1. Controller and scope
The controller pursuant to the EU General Data Protection Regulation (‘GDPR’) and other national data protection laws of member states as well as other data protection provisions is:
Motel One GmbH
Tegernseer Landstrasse 165
Tel.: +49 (0) 089 665025-0
Fax: +49 (0) 089 665025-50
2. Data protection officer
The controller’s external data protection officer is:
Dr Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Tel.: +49 (0)221 222 183 0
3. Principles of data processing
Personal data refers to all information related to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour. Information that we cannot use to identify you personally (or that would involve a disproportionate effort to do so), for example, by anonymising the information, does not represent personal data. The processing of personal data (e.g. collecting, accessing, using, storing or transmitting such data) always requires a legal basis or your consent. Personal data that has been processed is deleted as soon as the purpose of the processing has been achieved and there are no further statutory retention obligations.
If we process your personal data in order to provide certain offers, we will subsequently inform you of the specific processes, the scope and the purpose of the data processing activity, the legal basis for the processing activity and the relevant storage period.
4. Individual processing steps
a. Type and scope of data processing
When you access and use our website, we collect personal data that your browser automatically sends to our server. This information is temporarily saved in a log file. When you use our website, we collect the following information, which we need for technical reasons in order to display our website to you and ensure stability and security:
Every time a user accesses the website or the app and every time a file is accessed, access data related to this action is stored in a log file on our server. This data includes:
· Browser type/version
· Operating system used
· Referring URL (the site previously visited)
· Host name of the accessing computer (IP address)
· Time and date of the server request
· Volume of data transmitted and access status (file transmitted, file not found, etc.).
This data is used to generate pseudonymised internal statistics that help us to analyse the use of the website, correct errors and improve our services. It is not used for any other purpose related to you individually. In particular, this data is not merged with other data sources. This data is automatically deleted after the statistical assessment. You can prevent your pseudonymised data being used for statistical purposes at any time by using the corresponding setting in your browser software to prevent cookies from being saved on your computer (see para 6.).
b. Legal basis
The legal basis of the specified data processing activity is Art. 6 (1f) GDPR. The processing of the specified data is necessary to provide the website and thus serves to safeguard the legitimate interests of our company.
In addition, Motel One generally only collects and uses personal data that the user sends when using the website or the app, for example, when booking a room or using the contact form on the website to make an enquiry.
It is necessary for customers to provide their full name, address and email address when making a reservation and/or booking. This data is required to process the booking. In addition, other information may also be necessary, such as telephone number, company name, tax identification number, account details or credit card details.
c. Storage period and data deletion
As soon as the specified data is no longer necessary to display the website, it will be deleted. The collection of data to provide the website and the storage of data in log files is necessary for the operation of the website. Consequently, the user does not have the right to object to such use. The data may be stored for longer periods in individual cases if such storage is legally required.
Persons under the age of 18 should not provide us with any personal data without the consent of their parents or guardians. We do not request personal data from children and young people, nor do we collect such data or forward it to third parties.
e. beOne membership
When you registered as a beOne member, you accepted the general terms and conditions of the beOne membership programme (https://www.motel-one.com/en/services/be-one/conditions-of-participation/) and, as consideration, consented to receiving advertising (electronic messages about the programme, i.e. general information, overview of bookings, personalised information and offers, etc.).
As consideration for free participation in beOne, the member consents to the collection, processing and use of their personal data as required for the execution of the beOne membership programme, as well as in the context of bookings and for the transmission of regular information about news, promotions and Motel One offers related to hotels and travel via email, text, WhatsApp or other electronic media.
The member furthermore, as consideration, consents to the use of their personal data for targeted advertising purposes on Motel One websites as well as on social media platforms.
The legal basis for the processing of your personal data, which is required for the fulfilment of a licence agreement entered into with us, is Article 6(1)(b) GDPR.
If you have registered as a beOne member, you can terminate this registration at any time. You can revoke your beOne membership at any time with future effect via email (email@example.com) which will terminate the membership. In addition, you can cancel the beOne membership with immediate future effect by clicking ‘Delete profile’ while logged into your beOne profile and confirming the choice by clicking ‘Delete profile’ again in response to the question ‘Do you really want to delete your profile?’. You can change the data stored about you in your profile at any time.
5. Email correspondence
a. Evaluation email following a stay
After staying at a Motel One hotel, customers will receive an email asking them to rate their stay and suggest improvements.
The legal basis for the data processing activity carried out in respect of the use of your email address is Art. 6 (1f) GDPR. The processing of email addresses and the collection of evaluations is necessary to ensure the quality of the hotel and to optimise hotel services, and therefore helps to safeguard the legitimate interests of our company. This evaluation e-mail is not used for any other purpose.
