Privacy

little BIG hotels

Thank you for visiting our website and for your interest in our hotels. The protection of personal information is important to us. Therefore, the processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is carried out in accordance with the applicable European and national legislation.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.

Your declaration of consent(en) you can of course at any timewith effect for the future. Please contact the responsible persons. The Contact detailscan be found at the bottom of this privacy policy.

This privacy policy applies to CALMA Berlin Mitte GmbH, fjord hotel berlin gmbh, LINDEMANN’S GmbH, Anna 1908 GmbH and little BIG hotels Management GmbH (hereinafter: “we”, “us”, etc.). etc.).

The above companies wish to inform the public of the nature, extent and purpose of the personal data they process. Furthermore, data subjects are informed about their rights by means of this data protection declaration.

Definitions

Our data protection declaration is based on the terms used by the European legislator for the adoption of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this data protection declaration and on our website, we use the following terms, among others:

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject” or “data subject”). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

The data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, the Disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

Profiling is any type of automated processing of personal data that consists of this personal data being used to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict the interests, reliability, behavior, whereabouts or relocation of this natural person.

Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data is not be assigned to an identified or identifiable natural person.

The person responsible or the person responsible for the processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.

A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.

Consent is any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they consent to the processing of their personal data is.

Rights of the data subject

Right to confirmation: Each data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right to confirmation, they can contact the person responsible for processing at any time.

Right to information: Any person affected by the processing of personal data has the right to receive information free of charge from the controller at any time about the personal data stored about them and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • if the personal data are not collected from the data subject: All available information on the origin of the data
  • the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject

Furthermore, the data subject has the right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transmission.

If a data subject wishes to make use of this right to information, they can contact the person responsible for processing at any time.

Right to rectification: Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – including by means of a supplementary declaration.

If a data subject wishes to exercise this right to rectification, they can contact the person responsible for processing at any time.

Right to erasure (right to be forgotten): Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
  • The data subject revokes their consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
  • According to Art. 21 Para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (1) GDPR. 2 GDPR to object to the processing.
  • The personal data was processed unlawfully.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
  • The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR is collected.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time, contact the controller; The data subject’s request for deletion will then be complied with immediately.

If the personal data have been made public by us and our company is responsible pursuant to Art. 17 para. Where we have made the personal data public and are obliged pursuant to Article 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required; The person responsible for the processing will then arrange the necessary in individual cases.

Right to restriction of processing: Any data subject affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies:

  • The correctness of the personal data is contested by the data subject for a period that enables the person responsible to check the correctness of the personal data.
  • The processing is unlawful, the person concerned refuses to delete the personal data and instead requests that the use of the personal data be restricted.
  • The person responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
  • The data subject has an objection to the processing in accordance with. Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by us, he or she may at any time contact the controller. The restriction of processing will then be initiated immediately.

Right to data portability: Each data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising their right to data portability in accordance with Art. 20 Para. 1 GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject can contact the person responsible for processing at any time.

Right to object: Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on Art. 6 para. 1 lit. e GDPR or Art. 6 para. 1 lit. f GDPR takes place, to file an objection. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR; 1 GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject can contact the person responsible for processing directly. The data subject is also free, in connection with the use of information society services, regardless of Directive 2002/58 / EC, to exercise their right of objection by means of automated procedures in which technical specifications are used.

Automated decisions in individual cases including Profiling: Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision:

  • is not necessary for the conclusion or performance of a contract between the data subject and the person responsible, or
  • is permissible on the basis of Union or Member State legislation to which the person responsible is subject and this legislation contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or
  • takes place with the express consent of the data subject.

If the decision is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or if the decision is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to assert rights with regard to automated decisions, they can contact the person responsible for processing at any time.

