Data Protection of GlobalGuest

Name and address of the controller

GlobalGuest Germany GmbH & Co KG
Frankenwert 19, 2nd Floor
50667 Cologne
Germany
info@globalguest.de
+49 221 120 910

Foreword

GlobalGuest Germany GmbH & Co KG (hereinafter referred to as “GlobalGuest”) has created this Data Protection Declaration in order to emphasise its commitment to data protection. The Data Protection Declaration is set out below.

The protection of your privacy when using our website is very important to us. In the following, we will inform you which data we collect, process and use and what rights you have. Collection, processing and use of personal data. We respect your data protection rights, in particular your right to information regarding the data stored about you. You decide which personal data we receive and what we may process or use it for. Our employees are obliged to maintain confidentiality. The security precautions of our Internet presence correspond to the current state of the art.

This Data Protection Declaration (the “Data Protection Declaration”) explains how personal information is collected, processed and transmitted by GlobalGuest. This Data Protection Declaration applies to visitors and users of GlobalGuest's websites and other online services (each a “Website” and together our “Websites”). By visiting or using our websites, you consent to us collecting and processing information about you in accordance with this Data Protection Declaration to the extent permitted by applicable law, even if consent may not be required for all elements provided for in this Data Protection Declaration. For certain types of information or for certain types of processing, we may provide you with choices or ask for your further consent as to what information we may collect and how we may process it.

Third parties such as restaurants, exhibition companies and partner websites that you use in connection with our websites may also collect, use and process information about you. This Data Protection Declaration does not apply to such third parties or their services, and we are not responsible for how these third parties may use the information they collect. For information on the data protection practices of third parties, please contact them directly.

The use of our website is generally possible without providing personal data.

Overview

• Name and address of the controller
• Overview
• Collection and use of data
  • Server log files
    • Legal basis for data processing
    • Purpose of data processing
    • Duration of storage
    • Possibility of objection and erasure
• SSL or TLS encryption
• Use of cookies
  • Description and scope of data processing
  • Legal basis for data processing
  • Purpose of data processing
  • Duration of storage, objection and erasure options
• Information we collect
• How we use your information
• Automated messages
• Our role as data controller and data processor
• Storage
• How we share your information
• Information shared with restaurants and their affiliates
• Collection of personal data (reservation and enquiry forms)
• Scope of the processing of personal data
• Legal basis for the processing of personal data
• Data erasure and duration of storage
• Contact form and email contact
  • Description and scope of data processing
  • Legal basis for data processing
  • Purpose of data processing
  • Duration of storage
  • Possibility of objection and erasure
• Newsletter
  • Description and scope of data processing
  • Legal basis for data processing
  • Purpose of data processing
  • Duration of storage
  • Possibility of objection and erasure
• Use of external services
  • Use of Google Maps
  • Use of Google Fonts
  • Google reCAPTCHA
• Storage of anonymised user data - analysis services
  • Google Analytics
    • IP anonymisation
    • Browser plugin
    • Objecting to data collection
    • Data processing
• Use of social media
  • Facebook Share
  • Google+ and YouTube
  • Twitter
• Revocation of consent
• Security measures
• Right to information, rectification and restriction
• Changes to this Declaration

 

Collection and use of data

Server log files

All of our public websites are designed anonymously. Our provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

• Browser type/browser version
• Operating system used
• Referrer URL
• Host name of the computer making access
• Time of the server request

These data cannot be assigned to specific persons. These data are not merged with other data sources. We reserve the right to check these data retrospectively if we become aware of specific indications of unlawful use.

Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Possibility of objection and erasure

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line in your browser and the lock symbol in the address bar.

Use of cookies

Description and scope of data processing

Some webpages use so-called “cookies”. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR, if the user has given consent to this.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. This requires the browser to be recognised even after a page change.

We require cookies for the following applications:

• Session

The user data collected by technically necessary cookies is not used to create user profiles.

