In this document, we inform you about the collection of personal data when using our website and contacting you via a contact form, by e-mail or by telephone. Personal data is all data that can be personally related to you, e.g. name, address, e-mail addresses, and user behavior.

I. Name and contact details of the controller and the data protection officer

1. The person responsible in accordance with Article 4 No. 7 of the EU General Data Protection Regulation (GDPR) is Congress Hotel Dresden Betriebs GmbH, Wilhelm-Franke-Straße 90, 01219 Dresden, +49 351 47820, datenschutz@prestigehotelcollection.com (see our imprint).

II. General information on the collection, disclosure and retention of personal data

1. We process your personal data in compliance with the provisions of the GDPR, the Federal Data Protection Act (BDSG) and all other relevant laws.

2. First and foremost, the data processing serves the establishment and fulfillment of a contractual relationship with you. When you contact us by e-mail, via a contact form or by telephone, the data you provide (your e-mail address, if applicable, Your name and phone number) stored by us to answer your questions. The primary legal basis for this is Article 6(1)(b) GDPR. In addition, if necessary, Your separate consent according to Art. 6 sec. 1 a), 7 GDPR will be used as a data protection permit requirement. We also process your data in order to be able to fulfil our legal obligations, especially in the field of commercial and tax law. This is done on the basis of Article 6(1)(c) GDPR. If necessary, we also process your data on the basis of Art. 6 sec. 1 (f) GDPR in order to protect legitimate interests of us or third parties.

3. Your personal data will not be transferred to third parties for purposes other than the ones listed below. We will only pass on your personal data to third parties if you provide your personal data under Art. a) GDPR have given express consent to the transfer in accordance with Article 6 (1) lit. f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding interest worthy of protection in the non-disclosure of your data in the event that the disclosure under Article 6(1) Lit. c) GDPR is a legal obligation and this is permitted by law and is permitted under Art. b) GDPR is required for the settlement of contractual relationships with you.

4. If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also mention the defined criteria for the storage time.

5. We will delete your personal data as soon as it is no longer required for the following purposes. After termination of the contractual relationship, your personal data will be stored as long as we are legally obliged to do so. This is regularly determined by legal obligations to provide proof and retention, which are regulated, among other things, in the Commercial Code and the Tax Code. The storage periods are then up to ten years. In addition, personal data may be retained for the period during which claims can be made against us (legal limitation period of three or up to thirty years).

III. Collection of personal data on our website

1. Visiting our website

1.1 If you only use the website in an informative way, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect data that is technically necessary for us to show you our website and to ensure stability and security. The data is also stored in the log files of our system. This data will not be stored together with other personal data of the user. This data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the content of the request (concrete page), access status/HTTP status code, amount of data transferred, website from which the request originates, Browser, operating system and its interface and language and version of the browser software.

1.2 The legal basis for the temporary storage of the data and the log files is Art. (f) GDPR.

1.3 The temporary storage of the IP address by the system is necessary to enable the delivery of the website to your browser. To do this, your IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. In these purposes lies also our legitimate interest in the data processing according to Art. 6 sec. 1 lit. (f) GDPR. An evaluation of the data for marketing purposes does not take place in this context.

1.4 The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is finished. Logfiles will be deleted within 7 days of the website being accessed.

1.5 The collection of data when visiting the website and the storage of the data in the log files is absolutely necessary for the operation of the website. There is therefore no possibility of any objection on your part.

2. Use of cookies

2.1 When you use our website, cookies are stored on your computer system. Cookies are text files that are stored on your computer system in the Internet browser or by the Internet browser. If you visit a website, a cookie can be stored on your operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when you visit the website again.

2.2 This website uses the following types of cookies, the scope and functioning of which are explained below:

• • Transient cookies (temporary use)
  • Persistent cookies (temporary use)
  • Third-party cookies (from third parties according to separate information).

2.3 Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. The legal basis for the processing of personal data using transient cookies is Art. (f) GDPR. The purpose of using these cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. In these purposes, our legitimate interest lies in the processing of personal data in accordance with Art. (f) GDPR.