Right to withdraw consent under data protection law: Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

If the data subject wishes to assert their right to withdraw consent, they can contact the person responsible for processing at any time.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation; A list of the state data protection officers and their contact details can be found at the following link:

https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

The data protection supervisory authority responsible for us is

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61
10555 Berlin
Tel: +49 30 138 89 0
E-mail: mailbox@datenschutz-berlin.de

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is required to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Routine deletion and blocking of personal data

The person responsible for the processing processes (in this sense also: stores) personal data of the data subject only for the period necessary to achieve the storage purpose or if this is permitted by the European directives and regulations or another legislator in laws or regulations, to which the controller is subject, has been provided.

If the storage purpose no longer applies or if a storage period prescribed by the European directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Data protection in applications and in the application process

The person responsible for processing collects and processes the personal data of applicants for the purpose of handling the application process. The processing can also be done electronically. This is particularly the case if an applicant sends the relevant application documents electronically, for example by email, to the person responsible for processing. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the person responsible for processing. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Information on video surveillance on site

Video surveillance is a particularly intensive form of personal data processing. Almost everyone feels uncomfortable when they are under video surveillance. This is also referred to as “monitoring pressure”. Not being exposed to this pressure is almost a basic human need.

However, another human need is the desire for security. Individuals and communities, but also inanimate things such as objects and systems, benefit greatly from an environment that is free of security risks or dangers.

Video surveillance is subject to strict data protection regulations for good reasons. On the other hand, the security interests of the person responsible must also be assessed fairly. This is because these interests are often not limited to the person responsible alone. Employees, interested parties, suppliers, customers, tenants, guests, visitors, etc. may also have a need for security, which can be satisfied by the appropriate and sensible use of video surveillance.

Even if some of the following information is already mentioned elsewhere in this privacy policy, we would like to list all information in this text section, as it can also be found in a downstream video sign (information sheet according to Art. 13 GDPR):

Name and contact details of the person responsible and any deputy:
To be found at the bottom of this privacy statement.

Contact details of the data protection officer:
To be found at the bottom of this privacy statement.

purpose and legal basis of the data processing:
Discovery and detection of crime and other security-related events.
Art. 6 para. 1 lit. f EU General Data Protection Regulation.

Legitimate interests that are being pursued:

Safety of employees, suppliers, guests, visitors, etc.
Protection of property, exercise of domiciliary rights.

Storage duration or criteria for determining the duration:

Image data is usually deleted from our properties after 72 hours, insofar as the purpose of storage has also ceased to apply at this time.
In doing so, we are following a recommendation of the independent data protection authorities of the federal and state governments (Data Protection Conference – DSK).
According to the DSK’s reasoning, a storage period of 72 hours allows the data controller to regularly pursue its security interests while at the same time safeguarding the legitimate interests of the data subjects.

If necessary, a special monitoring purpose may justify longer storage. However, this must be sufficiently justified.

Recipients or categories of recipients of the data (if data transfer takes place):
The controller will not transfer the personal data to a third country or an international organization.

Notes on the rights of data subjects
See also the section “Rights of the data subject” at the top of this privacy policy. In summary, the following applies to video surveillance:

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, right of access to this personal data and to the information listed in Art. 15 GDPR in detail.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and, if necessary the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure).

The data subject shall have the right to obtain from the controller to obtain restriction of processing where one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has objected to the processing, for the duration of the examination by the controller.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her to file an objection. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR).

Without prejudice to any other administrative or judicial remedy, each data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement. The competent supervisory authority in Berlin is

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61
10555 Berlin
Tel.: +49 30 138 89 0

E-mail: mailbox@datenschutz-berlin.de

Security

The Companies take a number of technical and organisational measures to protect your personal data against accidental or unlawful deletion, alteration or loss and against unauthorised disclosure or access.

Nevertheless, internet-based data transmissions, for example, can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us in alternative ways, for example by telephone.

Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line.

If encryption is activated, the data you transmit to us cannot be read by third parties.

