Maritim newsletter data protection provisions in accordance with Article 12 et seq of the GDPR
We are delighted to see that you are interested in the Maritim newsletter. The information below will outline how your personal data is processed in the context of the newsletter.
The ‘controller’, within the meaning of the General Data Protection Regulation (GDPR) and the data protection laws of other member states as well as other data protection regulations, is:
Maritim Hotelgesellschaft mbH
Herforder Strasse 2
32105 Bad Salzuflen
Germany
Phone: +49 (0)5222 9530
info.vkd@maritim.de
www.maritim.de
You can find more information about our company, details of authorised representatives and other ways to contact us at: www.maritim.com/en/imprint
Subscribing to the Maritim newsletter
In order to send you the Maritim newsletter, we need your first and last name as well as your email address. If you indicate your travel interests to us by ticking the appropriate boxes, we will be able to provide you with personalised offers. Participation is voluntary and you can revoke it at any time with future effect.
Description and scope of data processing
When you subscribe to our newsletter, the following data from the input mask is transmitted to us:
- E-mail address
- Title, first and last name
- Information about your travel interests – if you have selected this (this information is submitted voluntarily)
The following data is also collected when you subscribe:
- The retrieving computer’s IP address
- The date and time of subscription
- The data collected is required for sending the Maritim newsletter.
The following data is collected when a newsletter is opened:
- Delivery information (opened, out-of-office agent or undeliverable)
- Time of opening
- Click behaviour
- IP address of the accessing computer
- Information about the browser and your system
- Type of accessing computer (PC, tablet or smartphone)
- Unsubscribing from the newsletter
The information is used to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. This information can therefore be assigned to individual email addresses and is therefore also used to improve the content and technical aspects of our services. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this data protection notice.
We use the so-called "double opt-in" procedure to register your consent and to prevent misuse of your data.
Therefore, after you subscribe, you will receive an email in which you will be asked to confirm your subscription. Your data will only be processed in our newsletter software after you have confirmed your subscription via this email. This process ensures that you genuinely want to receive the Maritim newsletter.
Your subscription is logged in order to be able to prove the subscription process has taken place in accordance with the legal requirements. This includes logging the time of registration and confirmation as well as the IP address. Changes to your saved data are also logged.
The data collected will be used exclusively for the purposes of sending you the Maritim newsletter and will not be passed on to third parties. The data processing is carried out using our service provider TravelClick Inc.’s web-based software. TravelClick Inc. is located at 55 W 46th Street, 27th Floor, New York, NY 10036, USA. This service provider was carefully selected by the Maritim Hotelgesellschaft.
In order to ensure that data processing takes place in an authorised manner, a processing contract as well as the EU’s standard data protection clauses have been agreed in accordance with data protection requirements.
The e-mail newsletter is sent on the basis of your consent in accordance with Art. 6 para. 1 (a), Art. 7 GDPR. The use of the service provider TravelClick, the performance of statistical surveys and analyses and the logging of the registration process are based on our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests, such as direct advertising, and meets the expectations of users.
Within our company, only those persons and departments receive your personal data that need it to fulfil our contractual and legal obligations or the above-mentioned purposes. We also use an external service provider to implement our email marketing. A corresponding order processing contract has been concluded with this service provider.
Your data will be stored as long as your newsletter subscription remains active.
Upon receipt of the declaration of revocation, the data will be deleted immediately if there are no legal retention periods (e.g. tax code (Abgabenordnung), turnover tax law (Umsatzsteuergesetz) usually 8 to 10 years) preventing this and the revocation is effective. The effectiveness of the data processing carried out up until the revocation of consent remains unaffected.
You can cancel your subscription to the newsletter at any time.
If we use your personal data for direct advertising, you can object to this at any time for the future by notifying us in accordance with Art. 21 GDPR.
Please notify us of this by calling us freephone on +49 (0)800 66 44 873 or by e-mail to widerspruch@maritim.de. You shall incur no other costs beyond the basic cost of transmission. For this purpose, the above information can be found in every newsletter.
If your personal data is processed, you are data subject within the meaning of the GDPR and you have the following rights in relation to the controller:
1. Right to information
You shall have the right to obtain confirmation from the controller as to whether or not personal data concerning you is being processed, and, where that is the case, the right to request the following information about the personal data:
1. the purposes for which the personal data is being processed
2. the categories of personal data that are processed
3. the recipients, or the categories of recipients, to whom the personal data relating to you has been, or will be, disclosed
4. the envisaged period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
5. the existence of a right to request from the controller rectification or erasure of your personal data or to restrict the processing of your personal data or to object to this processing
6. the right to lodge a complaint with a supervisory authority
7. where the personal data is not collected from the data subject, any available information as to its source
8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Right to rectification
You have a right to rectification and/or completion from the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must make the correction immediately.
3. Right to restriction of processing
Under the following conditions, you can request that the processing of your personal data be restricted if:
1. you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead
3. the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or
4. you have objected to processing pursuant to Article 21(1) GDPR pending the verification as to whether the legitimate grounds of the controller override your grounds.
Where the processing of personal data relating to you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been obtained according to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Obligation to erase
You have the right to request that the controller erase the personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
1. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
2. you withdraw the consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
3. you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. The personal data relating to you has been unlawfully processed.
5. the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
6. the personal data has been collected in relation to the offer of information society services as referred to in Article 8(1) GDPR.
b) Information provided to third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
c) Exceptions
The right to deletion does not exist if processing is necessary
1. for exercising the right of freedom of expression and information
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise or defence of legal claims.
5. Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or deletion of the data or restriction of processing, unless this turns out to be impossible or involves disproportionate effort. You have the right to be informed about these recipients by the controller.
6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR; and
2. the processing is carried out by automated means.
In exercising this right, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of other parties must not be affected by this.
The right to data portability shall not apply to the processing of data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Should you object to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to lodge a complaint with a supervisory authority
If you have any further questions about the protection of your personal data, this data protection declaration, declarations of consent that have been issued as well as the processing of your personal data or complaints about data protection, you can contact our data protection officer. You can reach them at the above postal address or by sending an e-mail to datenschutz@maritim.de.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority.
Supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)
Kavalleriestrasse 2-4
40213 Düsseldorf
Germany
Phone: +49 (0)211 384240
Fax: +49 (0)211 3842410
poststelle@ldi.nrw.de
More information about data protection can be found at www.maritim.com/en/data-protection