11. Chatbot and live chat
Our website offers you the option to use the chat feature to contact us regarding a hotel booking. This is a live chat tool. By using this chat feature, you are automatically using the services of DialogShift GmbH, Rheinsberger Strasse 76/77, 10115 Berlin, Germany. Personal data that you enter in the chat window is transmitted to DialogShift GmbH and stored.
a. Type and scope of data processing
We use this personal data to effectively and directly assist our customers and prospective customers.
In addition to the personal data that you disclose during the chat, the following personal data is collected when you use the chat tool:
- • IP address
- • If necessary, personal data from the chat record, such as name, contact details and other information.
If you enter personal data in the chat window (e.g. name, address, email address, booking number), your personal data will be processed using artificial intelligence.
DialogShift also uses performance cookies for statistical purposes. These will process your IP address.
b. Particular risks when using artificial intelligence
When using the chat tool, data is processed using artificial intelligence (AI) to a limited extent. The tool is designed to autonomously answer your questions before you are handed over to a member of staff. Information is entered into the system as input, processed using algorithms and then displayed as output.
Often, the data protection principle of transparency in accordance with Art. 5 (1) (a) of the GDPR, which requires the transparent processing of personal data, is not respected due to the machine learning functionality of AI systems. This is because AI-based systems continually modify and optimise their weightings and use the data entered for their ongoing development. In addition, it cannot be entirely ruled out that personal data will be transferred to third countries, e.g. the USA, due to this lack of data processing transparency.
DialogShift GmbH undertakes to use your data solely for the purpose of facilitating the chat. When providing artificial intelligence, DialogShift relies on service providers that use servers within the EU. There are no plans to transfer data to third countries. Nevertheless, a residual risk cannot currently be eliminated with regard to the lack of data processing transparency and transfers to a third country when using AI.
If you are not prepared to accept the risks described, you should refrain from using the chat tool.
c. Legal basis
When using the chat tool, data is processed on the basis of your consent in accordance with Art. 6 (1) (a) of the GDPR. We use the personal data you may have provided to effectively and directly assist our customers and prospective customers. You grant your consent by ticking the box in the chat window. You can withdraw your consent at any time by unticking the box. This shall not affect the legality of the data processing that occurs until your consent is withdrawn.
You can also prevent the storage of cookies by configuring your browser settings accordingly. If you do this, you may not be able to fully use the live chat feature or other website features. DialogShift will not share this personal data with third parties. The data will be used by DialogShift exclusively for the purposes of protection and internal statistics.
d. Duration of storage
Personal data is stored for the time required to fulfil the purpose for which it was collected. This purpose is generally fulfilled as soon as the chat session is terminated, but your personal data will be deleted within 90 days at the latest. We also delete your personal data when you withdraw your consent or object to the processing of personal data. A statutory retention period may prevent deletion.
e. Categories of data recipients
When data is processed by service providers, the personal data is passed on to the service provider. DialogShift acts on behalf of Motel One to ensure that consent is collected and documented in accordance with data protection regulations. DialogShift acts as a contractual processor in accordance with Article 28 GDPR. For this purpose, we have concluded a contractual processing contract with our service provider in accordance with GDPR requirements. Your personal data will only be processed in accordance with our instructions.
f. Place of processing and transfer to third countries
There are no plans to transfer your personal data to a third country outside the EU and the European Economic Area. In addition, we will not transfer your personal data to an international organisation. When providing artificial intelligence, DialogShift relies on service providers that use servers within the EU. Nevertheless, it cannot be entirely ruled out that personal data will be transferred to third countries, e.g. the USA, due to the data being processed using AI.
g. Automated data processing
There is no automated data processing within the context of Art. 13 (22) of the GDPR. Automated processing takes place to the extent described using AI.
Most browsers are configured to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. Please note, however, that you may not be able to use all of the functions of our websites if you deactivate cookies on our websites through your browser settings. You can also adjust your browser settings to delete cookies already stored in your browser or to display the storage period. In addition, you can configure your browser to notify you before cookies are stored. Since different browsers can vary in terms of their functionality, please see your browser’s help menu for the configuration options.
If you would like a comprehensive overview of all third parties that have access to your internet browser, we recommend installing a plug-in specially developed for this purpose.
13. Tracking and analysis tools
We using tracking and analysis tools to ensure ongoing optimisation and needs-based design of our websites. Tracking also enables us to collect statistics regarding the use of our websites, which helps us to enhance our online presence using the resulting findings. The legal basis for the use of tracking and analysis tools is the consent you provided in the cookie banner or in the cookie and tracking tool settings pursuant to Art. 6(1)(a) GDPR.
The following description of tracking and analysis tools also outlines the respective processing purposes and the data processed.
a. Google Analytics and Google Firebase
The Motel One app uses Google Analytics via the Google Firebase service. In this case, personal data is collected via Google Firebase and then displayed and processed further in Google Analytics.
