Data Security

1 Principles of data processing at Kull and Weinzierl

You came to this page via a link because you want to inform yourself about our handling of (your) personal data. In order to fulfil our duty to provide information in accordance with Art. 12 ff. of the Basic Data Protection Ordinance (DSGVO), we are pleased to provide you with the following information on data protection:

1. 1. Who is responsible for data processing?

The respective companies of Kull and Weinzierl are responsible in terms of data protection law. These are:

Cortiina Hotel GmbH, Ledererstraße 8, 80331 München

Imprint: https://www.cortiina.com/impressum/

Kull und Weinzierl GmbH & Co. KG, Tal 11, Rgb. 80331 München

Imprint: https://www.kull-kg.de/impressum.html

LOUIS HOTEL GmbH, Viktualienmarkt 6, 80331 München

Imprint: https://www.louis-hotel.com/impressum/

Operngrill GmbH & Co. KG, Tal 11 Rgb., 80331 München:

Imprint: https://www.brennergrill.de/impressum.html

riva bar Schwabing GmbH & Co. KG, Tal 11, Rgb. 80331 München

Imprint: https://www.riva-schwabing.de/impressum.html

You will find further information about our company, information about the authorized representatives and also further contact possibilities in our respective imprints.

1. 2. Which of your data will be processed by us? And for what purposes?

If we have received data from you, we will only process it for the purposes for which we have received or collected it.

Data processing for other purposes can only be considered if the legal provisions required in this respect pursuant to Art. 6 (4) DSGVO are available. In this case, we will of course comply with any information requirements pursuant to Art. 13 (3) DSGVO and Art. 14 (4) DSGVO.

1. 3. What is the legal basis for this?

The legal basis for the processing of personal data is in principle – insofar as there are no specific legal provisions – Art. 6 DSGVO. The following possibilities are particularly worth considering here:

  • Consent (Art. 6 (1)(a) DSGVO)
  • Data processing for the fulfillment of contracts (Art. 6 (1)(b) DSGVO)
  • Data processing on the basis of a balance of interests (Art. 6 (1) (f) DSGVO)
  • Data processing to fulfill a legal obligation (Art. 6 (1)(c) DSGVO)

If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.

If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 DSGVO.

1. 4. How long is the data stored?

We process the data as long as this is necessary for the respective purpose.

Insofar as statutory retention obligations exist – e.g. in commercial law or tax law – the personal data concerned will be stored for the duration of the retention obligation. After expiry of the retention obligation, the system checks whether there is a further requirement for processing. If a requirement no longer exists, the data will be deleted.

In principle, we carry out an examination of data towards the end of a calendar year with a view to the requirement for further processing. On the basis of the amount of data, this check is made with regard to specific types of data or processing purposes.

Of course, you may at any time (see below) request information about the personal data stored by us and, in the event of a non-existent requirement, request that the data be deleted or that processing be restricted.

1. 5. To which recipients is the data passed on?

A passing on of your personal data to third parties only takes place if this is necessary for the execution of the contract with you, if the passing on is permissible on the basis of a weighing of interests within the meaning of Art. 6 (1)(f) DSGVO, if we are legally obliged to the passing on or if you have given your consent in this respect. However, we use service providers for invoicing or for other of our products or services. Here it can happen that a service provider receives knowledge of personal data. We select our service providers carefully – especially with regard to data protection and data security – and take all measures required under data protection law for permissible data processing.

1. 6. Where is the data processed?

Your personal data will be processed by us exclusively in computer centres of the Federal Republic of Germany.

1. 7. Your rights as “data subjects”

You have the right to information about the personal data processed by us to you personally.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be.

Furthermore, you have a right to correction or deletion or to restriction of the processing, as long as you are legally entitled to do so.

Furthermore, you have a right of objection against the processing within the framework of legal requirements. The same applies to the right to data transferability.

In particular, you have a right of objection pursuant to Art. 21 (1) and (2) DSGVO against the processing of your data in connection with direct advertising, if this is based on a balance of interests.

1. 8. Our data protection officer

We have appointed a data protection officer in our company. You can reach them under the following contact options:

Kull und Weinzierl
– Datenschutzbeauftragte –
Tal 11, Rgb. 80331 München
E-Mail: datenschutz@kull-kg.de

1. 9. Right of appeal

You have the right to complain to a data protection supervisory authority about our processing of personal data.

1. 10. Data processing in a specific case
Data of hotel guests

In the following paragraph you will gain insight into the use of your data (the list does not claim to be complete). 

Storage of your data in accordance with Art. 6 (1) (b) DSGVO: We store data from you for the execution of the accommodation contract and for the fulfilment of legal obligations (registration law). The deletion of the data from the accommodation contract and/or the data of the registration form result from legally prescribed times for deletion.

We only collect and process some of your data if you have given us your consent. As described above, you can object to this consent at any time. This is the case, for example, if you have agreed that we may store personal data in our PMS (Property Management System) to create a guest history. This is necessary to maintain our usual high standard. This way we can also meet your wishes and preferences during a new visit. These are data concerning their preferences and wishes as well as data concerning their health (allergies, food intolerances). You can give us further consent if you agree to our newsletter dispatch. The data that we store with your consent will be deleted as soon as you wish. Just let us know.

Data of restaurant guests

In the following paragraph you will gain insight into the use of your data (the list does not claim to be complete)

Storage of your data in accordance with Art. 6 (1) (b) DSGVO: We store your reservation data according to the principles of a pre-contractual service in our booking system. This data is stored with us for up to three years after your last reservation.

Storage of your data in accordance with Art. 6 (1) (b)  DSGVO and for legitimate interest (Art. 6 (1) (f) DSGVO): In order to fulfil our contractually guaranteed obligations, we store your data in our booking tool. We will keep your data there until you object to further data use. This is necessary to maintain our usual high standard, as we can create such a guest history for you. This way we can also meet your wishes and preferences during a new visit.

We only collect and process some of your data if you have given us your consent. As described above, you can object to this consent at any time. This may be the case, for example, if you have agreed that we may store your allergies and/or food intolerances or if we may store your data for the purpose of carrying out further events or table reservations.

 

Online review 

1. Description and scope of data processing

Our guests can leave a review of our hotel after check-out. For this purpose, we would like to send you an email within 14 days of departure to ask you for a hotel review. Each review may be published anonymously on request. If you did not feel comfortable in one of our hotels, we would like to take the opportunity to contact you.
If you submit an online review, the data will be stored in the rating tool of TrustYou GmbH, Steinerstraße 15, D-81369 Munich, Germany. TrustYou GmbH has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.
If a former guest makes use of this online review option, data from the former guest is stored in the evaluation form. This data includes: email address as well as voluntary information such as first name, surname, language and information provided in the review. In this context, no further transfer of the data to third parties will take place. The data will only be used to publish the rating and to mediate poor ratings.

2. Legal basis for data processing

The legal basis for the processing of data is, moreover, Art. 6 (1) (a) GDPR.

3. Purpose of data processing

The purpose of the hotel review is to communicate and summarise the opinions of hotel guests through our website so that interested parties can form their own impression about our services. In addition, the results assist with our internal quality management.

4. Duration of storage

The data is not deleted. System based data will be deleted after 5 years.

5. Objection and removal options

There is always the option to have the publication of the review deleted on our homepage (right to be forgotten). We have set up the email address datenshcutz@kull-kg.de for this purpose. Please let us know what review you would like to have deleted.

HOME

HOME

HOME

HOME

HOME

HOME

HOME

HOME

HOME

HOME

HOME

HOME