These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

Duration of storage, objection and erasure options

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be automated. If cookies are deactivated for our website, it may no longer be possible to use all its functions to their full extent.

Information we collect

Personal information. When you visit our websites, we may collect the following categories of personal information (”Personal Information”) that you provide to us: name; email address; postal address; telephone number (including your mobile number); billing information; demographic information; primary restaurant city; current and past restaurant reservation details; booking path; favourite restaurants; searches; restaurant pages visited; specific restaurant requests; dining out activity (e.g. frequency, restaurants, restaurant type, meal type, cancellations); restaurant preferences; account settings; passwords; contact information of people you add to or notify about your restaurant reservations through our websites; and other information you may send to our websites about yourself or others.

How we use your information

We may use your information for the following purposes (”Purposes”): to provide you with the services, offers and features offered on our websites and to fulfil your requests, such as to make reservations, pay for offers or otherwise notify you of your restaurant reservations; to communicate with you about your account or use of our websites, services, offers and/or features; to respond to or track your comments and questions and otherwise provide customer services; to send you special offers and other promotional communications; to operate and improve our websites, offerings, services and features; to personalise your experience on our websites; to provide information, services and offerings to our customers, including restaurants and their restaurant groups and restaurant affiliates; to protect against, detect and prevent fraudulent, unauthorised or illegal activities; to comply with our policies, procedures and legal obligations; and in any other way where you have given your consent and/or where we are required or permitted by applicable law.

If you do not provide us with certain information, we may not be able to fulfil the intended purpose of the data collection, such as responding to your requests or providing you with our websites.

Automated messages

In line with the above purposes, we may communicate with you via electronic messages, such as email, for example to send you information about our offers and services, including reservation and enquiry confirmations and updates, receipts, technical notices, updates, security alerts and support and administration messages. With your consent, where necessary, we may contact you in connection with the above purposes via your mobile phone number that you provide to us, via direct calls, automated and pre-recorded message calls and via SMS messages.

Our role as data controller and data processor

In general, we act as a controller of your information; however, under certain GlobalGuest programmes, restaurants may engage us to provide certain processing services with respect to information owned or controlled by the restaurant. We are not responsible for the use of the information by any restaurant that owns or is responsible for the information. To learn more about how a restaurant may use this information, you should read the restaurant’s own data protection declaration.

Storage

We will retain your information for the period necessary to fulfil the purposes outlined in this Data Protection Declaration and to comply with applicable law and internal company policies.

How we share your information

Information shared with restaurants and their affiliates

When you make a request through our websites or through a restaurant, such as a restaurant reservation, or if you are a guest of the person making the request, we automatically share certain categories of your information with the restaurant to facilitate said request. With regard to restaurant enquiries, this information may include the following: your name, profile, time and date of visit, number of people, telephone number, meal preference, guest information, any special requests, information or comments you (may) choose to submit and your email address. Your information will be communicated to the restaurant in the same way as if you were to contact the restaurant directly. If you provide a mobile phone number in connection with your enquiry, the restaurants can send you SMS messages in relation to your enquiry. Some restaurants also require you to provide your credit or debit card information to secure your reservation.

Collection of personal data (reservation and enquiry forms)

We only collect data via public websites for personal processing and use, e.g. when you make use of our enquiry forms, if you voluntarily decide to enter it and expressly declare your consent (e.g. by clicking on the check box or adding “Yes, I have read the Data Protection Declaration”). Your details,

• title,
• surname,
• first name,
• address,
• company address if applicable,
• private address,
• contact person with first name and surname,
• telephone No.,
• fax No.,
• email address,
• designated contact person,

and the respective information required for the purpose of your enquiry are necessary to us so we can prepare your desired hospitality offer in-house. In this case, these data will be stored by us.

