Information on data processing according to Art. 13, 14 GDPR
We are pleased that you are visiting our homepage and thank you for your interest in our hotel. Dealing with the data of website visitors, but also of our customers and business partners, is a matter of trust. The trust placed in us is very important to us and therefore the significance and obligation to handle your data with care and to protect it from misuse.
To ensure that you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. Therefore, we act in accordance with the applicable legal provisions on the protection of personal data and data security. With these notes on data protection, we would therefore like to inform you about when we store which data and how we use it - naturally in compliance with the applicable legislation.
THE MANDALA specifically follows the EU General Data Protection Regulation (GDPR) and the current Federal Data Protection Act (BDSG). When using the internet, we follow the Telemedia Act (TMG) and Telecommunications Telemedia Data Protection Act (TTDSG) of the Federal Republic of Germany to protect your personal data. In the following, we explain what information we collect during your visit to our website and how it is used. In the following, we explain what information we collect during your visit to our websites and how it is used. In addition, we would also like to inform you about how we store and use personal data that we have obtained via other channels.
The Data Controller under the GDPR and other national data protection laws of Member States, as well as other data protection regulations, is:
The Mandala Hotel GmbH,
Potsdamer Str. 3,
D-10785 Berlin, Germany
The Data Controller's Data Protection Officer is:
Andreas Thurmann,
DataSolution LUD GmbH,
Isarstrasse 13,
D-14974 Ludwigsfelde, Germany
Scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users' personal data regularly only takes place with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary to comply with a legal obligation (statutory provisions) to which our company is subject (e.g. federal registration laws), Art. 6 (1) c GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
Description and scope of data processing
Our website contains a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are: First and last name, e-mail address and request.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored.
Legal basis for data processing
The legal basis for the processing of the data is firstly our legitimate interest in the processing of data in the context of contacting the enquirer. If the contact is aimed at the conclusion of a contract, the additional legal basis for processing is in the context of a contractual relationship.
Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The data is used exclusively for processing the booking and for communication.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.
Possibility of objection
You have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose. We would like to point out that in the event of an objection, the conversation cannot be continued or we cannot create any offers etc.
All personal data stored in the course of contacting us will be deleted in this case.
Description and scope of data processing
In order to be able to communicate with you better and to be able to answer questions about the online platform quickly, we use the chat function of LiveRate from the company LiveRate GmbH, Metzstraße 12, 81667 Munich, Germany on our website. The chat function of LiveRate is used as a communication medium and enables communication with website visitors. So-called chatbots can also be used here, which automatically answer standard questions. Within the chat, you have the option of entering your first and last name as well as your e-mail address. Otherwise, no personal data is stored.
Furthermore, you can use other messenger platforms (Facebook Messenger, Telegram) via LiveRate to send and receive messages. If you use Facebook Messenger, Facebook transmits to LiveRate, among other things, Facebook name, profile pictures, language and gender. If you use Telegram Messenger, your username and picture will be sent to LiveRate.
Legal basis for data processing
The legal basis for the processing is the common interest in data processing. We carry out the aforementioned processing for customer care and to increase our services.
You can also make a booking with us via the chat function of LiveRate. The data requested for the booking, e.g. e-mail address, name, address, are required for the initiation and conclusion of the contract. We process data for order processing, in particular we will forward payment data to your chosen payment service provider or our house bank. The legal basis for the processing is the contract or contract initiation relationship. To prevent unauthorised third parties from accessing your personal data, the ordering process on the website is encrypted using SSL/TLS technology.
Purpose of the data processing
The data is processed exclusively for the processing of the conversation.
Duration of storage
We delete the data accruing in this context after the processing is no longer necessary or we restrict the processing if there are statutory retention obligations.
In addition, as part of LiveRate, you are offered the opportunity to register to receive newsletters. The registration takes place via a registration link. If you have registered for the newsletter, our data processing will be carried out in accordance with the information on the point "Newsletter".