Collection of general data and information

Our website collects a series of general data and information each time the website is accessed by a data subject or an automated system. These general data and information are stored in the server’s log files. The following can be recorded:

  • the browser types and versions used
  • the operating system used by the accessing system
  • the website from which an accessing system reaches our website (so-called referrer)
  • the sub-websites that are accessed via an accessing system on our website
  • the date and time of access to the website
  • a web protocol address (IP address)
  • the internet service provider of the accessing system
  • other similar data and information that serve to avert danger in the event of attacks on our information technology systems

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to:

  • deliver the content of our website correctly
  • to optimize the content of our website and, if applicable, the advertising for it
  • to ensure the long-term functionality of our information technology systems and the technology of our website
  • To provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack

This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 Para; 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data (name, request), for the purpose of processing your request. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Data transfer from forms

The data subject has the option of registering for data transmission via forms on the controller’s website by providing personal data. Which personal data is transmitted to the data controller is determined by the respective input mask used for the entries. The personal data entered by the data subject are collected and stored exclusively for internal use by the person responsible for processing and for their own purposes. Data transmission from forms is always encrypted.

The person responsible for processing can arrange for the transfer to be made to one or more processors (e.g. a parcel service provider), who also use the personal data exclusively for internal use attributable to the person responsible for processing.

When data is transmitted on the controller’s website, the IP address assigned by the data subject’s Internet service provider (ISP), the date and time of the transmission are also stored. This data is stored against the background that this is the only way to prevent misuse of the services offered and, if necessary, to enable criminal offenses and copyright infringements to be investigated. In this respect, the storage of this data is necessary to protect the person responsible for processing. A transfer of this data to third parties does not take place unless there is a legal obligation to transfer or the transfer is used for criminal or legal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to these users.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Booking system OnePageBooking

We use the OnePageBooking service of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin for online room reservations. Click on the “BOOK NOW” button to open a browser window which will redirect you to the OnePageBooking website.

If you would like to book a room with us, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your booking. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. The data is entered into an input mask and transmitted to us and stored.

Data is also passed on to the relevant payment service providers. Data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or for the collection of payment or if you have expressly consented to this. In this regard, we only pass on the necessary data in each case. The data recipients are: the respective delivery/shipping company (forwarding of name and address), debt collection companies if the payment has to be collected (forwarding of name, address, order details), payment institutions for the purpose of collecting receivables if you have selected direct debit as the payment method and payment service providers – depending on the payment method selected.

The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to voluntary data, the legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR. There is an order processing contract between us and HotelNetSolutions GmbH.

The mandatory data collected is required to fulfill the contract with the user (for the purpose of providing the goods or services and confirming the content of the contract). We therefore use the data to answer your inquiries, to process your booking, to check your creditworthiness or to collect a debt and for the technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offenses.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. However, we restrict processing after 6 years, i.e. your data will only be used to comply with legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for a period of 10 years thereafter (see above). With regard to the data provided voluntarily, we will delete the data 6 years after the contract has been executed, unless another contract is concluded with the user during this time; in this case, the data will be deleted 6 years after the last contract has been executed.

If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller’s database. With regard to the voluntary data, you can declare your revocation to the controller at any time. In this case, the voluntary data will be deleted immediately.

You can find information about HotelNetSolutions GmbH’s privacy policy here: https://hotelnetsolutions.de/Datenschutz/

Links to other websites

This website contains links to other websites (so-called external links).

As a provider, we are responsible for our own content in accordance with the applicable European and national legislation. A distinction must be made between this own content and links to content provided by other providers. We have no influence on whether the operators of other websites comply with the applicable European and national legal provisions. Please inform yourself about the data protection declarations provided on the respective website.

Cookies

needs, we use cookies. Cookies are small text files that are sent from a web server to your browser as soon as you visit a website and saved locally on your device (PC, notebook, tablet, smartphone, etc.)

