Privacy Policy

We are delighted that you are visiting our Website and would like to thank you for your interest in our company. We treat all dealings with our customers and potential customers confidentially. The trust placed in us is of great importance to us and the significance of this obliges us to handle your data with care and to protect it from misuse. We take the protection of your personal data and its confidential treatment very seriously, to ensure that you feel safe and comfortable when you visit our Website. We therefore act in compliance with the applicable legal provisions for the protection of personal data and for data security. With this Privacy Policy we would like to inform you about which data we collect and when, and how we use it. Our company’s data protection conforms to the currently valid legal provisions – in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Teleservices Act (TMG) – as well as the respective jurisdiction. Personal data is used exclusively for the proposed and/or agreed purpose. Personal data such as your name, address, bank account, ID number or telephone number, your email address or IP address is thus only collected, processed or used by us if you volunteer it to us and if, furthermore, this is legally permissible, or you have consented to the use of this data. The personal data listed above is usually processed by us when you carry out an online booking or make a reservation enquiry. Insofar as you use our services, we generally only collect the data which we need to provide the services. If we ask you for additional data, this is voluntary information. Personal data is processed exclusively for the provision of the requested service and for the purposes of our own legitimate business interests.


1. Name and contact information of the data controller and the corporate data protection officer

Data controller responsible for the processing of your data on the website (hereinafter: “Website”) is the

Hotelgesellschaft Gerberstrasse Betriebs GmbH
Konrad-Adenauer-Ufer 5-7
50668 Cologne

Additional information on the controller can be found in the site notice.

You can contact our data protection officer using the following contact details:

Crusader Investments B.V.
Data Protection Officer
Konrad-Adenauer-Ufer 5-7
50668 Cologne

Or send an email to:


2. Data processing when you visit our Website

2.1. Use of our Website for information purposes

If our Website is only used for information purposes, i.e. if you do not register or otherwise provide us with information, we will only process the personal data that your browser transmits to our server. When you visit our Website, we collect the following data, which is technically required to enable us to display our website and ensure its stability and security [legal basis is Art. 6(1) sentence (1) point (f) GDPR]:
• IP address
• Date and time of the enquiry
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Data volume transferred in each instance
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software

We store this information for security reasons, albeit without your IP address, in log-files and it is erased after 338 days. The data in the log-files is stored separately from your other data. A longer retention period only occurs in individual cases (e.g. if there is suspicion of malpractice or fraud, to protect our legitimate interests). In these cases, the respective log-files are stored until the facts have been clarified and the subsequent necessary measures have been concluded.


We use Adobe Typekit to display fonts on our Website. Adobe Typekit is a service which enables access to a font library and which is provided by the company Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When accessing a website, your browser will load the necessary web fonts into your browser cache in order to display texts and fonts correctly. The Typekit service does not set or use cookies when providing the fonts. To provide the Typekit service, Adobe can collect information about the font which serves to identify the Website itself and the associated Typekit account. Additional information can be found in Adobe Typekit’s information on data protection and in the privacy policy of Adobe.

2.2. Using our Website and NEWSLETTER from FALCO at The Westin to make a Bookatable table reservation

To enable you to easily reserve a table, we use the service Bookatable of the
Bookatable GmbH & Co.KG
Deichstraße 48-50
20459 Hamburg
Germany [the legal basis is Article 6(1) sentence 1 points (a), (b) and (f) GDPR]: When you use this service to reserve a table, you enter your first name, surname, email address and telephone number into the Bookatable data form. You take note of the Privacy Policy and Terms and Conditions of Bookatable, and after entering your data, you transmit it to Bookatable to reserve a table at the click of a mouse. Additional information can be found in the information relating to data protection at Bookatable GmbH & Co.KG

The restaurant FALCO uses the data you submit within the user interface of Bookatable to perform the contractual relationship with you as the customer.
If in future, you would you like to receive additional information from FALCO at the Westin Leipzig by NEWSLETTER, you transfer the data to Bookatable in the same manner as when making a table reservation, by clicking the appropriate box before submitting your reservation. The data comprises first name, surname, email address and telephone number (legal basis is Article 6(1) points (a), (b) and (f) GDPR). Before activating the NEWSLETTER, you will receive an email to the email address you provided. When you actively confirm your subscription to the NEWSLETTER, you are included in the NEWSLETTER distribution list – this is a double opt-in procedure, which ensures that you do actually wish to receive the NEWSLETTER. The restaurant FALCO uses the data you have transmitted to send the NEWSLETTER and special offers relating to highlights and special events. You can unsubscribe at any time from the NEWSLETTER by clicking on the link Newsletter austragen.

2.3. Using our contact form

Should you have queries of any kind, we offer you the option of contacting us using a contact form provided on our Website. In doing so, a valid email address must be entered so that we know who is sending the query and so that we are able to reply to it. You may volunteer further information if you wish. Data processing for the purpose of contacting us takes place pursuant to Art. 6(1) sentence (1) point (a) GDPR on the basis of your voluntary consent. When you use our contact form under, you transmit to us your name, email address (obligatory information), a subject and your message. The personal data collected by us to enable use of the contact form will be erased once your enquiry has been dealt with.

