Privacy
little BIG hotels
little BIG hotels
We are pleased that you are visiting our website and thank you for your interest in our hotels. The protection of personal data is important to us. Therefore, the processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is carried out in accordance with the applicable European and national legislation.
If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.
Your declaration of consent(en) you can of course at any timewith effect for the future. Please contact the responsible persons. The Contact detailscan be found at the bottom of this privacy policy.
This privacy policy applies to little BIG hotels Berlin Brandenburg GmbH (hereinafter referred to as “we”, “us” , etc.).
The above companies wish to inform the public of the nature, extent and purpose of the personal data they process. In addition, this privacy statement informs data subjects of their rights.
Our data protection declaration is based on the terms used by the European legislator for the adoption of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms , among others, in this privacy policy and on our website: Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject ” or ” affected person”). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified. The data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for processing. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as any such operation or set of operations which is performed upon personal data , such as collection collection, organization, structuring, storage, adaptation or alteration storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction. Restriction of processing is the marking of stored personal data with the aim of restricting their future processing. Profiling is any type of automated processing of personal data that consists of that this personal data is used to evaluate certain personal aspects relating to a natural person, in particularto analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability interests, reliability, behavior, location or movements of that natural person. Pseudonymization is the processing of personal data in a manner in such a way that the personal data can no longer be attributed to a specific data canno longer be attributed to a specific data subject, provided that this additional information is kept separately and is and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person. The person responsible or the person responsible for the processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for under Union or may be provided for under Union law or the law of the Member States. Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the institution or other body which processes personal data on behalf of the controller. Recipient is a natural or legal person, public authority, agency or other body to which the personal data are disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients. A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor. Consent is any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they consent to the processing of their personal data is.
Right to confirmation: Each data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation , he or she he or she may contact the controller at any time. Right of access: Any person affected by the processing of personal data has the right to information free of charge at any time from the data controller about the personal data stored personal data stored about him/her and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:
Furthermore, the data subject has the right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transmission. If a data subject wishes to avail himself of this right of access, he or she he or she may contact the controller at any time. Right to rectification: Any person affected by the processing of personal data has the right to to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – including by means of a supplementary declaration. If a data subject wishes to exercise this right to rectification, he or she he or she may contact the controller at any time. Right to erasure (right to be forgotten): Any person affected by the processing of personal data has the right to obtainfrom the controller that the personal data concerning them be deleted immediately, if one of the following reasons applies and insofar as the processing is not necessary:
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time, contact the controller; The data subject’s request for deletion will then be complied with immediately. If the personal data have been made public by us and our company is responsible pursuant to Art. 17 para. Where we have made the personal data public and are obliged pursuant to Article 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required; Der für die Verarbeitung Verantwortliche dann wird im Einzelfall das Notwendige veranlassen. Recht auf Einschränkung der Verarbeitung: Jede von der Verarbeitung personenbezogener Daten betroffene Person hat das Recht, von dem Verantwortlichen die Einschränkung der Verarbeitung zu verlangen, wenn eine der folgenden Voraussetzungen gegeben ist:
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by us, he or she may at any time contact the controller. The restriction of processing will then be initiated immediately. Right to data portability: Any person affected by the processing of personal data has the right to the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising their right to data portability in accordance with Art. 20 Para. 1 GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. In order to assert the right to data portability , the data data subject may at any time contact the controller. Right to object: Any person affected by the processing of personal data has the right, for reasons, arising from his or her particular situation, to object at any time to the processing of personal data concerning him or her which is based on Art. 6 para. 1 lit. e GDPR or Art. 6 para. 1 lit. f GDPR takes place, to file an objection. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR; 1 GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest. To exercise the right to object, the data subject can contact the person responsible for processing directly. The data subject is also free to in connection with the use of information society services , notwithstanding Directive 2002/58/EC, to exercisetheir right to object by automated means using technical specifications. Automated decisions in individual cases including profiling: Any person affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing – processing – including profiling – that is based solely on automated processing, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision:
