Data protection information of MHP Hotel AG according to Art. 13, 14 GDPR
MHP Hotel AG and its affiliated companies listed in paragraph 1(2) (hereinafter referred to as “We” or “Us”) are pleased about your visit to Our websites and your interest in Our company and Our products. The protection of your personal data when it is collected, processed and used during your visit to Our website is very important to Us. Below you will find information on what data is collected during your visit to the website and how it is used.
Information about the processing of personal data
(1) In the following, we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
(2) The controller pursuant to Art. 4 (7) of the General Data Protection Regulation (GDPR) is
Responsible parties
MHP Hotel AG
Maximiliansplatz 12 b
D – 80333 Munich
Phone +49 (0) 89 30 90 98-10
Email: info[at]mhphotels.com
MHP Hotel an der Alster GmbH
Le Méridien Hamburg
On the Alster 52
D – 20099 Hamburg
Phone +49 (0) 40 2100 0
Email : info[at]lemeridienhamburg.com
MHP Hotel am Burggarten GmbH
Le Méridien Vienna
Robert Stolz Place 1
AT- 1010 Vienna
Phone +43 1 588 900
Email: info[at]lemeridienvienna.com
MHP Hotel an der Isar Nr. 1 GmbH
Le Méridien Munich
Bayerstrasse 41
D – 80335 Munich
Phone +49 89 24220 0
Email: info[at]lemeridienmunich.com
MHP Hotel an der Oper GmbH
Le Méridien Stuttgart
Willy-Brandt-Strasse 30
D – 70173 Stuttgart
Phone: 49 711 2221 0
Email: info[at]lemeridienstuttgart.com
MHP Hotel am Karlsplatz GmbH
Koenigshof Munich
Karlsplatz 25
D-80335 Munich
Phone +49 89 8584 0704 0
Email: info[at]koenigshof-munich.com
(3) You can contact our data protection officer at the above postal address with the addition -Data Protection Officer- or at the e-mail address: dsb[at]mhphotels.com
Rights of data subjects
(1) You have the following rights vis-à-vis us with regard to the personal data concerning you
– Right of access (Art. 15 GDPR),
– Right to rectification or erasure (Art. 16 and 17 GDPR),
– Right to restriction of processing (Art. 18 GDPR),
– Right to object to processing (Art. 21 GDPR),
– Right to data portability (Art. 20 GDPR).
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR).
Collection of personal data when visiting our website
(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– amount of data transferred in each case
– Website from which the request originates
– browser
– Operating system and its interface
– Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.
(3) Use of cookies:
a) This website uses the following types of cookies, the scope and function of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c)
– Third-party cookies (see d)
b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
d) Third-party cookies are offered by other third-party providers who are not the controller of the website. These are used for identification for reach measurement or marketing purposes.
(4) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.
Other functions and offers on our website
(1) In addition to the purely informational use of our website, we offer various services that you can make use of if you are interested. As a rule, you will need to provide additional personal data that we use to provide the respective service.
(2) In order to provide some services, we use external service providers. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the respective service.
Objection or revocation against the processing of your data
(1) If you have given us your consent to process your personal data, you can withdraw this consent at any time. The revocation is effective for the future, so that we may no longer process your personal data from the time of revocation.
(2) If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if the processing is not necessary in particular for the performance of a contract with you, which is described by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time.
(4) You can send your revocation or objection at any time to the following e-mail address: dsb[at]mhphotels.com
SSL and TLS encryption
(1) For security reasons and to protect the transmission of confidential content, we use SSL or TLS encryption on our website. This means that inquiries via the contact form or orders via the site can be transmitted securely. You can recognize SSL or TLS encryption by the addition “https://” in the address line of the Internet browser and the closed lock symbol next to it.
(2) If SSL or TLS encryption is activated, data can be transmitted to us via the website without being read by third parties.
Email contact
(1) To contact us, you can use the e-mail address provided. Personal data such as name, e-mail address or telephone number will be processed. We process the data provided here by the user exclusively for the purpose of contacting you and processing your associated request.
(2) The legal basis for the processing of this data is our legitimate interest in contacting you and processing your request in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) If the request via e-mail leads to the conclusion of a contract, the processing of the data provided is necessary for the performance of a contract. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.