Scope of the processing of personal data

We only process our users' personal data to the extent necessary to offer a functional website and provide our content and services. The processing of our users’ personal data takes place as standard only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Legal basis for the processing of personal data

• Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
• When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
• Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
• In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
• If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Data erasure and duration of storage

The personal data of the data subject will be deleted or restricted as soon as the purpose of storage no longer applies. Storage may continue beyond this if it has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be restricted or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Contact form and email contact

Description and scope of data processing

A contact form is available on our website and can be used to contact us electronically. If a user makes use of this option, the data entered in the input fields will be transmitted to us and stored. These data are:

• title,
• First name
• Surname
• Company
• Email address
• Message

The following data are also stored at the time the message is sent:

• IP address of the user
• Date and time of dispatch

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this Data Protection Declaration.

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

No data will be passed on to third parties in this context. The data are used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR, if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is engaged in with the end of concluding a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Purpose of data processing

The processing of the personal data from the input fields serves solely in order that we can process the contact. In the case of contact by email, this also constitutes a necessary and legitimate interest in the processing of the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input fields of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

Possibility of objection and erasure

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

We would like to point out that data transmission via the internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Newsletter

Description and scope of data processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input form is transmitted to us.

The following data are also collected during registration:

• IP address of the computer making the request
• Date and time of registration

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this Data Protection Declaration.

No data are passed on to third parties in connection with the data processing for sending newsletters. The data will be used exclusively for sending the newsletter.

Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR, if the user has given consent.

Purpose of data processing

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is generally deleted after a period of seven days.

Possibility of objection and erasure

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, you will find a corresponding link in every newsletter.

This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.

Use of external services

Use of Google Maps

This website uses the Google Maps product from Google Inc. By using this website, you consent to the collection, processing and use of the automatically collected data by Google Inc., its representatives and third parties. Users' personal data are deleted or anonymised after 14 months.

You can find the terms of use of Google Maps under “Terms of use of Google Maps”.

Use of Google Fonts

We use external fonts to improve the device-independent display of our website. These are provided by Google LLC. (”Google”) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Your browser retrieves fonts from Google servers in the USA. You transmit the following data to Google:

• The URL you requested
• Browser type/browser version
• Operating system used
• HTTP response code
• Referrer URL
• Host name of the computer making access
• IP address of the accessing computer
• Time of the server request

For more information on data storage and use, please refer to Google's privacy policy, which you can find at the following URL: www.google.com/policies/privacy/
Users' personal data are deleted or anonymised after 14 months. You can object to the storage of your data at any time by opting out. For this purpose, a cookie is set that instructs Google not to use or store your data: https://adssettings.google.com/authenticated .

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. To analyse this, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and spam.

Further information about Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Storage of anonymised user data - analysis services

Google Analytics

Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses “cookies”. These are small text files that your web browser stores on your end device that enable website usage to be analysed. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. The server location is usually the USA. Users' personal data are deleted or anonymised after 14 months.

Google Analytics cookies are set on the basis of Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in analysing user behaviour in order to optimise our website and advertising, where applicable.

IP anonymisation

We use Google Analytics in conjunction with the IP anonymisation function. It guarantees that Google will truncate your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmitting it to the USA. There may be exceptional cases in which Google transmits the full IP address to a server in the USA and truncates it there. Google will use this information on our behalf
to analyse your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.

Browser plugin

The setting of cookies by your web browser can be prevented. However, some functions of our website may be restricted as a result. You can also prevent the collection of data relating to your website use, including your IP address and subsequent processing by Google. You can do this by downloading and installing the browser plug-in, available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent the collection of your data on future visits to our website: Deactivate Google Analytics.

Details on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data processing

We have concluded a data processing contract with Google in order to fully fulfil the statutory data protection requirements.

Use of social services

A plugin called Addthis is used on GlobalGuest. By using Addthis, you can share pages from the website via your user account on social networks and other communication platforms (so-called “share” function).

The provider of Addthis is Oracle America, Inc. (“Oracle”) located at 500 Oracle Parkway, Redwood Shores, CA 94065, USA. Oracle has been certified in accordance with the EU-US Privacy Shield to ensure an appropriate level of data protection. You can find a corresponding register entry under the following link https://www.privacyshield.gov/participant?id=a2zt00000000181AAA&status=Active. You can find more information on the handling of your data when using Addthis in Oracle's data protection information at the following link http://www.addthis.com/privacy.