Possibility of objection
You have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose.
We would like to point out that in the event of an objection, the booking cannot be completed or the conversation cannot be continued.
Beschreibung und Umfang der Datenverarbeitung
Auf unserer Internetseite gibt es die Möglichkeit, für unsere Restaurants einen Tisch zu reservieren. Nehmen Sie diese Möglichkeit wahr, so werden die in der Eingabemaske eingegeben Daten an uns übermittelt. Diese Daten sind: Vorname, Name, E-Mailadresse, Telefonnummer, Angaben zur Tischreservierung (Tag, Zeit, Anzahl Personen, Restaurant) sowie optionale Angaben zu Sonderwünschen und Anlass.
Wenn Sie von unseren Webseiten eine Tischreservierung vornehmen, so geschieht das durch das Online-Reservierungssystem der Seatris AI GmbH, Kantstr. 34, 10625 Berlin, Deutschland. Alle von Ihnen eingegebenen Bestelldaten werden verschlüsselt übertragen. Mehr zu Seatris.ai erfahren Sie in den Datenschutzbestimmungen.
Rechtsgrundlage für die Datenverarbeitung
Rechtsgrundlage für die Verarbeitung der Daten ist zunächst unser berechtigtes Interesse an der Datenverarbeitung sowie das Vorliegen einer Einwilligung des Nutzers durch Anerkennung unserer Bedingungen zur Datenverarbeitung.
Zweck der Datenverarbeitung
Die Daten werden von uns ausschließlich für die Tischreservierung verwendet. Soweit Sie eine weitere Nutzung Ihrer Daten durch Seatris.ai wünschen, wird sich Seatris.ai eine separate Einverständniserklärung einholen.
Dauer der Speicherung
Die Daten werden gelöscht, sobald sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind.
Widerspruchsmöglichkeit
Sie haben jederzeit die Möglichkeit, die Veröffentlichung seiner Kommentare für die Zukunft zu widersprechen. Hierzu haben wir die E-Mail-Adresse widerruf@themandala.de eingerichtet.
Description and scope of data processing
Our website offers the option of purchasing vouchers. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are: Salutation/title, first name, last name, e-mail address, address, voucher value, wishes, payment data, password for individual user account and, if applicable, date of birth and telephone number.
If you make a voucher purchase from our websites, this is done through the online ordering platform of INCERT eTourismus Gmbh & Co KG, Leonfeldner Straße 328, A-4040 Linz, Austria. All order data entered by you is transmitted in encrypted form. INCERT is committed to handling your transmitted data in accordance with data protection regulations. INCERT takes all organisational and technical measures to protect your data.
Legal basis for data processing
The legal basis for the processing of the data is the conclusion of a purchase contract.
Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the voucher purchase and to handle the payment transaction.
If there is a legitimate interest in obtaining information about the accessibility of natural persons who are commercially active and legal entities, and information about their creditworthiness, we can carry out an information request with IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen. You can find out more about this in IHD's data protection regulations.
Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial law, statutory or contractual retention requirements have been fulfilled.
Possibility of objection
The user has the option to object to the processing of his or her personal data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose.
Description and scope of data processing
On our website, you have the option of commenting on one of our entries. If you take advantage of this option, the data entered in the input mask will be transmitted to us, stored and published on our website. These data are: Name, e-mail address and the comment.
Legal basis for data processing
The legal basis for the processing of the data is firstly our legitimate interest in the data processing as well as the existence of the user's consent by accepting our conditions for data processing.
Purpose of the data processing
The processing of personal data is solely for the purpose of publishing comments on our contributions.
Duration of storage
The data will be deleted if the processing or publication of the data is objected to (right to be forgotten).
Possibility of objection and removal
You have the option to object to the publication of your comments for the future at any time. For this purpose, we have set up the e-mail address widerruf@themandala.de.