If the decision is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or if the decision is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she he or she may contact the controller at any time. Right to withdraw consent under data protection law: Any person affected by the processing of personal data has the right to to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise his or her right to withdraw consent, he or she he or she may contact the controller at any time. Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy , every data subject shall have the right to judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to him personal data concerning them infringes this Regulation. A list of the state data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html The data protection supervisory authority responsible for us is Berlin Commissioner for Data Protection and Freedom of Information Alt-Moabit 59-61 10555 Berlin Tel.+49 30 138 89 0 E-Mail: mailbox@datenschutz-berlin.de
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is required to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
The person responsible for the processing processes (in this sense also: stores) personal data of the data subject only for the period necessary to achieve the storage purpose or if this is permitted by the European directives and regulations or another legislator in laws or regulations, to which the controller is subject, has been provided. If the storage purpose no longer applies or if a storage period prescribed by the European directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
The person responsible for processing collects and processes the personal data of applicants for the purpose of handling the application process. The processing can also be done electronically. This is particularly the case if an applicant sends the relevant application documents electronically, for example by email, to the person responsible for processing. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the person responsible for processing. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Video surveillance is a particularly intensive form of personal data processing. Almost everyone feels uncomfortable when they are under video surveillance. This is also referred to as “monitoring pressure”. Not being exposed to this pressure is almost a basic human need. However, another human need is the desire for security. Individuals and communities, but also inanimate things such as objects and systems, benefit greatly from an environment that is free of security risks or dangers. Video surveillance is subject to strict data protection regulations for good reasons. On the other hand, the security interests of the person responsible must also be assessed fairly. This is because these interests are often not limited to the person responsible alone. Employees, interested parties, suppliers, customers, tenants, guests, visitors, etc. may also have a need for security, which can be satisfied by the appropriate and sensible use of video surveillance. Even if some of the following information has already been already mentioned elsewhere in this data protection declaration, we would like to list all information in this text section, as you can also find in a downstream video sign (information sheet according to Art. 13 GDPR) can be found: Name and contact details of the controller and , if applicable his representative: To be found at the bottom of this privacy policy. Contact details of the data protection officer: To be found at the bottom of this privacy policy Purposes and legal basis of data processing: Investigation and detection of criminal offenses and other security-relevant events. Art. 6 para. 1 lit. f EU General Data Protection Regulation. Legitimate interests pursued: Safety of employees, suppliers, guests, visitors , etc. Protection of property, exercise of domiciliary rights. Storage duration or criteria for determining the duration: Image data is usually deleted from our properties after 72 hours at the latest, provided that the purpose of storage has ceased to exist at this time. In doing so, we are following a recommendation of the independent data protection authorities of the federal and state governments (Data Protection Conference – DSK). According to the DSK’s reasoning, a storage period of 72 hours allows the data controller to regularly pursue its security interests while at the same time safeguarding the legitimate interests of the data subjects. If necessary, a special monitoring purpose may justify longer storage. However, this must be duly justified. Recipients or categories of recipients of the data (if data transfer takes place): The controller will not transfer the personal data to a third country or an international organization. Information on the rights of data subjects See also the section “Rights of the data subject ” at the top of this privacy policy. In summary, the following applies to video surveillance: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being whether personal data concerning him or her are being processed; If this is the case, they have a right to information about this personal data and to the information listed in Art. 15 GDPR in detail . The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and, if necessary the completion of incomplete personal data (Art. 16 GDPR). The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure). The data subject shall have the right to obtain from the controller to obtain restriction of processing where one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has objected to the processing, for the duration of the examination by the controller. The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her to file an objection. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR). Without prejudice to any other administrative or judicial remedy , every data subject shall have the right to lodge a judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority if the data subject is of the opinion that the processing of personal data concerning him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State in which he or she is resident, of his or her habitual residence, place of work or place of the alleged infringement. The competent supervisory authority in Berlin is Berlin Commissioner for Data Protection and Freedom of Information Alt-Moabit 59-61 10555 Berlin Tel.: +49 30 138 89 0 E-Mail: mailbox@datenschutz-berlin.de
The Companies take a number of technical and organisational measures to protect your personal data against accidental or unlawful deletion, alteration or loss and against unauthorised disclosure or access. Nevertheless, internet-based data transmissions, for example, can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us in alternative ways, for example by telephone.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line. If encryption is activated, the data you transmit to us cannot be read by third parties.
Our website collects a series of general data and information each time the website is accessed by a data subject or an automated system. These general data and information are stored in the server’s log files. The following can be recorded:
When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to:
This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject. This data is not merged with other data sources. This data is collected on the basis of Art. 6 Para; 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.