2.4 Persistent cookies are used exclusively in connection with the web analysis services we use and are only used for as long as the purpose requires; they have a maximum lifespan of two years. You can delete the cookies in your browser’s security settings at any time. In this case, the functionality and usability of the offer may be limited. The legal basis for the processing of personal data using persistent cookies is Art. (f) GDPR. The use of analytics cookies is carried out for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and can thus continuously optimize our offer. In these purposes, our legitimate interest lies in the processing of personal data in accordance with Art. (f) GDPR.

2.5 Cookies, which are not technically necessary for the provision of our service, are only set with your consent, which you can revoke at any time. By continuing to use the website with the appropriate browser settings, you agree to the use of cookies within the scope of this privacy policy. You can thus give us your consent by setting your browser, for example by determining that you are informed about the setting of cookies and that they are not accepted until you expressly confirm this. You can also choose to allow cookies to be accepted for certain cases or in general. You can configure your browser setting according to your wishes and control, for example, the acceptance or rejection of third-party cookies or all cookies. However, we would like to point out that you may not be able to use all the features of this website. The legal basis for the processing of personal data using cookies for analysis purposes is, in the event of the user’s consent in this respect, Art. (a) GDPR.

3. Other features and offers of our website

3.1 In addition to the purely informative use of our website, we offer various services that you can use if you are interested. To do so, you must usually provide other personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.

3.2 In part, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

3.3 Furthermore, we may disclose your personal data to third parties if promotional participations, sweepstakes, contracts or similar services are offered by us together with partners. You can find more information about this by providing your personal data or in the description of the offer below.

3.4 Insofar as our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

4. Use of contact forms

4.1 We collect your personal data if you provide it to us on your own by using our contact forms. Then we collect the information that is obtained during the contact. This includes in particular names and transmitted contact details, date and reason for contacting us. The personal data you collect will only be used for the purpose of providing you with the desired products or services and to correspond with you (legal basis Art. 6 sec. 1 b) GDPR).

4.2 The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input form of the contact form, this is the case when the respective conversation with you is finished. The conversation ends if it can be inferred from the circumstances that the facts in question have been finally clarified. Insofar as the data provided are subject to the tax and commercial retention obligations, these shall be stored for the duration of the retention obligations of ten years and then deleted, unless you are placed in any further storage or the further processing of the data is necessary for the assertion, exercise or defence of legal claims (statutory limitation period of three or up to thirty years).

5. Integration of Google Maps

5.1 On our website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and allow you to use the map function conveniently. The legal basis for the use of Google Maps is Art. (f) GDPR.

5.2 By visiting the website, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland will be informed that you have accessed the corresponding subpage of our website. In addition, the data referred to in III. 1. of this declaration shall be transmitted. This is regardless of whether Google Ireland Limited provides a user account through which you are logged in or if there is no user account. If you are logged in to Google Ireland Limited, your data will be directly associated with your account. If you do not wish to be assigned to your google Ireland Limited profile, you must log out before activating the button. Google Ireland Limited stores your data as user profiles and uses it for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for unlogged users) for the provision of demand-oriented advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of these User Profiles, and you must contact Google Ireland Limited to exercise this.

5.3 Further information on the purpose and scope of the data collection and its processing by this provider can be found in the provider’s privacy policy. There you will also find further information about your rights in this regard and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, also processes your personal data in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Opt-out: https://adssettings.google.com/authenticated

6. Integration of Google Fonts

6.1 On our website we use the offer of Google Fonts. We use this service in the interests of a consistent and appealing presentation of our website. When you visit a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly. If your browser does not support web fonts, a default font will be used by your computer. The legal basis for the use of Google Fonts is Art. (f) GDPR.