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID; A cookie ID is a unique identifier for the cookie. It consists of a character string through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognized and identified via the unique cookie ID. This information is used to automatically recognize you when you visit the website again with the same device and to make navigation easier for you.

You can also consent to or reject cookies – including for web tracking – via your web browser settings. You can configure your browser in such a way that the acceptance of cookies is refused in principle or you are informed in advance if a cookie is to be saved. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (for example via “delete browser data”). This is possible in all common web browsers. You can find more information on this in the operating instructions or in the settings of your browser.

First-party cookies: First-party cookies are permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word “party” refers to the domain from which the cookie originates. In contrast to third-party cookies, first-party cookies usually originate from the website operator itself. They are therefore not accessible by browsers across domains. For example, website A assigns a cookie A, which is not recognized by website B, but can only be recognized by website A. This means that data cannot be passed on to third parties.

Third party cookies: A third party cookie is set and tracked by a third party. These cookies are mostly used by advertisers who use the cookies to collect information about the website visitor via their advertising placements on other websites. These are data records that are stored in the user’s web browser when they visit a page with advertising. If he visits a page with advertising from the same provider again, he will be recognized.

Google Analytics 4

This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which can be used to analyze the use of websites.

When using Google Analytics 4, so-called “cookies” are used as standard. Cookies are text files that are stored on your end device and enable your use of a website to be analyzed. The information collected by cookies about your use of the website (including the IP address transmitted by your end device, shortened by the last digits, see below) is usually transmitted to a Google server, where it is stored and processed.

This may also result in information being transmitted to the servers of Google LLC based in the USA and further processing of the information there.

When using Google Analytics 4, the IP address transmitted by your end device when you use the website is always collected and processed automatically and only in anonymized form by default, so that the information collected cannot be directly linked to a person. This automatic anonymization is carried out by shortening the IP address transmitted by your terminal device by Google within member states of the European Union (EU) or other signatory states to the Agreement on the European Economic Area (EEA) by the last digits.

Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activity and usage behavior and to provide us with other services relating to your website activity and internet usage. The abbreviated IP address transmitted by your device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for 2 months and then deleted.

Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the use of third-party information via a special function, the so-called “demographic characteristics”. This makes it possible to determine and differentiate between user groups of the website for the purpose of target group-optimized marketing measures. However, data collected via the “demographic characteristics” cannot be assigned to a specific person and therefore not to you personally. This data collected via the “demographic characteristics” function is stored for two months and then deleted.

All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the terminal device you use to access the website, will only take place if you have given us permission to do so in accordance with Art. 6 para. 1 lit. a GDPR. 1 lit. a GDPR and § 25 para. 1 TTDSG have given your express consent. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the “cookie consent tool” provided on the website.

We have concluded a so-called order processing contract with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.

In order to ensure compliance with the European level of data protection, including in the event of any transfer of data from the EU or the EEA to the USA and possible further processing there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.

Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at:

https://policies.google.com/privacy?hl=de&gl=de and under

https://policies.google.com/technologies/partner-sites

Polyfill.io

On this website we use the “Polyfill.io” service of The Financial Times Ltd, Bracken House, 1 Friday Street, London, England, EC4M 9BT (hereinafter referred to as “Polyfill.io”).

Polyfill.io enables us to display content in the best possible quality even on older browser versions. When you load a website that uses Polyfill.io, your browser downloads all the necessary Polyfill.io files to display the website successfully or optimized in your browser. In order to provide the polyfills, the service receives certain technical information from your browser, including browser details, connection data (such as your IP address) and the URL of the website that made the request to the service. The information is used to determine which polyfills are required by your browser.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. The processing is based on our legitimate interest in enhancing your user experience and for the general optimization of our website.

You can prevent the collection and processing of your data by Polyfill.io by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these e.g. at noscript.net or ghostery.com).