On behalf of Motel One and The Cloud One hotels, Google uses this information to assess your use of our websites, to compile reports about website activity and to provide other services related to use of the website and the internet to the website operator. The abbreviated IP address transmitted from your browser as part of the Google Analytics service will not be merged with other Google data. You can prevent cookies from being stored on your device by adjusting your browser settings accordingly; however, if you do this, you may not be able to fully use all of the website’s functions.
You can also prevent the collection of the information generated by the cookie related to your use of the website or app (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Further information about Google Analytics can be found here: https://policies.google.com/technologies/partner-sites
More information about Google Firebase can be found here: https://firebase.google.com/
b. Google Data Studio
We use Google Data Studio, an analytics service provided by Google LLC / Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA (‘Google’). It is an additional management tool from Google Analytics. This analytics service uses the personal data collected by Google Analytics. Google Data Studio visually represents user-defined reports. If you deactivate Google Analytics with future effect here, your data will not be used by Google Data Studio.
In accordance with Article 6(1)(a) GDPR, this data processing is based on your consent, which you have granted us by ticking a box in the cookie banner. You can withdraw your consent at any time by unticking the box.
c. Google BigQuery
For data retention, we use Google BigQuery, a service operated by Google Cloud EMEA Ltd., 70 Sir John Rogerson’s Quay, Dublin, D02 R296, Ireland. Through the use of the Google Cloud infrastructure, this enables the data collected to be stored and managed. Data collected through our web analysis is exported in the form of tables that contain user IDs, which are assigned by Google Analytics and Google Firebase. This involves only data retention, meaning no additional data is added to the data already present from GA4 tracking during the export. The data is stored by Google BigQuery for 36 months. The data storage location is Frankfurt am Main, Germany.
Our websites use the ‘OWAPro’ web analysis and online marketing controlling system by Hurra Communications GmbH (‘hurra.com’) for web analysis and the optimisation of online marketing.
The provider of OWAPro is Hurra Communications GmbH, Wollgrasweg 27, 70599 Stuttgart, Germany.
You can prevent the collection and processing of data by hurra.com services for our websites at any time by opting out (http://ssl.hurra.com/opt-out?cid=600&ln=en).
14. Social plug-ins
We use the following plug-ins from Facebook, Instagram, Pinterest and Twitter on our websites.
a. Facebook social plug-ins
Our websites contain ‘social plug-ins’ (‘plug-ins’) from the social network www.facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plug-ins are marked with a Facebook logo or the appendix ‘Facebook Social Plugin’ (http://developers.facebook.com/plugins
developers.facebook.com/). The websites contain plug-ins that establish a direct connection between the user’s browser and Facebook’s servers as soon as the user accesses the websites. The content of the plug-ins is transmitted directly from Facebook to the user’s browser and integrated into the respective website by the browser. Motel One and The Cloud One hotels have no influence over the scope of the data that Facebook collects using these plug-ins.
As a result of this integration of the plug-ins, Facebook is informed that the user has accessed the respective website. If the user is logged into Facebook, Facebook can assign the user to their Facebook account. If the user clicks the ‘Like’ button or writes a comment, the corresponding information is transmitted directly from their browser to Facebook and stored there.
If the user is a member of Facebook and does not want Facebook to collect data about them via Motel One or The Cloud One hotels and link it with their stored membership data, they must log out of Facebook before visiting the website. However, even if the user is not logged into Facebook, it is possible that Facebook may learn about and save certain data.
If the user wants to block Facebook social plug-ins in general, they can install and activate a corresponding extension on their browser.
b. Instagram social plug-ins
Our websites use social plug-ins (‘plug-ins’) from Instagram, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The plug-ins are marked with an Instagram logo, e.g. in the form of an ‘Instagram camera’. When the user accesses our websites containing these plug-ins, the browser establishes a direct connection to Instagram’s servers. The content of the plug-ins is transmitted directly from Instagram to the user’s browser and integrated into the page. As a result of this integration, Instagram is informed when the user has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If the user is logged into Instagram, Instagram can assign the visit to our website to the user’s Instagram account. If the user interacts with the plug-ins, for example by clicking on the Instagram button, this information will also be transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account and displayed to your contacts there. Motel One and The Cloud One hotels have no influence over the scope of the data that Instagram collects using these plug-ins.
c. Pinterest social plug-ins
Our websites use social plug-ins (‘plug-ins’) from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (‘Pinterest’). The plug-ins can be identified, for example, on buttons with the ‘Pin it’ icon on a white or red background. When the user accesses our website containing these plug-ins, the browser establishes a direct connection to Pinterest’s servers. The content of the plug-ins is transmitted directly from Pinterest to the user’s browser and integrated into the page. As a result of this integration, Pinterest is informed when the user has accessed the corresponding page on our website, even if you do not have a Pinterest profile or are not logged into Pinterest.
d. Twitter buttons
Our websites also enable users to post articles and other content on Twitter. This service and a configured plug-in are provided by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. The ‘tweet’ button allows users to share blog articles on Twitter. This button also shows the number of tweets a blog entry has received.
