1. Name and contact information of the data controller and the corporate data protection officer
Data controller responsible for the processing of your data on the website https://www.falco-leipzig.de/de (hereinafter: “Website”) is the
Hotelgesellschaft Gerberstrasse Betriebs GmbH
Additional information on the controller can be found in the site notice.
You can contact our data protection officer using the following contact details:
Crusader Investments B.V.
Data Protection Officer
Or send an email to: firstname.lastname@example.org.
2. Data processing when you visit our Website
2.1. Use of our Website for information purposes
If our Website is only used for information purposes, i.e. if you do not register or otherwise provide us with information, we will only process the personal data that your browser transmits to our server. When you visit our Website, we collect the following data, which is technically required to enable us to display our website and ensure its stability and security [legal basis is Art. 6(1) sentence (1) point (f) GDPR]:
• IP address
• Date and time of the enquiry
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Data volume transferred in each instance
• Website from which the request originates
• Operating system and its interface
• Language and version of the browser software
We store this information for security reasons, albeit without your IP address, in log-files and it is erased after 338 days. The data in the log-files is stored separately from your other data. A longer retention period only occurs in individual cases (e.g. if there is suspicion of malpractice or fraud, to protect our legitimate interests). In these cases, the respective log-files are stored until the facts have been clarified and the subsequent necessary measures have been concluded.
2.2. Using our Website and NEWSLETTER from FALCO at The Westin to make a Bookatable table reservation
To enable you to easily reserve a table, we use the service Bookatable of the
Bookatable GmbH & Co.KG
The restaurant FALCO uses the data you submit within the user interface of Bookatable to perform the contractual relationship with you as the customer.
If in future, you would you like to receive additional information from FALCO at the Westin Leipzig by NEWSLETTER, you transfer the data to Bookatable in the same manner as when making a table reservation, by clicking the appropriate box before submitting your reservation. The data comprises first name, surname, email address and telephone number (legal basis is Article 6(1) points (a), (b) and (f) GDPR). Before activating the NEWSLETTER, you will receive an email to the email address you provided. When you actively confirm your subscription to the NEWSLETTER, you are included in the NEWSLETTER distribution list – this is a double opt-in procedure, which ensures that you do actually wish to receive the NEWSLETTER. The restaurant FALCO uses the data you have transmitted to send the NEWSLETTER and special offers relating to highlights and special events. You can unsubscribe at any time from the NEWSLETTER by clicking on the link Newsletter austragen.
2.3. Using our contact form
Should you have queries of any kind, we offer you the option of contacting us using a contact form provided on our Website. In doing so, a valid email address must be entered so that we know who is sending the query and so that we are able to reply to it. You may volunteer further information if you wish. Data processing for the purpose of contacting us takes place pursuant to Art. 6(1) sentence (1) point (a) GDPR on the basis of your voluntary consent. When you use our contact form under https://falco-leipzig.de/kontaktformular-schreiben-sie-uns, you transmit to us your name, email address (obligatory information), a subject and your message. The personal data collected by us to enable use of the contact form will be erased once your enquiry has been dealt with.
2.4. Online shop
You can use our online shop to buy specialities and gift vouchers.
When you register and order in our shop we process the data needed to conclude, perform or terminate the contract with you. This includes your name, email address, street and house number, postcode and place, telephone number (compulsory fields) invoice and payment data and/or the name of the recipient of the gift voucher and occasion for the gift.
The legal basis for this is Article 6(1) points (a) and (b) GDPR, i.e. you provide us with the data on the basis of the respective contractual relationship you have with us (e.g. processing of a purchase agreement). To process your email address in the event of a purchase via our Website / applications, we are obligated on the basis of the legal provisions of the German Civil Code (BGB) to send you an electronic order confirmation – [Article 6(1) point (c) GDPR]. We store the data collected to perform the contract for the period of contract and until the statutory and/or any possible contractual warranty and guarantee rights lapse. After expiry of this deadline, we retain the information required from the contractual relationship in accordance with commercial and tax law for the legally prescribed periods. We process your payment information for the purpose of the payment transaction, e.g. when you buy a product and/or a gift voucher. Depending on the method of payment, we may transfer your payment information to third parties (e.g. with a payment by credit card to your credit card provider). The legal basis for this data processing is Art. 6(1) points (a), (b) and (f) GDPR.
