Privacy Policy

of Pandox Berlin GmbH c/o Hotel Berlin, Berlin, Lützowplatz 17, 10785 Berlin

We appreciate your interest in our company and our services and want you to feel secure when visiting our website, also with regard to the protection of your personal data.

We take the protection of personal data very seriously. Therefore, compliance with the provisions of the EU General Data Protection Regulation (GDPR) and other relevant data protection laws is a matter of course for us. We want you to know when we collect which data and how we use it. We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by external service providers.

Who is responsible?

Pandox Berlin GmbH c/o Hotel Berlin, Berlin
Lützowplatz 17
10785 Berlin

Commercial register number. HRB 96069

Tel: +49 30 2605 0
email: info@hotel-berlin.de

Who is our Data Protection Officer?

Cranium Belgium BV
Excelsiorlaan 43/3
1930 Zaventem
Belgium

Email: dpo-extern@mediaan.com

What personal data do we collect and for what purpose?

1. the following data is collected by us when you make an online booking:

- Your first and last name and, if applicable, title,
- Your address and e-mail address,
- Your order transactions (date and content of the order, value of goods),
- Your credit card details.

You can provide the following additional data voluntarily:

- Your telephone number.

This data will be deleted by us when you delete your profile.

The legal basis for data processing is Art. 6 para. 1 lit. b EU GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

It is not necessary to create an account to use our online services. You can also place orders and send us inquiries as a guest. In this case, you must enter your data again for each new transaction.

2. data processing through the use of cookies

Our website uses cookies. These are text files that are stored on your computer in order to track visitor preferences and optimize our website accordingly.

On the one hand, we use transient cookies. These are automatically deleted when you close the browser. These include session cookies in particular. They store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.

We also use persistent cookies. These are valid for one year and can be deleted at any time via your browser.

To prevent cookies from being saved, "Do not accept cookies" must be selected in the browser settings. If cookies are not accepted by the browser, the functionality of the website may be limited.

This stored information is stored separately from any other data you may have provided to us. In particular, the cookie data is not linked to your other data.

The legal basis for data processing is Art. 6 para. 1 lit. f EU GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).

3. data processing when using our general contact form

If you contact us via our website, we will process the following information in order to respond appropriately to your request:

- Date and time of the request,
- Your first and last name and, if applicable, title,
- Your e-mail address and telephone number,
- Request text,

We cannot process your request without this data.

You can provide the following additional data voluntarily:

 - Your telephone number and address.

The data will be deleted as soon as it is no longer required for processing your request.

The legal basis for data processing is Art. 6 para. 1 lit. f EU GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data), insofar as your request is processed for the purpose of explaining our services and our company.

If your request is made in preparation for the conclusion of a contract, the legal basis is Art. 6 para. 1 lit. b EU GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

4. DialogShift chat application on our website

Our website uses the chat application of DialogShift GmbH, Rheinsberger Str. 76/77, 10115 Berlin. This application processes and stores data for the purpose of web analysis, operating the chat application and responding to inquiries.
To operate the chat function, the chat texts are saved and a cookie with a unique ID is set - this is used to recognize you as a customer.

A cookie is a small text file that is stored locally in the cache on your device. With the help of this cookie, our application recognizes the device and can call up past chat logs. This cookie is stored for 90 days since it was last used.  You can deactivate the storage of cookies in your browser settings. However, the chat function cannot be executed without the use of cookies.

The possible disclosure of e.g. name, e-mail address or a telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact. This personal data will be deleted after 90 days.
The legal basis for data processing is Art. 6 para. 1 lit. a GDPR on the basis of your consent in the consent banner. This helps us to provide effective customer support, statistically analyze user behavior and optimize our offers.

DialogShift offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://www.dialogshift.com/datenschutz

5. data processing for online applications via third-party providers

You can send your applications for our job advertisements or unsolicited applications via our Connectoor application contact form. We process the following data for this purpose:

- Date and time of the request,
- Your first and last name and, if applicable, title,
- Your e-mail address and telephone number,
- Request text,
- Your profession/education and year of graduation, possible starting date.

We cannot process your request without this data.

You can provide the following additional data voluntarily:

- your address,
- your date of birth,
- your salary expectations,
- attachments (e.g. application documents).

If this is necessary for our decision-making and for contacting you, we will ask you separately. The data will be processed to check your application prospects and to select an applicant.

The legal basis for data processing is Art. 6 para. 1 lit. b EU GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

We will automatically delete your data after three months from the date of the decision on the award of the position, unless you assert a claim under the AGG on the basis of the decision (in this case, the deletion will take place after the conclusion of the proceedings on your claim).

Should you be considered for a subsequent job offer, we will only delete your data after two years from the date of sending if you give us your consent to do so. You can revoke this consent at a later date with effect for the future. The consequence of such a revocation is that you will have to resubmit your data for the subsequent call for applications if you wish to apply again. You will not suffer any other disadvantages (in particular in the selection of the applicant) as a result of this withdrawal.

What anonymous data do we collect and for what purpose?

When you visit our website, our web servers automatically store the data that your browser transmits to enable you to visit the website and to inform you about our range of services and our company. These are

- the name of your internet service provider,
- the website from which you visit us, as well as the date and time of your visit,
- the amount of data transferred in each case,
- your browser, the language and version of the browser software, as well as your IP address.

operating system and its interface.

We evaluate this technical data anonymously and solely for statistical purposes in order to optimize our website and make our internet offers even more attractive. This anonymous data is stored separately from personal information on secure systems and does not allow any conclusions to be drawn about an individual person.

What generally applies to all cases of data processing?

Data will not be transferred to third parties. We would like to point out that we can only delete your data after the expiry of a statutory retention obligation, if such an obligation exists. This applies accordingly to any retention obligation arising from a contract with you.

How do we back up your data?

We have implemented technical and organizational security measures to protect your data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

Our employees and any third parties processing data are obliged to maintain confidentiality.

Right to information and right of withdrawal

In accordance with the EU GDPR, you have the right to request information from us at any time as to whether personal data relating to you is stored by us. You also have the following rights in relation to this stored data:

- the right of access to stored data (Art. 15 EU GDPR),
- the right to rectification of inaccurate data (Art. 16 EU GDPR),
- the right to erasure of data (Art. 17 EU GDPR),
- the right to restriction of processing of data (Art. 18 EU GDPR),
- the right to object to unreasonable data processing (Art. 21 EU GDPR) and
- the right to data portability (Art. 20 EU GDPR).

If you have given your consent to the use of data, you can revoke this at any time with effect for the future.

Please send all requests for information, information requests or objections to data processing by e-mail to info@hotel-berlin.de, to the postal address stated in the imprint or via our contact form under the "Data protection" button.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the EU GDPR (Art. 77 EU GDPR).

Children and young people

Persons under the age of 18 may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect it and do not pass it on to third parties.

Further information

Information pursuant to Art. 13 para. 2 lit. e EU GDPR:  The provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide personal data. Please refer to the section "What personal data do we collect and for what purpose?" for the possible consequences of not providing personal data for the respective data processing operation.

Changes to our privacy policy

We reserve the right to change our data protection measures if this becomes necessary due to technical developments or changes in legislation or case law. In such cases, we will also adapt our privacy policy accordingly. Please therefore note the current version of our privacy policy.