When the website is accessed, the code for the tweet button is requested directly from a Twitter server by the user’s browser and integrated into the website. Motel One and The Cloud One hotels therefore have no influence over the scope of the data accessed by Twitter. According to its own information (https://twitter.com/privacy), Twitter stores the message transmitted in the tweet as well as the meta data. According to the operator, this includes: the date and time of the tweet, the exact internet address (abbreviated, if necessary) where the tweet button is located and other technical data, such as IP address, browser type and operating system. Twitter does not indicate how long the information is stored. Further information from Twitter can be found here (https://twitter.com/privacy)
15. Retargeting/interest-based advertising
Our websites use the Criteo service offered by Criteo GmbH, Gewürzmühlstrasse 11, 80538, Munich, Germany. With the help of this service, users who have visited our websites and expressed interest in our products and services are offered targeted advertising on our websites and on other websites that also use the Criteo service. The advertising shown is based on information about the visit to the respective websites, which is stored in cookies on the user’s computer, among other ways. These text files are then scanned during subsequent visits to the website to produce targeted product recommendations. To this end, a randomly generated ID number is stored in the cookies. Neither this number nor the information about your visits to the websites can be assigned to you personally. In no case will the data be used to identify you personally as a visitor to our websites.
You can prevent the storage and use of information by the Criteo service by clicking on the following link (http://www.criteo.com/de/datenschutzrichtlinie) and sliding the ruler there next to ‘Opt out’ to ‘ON’. If you select ‘ON’, a new cookie (opt-out cookie) will be saved in your browser. This cookie tells the Criteo service that Criteo may no longer collect and process data about your usage behaviour. You can reactivate this function by sliding the rule to ‘OFF’. Please note that you must change this setting for every browser that you use. If you delete all of the cookies in your browser, the opt-out cookie will be deleted as well.
16. Links to other websites
Our websites occasionally provide links (interactive references) to third-party websites for which Motel One and The Cloud One hotels are not responsible. Motel One and The Cloud One hotels have no influence over the content and design of the linked external sites or the websites that the user accesses via these links. The respective providers are solely responsible for the content and design of these websites as well as for compliance with data protection regulations.
17. Rights of data subjects
The GDPR provides you, as the data subject of personal data processing, with the following rights:
• According to Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom the personal data has been or will be disclosed, the planned storage period, the existence of the right to request correction or deletion of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, any available information as to its source when personal data is not collected by us, transmission to a third country or to an international organisation, and about the existence of automated decision-making, including profiling and, in such cases, meaningful information about the logic involved.
• According to Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data or to have incomplete personal data completed.
• According to Art. 17 GDPR, you can request the erasure of your personal data we have stored if the processing is no longer necessary to exercise the right to freedom of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend against legal claims.
• According to Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you, the processing is unlawful, we no longer need the data and you oppose the erasure of the personal data because you need them to assert, exercise or defend against legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
• According to Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to have your personal data transmitted to another controller.
• According to Art. 7(3) GDPR, you can revoke the consent you have granted us at any time. If you do so, we will no longer be able to continue the data processing based on this consent in future.
• According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority in your usual place of residence, your place of work or our corporate domicile for this purpose.
18. Right to object
In the case of the processing of your personal data on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data if there are grounds for doing so based on your personal situation or if you object to direct advertising. In the case of direct advertising, you have a general right to object that must be adhered to by us without the need to specify a particular situation.
19. Data security and security measures
We undertake to protect your privacy and to treat your personal data as confidential. In order to prevent the manipulation, loss or misuse of your data stored by us, we implement comprehensive technical and organisational security measures, which are reviewed regularly and adapted in line with technical improvements. These include, among other things, the use of recognised encryption methods (SSL or TLS).
Please note, however, that due to the structure of the Internet it is possible that the data protection regulations and the above-mentioned security measures may not be observed by persons or institutions that are not within our area of responsibility. In particular, data disclosed in an unencrypted manner – e.g. data disclosed by email – may be read by third parties. We have no technical control over this. It is the user’s responsibility to prevent the misuse of the data they provide through encryption or another method.
Motel One or The Cloud One hotels may change these data protection provisions or the content of the websites at any time without prior notice, or change or block access to their websites.
21. Questions about data protection and contact
Users can contact Motel One or The Cloud One hotels at any time if they would like their personal data corrected, blocked or deleted. In addition, Motel One and The Cloud One hotels share information about the user data stored as well as the origin and recipients of such data and the purpose for which it has been stored.
For questions about data protection, please contact:
Motel One GmbH
Tegernseer Landstrasse 165
Tel.: +49 (0) 089 665025-0
Fax: +49 (0) 089 665025-50
Website: www.motel-one.com or www.the-cloud-one.com
Email: email@example.com or firstname.lastname@example.org