You can find further information on the handling of transmitted data in the Polyfill.io privacy policy at https://polyfill.io/v3/privacy-policy/ (in English)

LottieFiles

On our website, we use the “LottieFiles” service of the provider Design Barn Inc, 407 California Avenue, Suite #2, Palo Alto, CA 94306, USA (hereinafter referred to as “LottieFiles”) to display animations.

A connection is established with the LottieFiles servers on which the animations are hosted. Your IP address may be transmitted to the Lottiefiles server for downloading.

The legal basis for the processing of the user’s personal data is our legitimate interest in a uniform and appealing presentation of our website for all website visitors and therefore Art. 6 para. 1 lit. f GDPR.

Further information about LottieFiles can be found at https://lottiefiles.com/ and in the LottieFiles Privacy Policy at https://lottiefiles.com/page/privacy-policy (in English)

Google Fonts

Google Fonts (https://fonts.google.com/ ). The web fonts are transferred to the browser cache when the page is called up so that they can be used for the display.

No cookies are stored on the website visitor’s computer when the page is accessed. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution in your browser or installing a script blocker in your browser. If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system’s default font.

The legal basis for the use of this web service is your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

For information about the Google Fonts privacy policy, please see: https://developers.google.com/fonts/faq#Privacy

General information about privacy can be found at the Google Privacy Centre: https://policies.google.com/privacy

Google Maps

This website uses the “Google Maps” service from Google to display maps or map sections and thus enables you to conveniently use the map function on the website. The Google Maps Geocoding API is used to determine and display locations. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under the section “Access data” is transmitted to Google. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button.

The legal basis for the use of Google Maps is your consent pursuant to Art. 6 para. 1 lit. a GDPRand § 25 para. 1 TTDSG. We have no knowledge of the storage period at Google and have no influence on it.

Further information on the purpose and scope of processing by the plug-in provider can be found in Google’s privacy policy. You can also find more information about your rights and choices to protect your privacy there: http://www.google.de/intl/de/policies/privacy

You can find more information about the Google Maps terms of use at https://www.google.com/intl/de_de/help/terms_maps.html

Gstatic

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.

The legal basis for the use of this web service is your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

You can prevent the collection and processing of your data by Gstatic by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled. For more information about how Google treats the information you provide, please see the Google Privacy Policy: https://policies.google.com/privacy

AWS CloudFront

We use AWS CloudFront to properly provide the content of our website. AWS CloudFront is a service of Amazon Web Services, Inc, P.O. Box 81226, Seattle, WA 98108-1226, USA which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Amazon Web Services, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of AWS CloudFront.

The legal basis for the aforementioned data processing and the use of the Content Delivery Network is based on our legitimate interests in accordance with Art. 6 para. 1 lit f GDPR, i.e. interest in the secure and efficient provision and optimization of our online offer.

The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. determined.

For more information about AWS and privacy, please visit https://aws.amazon.com/de/compliance/gdpr-center/ and at https://aws.amazon.com/de/privacy/

Unpkg

A web service of the company Npm, Inc, 1999 Harrison Street #1150, CA 94612 Oakland, USA (hereinafter referred to as “Unpkg”) is loaded on our website. We use unpkg as a content delivery network. The files integrated via Unpkg are open source and can therefore be viewed and checked at any time.

The integration takes place on the basis of Art. 6 para. 1 lit. f GDPR from the legitimate interest in enhancing our website and a technically secure, maintenance-free and efficient way of integrating external libraries and frameworks. Since Unpkg uses the hosting provider Cloudflare to provide the data, the requests sent to these servers may be stored for statistical or other usage purposes.

If you have activated Java Script in your browser and have not installed a Java Script blocker, your browser may transmit personal data to Unpkg.

You can prevent the collection and processing of your data by Unpkg by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

Weitere Informationen zum Handling der übertragenen Daten finden Sie in der Datenschutzerklärung von Unpkg unter https://www.npmjs.com/policies/privacy sowie unter https://www.unpkg.com/ und https://www.cloudflare.com/de-de/privacypolicy/

Bootstrap

On this website, we use a cloud solution on which so-called bootstrap files are located. The provider of this service is Stackpath LLC (MaxCDN and Highwinds Network Group), 2021 McKinney Ave. Suite 1100, Dallas, TX 75201, USA.