6.2 By visiting the website, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland will be informed that you have accessed the corresponding subpage of our website. In addition, the data referred to in III. 1. of this declaration shall be transmitted. This is regardless of whether Google Ireland Limited provides a user account through which you are logged in or if there is no user account. If you are logged in to Google Ireland Limited, your data will be directly associated with your account. If you do not wish to be assigned to your google Ireland Limited profile, you must log out before activating the button. Google Ireland Limited stores your data as user profiles and uses it for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for unlogged users) for the provision of demand-oriented advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of these User Profiles, and you must contact Google Ireland Limited to exercise this.

6.3 Further information on the purpose and scope of the data collection and its processing by this provider can be found in the provider’s privacy policy. There you will also find further information about your rights in this regard and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, also processes your personal data in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Opt-out: https://adssettings.google.com/authenticated

7. Security

7.1 Within the website visit, we use the common SSL (Secure Socket Layer) method in conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we’ll use 128-bit v3 technology instead. You can tell whether a single page of our website is transmitted encrypted by the closed display of the bowl or lock icon in the lower status bar of your browser.

7.2 We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

IV. Collection of personal data when contacted by e-mail, post and telephone

1. Collection of personal data of customers, interested parties and suppliers

1.1 We will only collect your personal data as a customer, interested party or supplier if you make it available to us by e-mail, post or telephone. Then we collect the information that is obtained during the contact. This includes in particular names and transmitted contact details, date and reason for contacting us. The personal data you collect will only be used for the purpose of providing you with the products or services you require (legal basis Art. 6 sec. 1 (b) GDPR), or for other purposes for which you have given your consent. legal basis, Article 6(1) (GDPR) and which are described in this Data Protection Declaration. You have the option to withdraw your consent to the processing of personal data at any time.

1.2 You are not obligated to provide the aforementioned personal data. The data provided may be required for the conclusion of a contract. Without the provision of the data, communication, contract conclusion or contract execution may not take place.

1.3 The data relevant in each individual case shall be transmitted to public authorities in the event of priority legislation, external service providers or other Contractor and other external bodies, insofar as you have given your consent or a transmission is permitted out of overwhelming interest. There is no intention to transfer your data to a recipient in a third country (not an EU/EEA Member State) or to an international organisation.

1.4 The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for the personal data provided when the respective conversation with you is terminated. The conversation ends if it can be inferred from the circumstances that the facts in question have been finally clarified. Insofar as the data provided are subject to the tax and commercial retention obligations, these shall be stored for the duration of the retention obligations of ten years and then deleted, unless you are placed in any further storage or the further processing of the data is necessary for the assertion, exercise or defence of legal claims. The legal basis for the processing of personal data for the purposes of fulfilling the statutory archiving and retention obligations is Art. c) GDPR.

2. Collection of personal data of applicants

2.1 We will only collect your personal data as an applicant if you make it available to us by e-mail, post or telephone. This applies to applications for vacancies as well as to unsolicited applications. Then we collect the information that was provided in the context of the application. This includes, in particular, name, date of birth, contact details, interests, qualification data as well as school and professional careers. The personal data you collect will only be used for the purpose of carrying out the application process (legal basis Art. 6 sec. 1 lit. a), b) and f) GDPR, Section 26 bdSG).

2.2 You are not obligated to provide the aforementioned personal data. The data communicated may be required for a future conclusion of the contract after the completion of the application process. Without the provision of the data, the communication, the execution of the application process or a contract can not take place.

2.3 The data relevant in each individual case shall be transmitted on the basis of the statutory provisions or a contractual agreement. Data is transmitted to HR staff, management staff and the respective department head. Your personal data will not be transferred to third parties. There is no intention to transfer your data to a recipient in a third country (not an EU/EEA Member State) or to an international organisation.

2.4 The data will be deleted as soon as they are no longer necessary for the purpose of their collection. Therefore, we will retain your data after the application process has been carried out in the event of a rejection six months after notification of the rejection decision to you. If you have consented to a longer storage period, the storage period is two years. After that, we will either delete your data or seek your consent again. You have the option to withdraw your consent to the processing of personal data at any time.