As soon as the specified data (email address and evaluation) are no longer required for the specified optimisation purposes, they will immediately be deleted.
b. Motel One newsletter
When registering for the Motel One newsletter, the user declared his/her consent to regularly receive a newsletter email containing news, campaigns and offers from Motel One (as well as articles related to the topic of hotels, travel and overnight accommodation). The personal data that Motel One processes to send the newsletter is not disclosed to other companies. Consent regarding use of your email address can be revoked at any time with future effect (firstname.lastname@example.org). In addition, a separate link located at the end of each newsletter can be used to unsubscribe from the newsletter.
You expressly gave the following declaration of consent when you subscribed to the newsletter on our website: https://www.motel-one.com/en/newsletter/ and we have logged this consent:
‘I would like to subscribe to the free Motel One newsletter and receive regular news and information about campaigns and offers from Motel One related to the topic of hotels and travel. My email address will not be disclosed to other companies. I can revoke my consent to receive the newsletter with future effect at any time at the website https://www.motel-one.com/en/newsletter/.’
c. beOne newsletter
Users who have registered at Motel One as a beOne member on the website or via the app will automatically receive the beOne newsletter containing news and information about campaigns and offers from the membership programme. Your beOne membership and thus your consent regarding use of your email address can be revoked at any time with future effect via email (email@example.com) and the membership thus terminated. In addition, you can cancel the beOne membership with immediate future effect by clicking ‘Delete profile’ while logged into your be One profile and confirming the choice by clicking ‘Delete profile’ again in response to the question ‘Do you really want to delete your profile?’.
6. Processing and deletion
Motel One may, of its own initiative or at the request of the user, complete, correct or delete incomplete, erroneous or outdated personal data that Motel One has stored in connection with the operation of this website. If these processes are carried out at the request of the user, Motel One may only do so if the user has sufficiently identified him/herself. Identity is verified using a copy of a photo ID – which will of course be deleted immediately after the authentication has been completed – or using criteria that can only be known by the user. Motel One cannot agree to the user’s request if he/she is not properly identified.
In line with statutory provisions, Motel One deletes personal data immediately upon the user’s request, provided there are no mandatory retention obligations to the contrary.
7. Disclosure of personal data to third parties
a. Personal data is handled confidentially and in line with the statutory data protection regulations. Data is not disclosed to third parties without the user’s consent, unless doing so is required to carry out orders, process payments or process requests or it is permitted in accordance with the statutory provisions. External service providers are obliged to handle data confidentially and securely, and they may only use the data as required to carry out their duties.
b. This is particularly true for any payments processed by external service providers as well as the exchange of data with SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, for the purpose of credit checks if there is a legitimate interest or in the event of non-contractual conduct. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, stores and transmits data for credit checks to its contractual partners. The user’s legitimate concerns are taken into account in line with the statutory provisions.
c. Otherwise, personal data is only disclosed if the user has given his/her express prior consent or if doing so is necessary for the prosecution of criminal offences. Personal data is only transmitted to the authorities or government agencies with the right to receive information if doing so is subject to a statutory obligation to provide information or there has been a court ruling to this effect. Your legitimate concerns are taken into account in line with the statutory data protection provisions. Where necessary, we may disclose your data to third parties on the basis of statutory requirements. We only comply with such requests if we are required to do so in line with statutory obligations.
d. You may revoke the consent to disclose your data at any time and without the need to provide us with a reason.
8. Protection of data
The protection of personal data is an important corporate principle at Motel One. This is achieved through, among other things, training, a company data protection officer and a written agreement with all employees and external service providers to maintain the confidentiality of data and comply with data protection requirements.
All technical and organisational, physical and computer systems and measures in the area of data protection, IT and information security help to protect stored data from damage, destruction and unauthorised access and to achieve the protection objectives of confidentiality, availability and integrity.
For the sake of security, personal data is collected with the use of an encrypted secure socket layer (SSL) connection (which can be recognised by the use of ‘https://’ at the beginning of the website address in the address bar of the internet browser)
In addition, Motel One takes all reasonable precautions to prevent unauthorised access to users' personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. However, the provision of personal data, whether this is done in person, on the phone or online, always involves risks, and there is no technical system that is completely impervious to manipulation or sabotage.
Most browsers are configured to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. Please note, however, that you may not be able to use all of the functions of our website if you deactivate cookies on our website through your browser settings. You can also use your browser settings to delete cookies that have already been stored in your browser or to display the storage period. In addition, you can configure your browser so that you are informed before cookies are saved. As different browsers may vary in terms of their functionality, please see your browser’s help menu for the configuration options.
If you would like a comprehensive overview of all third parties that have access to your internet browser, we recommend that you install a special plug-in for this purpose.
10. Tracking and analysis tools
We use tracking and analysis tools to ensure ongoing optimisation and the need-based design of our website. Tracking also enables us to collect statistics regarding the use of our website, which helps us to enhance our online presence using the resulting findings. Based on these interests, the use of the following tracking and analysis tools is legitimate in accordance with Art. 6 (1f) GDPR.
The following description of tracking and analysis tools also reveals the respective processing purposes and the data processed.