The service is used for the uniform presentation of our website in an appealing and modern design – in particular with regard to “Mobile Responsive Design”. For this we use the free and widely used library “Bootstrap”. Mobile responsive means that our website is also displayed uniformly for devices with a smaller resolution. Bootstrap also provides additional design functions: Animations, integrated fonts, forms, buttons, tables, navigation elements (menu), icons and much more.

In addition to our interests in a uniform presentation of our website and a more mobile-responsive design, regardless of the device from which you access our website, we have an interest in a free design of our website, also for efficiency and cost-saving reasons by integrating content from Bootstrap that is hosted on other servers (Content Delivery Networks – CDNs). These are our legitimate interests and the purposes of processing. The legal basis is therefore Art. 6 para. 1 lit. f DSGVO.

This library is not located on the servers of the host processing the order. As soon as you access our website, connections are automatically established to servers from which the specific files requested are then loaded. Regular log files are collected by the third party with every server connection. In addition, cookies may be stored on your end device, which may remain stored even after you leave our website or even end the browser session. Ultimately, the server owner could also keep statistics himself and track them for his own purposes.

Since MaxCDN and Highwinds Network Group are part of the Stackpath Group as a so-called Internet Service Provider and Stackpath has its servers distributed all over the world, it cannot be ruled out that your personal data will be stored and processed worldwide, including on servers in the USA. These could be countries where the level of data protection is not as high as within the European Union. Due to the possibly lower level of data protection in third countries, you may not be able to assert your data subject rights with these recipients, or only partially.

Furthermore, your data could be exposed to access by foreign authorities and legal remedies before courts and authorities abroad could be unsuccessful. There is no adequacy decision by the EU Commission within the meaning of Article 45 GDPR for the USA. Suitable guarantees within the meaning of Article 46 GDPR for data transfer are the EU standard data protection clauses used here. A copy of the standard data protection clauses approved by the EU Commission and relied on by Stackpath can be found at https://www.stackpath.com/legal/data-processing-addendum/ (in English)

JSDelivr CDN

This website uses a so-called “Content Delivery Network” (CDN) from jsDelivr.

A CDN is a service with the help of which the content of our online offer, in particular large media files such as graphics or scripts, are delivered faster with the help of regionally distributed servers connected via the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you are using must connect to the CDN servers. As a result, the latter becomes aware that our website has been accessed via your IP address.

The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our online offer in accordance with. Art. 6 para. 1 lit. f. GDPR.

Further information can be found in the jsDeliverr privacy policy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/ (in English)

Trustindex.io

On this website we use the service “Trustindex.io” of the provider Trustindex Ltd, Lechner Ödön Fasor 3 A/2/3, 1095 Budapest, Hungary (hereinafter referred to as “Trustindex”).

Trustindex collects reviews from third-party websites with which we are registered and embeds them on this website. Trustindex thus enables us to publish customer reviews from various review portals on our website for the purposes of direct advertising. The ratings are adopted unchanged from the third-party websites. The publication may include the date of your rating, your name (possibly also the company name, the company logo etc.) as well as your rating and the rating text.

The legal basis for the use of Trustindex is our legitimate interest in displaying direct advertising on our website – i.e. Art. 6 para. 1 lit. f GDPR in conjunction with Recital 47 p. 7 GDPR.

If you do not wish to have your review published, please let us know using the contact details provided in this privacy policy. Your rating will then be removed from our website immediately. However, you can only change your public rating via your own profile on the third-party website.