(4) The data provided will be processed until it is no longer required to achieve the purpose. The purpose no longer applies if the user’s request has been conclusively clarified and the contact has thus ended.
(5) The user has the option to object to data processing at any time. In this case, the data provided for contacting us will be deleted and no longer used. The objection should be sent to the following e-mail address: dsb[at]mhphotels.com
Data protection for applications and in the application process
(1) We collect and process personal data from applicants who send us their data by e-mail, a corresponding contact form, an application portal or by post. We process the data provided for the purpose of handling the application process. The legal basis for this is Art. 88 para. 1 GDPR i.V.m. § Section 26 (1) BDSG new.
(2) If the application procedure is successful and results in the conclusion of an employment contract with the applicant, the data provided by the applicant will be further processed for the purpose of handling the employment relationship Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 BDSG new. § 26 para. 1 BDSG new.
(3) We will only process special categories of personal data if you have sent them to us so that we can consider your application in its present form or if there is a legal obligation to do so. This information will not be taken into account in the application process unless there is a legal obligation to do so. The legal basis for this is Art. 9 para. 2 lit. b and e GDPR.
(4) If the application process ends without an employment contract being concluded with the applicant, the data provided by the applicant will be deleted no later than 4 months after the decision is announced. The reason for this is our other legitimate interests, e.g. for the documentation of the burden of proof for possible proceedings under the General Equal Treatment Act.
(5) If the applicant wishes to be considered for other potential positions in the company despite rejection in the application process, we will obtain the applicant’s consent for the further processing of the data. The applicant’s data provided will be deleted one year after consent has been given, unless the applicant withdraws their consent at an earlier point in time. The same applies to unsolicited applications.
(6) The revocation is to be sent to the following e-mail address: dsb[at]mhphotels.com
Registration in the portal for online stores
(1) We offer users and interested parties of our website the opportunity to place orders in our online store. For this purpose, it is necessary to collect and process personal data such as name, address, e-mail address or bank details. The data required to process the order are marked as mandatory fields. All other data can be provided voluntarily. The legal basis for this is the need to fulfill a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. The bank details you provide will be forwarded to our bank for further processing.
(2) You have the option of creating a customer account for our online store and storing and maintaining your data in it in order to use it for further purchases in our online store. You can make changes to your customer account or even delete it at any time. The creation of a customer account is voluntary, as it is always possible to place an order without a customer account.
(3) We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
(4) Due to statutory commercial and tax regulations, we are obliged to store and retain your order data for a period of 10 years. However, we restrict the processing after 2 years. This means that your order data will only be used to comply with the statutory retention requirements.
Payment method Klarna
(1) On our website, we offer the option of paying invoices via Klarna. Klarna is a service provider for payment processing and is operated by Klarna AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. By selecting the Klarna payment method, you do not have to pay for orders immediately upon purchase, but only upon receipt of the invoice and goods or services. In addition, you do not have to enter your bank details online.
(2) We pass on the personal data you have entered with us and the data of your order to Klarna for invoicing and collection of the amount. This is usually your name, address, date of birth, gender, e-mail address and telephone number as well as details from your order. These are used in particular for identity and credit checks, payment administration and fraud prevention by Klarna. Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis for the processing of personal data, as the transfer of data to Klarna is necessary for the performance of the contract.
(3) Klarna uses so-called scoring to decide on the possibility of payment by invoice. For this purpose, information about your past payment behavior and probabilities for future payment behavior is collected and processed. This is done according to recognized mathematical-statistical procedures. We have no influence on the type, scope and purpose of the processing or deletion of the data collected by the service provider. You have the option of objecting to the processing of your personal data; you must exercise this right vis-à-vis Klarna. The objection does not affect the personal data that is absolutely necessary for invoicing and payment processing.
(4) Klarna’s privacy policy provides you with further information on the type and scope of data processing. Further rights and other information on the protection of your data can be found at
Payment method PayPal
(1) We offer the option of making payments via PayPal on our website. PayPal is an online service provider for payment processing and is operated by PayPal (Europe) S.à.r.l & Cie. S.C.A., 2224 Boulevard Royal, 2449 Luxembourg, Luxembourg. By selecting the PayPal payment method, you can process orders immediately via your PayPal account. In addition, it is also possible to make virtual payments by credit card via PayPal, even if you do not have a PayPal account.