If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data (name, request), for the purpose of processing your request. We do not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
The data subject has the option of registering for data transmission via forms on the controller’s website by providing personal data. Which personal data is transmitted to the data controller is determined by the respective input mask used for the entries. The personal data entered by the data subject are collected and stored exclusively for internal use by the person responsible for processing and for their own purposes. Data transmission from forms is always encrypted. The person responsible for processing can arrange for the transfer to be made to one or more processors (e.g. a parcel service provider), who also use the personal data exclusively for internal use attributable to the person responsible for processing. When data is transmitted on the controller’s website, the IP address assigned by the data subject’s Internet service provider (ISP), the date and time of the transmission are also stored. This data is stored against the background that this is the only way to prevent misuse of the services offered and, if necessary, to enable criminal offenses and copyright infringements to be investigated. In this respect, the storage of this data is necessary to protect the person responsible for processing. A transfer of this data to third parties does not take place unless there is a legal obligation to transfer or the transfer is used for criminal or legal prosecution. The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to these users. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
We use the OnePageBooking service of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin for online room reservations. Clicking on the “BOOK NOW” button opens a browser window which redirects you to the OnePageBooking website. If you would like to book a room with us, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your booking. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. The data is entered into an input mask and transmitted to us and stored. Data is also passed on to the relevant payment service providers. Data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect the payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are: the respective delivery/shipping company (forwarding of name and address), debt collection companies if the payment has to be collected (forwarding of name, address, order details), payment institutions for the purpose of collecting receivables if you have selected direct debit as the payment method and payment service providers – depending on the payment method selected. The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR. There is an order processing contract between us and HotelNetSolutions GmbH. The mandatory data collected is required to fulfill the contract with the user (for the purpose of providing the goods or services and confirming the content of the contract). We therefore use the data to answer your inquiries, to process your booking, to check your creditworthiness or to collect a debt and for the technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offenses. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. However, we restrict processing after 6 years, i.e. your data will only be used to comply with legal obligations. If there is a continuing obligation between us and the user, we will store the data for the entire term of the contract and for a period of 10 years thereafter (see above). With regard to the data provided voluntarily, we will delete the data 6 years after execution of the contract, unless another contract is concluded with the user during this time; in this case, the data will be deleted 6 years after execution of the last contract. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller’s database. With regard to the voluntary data, you can declare your revocation to the controller at any time. In this case, the voluntary data will be deleted immediately. Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/
This website contains links to other websites (so-called external links). As a provider, we are responsible for our own content in accordance with the applicable European and national legislation. A distinction must be made between this own content and links to content provided by other providers. We have no influence on whether the operators of other websites comply with the applicable European and national legal provisions. Please inform yourself about the data protection declarations provided on the respective website.
needs, we use cookies. Cookies are small text files that are sent from a web server to your browser as soon as you visit a website and saved locally on your device (PC, notebook, tablet, smartphone, etc.) Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID; A cookie ID is a unique identifier for the cookie. It consists of a character string through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognized and identified via the unique cookie ID. This information is used to automatically recognize you when you visit the website again with the same device and to make navigation easier for you. You can also consent to or reject cookies – including for web tracking – via your web browser settings. You can configure your browser in such a way that the acceptance of cookies is refused in principle or you are informed in advance if a cookie is to be saved. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (for example via “delete browser data”). This is possible in all common web browsers. You can findfurther information on this in the operating instructions or in the settings of your browser. First-party cookies: First-party cookies refer to permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word “party” refers to the domain from which the cookie originates. In contrast to third-party cookies, first-party cookies usually originate from the website operator itself. They are therefore not accessible by browsers across domains. For example, website A assigns a cookie A, which is not recognized by website B, but can only be recognized by website A. This means that data cannot be passed on to third parties. Third-party cookies: With a third-party cookie , the cookie is set and recorded by a third party. These cookies are mostly used by advertisers who use the cookies to collect information about the website visitor via their advertising placements on other websites. These are data records that are stored in the user’s web browser when they visit a page with advertising. If he visits a page with advertising from the same provider again, he will be recognized.