2.4. Online shop

You can use our online shop to buy specialities and gift vouchers.
When you register and order in our shop we process the data needed to conclude, perform or terminate the contract with you. This includes your name, email address, street and house number, postcode and place, telephone number (compulsory fields) invoice and payment data and/or the name of the recipient of the gift voucher and occasion for the gift.
The legal basis for this is Article 6(1) points (a) and (b) GDPR, i.e. you provide us with the data on the basis of the respective contractual relationship you have with us (e.g. processing of a purchase agreement). To process your email address in the event of a purchase via our Website / applications, we are obligated on the basis of the legal provisions of the German Civil Code (BGB) to send you an electronic order confirmation – [Article 6(1) point (c) GDPR]. We store the data collected to perform the contract for the period of contract and until the statutory and/or any possible contractual warranty and guarantee rights lapse. After expiry of this deadline, we retain the information required from the contractual relationship in accordance with commercial and tax law for the legally prescribed periods. We process your payment information for the purpose of the payment transaction, e.g. when you buy a product and/or a gift voucher. Depending on the method of payment, we may transfer your payment information to third parties (e.g. with a payment by credit card to your credit card provider). The legal basis for this data processing is Art. 6(1) points (a), (b) and (f) GDPR.

For the purpose of delivering the ordered goods, we co-operate with logistics providers / transport companies and/or shipping partners. The following data may be transferred to them for the purpose of delivering the ordered goods and/or providing notice of their shipping: First name, surname, postal address, email address, telephone number (e.g. for notice of delivery). The respective date is transferred solely for the respective purpose and is erased again after delivery. The legal basis of the processing is Art. 6(1) point (b) GDPR.

2.5. External links

We have integrated content from third parties in parts of our Website. This relates to videos, card providers, images or fonts, for example. With regard to the integration of this content, it is technically necessary to communicate your IP address to the third-party providers, so that they can display the content to you. We do not store your IP address to integrate third-party content. The third-party providers can possibly track your surfing habits through your IP address, the use of cookies and other technology (e.g. pixel tags, i.e. invisible graphics), and process alongside your IP address additional technical information (i.a. browser type/version, operating system used, the previously visited site, the host name of the accessing device and the time as well as further information on the use of our Website). The legal basis for the processing of your data is Article 6(1) sentence (1) point (f) GDPR. We have a legitimate interest in optimising our Website and improving our service to you, by integrating third-party content.
Insofar as you use links provided within the framework of our internet pages, this Privacy Policy does not extend to these links. If we provide links, we strive to guarantee that these also comply with our data protection and security standards. However, we have no influence on the adherence to data protection and security regulations by other providers. Therefore, please inform yourself via the websites of the other providers, also in relation to the privacy policies provided there.


3. Use of cookies

We use cookies on our Website on the basis of Art. 6(1) point (f) GDPR. Their use is based on our interest in optimising the Website, which can be considered legitimate in the sense of Art. 6(1) point (f) GDPR. Cookies are small text files that are stored on your hard drive, assigned accordingly to the browser that you use, and which allow the entity that places the cookie to receive certain information. Almost every website on the Internet uses cookies. Cookies cannot run programs or transmit viruses to your computer. On the one hand they serve to make our Website overall more user-friendly for you. In this respect, we use so-called session cookies to determine whether you have already visited individual pages of our website. These are automatically erased once you leave our website. In addition, we set temporary cookies to increase user-friendliness, which are stored for a specific, defined period on your device, for instance for our voucher shop and Facebook Pixel. If you revisit our Website to use our services, the Website automatically recognises that you have already visited us, and which entries and settings you made, so that you do not have to make them again.
On the other hand, we use cookies to generate statistics about the usage of our Website, to assess the optimisation of our service to you, and to be able to display information which has been tailor-made especially for you. When you revisit our Website, these cookies allow us to recognise that you have already accessed our Website. These cookies are automatically erased after a specific time period. You can configure your browser so that no cookies are stored on your computer or that you are notified before a new cookie is stored. However, completely disabling cookies may result in you no longer being able to use all features of our Website.