For the purpose of delivering the ordered goods, we co-operate with logistics providers / transport companies and/or shipping partners. The following data may be transferred to them for the purpose of delivering the ordered goods and/or providing notice of their shipping: First name, surname, postal address, email address, telephone number (e.g. for notice of delivery). The respective date is transferred solely for the respective purpose and is erased again after delivery. The legal basis of the processing is Art. 6(1) point (b) GDPR.
2.5. External links
4. Use of web-analysis services – Google Analytics
When you visit our Website, we automatically collect and process data to track user behaviour on our Website, in order to thus optimise and adjust our Website to the interests of our users. The legal basis for the processing of your data is Article 6(1) sentence (1) point (f) GDPR. We have a legitimate interest in carrying out web analysis on a pseudonymised basis, in order to better understand our users, to optimise our Website accordingly and to determine whether our internet advertising is having the results we hope for.
On our Website, we use the web analysis service Google Analytics (with anonymisation feature) of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of the Google Analytics components is to analyse the use of our Website by users. Google as our data processor provides us, pursuant to Article 28 GDPR, with the corresponding reports with which we can reveal and evaluate the activities on our Website.
Further information and Google’s valid data protection regulations can be accessed under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained further under this link: https://www.google.com/intl/de_de/analytics/.
5. Data transfer to third parties across international borders
We are a part of the EVENT Hotels group. As a globally operating group, EVENT Hotels wishes, for example, to provide you with service in Sweden which is just as excellent as it is in Paris. To reach this goal, we have established a global network of branches, data processing centres, trustworthy marketing partners, service providers, customer service centres and highly qualified staff around the globe. Your data including personal data is therefore transferred, in compliance with statutory provisions, to other corporate groups, branches, sites, data processing centres or service providers, which may not be located in your home country. To do this, we either conclude respective agreements on commissioned data processing pursuant to Art. 28 GDPR, or processing is carried out for the purpose of the performance or initiation of contract (legal basis is Art. 6(1) sentence (1) point (b) GDPR).
As a member of EVENT Hotels our company is obligated to EVENT Hotels’ high standards. In particular, we take the required technical and organisational security measures pursuant to Article 32 GDPR, to safeguard the data administered by us from accidental or deliberate manipulation, loss, destruction, and access by unauthorised persons. Our security measures are subject to continuous improvement in line with technological developments. Only a few authorised parties, and those persons bound to special data protection, who generally deal with the technical or editorial handling of data, have administrative access. For the employees of our company, data protection is otherwise strictly separated according to the respective areas of activity.
When you visit the Website, we will use the common SSL procedure (Secure Socket Layer) in combination with the respective highest degree of encryption that is supported by your browser. This usually is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether individual pages of our online presence are transferred in encrypted form by the ‘closed’ icon of the key or lock symbol in the lower status line of your browser.
Apart from the above, we use appropriate technical and organisational security measures in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are subject to continuous improvement in line with technological developments.
7. Erasure of data
We erase your personal data if the purpose of storage has been fulfilled and there are no existing statutory retention periods. We erase contractual data when the contractual relationship with you is terminated, all reciprocal claims have been met and no other statutory retention obligations or statutory legal provisions for their storage exist. Furthermore, we process your personal data, for as long as we use it for advertising, market research and opinion polls, however, only until you object to our using it this way. Insofar as you have granted consent to receiving advertising, we shall use this consent until you withdraw it from us.
Please take note of the information above “2.1. Use of our Website for information purposes”.
8. Your rights
Withdrawal of your consent
You can withdraw your consent to the processing of your data at any time with future effect. The lawfulness of the processing of your personal data before withdrawal remains unaffected by this.
Right to object
Your additional rights
With regard to your personal data, you have the following rights towards us:
• Right of access (Art. 15(1) and (2) GDPR)
• Right to rectification (Art. 16 sentence (1) GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object to the processing of data (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)
To assert your rights, please contact our data protection officer at the contact address provided above.
9. Right to lodge a complaint with the supervisory authority
You also have the right to lodge a complaint with a data protection supervisory authority concerning our processing of your personal data.