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which can be used to analyze the use of websites. When using Google Analytics 4, so-called “cookies” are used as standard. Cookies are text files that are stored on your end device and enable your use of a website to be analyzed. The information collected by cookies about your use of the website (including the IP address transmitted by your end device, shortened by the last digits, see below) is usually transmitted to a Google server, where it is stored and processed. This may also result in information being transmitted to the servers of Google LLC based in the USA and further processing of the information there. When using Google Analytics 4, the IP address transmitted by your end device when you use the website is always collected and processed automatically and only in anonymized form by default, so that the information collected cannot be directly linked to a person. This automatic anonymization is carried out by shortening the IP address transmitted by your terminal device by Google within member states of the European Union (EU) or other signatory states to the Agreement on the European Economic Area (EEA) by the last digits. Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activity and usage behavior and to provide us with other services relating to your website activity and internet usage. The abbreviated IP address transmitted by your device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for 2 months and then deleted. Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the use of third-party information via a special function, the so-called “demographic characteristics”. This makes it possible to determine and differentiate between user groups of the website for the purpose of target group-optimized marketing measures. However, data collected via the “demographic characteristics” cannot be assigned to a specific person and therefore not to you personally. This data collected via the “demographic characteristics” function is stored for two months and then deleted. All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the terminal device you use to access the website, will only take place if you have given us permission to do so in accordance with Art. 6 para. 1 lit. a GDPR. 1 lit. a GDPR and § 25 para. 1 TTDSG have given your express consent. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the “cookie consent tool” provided on the website. We have concluded a so-called order processing contract with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties. In order to ensure compliance with the European level of data protection, including in the event of any transfer of data from the EU or the EEA to the USA and possible further processing there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google. Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at https://policies.google.com/privacy?hl=degl=de and at https://policies.google.com/technologies/partner-sites
On this website, we use the “Polyfill.io” service provided by The Financial Times Ltd, Bracken House, 1 Friday Street, London, England, EC4M 9BT (hereinafter referred to as “Polyfill.io”). Polyfill.io enables us to display content in the best possible quality even on older browser versions. When you load a website that uses Polyfill.io, your browser downloads all the necessary Polyfill.io files to display the website successfully or optimized in your browser. In order to provide the polyfills, the service receives certain technical information from your browser, including browser details, connection data (such as your IP address) and the URL of the website that made the request to the service. The information is used to determine which polyfills are required by your browser. The legal basis for this processing is Art. 6(1)(f) GDPR. The processing is based on our legitimate interest in enhancing your user experience and for the general optimization of our website. You can prevent the collection and processing of your data by Polyfill.io by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these at noscript.net or ghostery.com, for example). You can find further information on the handling of transferred data in Polyfill.io’s privacy policy at https://polyfill.io/v3/privacy-policy/
Google Fonts (https://fonts.) are used to visually improve the presentation of various information on this website.google.com/ ) are used. The web fonts are transferred to the browser cache when the page is called up so that they can be used for the display. No cookies are stored on the website visitor’s computer when the page is accessed. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution in your browser or installing a script blocker in your browser. If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system’s default font. The legal basis for the use of this web service is your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Information on the data protection conditions of Google Fonts can be found at https://developers.google.com/fonts/faq#Privacy General information on data protection can be found in the Google Privacy Center at https://policies.google.com/privacy
This website uses the “Google Maps” service from Google to display maps or map sections and thus enables you to conveniently use the map function on the website. The Google Maps Geocoding API is used to determine and display locations. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under the section “Access data” is transmitted to Google. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. The legal basis for the use of Google Maps is your consent pursuant to Art. 6 para. 1 lit. a GDPRand § 25 para. 1 TTDSG. We have no knowledge of the storage period at Google and have no influence on it. Further information on the purpose and scope of processing by the plug-in provider can be found in Google’s privacy policy. There you will also receive further information on your rights in this regard rights and settings options to protect your privacy: http://www.google.com/intl/en/policies/privacy Further information on the Google Maps terms of use can be found at: https://www.google.com/intl/de_de/help/terms_maps.html