Description and scope of data processing
For the support, advice and advertising of corporate customers, we collect and use the contact person, telephone number and postal address in addition to the business partner or potential business partner. We obtain the information from various sources, either through an enquiry (e-mail or telephone), but also via events, trade fairs, business cards that our sales staff receive, etc.
Legal basis for data processing
The legal basis for processing the data is our legitimate interest in data processing. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is the contractual relationship.
To increase our services, we manage all data received in the CRM module of our central hotel software within THE MANDALA. The responsible entity is the hotel with which a business contact exists. Central services such as sales, banqueting, reservations and marketing access this data. The legal basis for processing the data is our legitimate interest in data processing within the framework of central administration and use of the data of our customers and business partners within the hotel group.
Purpose of the data processing
We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.
Duration of storage
In principle, no deletion period is foreseen. However, if our sales department has not had any contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.
If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.
Possibility of objection
As the contact person of a company contact, you have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose. All personal data of the contact person that has been stored for the business partner will be deleted in this case.
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be formed. The stored data is only evaluated for statistical purposes.
Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is the processing to protect our legitimate interest.
Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing also lies in these purposes.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
This service is aimed primarily at adults. We do not currently market any services for children. Therefore, we neither knowingly collect information to determine user age, nor do we knowingly collect personal data from children under 16 years of age. We would, however, like to advise all visitors to our website under 16 years of age not to disclose or make available any personal data. If we discover that a child under 16 years of age has provided us with personal data, we will delete the personal data of the child from our files, as far as this is technologically possible.
If your personal data are processed, you are a Data Subject under the GDPR and you have the following rights with regard to the Data Controller:
You have the right to information on the data stored about you, the purposes for which your data are being processed, any transferring of this data to other bodies that may occur, and the length of time for which your data will be stored.
Should data be incorrect or no longer required for the purposes for which they were collected, you have the right to demand their correction or deletion, or restriction of data processing. Where provided for by the data processing methods used, you can view and, if necessary, correct the data yourself.
If special personal circumstances provide reasons against processing of your personal data, you have the right to object to such data processing, provided that the processing is based on a legitimate interest. The Data Controller will then no longer process your personal data, unless the Data Controller can provide evidence of compelling legitimate reasons for processing which outweigh your interests, rights and freedoms; or if processing serves to assert, exercise or defend legal claims. If your personal data are processed for direct marketing purposes, you have the right, at any time, to object to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to data processing for purposes of direct advertising or profiling, your personal data will no longer be processed for these purposes.
You have the right to revoke your declaration of consent for data protection at any time. Withdrawal of consent shall not affect the legality of processing undertaken on the basis of this consent before its withdrawal.
If you have questions on your rights and exercising them, please contact:
The Mandala Hotel
The Mandala Hotel GmbH
Potsdamer Str. 3
D-10785 Berlin
Deutschland
Tel.: +49 (0) 30 590 05 00 00
Mail: welcome@themandala.de
Data Protections Officer
DataSolution Thurmann GbR
Herr Andreas Thurmann
Isarstr. 13
D-14974 Ludwigsfelde
Deutschland
Tel.: +49 (0) 3378 202513
Fax: (0) 3378 202514
Mail: mail@hoteldatenschutz.de
As a Data Subject, irrespective of any other administrative or judicial remedy, you have the right of appeal to a supervisory authority for data protection, more specifically in the member state where you reside or where the alleged offence was committed, if you believe that the processing of your personal data violates data protection law.
The supervisory authority to which the complaint is submitted will inform you of the status and the findings of your complaint, including whether or not a judicial remedy is possible.
More information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information. Please click this link.
THE MANDALA uses technological and organisational security precautions, in accordance with article 32 of the GDPR, in order to protect your data administered by us from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security precautions are continually improved as technology develops. Access is only granted to a small number of authorised persons, and persons committed specifically to data protection who are concerned with technical, administrative or editorial management of data.
We reserve the right to change, update or amend this privacy notice at any time. Any revised information on data processing will only apply to personal data collected or modified after the effective date.
Status | February 2022