre-contractual measures that precede a contractually regulated business relationship with you or from the fulfillment of contractual obligations within the framework of an already concluded contract. If you are not a contracting party yourself, we base the processing of your data on our legitimate interest in properly and satisfactorily handling your request. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR.
III. Obligation to Provide Your Personal Data
Within the scope of our business relationship, you must provide the personal data that is necessary for the initiation, execution, and termination of a business relationship with you and for the fulfillment of the associated obligations. Without this data, we will generally not be able to enter into a business relationship with you. If you have voluntarily provided us with data, we will indicate this accordingly during data collection.
IV. Recipients of Your Data
We do not pass on your data to third parties. We only pass on your data to third parties if we are legally obliged to do so or if you have consented to the transfer (Art. 6 para. 1 sentence 1 lit. a GDPR).
In the context of data processing, strictly instructed external service providers are used to support us with IT support services. These service providers have been audited by us, and there are contracts for order processing. These service providers include Infor Global Solutions LLC.
For the USA, there is an adequacy decision (EU-US Data Privacy Framework) according to Art. 45 para. 3 GDPR by the European Commission, under which the service provider is certified. Further information on the issuance of an adequacy decision by the European Commission can be found here. If you would like to receive further information about this, please contact our data protection officer.
V. Determination of Storage Duration
We store your personal data only as long as it is necessary for the above purpose and the fulfillment of a legal obligation of the controller does not oppose deletion (e.g., statutory proof and retention obligations from the Commercial Code and the Tax Code).
VI. Your Data Protection Rights
You have the right to request free information about the personal data stored about you (Article 15(1) GDPR). Additionally, if the legal requirements are met, you have the right to rectification (Article 16 GDPR), deletion (Article 17 GDPR), and restriction of processing (Article 18 GDPR) of your personal data, as well as the right to data portability (Article 20 GDPR).
You have the right to object to data processing based on Article 6(1)(1)(e) or (f) GDPR (Article 21 GDPR). Please address the objection to: hello@johnandwill-hotel.com.
You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the data protection supervisory authority of the federal state in which you reside, where the controller is based, or where the data protection violation occurred.
You can reach our data protection officer at: datenschutz nord GmbH Konsul-Smidt-Str. 88 Email: office@datenschutz-nord.de Phone: 0421 69 66 32-0.
Please include the above-mentioned controller in inquiries with our data protection officer.