A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic. The legal basis for the use of this web service is your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can prevent the collection and processing of your data by Gstatic by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser. The data will be deleted as soon as the purpose for which it was collected has been fulfilled. For more information about how Google treats the information you provide, please see the Google Privacy Policy: https://policies.google.com/privacy
We use AWS CloudFront to properly provide the content of our website. AWS CloudFront is a service of Amazon Web Services, Inc, P.O. Box 81226, Seattle, WA 98108-1226, USA which acts as a Content Delivery Network (CDN) on our website. A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Amazon Web Services, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of AWS CloudFront. The legal basis for the aforementioned data processing and the use of the Content Delivery Network is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, i.e. interest in the secure and efficient provision and optimization of our online offer. The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. Further information on AWS and data protection can be found at https://aws.amazon.com/de/compliance/gdpr-center/ and at https://aws.amazon.com/de/privacy/
Our website uses a web service of the company Npm, Inc, 1999 Harrison Street #1150, CA 94612 Oakland, USA (hereinafter referred to as “Unpkg”) . We use unpkg as a content delivery network. The files integrated via Unpkg are open source and can therefore be viewed and checked at any time. The integration takes place on the basis of Art. 6 para. 1 lit. f DSGVO from the legitimate interest in a enhancement of our website and a technically secure maintenance-free and efficient way to integrate external libraries and frameworks. Since Unpkg uses the hosting provider Cloudflare to provide the data, it is possible that the requests sent to these servers may be stored for statistical or other usage purposes. If you have activated Java Script in your browser and have not installed a Java Script blocker , your browser may transmit personal data to Unpkg. transmitpersonal data to Unpkg. You can prevent the collection and processing of your data by Unpkg, by deactivating the execution of script code in your browser or installing a script blocker in your browser. Further information on the handling of transferred data can be found in Unpkg ‘s privacy policy at https://www.npmjs.com/policies/privacy and at https://www.unpkg.com/ and https://www.cloudflare.com/de-de/privacypolicy/
On this website, we use a cloud solution on which so-called bootstrap files are located. The provider of this service is Stackpath LLC (MaxCDN and Highwinds Network Group), 2021 McKinney Ave. Suite 1100, Dallas, TX 75201, USA. The service is used for the uniform presentation of our website in an appealing and modern design – in particular with regard to “Mobile Responsive Design”. For this we use the free and widely used library “Bootstrap”. Mobile responsive means that our website is also displayed uniformly for devices with a smaller resolution. Bootstrap also provides additional design functions: Animations, integrated fonts, forms, buttons, tables, navigation elements (menu), icons and much more. In addition to our interests in a uniform presentation of our website and a more mobile-responsive design, regardless of the device from which you access our website, we have an interest in a free design of our website, also for efficiency and cost-saving reasons by integrating content from Bootstrap that is hosted on other servers (Content Delivery Networks – CDNs). These are our legitimate interests and the purposes of processing. The legal basis is therefore Art. 6 para. 1 lit. f GDPR. This library is not located on the servers of the host processing the order. As soon as you access our website, connections are automatically established to servers from which the specific files requested are then loaded. Regular log files are collected by the third party with every server connection. In addition, cookies may be stored on your end device, which may remain stored even after you leave our website or even end the browser session. Ultimately, the server owner could also keep statistics himself and track them for his own purposes. Since MaxCDN and Highwinds Network Group are part of the Stackpath Group as a so-called Internet Service Provider and Stackpath has its servers distributed all over the world, it cannot be ruled out that your personal data will be stored and processed worldwide, including on servers in the USA. These could be countries where the level of data protection is not as high as within the European Union. Due to the possibly lower level of data protection in third countries, you may not be able to assert your data subject rights with these recipients, or only partially. Furthermore, your data could be exposed to access by foreign authorities and legal remedies before courts and authorities abroad could be unsuccessful. There is no adequacy decision by the EU Commission within the meaning of Article 45 GDPR for the USA. Suitable guarantees within the meaning of Article 46 GDPR for data transfer are the EU standard data protection clauses used here. A copy of the standard data protection clauses approved by the EU Commission and relied on by Stackpath can be found at https://www.stackpath.com/legal/data-processing-addendum/ (in English)
This website uses a so-called “Content Delivery Network” (CDN) from jsDelivr. A CDN is a service with the help of which the content of our online offer, in particular large media files such as graphics or scripts, are delivered faster with the help of regionally distributed servers connected via the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN. For this purpose, the browser you are using must connect to the CDN servers. As a result, the latter becomes aware that our website has been accessed via your IP address. The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our online offer in accordance with. Art. 6 para. 1 lit. f. GDPR. Further information can be found in the jsDeliverr privacy policy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/ (in English)
