Data Privacy Information
Privacy Policy
Thank you for visiting our website and for your interest in our company. We respect the confidentiality of our customers and interested parties. We greatly value the trust placed in us and recognise how important and imperative it is that we treat your data carefully and protect them from misuse. We want you to feel safe and at ease when you visit our website. Accordingly, we take your privacy and the confidential treatment of your personal data very seriously. To this end, we act in accordance with the applicable legislation regarding the protection of personal data and data security. We want to use this Privacy Policy to inform you about when we store your data, which data they are and how we use them. Our company’s data protection measures are based on currently applicable legislation – especially the General Data Protection Regulation (GDPR), the German Data Protection Act (BDSG-new) and the German Telemedia Act (TMG) – as well as the corresponding case law. We only ever use personal data for the indicated/agreed purpose. That is why we only collect, process and use personal data, such as your name, address, account, ID or phone number and email or IP address, if you provide these to us voluntarily and this is also permitted by law or you have consented to the use of the data. We typically process the personal data indicated above when you make an online booking or send us a request or query online. This includes any form of request or query that you may send to us, usually conference inquiries, requests for one-day events or even requests for individual reservations. If you make use of services, usually only the data we need to provide the services are collected. Any further data we request may be provided on a voluntary basis for our information. Personal data are only processed to fulfil the requested service and to protect our legitimate business interests.
- Definitions
The Lufthansa Seeheim GmbH Privacy Policy is based on the definitions used by the European regulator when adopting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand by the public as well as our customers and business partners. To ensure this, we would first like to explain the terms used.
We use the following terms, among others, in this Privacy Policy:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Name and contact details of the controller and company Data Protection Officer
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in European Union member states and other provisions of a data protection nature is:
Lufthansa Seeheim GmbH
Lufthansaring 1
64342 Seeheim-Jugenheim
Germany
Tel.: 069 – 696 131000
Email address for requests for information: datenauskunft@lh-seeheim.de
Website: www.lh-seeheim.de
Data Protection Officer’s address
The Data Protection Officer can be contacted by writing to:
Datenschutzbeauftragte/Data Protection Officer
FRA CJ-D
Airportring – LAC
60546 Frankfurt
Germany
Tel.: 069 – 696 131000
Email: datenschutz@dlh.de
Any data subject with queries or suggestions regarding data protection may contact our Data Protection Officer directly at any time.
- Data processing on visiting our website
The Lufthansa Seeheim GmbH website collects a range of general data and information each time it is accessed by a data subject or automated system. These general data and information are stored in server log files. The data and information collected may include the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system accessed our website (“referrer”), (4) the sub-pages via which an accessing system was taken to our website, (5) the date and time the website was accessed, (6) an Internet Protocol (IP) address, (7) the Internet service provider of the accessing system and (8) other similar data and information used to protect against risks in the case of attacks on our information technology systems.
Lufthansa Seeheim GmbH does not draw any conclusions about the identity of the data subject when using these general data and information. Rather, this information is required to (1) correctly deliver our website content, (2) optimise our website content and promotion thereof, (3) ensure permanent functionality of our information technology systems and our website’s technology and (4) provide law enforcement agencies with the information needed for criminal prosecution in the event of a cyberattack. Therefore, Lufthansa Seeheim GmbH analyses these anonymously collected data and information for statistical purposes and also with the goal of improving our company’s data protection and data security, which ultimately ensures the best level of protection for the personal data processed by us. The anonymous data contained in the server log files are stored separately from all personal data provided by data subjects.
- Use of cookies
The Lufthansa Seeheim GmbH website uses cookies. Cookies are text files placed on a computer system by a browser and stored there.
Countless websites and servers use cookies. Many cookies contain a “cookie ID”, a unique cookie identifier consisting of a string of characters that websites and servers associate with the specific browser on which the cookie is stored.
This allows visited websites and servers to distinguish the data subject’s individual browser from other browsers containing different cookies. A specific browser may be recognised and identified using the unique cookie ID.
By using cookies, Lufthansa Seeheim GmbH can provide users of this website with more user-friendly services than would be possible without cookies.
Cookies enable us to optimise the information and offerings on our website for the benefit of users. As stated above, they allow us to remember visitors to our website. The purpose of this is to make it easier for users to use our website. Users of a website that uses cookies do not have to sign in again every time they visit the website, for example, as this is taken care of by the website and the cookie stored on the user’s computer system. Another example is a cookie for an online shop’s shopping cart. The online shop uses the cookie to remember which items the customer has added to their virtual shopping cart.