4. Use of web-analysis services – Google Analytics

When you visit our Website, we automatically collect and process data to track user behaviour on our Website, in order to thus optimise and adjust our Website to the interests of our users. The legal basis for the processing of your data is Article 6(1) sentence (1) point (f) GDPR. We have a legitimate interest in carrying out web analysis on a pseudonymised basis, in order to better understand our users, to optimise our Website accordingly and to determine whether our internet advertising is having the results we hope for.
On our Website, we use the web analysis service Google Analytics (with anonymisation feature) of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of the Google Analytics components is to analyse the use of our Website by users. Google as our data processor provides us, pursuant to Article 28 GDPR, with the corresponding reports with which we can reveal and evaluate the activities on our Website.
To do this a Google Analytics cookie is stored on the device from which you access our Website. When you view individual pages on the Website, Google Analytics components automatically cause your device’s internet browser to transmit data to Google for the purpose of online analysis. Within the framework of this technical procedure, Google gains knowledge of your personal data, in particular information on the browser type/version, the operating system used, the site you visited previously, the host name of the accessing device, IP address and the time of the request, which Google uses among other things to track the origin of users and clicks. This data is not combined with other data relating to you. Furthermore, we use a function where Google automatically shortens and thus anonymises the IP address of your internet connection, if our website is accessed from a member state of the European Union or from a signatory state of the Agreement on the European Economic Area. If, however, in the exceptional event that data is processed outside the EEA, where the data protection level does not meet European standards, this is carried out on the basis of the EU-US Privacy Shield: You can object to the use of cookies by configuring your internet browser so that cookies generally are not stored. Alternatively, you can also use the browser add-on to deactivate Google Analytics, which you can download and install here: By installing the browser add-on, you can object to the use of Google Analytics cookies. If your device is deleted, formatted or reinstalled at a later point in time, the browser add-on must be re-installed.
Further information and Google’s valid data protection regulations can be accessed under and under Google Analytics is explained further under this link:


5. Data transfer to third parties across international borders

We are a part of the EVENT Hotels group. As a globally operating group, EVENT Hotels wishes, for example, to provide you with service in Sweden which is just as excellent as it is in Paris. To reach this goal, we have established a global network of branches, data processing centres, trustworthy marketing partners, service providers, customer service centres and highly qualified staff around the globe. Your data including personal data is therefore transferred, in compliance with statutory provisions, to other corporate groups, branches, sites, data processing centres or service providers, which may not be located in your home country. To do this, we either conclude respective agreements on commissioned data processing pursuant to Art. 28 GDPR, or processing is carried out for the purpose of the performance or initiation of contract (legal basis is Art. 6(1) sentence (1) point (b) GDPR).
Even if data protection and other laws are not as strict and comprehensive in these diverse countries as in your home country, we take measures pursuant to Articles 45 and 46 GDPR (such as the Privacy Shield or standard contractual clauses of the European Commission), to guarantee the protection of your personal data in accordance with the terms of this Privacy Policy. We are happy to provide you with a copy of the measures which have respectively been taken. With regard to this, please contact our data protection officer at the contact address provided above.


6. Security

As a member of EVENT Hotels our company is obligated to EVENT Hotels’ high standards. In particular, we take the required technical and organisational security measures pursuant to Article 32 GDPR, to safeguard the data administered by us from accidental or deliberate manipulation, loss, destruction, and access by unauthorised persons. Our security measures are subject to continuous improvement in line with technological developments. Only a few authorised parties, and those persons bound to special data protection, who generally deal with the technical or editorial handling of data, have administrative access. For the employees of our company, data protection is otherwise strictly separated according to the respective areas of activity.
When you visit the Website, we will use the common SSL procedure (Secure Socket Layer) in combination with the respective highest degree of encryption that is supported by your browser. This usually is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether individual pages of our online presence are transferred in encrypted form by the ‘closed’ icon of the key or lock symbol in the lower status line of your browser.
Apart from the above, we use appropriate technical and organisational security measures in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are subject to continuous improvement in line with technological developments.


7. Erasure of data

We erase your personal data if the purpose of storage has been fulfilled and there are no existing statutory retention periods. We erase contractual data when the contractual relationship with you is terminated, all reciprocal claims have been met and no other statutory retention obligations or statutory legal provisions for their storage exist.  Furthermore, we process your personal data, for as long as we use it for advertising, market research and opinion polls, however, only until you object to our using it this way. Insofar as you have granted consent to receiving advertising, we shall use this consent until you withdraw it from us. 
Please take note of the information above “2.1. Use of our Website for information purposes”.


8. Your rights

Withdrawal of your consent
You can withdraw your consent to the processing of your data at any time with future effect. The lawfulness of the processing of your personal data before withdrawal remains unaffected by this.

Right to object
Under the prerequisites of Article 21(1) GDPR, you have the right to object, on grounds relating to your particular situation, to the processing of your data. The foregoing general right to object applies to all processing purposes described in this Privacy Policy, which are handled on the basis of Article 6(1) sentence (1) point (f) GDPR. We are obligated to implement this type of general withdrawal of consent if you present us with grounds of overarching significance (e.g. a potential risk to life or health).

Your additional rights
With regard to your personal data, you have the following rights towards us:
• Right of access (Art. 15(1) and (2) GDPR)
• Right to rectification (Art. 16 sentence (1) GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object to the processing of data (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)

To assert your rights, please contact our data protection officer at the contact address provided above.


9. Right to lodge a complaint with the supervisory authority

You also have the right to lodge a complaint with a data protection supervisory authority concerning our processing of your personal data.


10. Actuality of and amendments to this Privacy Policy

This Privacy Policy is currently valid and dates from October 2018.
As our Website and related offerings are being continually developed, or due to amended legal and/or official regulations, it may become necessary to amend this Privacy Policy. You can view and print the respective currently valid Privacy Policy at any time by visiting the website under