On this website we use the “Trustindex.io” service of the provider Trustindex Ltd, Lechner Ödön Fasor 3 A/2/3, 1095 Budapest, Hungary (hereinafter referred to as “Trustindex”). Trustindex collects reviews from third-party websites with which we are registered and embeds them on this website. Trustindex thus enables us to publish customer reviews from various review portals on our website for the purposes of direct advertising. The reviews are taken over unchanged from the third-party websites. The publication may include the date of your review, your name (possibly also the company name, company logo, etc.) as well as your review and the review text. The legal basis for the use of Trustindex is our legitimate interest in displaying direct advertising on our website – i.e. Art. 6 para. 1 lit. f GDPR in conjunction with Recital 47 p. 7 GDPR. If you do not want your review to be published, please let us know using the contact options provided in this privacy policy. Your review will then be removed from our website immediately. However, you can only change your public rating via your own profile on the third-party website. Further information about Trustindex.io can be found in the terms of use and privacy policy at the following link: https://www.trustindex.io/terms-and-conditions-and-privacy-policy/ Please also note the privacy policies of Facebook (Meta) and Google: https://www.facebook.com/policy.php https://policies.google.com/privacy?hl=de
This website integrates a Tripadvisor widget for displaying reviews. The provider is Tripadvisor LLC, 400 1st Avenue, Needham, MA 02494 USA. To use the functions of the Tripadvisor widget, it is necessary to save your IP address. This information is usually transferred to a Tripadvisor server and stored there. The provider of this website has no influence on this data transmission. The Tripadvisor widget is used in the interest of presenting the reviews of our hotel posted on Tripadvisor. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR represent. For more information about how Tripadvisor uses user information, please see our privacy policy at https://tripadvisor.mediaroom.com/DE-privacy-policy-2019
Data processing by social networks We maintain publicly accessible profiles in social networks. The individual social networks used by us can be found below. Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in. Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details , please refer to the terms of use and data protection provisions of the respective social media portals. Legal basis Our social media presences are intended to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR). Controller and assertion of rights If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social mediaplatform for the data processing operations triggered during this visit . You can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both vis-à-vis the data controller and the data processor. us as well as towards the operator of the respective social media portal (e.g. Facebook). Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the company policy of the respective provider. Storage period The data collected directly by us via the social mediapresence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details on this , please contact directly from the operators of the social networks (e.g. e.g. in their privacy policy, see below). Facebook We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as “Facebook”). According to Facebook, the data collected is also transferred to the USA and other third countries. We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum You can adjust your advertising settings yourself in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads Details can be found in Facebook ‘s privacy policy: https://www.facebook.com/about/privacy/ Instagram We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data , please refer to Instagram ‘s privacy policy: https://help.instagram.com/519522125107875 Twitter We have a profile on Twitter. The provider is Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Details on how they handle your personal data can be found in Twitter ‘s privacy policy: https://twitter.com/en/privacy YouTube We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube ‘s privacy policy: https://policies.google.com/privacy?hl=de TripAdvisor We have a profile on TripAdvisor. The operator is Tripadvisor LLC, 400 1st Avenue, Needham, MA 02494 USA. Please see the TripAdvisor Privacy Policy for details on how we deal with your personal information: https://tripadvisor.mediaroom.com/de-privacy-policy
On this website we use the “Trustindex.io” service of the provider Trustindex Ltd, Lechner Ödön Fasor 3 A/2/3, 1095 Budapest, Hungary (hereinafter referred to as “Trustindex”). Trustindex collects reviews from third-party websites with which we are registered and embeds them on this website. Trustindex thus enables us to publish customer reviews from various review portals on our website for the purposes of direct advertising. The reviews are taken over unchanged from the third-party websites. The publication may include the date of your review, your name (possibly also the company name, company logo, etc.) as well as your review and the review text. The legal basis for the use of Trustindex is our legitimate interest in displaying direct advertising on our website – i.e. Art. 6 para. 1 lit. f GDPR in conjunction with Recital 47 p. 7 GDPR. If you do not want your review to be published, please let us know using the contact options provided in this privacy policy. Your review will then be removed from our website immediately. However, you can only change your public rating via your own profile on the third-party website. Further information about Trustindex.io can be found in the terms of use and privacy policy at the following link: https://www.trustindex.io/terms-and-conditions-and-privacy-policy/ Please also note the privacy policies of Facebook (Meta) and Google: https://www.facebook.com/policy.php https://policies.google.com/privacy?hl=de
little BIG hotels Berlin Brandenburg GmbH
Bülowstraße 66
10783 Berlin
Phone: +49 30 99 40 45 203
E-Mail: stay@littleBIGhotels.com
CEO:
Maarten van Dongen
SHIELD GmbH
Martin Vogel
Ohlrattweg 5
25497 Prisdorf
Tel.: +49 4101 80 50 600
E-mail: info@shield-datenschutz.de
We reserve the right to change our data protection practices and this policy in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please note the current version date of the data protection declaration. Berlin, Februar 2018