V. Objection or revocation against the processing of your data

1. If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the admissibility of the processing of your personal data after you have expressed it to us.

2. Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not required in particular for the performance of a contract with you, which is shown by us in the following description of the functions. In exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your reasoned objection, we will examine the situation and will either discontinue or adjust the data processing or show you our compelling reasons for continuing the processing.

3. Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your advertising objection at the following contact details: Congress Hotel Dresden Betriebs GmbH, Wilhelm-Franke-Straße 90, 01219 Dresden, +49 351 47820, datenschutz@prestigehotelcollection.com.

VI. Your rights

1. You have the right to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you may provide information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, Deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of their data, if these have not been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, provide meaningful information on the details of the data.

2. In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or completion of your personal data stored by us. You have the right under Article 17 GDPR to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

3. Pursuant to Article 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer however, you need them to assert, exercise or defend legal claims or you have filed an objection to the processing in accordance with Article 21 GDPR.

4. You have the right under Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another controller.

5. Pursuant to Art. 7 sec. 3 GDPR, you have the right to revoke your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent for the future.

6. You also have the right under Art. 77 GDPR to complain to a supervisory authority about the processing of your personal data by us, for example the data protection officer responsible for us for the federal state of Berlin, Friedrichstraße 219, 10969 Berlin, Phone: 030 / 13 889-0, E-mail: mailbox@datenschutz-berlin.de.

VII. Timeliness and amendment of this Privacy Policy

1. This Privacy Policy is currently valid and as of October 2019.

2. Due to the further development of our website and offers about it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be accessed and printed at any time on the website under https://www.prestigehotelcollection.com/ by you.

VIII. Newsletter Privacy Policy

1. If you subscribe to our newsletter you submit the above personal data and give us the right to contact you by e-mail. We use the data stored in the registration for the newsletter exclusively for our newsletter and do not pass this on.

2. If you unsubscribe from the newsletter – you will find the link in each newsletter at the bottom – then we delete all data that was saved with the registration for the newsletter.

IX. MailChimp Privacy Policy

We send out newsletters with MailChimp and use on this website features of the newsletter service MailChimp of The Rocket Science Group, LLC, 675 Ponce de Leon Ave. NE, Suite 5000, Atlanta, GA 30308 USA to record newsletter subscriptions.

X. General Information about MailChimp

Rocket Science Group LLC (MailChimp) maintains online platforms that enable our users to stay in touch with their subscribers, primarily via email. They allow users, e-mail addresses, and other information about the subscriber profile, such as: Name, physical address and other demographic information to upload into the MailChimp database. This information is used to send emails and allow the use of certain other MailChimp features for these users. In accordance with the published privacy policy, MailChimp shares some information with third parties to provide and support the services that MailChimp provides to users. MailChimp also shares some information with third-party affiliates to better understand users’ needs and interests so that more relevant content and targeted advertising can be provided to these users and other users.

XI. Newsletter Sign up

When you sign up for our newsletter on our website, the data entered will be stored by MailChimp.

XII. Deletion of your data

You can withdraw your consent to receive our newsletter at any time within the received e-mail by clicking on the link at the bottom. If you have unsubscribed by clicking on the unsubscribe link, your data will be deleted at MailChimp.

XIII. Newsletter evaluation

1. When you receive a newsletter through MailChimp, information such as IP address, browser type and e-mail program are stored to give us information about the performance of our newsletter. MailChimp can use the images embedded in the HTML emails called Web Beacons (see https://kb.mailchimp.com/reports/about-open-tracking for details) to see if the email has arrived, whether they are was opened and if links were clicked. All this information is stored on the servers of MailChimp, not on this website.

2. MailChimp is an active participant in EU-US. Privacy Shield Framework which regulates the correct and secure transfer of personal data. More information can be found at https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG. You can read more about the use of cookies at MailChimp at https://mailchimp.com/legal/cookies/, for information on data protection at MailChimp (Privacy), please refer to https://mailchimp.com/legal/privacy/.