For more information about Trustindex.io, please see the terms of use and privacy policy at the following link: https://www.trustindex.io/terms-and-conditions-and-privacy-policy/ (in English)

Please also note the privacy policies of Facebook (Meta) and Google:

https://www.facebook.com/policy.php

https://policies.google.com/privacy?hl=de

Tripadvisor

This website integrates a Tripadvisor widget for displaying reviews. The provider is Tripadvisor LLC, 400 1st Avenue, Needham, MA 02494 USA.

To use the functions of the Tripadvisor widget, it is necessary to save your IP address. This information is usually transferred to a Tripadvisor server and stored there. The provider of this website has no influence on this data transmission.

The Tripadvisor widget is used in the interest of presenting the reviews of our hotel posted on Tripadvisor. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR represent.

For more information about how Tripadvisor uses user information, please see our privacy policy at https://tripadvisor.mediaroom.com/DE-privacy-policy-2019

Our social media presence

Data processing by social networks

We maintain publicly accessible profiles in social networks. The individual social networks used by us can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presence is designed to ensure the most comprehensive online presence possible. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both vis-à-vis the data controller and the data processor. us as well as towards the operator of the respective social media portal (e.g. Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as “Facebook”). According to Facebook, the data collected is also transferred to the USA and other third countries.

We have concluded an agreement with Facebook on joint processing (Controller Addendum).

This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement under the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings yourself in your user account. Click on the following link and log in:

https://www.facebook.com/settings?tab=ads

Please see Facebook’s privacy policy for details: https://www.facebook.com/about/privacy/

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Please see Instagram’s privacy policy for details on how they handle your personal information: https://help.instagram.com/519522125107875

Twitter

We have a profile on Twitter. The provider is Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Details on how they handle your personal data can be found in Twitter’s privacy policy:

https://twitter.com/de/privacy

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy:

https://policies.google.com/privacy?hl=de

TripAdvisor

We have a profile on TripAdvisor. The operator is Tripadvisor LLC, 400 1st Avenue, Needham, MA 02494 USA. Please see the TripAdvisor Privacy Policy for details on how we deal with your personal information: https://tripadvisor.mediaroom.com/de-privacy-policy

On this website we use the service “Trustindex.io” of the provider Trustindex Ltd, Lechner Ödön Fasor 3 A/2/3, 1095 Budapest, Hungary (hereinafter referred to as “Trustindex”).

Trustindex collects reviews from third-party websites with which we are registered and embeds them on this website. Trustindex thus enables us to publish customer reviews from various review portals on our website for the purposes of direct advertising. The ratings are adopted unchanged from the third-party websites. The publication may include the date of your rating, your name (possibly also the company name, the company logo etc.) as well as your rating and the rating text.

The legal basis for the use of Trustindex is our legitimate interest in displaying direct advertising on our website – i.e. Art. 6 para. 1 lit. f GDPR in conjunction with Recital 47 p. 7 GDPR.

If you do not wish to have your review published, please let us know using the contact details provided in this privacy policy. Your rating will then be removed from our website immediately. However, you can only change your public rating via your own profile on the third-party website.

For more information about Trustindex.io, please see the terms of use and privacy policy at the following link: https://www.trustindex.io/terms-and-conditions-and-privacy-policy/ (in English)

Please also note the privacy policies of Facebook (Meta) and Google:

https://www.facebook.com/policy.php

https://policies.google.com/privacy?hl=de

Name and address of the person responsible:

Little BIG Hotels Management GmbH

Bülowstraße 66
10783 Berlin
Tel.: +49 30 99 40 45 203
E-Mail: stay@littleBIGhotels.com

Geschäftsführer:
Lars Lindemann

Name und Anschrift des Datenschutzbeauftragten:

SHIELD GmbH

Martin Vogel
Ohlrattweg 5
25497 Prisdorf
Tel: +49 4101 80 50 600

E-mail: info@shield-datenschutz.de

Changes to the privacy policy

We reserve the right to change our data protection practices and this policy in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please note the current version date of the data protection declaration.

Berlin, Februar 2018