Data subjects may prevent cookies being placed by our website at any time by changing their browser settings accordingly so that all cookies are rejected. Furthermore, cookies already set may be deleted at any time using a browser or other software programs. This is an option in all common browsers. If a data subject disables cookies in their browser, they may not then have full use of all of the features of our website.
- Data protection provisions regarding the use of the Matomo web analytics tool
The Matomo web analytics service is used to analyse usage of the website. The statistics obtained can be used to improve the website and make it more interesting for users.
This website uses Matomo with an extension for IP address anonymisation. Through this, IP addresses are truncated for further processing in order to avoid any direct link to individuals. The IP address transferred from the user browser by means of Matomo is not aggregated with other data that have been collected or passed to a third party.
If individual pages of the website are visited, the following data are stored:
- Two bytes of the IP address of your accessing system (anonymous)
- Browser type and version
- Operating system used
- The website accessed
- The website from which the Lufthansa Seeheim GmbH website was visited (referrer URL) – provided that the user browser does not prevent this
- The pages and files accessed by the user on the Lufthansa Seeheim GmbH website
- Where applicable, the website that the user accesses after visiting the Lufthansa Seeheim GmbH website (by clicking on an external link on the website)
- Date and time of access
- The time spent on the website
- The frequency with which the website is accessed
- The user’s location (country)
No tracking cookies are set on the user’s computer as part of the web analysis. The Matomo software and the data collected by means of Matomo are only operated, stored and processed on Lufthansa Seeheim GmbH’s own servers.
- Data protection provisions regarding emails and contact forms
For general queries and requests sent to us via email or a contact form, the relevant personal data are stored only for the purposes of the respective correspondence. We only store the data sent to us for as long as this is necessary for the respective correspondence. The legal basis for processing your data in connection with general queries and requests is Article 6(1)(1)(f) GDPR. We have a legitimate interest in processing your data so that we can offer you a fast means of making contact and ensure that your matter is dealt with in accordance with your interests. If you direct specific queries to us regarding your booking or our offers via email or a contact form, the corresponding personal data are only processed for the purposes of initiating a contract or processing your booking. The legal basis for this processing is Article 6(1)(1)(b) GDPR.
- Data protection provisions regarding event booking and room reservation
If you book an event or room with us, we collect the following personal data from you:
- First and last names
- Date of birth
- Address
- Booking period
- Number of rooms
- Number of people (adults and children)
- Conference packages selected
- Other catering selected
- Add-on package selected
- Tariff/special offer selected
- Email address
- Telephone number
- Credit card details
- ID card information
Optional information
- Arrival information
- Type of room, event room and/or other preferences
- Children’s ages (which affects the catering price)
- Cost centre
- Billing address
Your guests’ data:
In order to handle your booking, we also process the personal data of your guests that you provide to us. The client assumes responsibility for providing the data to us and for their subsequent processing and ensures that the data subjects have consented to data processing and storage by Lufthansa Seeheim GmbH.
The following data are processed in this context:
- First and last names
- Date of birth
- Address
- Booking period
- Number of rooms
- Room occupancy (single or double rooms)
- Conference packages selected
- Other catering selected
- Add-on package selected
- Tariff/special offer selected
- ID card information
Optional information
- Arrival information
- Type of room, event room and/or other preferences
- Children’s ages (which affects the catering price)
- Cost centre
- Billing address
In general, we use these data in order to process your booking and to conclude and fulfil the contract with you. This includes verifying identities, recording payment guarantee and/or payment information and sending marketing messages or notifications relating to your stay.
We take the protection of your personal data very seriously and have therefore minimised the amount of data processed.
We store these personal data for ten years in accordance with statutory retention periods. If you wish to make a booking via our website, you are automatically forwarded during the booking process to our reservation service provider. Your personal data are processed there for the purposes of contract processing. The legal basis for processing your data in connection with a reservation is Article 6(1)(b) and (f) GDPR. We have a legitimate interest in retaining our customers and improving customer satisfaction.
- Routine erasure and blocking of personal data
The controller only processes and stores personal data of data subjects for the period needed to achieve the purpose for which they were stored or where this has been provided for by the European regulator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or a retention period prescribed by the European regulator or other competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
- Other rights of data subjects
According to GDPR provisions, you have the following rights in principle:
a) Right of access (Article 15 GDPR)
Every data subject has the right granted by the European regulator to obtain from the controller, at any time and free of charge, information about the personal data concerning him or her that are stored and a copy of this information. Furthermore, the European regulator has granted data subjects access to the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject: any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to be informed as to whether personal data were transferred to a third country or to an international organisation. Where that is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.