(2) We pass on the personal data you have entered with us and the data of your order to PayPal for the collection of the invoice amount. This is usually your name, address, e-mail address, telephone number and IP address as well as other data required for payment processing. These are used in particular for identity and credit checks, payment administration and fraud prevention by PayPal. Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis for the processing of personal data, as the transfer of data to PayPal is necessary for the performance of the contract.
(3) We have no influence on the type, scope and purposes of the processing and deletion of the data collected by the service provider. You have the option of objecting to the processing of your personal data; you must exercise this right vis-à-vis PayPal. The objection does not affect the personal data that is absolutely necessary for payment processing.
(4) You can find further information on the type and scope of data processing in PayPal’s privacy policy. Further rights and other information on the protection of your data can be found at: www.paypal.com/de/webapps/mpp/ua/privacy-full.
Payment method instant bank transfer
(1) On our website, we offer the option of making payments via Sofortüberweisung. Sofortüberweisung is an online service for payment processing and is operated by Sofort GmbH, Fußbergstraße 1, 82131 Gauting, Germany. By selecting the payment method Sofortüberweisung, a cashless payment is possible, through which the seller receives an immediate confirmation of your payment.
(2) We pass on the personal data you have entered with us and the data of your order to Sofortüberweisung to collect the invoice amount. This includes your name, address, e-mail address, telephone number and IP address as well as other data required for payment processing. These are used in particular for identity verification and fraud prevention. With Sofortüberweisung, you enter your bank and login details and initiate your transfer using your PIN and TAN. The PIN and TAN are passed on to Sofortüberweisung to check the account coverage and transfer to the seller. Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis for the processing of personal data, as the transmission of the data to Sofortüberweisung is necessary for the fulfillment of the contract.
(3) We have no influence on the type, scope and purposes of the processing or the deletion of the data collected by the service provider. You have the option of objecting to the processing of your personal data; you must exercise this right vis-à-vis PayPal. The objection does not affect the personal data that is absolutely necessary for payment processing.
(4) You can find further information on the type and scope of data processing in PayPal’s privacy policy. Further rights and other information on the protection of your data can be found at: https://www.sofort.de/datenschutz.html.
Use of Google Analytics
(1) We use Google Analytics on our website. Google Analytics is a tracking tool provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. For more information, please visit: Terms of Service: http://www.google.com/analytics/terms/us.html, Privacy Overview: http://www.google.com/intl/en/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.com/intl/en/policies/privacy.
(2) Google Analytics stores cookies on your computer, which allow for the analysis of your use of our website. The stored data includes the user’s IP address, the visited webpage, the website from which the user arrived at our website, the subpages accessed from the visited page, the duration of the visit, and the frequency of visits to our website. The information generated by the cookie is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on our website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. This data is used to compile reports on website activity and to improve our offerings and make our website more interesting.
(3) We use Google Analytics on our website with the extension “_anonymizeIp()”. This ensures that your IP address is truncated, making it impossible to link it to your identity.
(4) The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
(5) For exceptional cases where personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. https://www.privacyshield.gov/EU-US-Framework.
(6) The legal basis for processing data using Google Analytics is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR for the analysis and better design of our website. This consent is voluntary. Consent can be refused without providing reasons and without fearing any disadvantages. Consent can be revoked at any time in writing (e.g., by letter, email). The revocation should be sent to the following email address: dsb[at]mhphotels.com.
Here you can change your cookie settings at any time
(7) If you want to prevent the setting and storage of cookies, you can do so through your browser settings. However, we would like to point out that in this case, not all functions of our website may be fully usable.
(8) Furthermore, you can prevent Google Analytics from setting a cookie to process your data by downloading and installing the browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en.
Use of Google AdSense
(1) We use the advertising service Google AdSense on our website. Google AdSense is a product of Google Inc, 1600 Amphitheater Parkway, Mountain View, California 94043, USA. This allows us to display advertisements that are tailored to your specific interests. Statistical information about you is collected and processed by our advertising partners. You can recognize the advertisements by the “Google Ads” label. By displaying advertisements, we can make our website more interesting for you.
(2) The legal basis for processing data using Google AdSense is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR for the analysis and better design of our website. This consent is voluntary. Consent can be refused without providing reasons and without fearing any disadvantages. Consent can be revoked at any time in writing (e.g., by letter, email). The revocation should be sent to the following email address: dsb[at]mhphotels.com
Here you can change your cookie settings at any time
(3) When you visit our website, Google receives information that you have accessed the corresponding subpage, along with the data mentioned in §3. For this purpose, Google uses a web beacon that sets a cookie on your computer. Your data will be transferred to the USA and stored there. We have no control over the type, scope, and purpose of the processing or the deletion of the collected data by Google. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. If you have a Google user account and are logged in at the time of visiting our website, this data will be directly associated with your Google user account. If you do not want this data to be associated, you must log out. This data may be passed on to Google’s contractual partners, third parties, and authorities.
(4) You have various options to prevent cookies from being set by Google AdSense: (4.1) By adjusting your browser settings accordingly. This will suppress cookies, and you will not receive advertisements from third-party providers. (4.2) By deactivating interest-based ads on Google via the following link: http://www.google.com/ads/preferences. This setting will be deleted if you clear your cookies through your browser settings. In this case, you will need to deactivate it again. (4.3) By deactivating interest-based ads from third-party providers who are part of the “About Ads” self-regulation campaign. You can do this via the following link: http://www.aboutads.info/choices. This setting will be deleted if you clear your cookies through your browser settings. In this case, you will need to deactivate it again. (4.4) By making a permanent deactivation in your browsers (Google Chrome, Firefox, Internet Explorer, etc.) via the following link: http://www.google.com/settings/ads/plugin. In this case, not all functions of the offer may be fully usable.
(5) For more information about the scope of data collection, your rights, and setting options, please refer to Google’s privacy policy: http://www.google.com/intl/en/policies/technologies/ads.
Use of Google AdWords Conversion
(1) We use Google AdWords on our website. Google AdWords is a product of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We use this service to place ads on external websites to draw attention to us and our offers. With the help of data from these ad campaigns, we receive statistical information and can determine how successful our advertising measures are. We do not receive any additional data from Google AdWords, especially none that identify the user personally. This allows us to provide suitable advertising for you, adjust our offer accordingly, and use our advertising costs efficiently.
(2) The legal basis for processing data using Google AdWords Conversion is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR for the analysis and better design of our website. This consent is voluntary. Consent can be refused without providing reasons and without fearing any disadvantages. Consent can be revoked at any time in writing (e.g., by letter, email). The revocation should be sent to the following email address: dsb[at]mhphotels.com
Here you can change your cookie settings at any time
(3) When you arrive at our website via a Google ad, Google AdWords sets a cookie on your computer. Your data is transferred to the USA and stored there. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The set cookie typically expires after 30 days and is not intended to personally identify you. These cookies enable parameters for measuring success, such as the display of the ad or user clicks. The cookie allows Google to recognize your internet browser. Google recognizes that a customer has clicked on one of our ads and been redirected to our website if the cookie has not yet expired. We do not process any personal data contained in the advertising measures.
(4) When you click on the advertisement, your browser automatically establishes a connection to Google’s servers. Google learns that you have accessed a part of our website. If you have a Google account and are logged in, Google can associate the visit with your account. If you do not have a Google account or are not logged in, Google may still determine and store your IP address. We have no influence on the extent and further use of your data by Google.
(5) You have various options to prevent the setting of cookies and the tracking procedure by Google AdWords: (5.1) By adjusting your browser settings accordingly. This will suppress cookies, and you will not receive advertisements from third-party providers. (5.2) By blocking the conversion tracking cookie at the following link: https://www.google.com/settings/ads. Here you must block the cookie from the domain www.googleadservices.com. This setting will be deleted if you clear your cookies through your browser settings. In this case, you will need to deactivate it again. (5.3) By deactivating interest-based ads from third-party providers who are part of the “About Ads” self-regulation campaign. You can do this via the following link: http://www.aboutads.info/choices. This setting will be deleted if you clear your cookies through your browser settings. In this case, you will need to deactivate it again. (5.4) By making a permanent deactivation in your browsers (Google Chrome, Firefox, Internet Explorer, etc.) via the following link: http://www.google.com/settings/ads/plugin. In this case, not all functions of the offer may be fully usable.
(6) For more information about the scope of data collection, your rights, and setting options, please refer to Google’s privacy policy: http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.