Any data subject wishing to exercise this right of access may contact an employee of the controller regarding this at any time.
b) Right to rectification (Article 16 GDPR)
This right entitles the data subject to obtain without undue delay the rectification of inaccurate or incomplete processed data concerning him or her. This claim always exists vis-à-vis one or more controllers responsible for processing personal data. The right to rectification is linked to the principle of accuracy from Article 5(1)(d) GDPR, according to which personal data must be accurate and, where necessary, kept up to date.
c) Right to erasure (“right to be forgotten”) (Article 17 GDPR)
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller is obliged to erase personal data without undue delay.
d) Right to restriction of processing (Article 18 GDPR)
The data subject has the right to obtain from the controller restriction of processing where one of the following applies:
1) The accuracy of the data is unclear or is contested by the data subject
2) The processing was unlawful and the data subject requests a restriction of processing instead of erasure
3) The controller no longer needs the personal data for the purposes of processing, but they are still required by the data subject for the exercise, establishment or defence of his or her legal claims
4) The data subject has objected to processing pursuant to Art. 21(1) GDPR
e) Right to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
According to all data protection regulations, the data subject has the right to be informed about which personal data about him or her are stored. This also includes information on the purpose for which the data were collected, the origin of the data and the entities to which they have been transmitted.
f) Right to data portability (Article 20 GDPR)
Data subjects have the right to:
1) receive his or her personal data in a suitable format (e.g. via USB stick, CD, the private cloud or a barcode),
2) transmit his or her personal data to another provider and
3) have his or her personal data transmitted from one provider to another.
g) Right to object (Article 21 GDPR)
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1)(e) or (f), including profiling based on those provisions. The controller may then no longer process the personal data.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR), which produces legal effects concerning him or her or similarly significantly affects him or her.
If you believe that the processing of your data violates data protection law or your rights thereunder have otherwise been violated, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
- Data protection for applications and the application process
The controller collects and processes applicants’ personal data for the purposes of administering the application process. The processing may also be carried out electronically. In particular, this is the case if an applicant uses electronic means, such as email or a web form on the website, to submit the relevant application documents to the controller. If the controller concludes an employment contract with an applicant, the data transmitted are stored for the purposes of administering the employment relationship in accordance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents are automatically erased two months after notification of the rejection decision, provided the controller does not have other legitimate interests which would prevent erasure. Other legitimate interests in this context might be, for example, satisfying a burden of proof in a proceeding under the German General Equal Treatment Act (AGG).
- Legal bases for processing
Art. 6(1)(a) GDPR serves as our company’s legal basis for processing operations for which we obtain consent for a specific processing purpose. If personal data must be processed to perform a contract to which the data subject is party, as is the case, for example, when processing is necessary for the supply of goods or to provide any other service, including a service in return, the processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations needed in order to take steps prior to entering into a contract, such as in the case of queries regarding our products and services. If our company is subject to a legal obligation which necessitates the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may be required in order to protect the vital interests of the data subject or another natural person.
This would be the case if, for example, a visitor to our company were injured and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6(1)(d) GDPR. Finally, processing operations may be based on Art. 6(1)(f) GDPR. This is the legal basis for processing operations which are not covered by any of the aforementioned legal bases if processing is necessary for the purposes of a legitimate interest pursued by our company or a third party and these are not overridden by the interests or fundamental rights and freedoms of the data subject. In particular, we are therefore permitted to perform such processing operations because they have been specifically mentioned by the European legislator. It considers that a legitimate interest can be assumed if the data subject is a client of the controller (Recital 47, Clause 2 GDPR).
If the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is to carry out our business activities to the benefit of all of our employees and shareholders.
- Existence of automated decision-making
As a responsible company, we do not carry out any automated decision-making or profiling activities.
- Webfonts Counter
This website uses fonts from MyFonts. MyFonts is a service provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA (hereinafter: MyFonts). Page view tracking is performed on the basis of the licence terms. For this, MyFonts counts the number of visits to this website for the purpose of calculating the licence fee for the web fonts used. The MyFonts counter collects anonymous data.
MyFonts web fonts are used to give our website a uniform and appealing look.
Further information is contained in the MyFonts Privacy Policy: https://www.monotype.com/legal/privacy-policy/.
- Security
Our company is committed to high standards in data security. In particular, we take the necessary technical and organisational security measures as per Article 32 GDPR in order to protect your data administered by us against accidental or intentional manipulation, loss, destruction and unauthorised access. We continuously improve our security measures in line with technological advancements.
Only a few authorised persons obliged to adhere to special data privacy requirements that are generally involved in the technical or editorial supervision of data have administrative access to your data.