If you do not want social networks to assign the data collected via our website directly to your social network account, you must log out of the respective networks before visiting our website. 

Facebook sharing

You can support our page via the "Facebook Share" button. When you access our website, code is loaded from the server of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

Your browser establishes a direct connection to the Facebook server and data are automatically transmitted to Facebook in the background. The data include connection data such as your IP address, date and time, the URL called up, and also the browser and operating system used and system settings. If you have a Facebook cookie (e.g. from previous contacts with the Facebook server) on your PC or if you are logged in to Facebook when the buttons are called up, account information is transmitted that enables Facebook to identify your profile and thus you directly and to associate it with your visit to our site. If you click on the button, further data will be transmitted to the service and saved to your profile. Clicking on Share will trigger a message for you on Facebook. You can determine which users receive this message via the privacy settings of your Facebook profile. Facebook alone decides for what purposes and to what extent data are processed and used on its servers.

You can find more information about data processing by Facebook on the Facebook data usage policy page https://www.facebook.com/about/privacy/. Information on the functionality of the plugins is provided by Facebook at https://developers.facebook.com/docs/plugins/.

If you do not want Facebook to receive these data in the future, you must log out of Facebook before visiting our website, delete all Facebook cookies and block the storage of Facebook cookies in your browser. Please note that the abovementioned connection data will continue to be transmitted to Facebook.

Google+ and YouTube

You can support our site via the “g +1” button (Google+) and the “Youtube” button. When you access our website, code is loaded from the server of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Your browser establishes a direct connection to the Google server and data are automatically transmitted to Google in the background. The data includes connection data such as your IP address, date and time, the URL called up, browser and operating system and system settings. If you have a Google cookie or a YouTube cookie (e.g. from previous contacts with the Google server or the YouTube server) on your PC or if you are logged in to Google or YouTube when the buttons are called up, account information is transmitted that enables Google to identify your profile and thus you directly and to associate it with your visit to our site. If you click on the respective button, further data will be transmitted to the service and saved to your profile. You can use your profile settings to determine which users receive this message. Google alone decides for what purposes and to what extent data are processed and used on its servers.

You can find more information about data processing by Google in the privacy policy for Google https://support.google.com/plus/answer/1319578?hl=de. Information on the function of the +1 button can be found at https://support.google.com/plus/answer/1047397?rd=1.

If you do not want Google to receive these data in the future, you must log out of Google and YouTube before visiting our website, delete all Google and YouTube cookies and block the storage of Google and YouTube cookies in your browser. Please note that connection data will continue to be transmitted to Google.

Twitter

You can support our site via the “Twitter” button. When you visit our website, code is loaded from the server of Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”).

Your browser establishes a direct connection to the Twitter server and data are automatically transmitted to Twitter in the background. The data includes connection data such as your IP address, date and time, the URL called up, browser and operating system and system settings. If you have a Twitter cookie (e.g. from previous contacts with the Twitter server) on your PC or if you are logged in to Twitter when the buttons are called up, account information is transmitted that enables Twitter to identify your profile and thus you directly and to associate it with your visit to our site. If you click on the button, further data will be transmitted to the service and saved to your profile. You can use your profile settings to determine which users can see this message. Twitter alone decides for what purposes and to what extent data are processed and used on its servers.

You can find more information about data processing by Twitter in the privacy policy https://twitter.com/privacy.

If you do not want Twitter to receive these data in the future, you must log out of Twitter before visiting our website, delete all Twitter cookies and block the storage of Twitter cookies in your browser. Please note that connection data will continue to be transmitted to Twitter.

Revocation of consent

If we wish to collect, process or transfer personal data for purposes other than those mentioned above, we will first obtain your express and voluntary consent. The use of our offer will not be dependent on the granting of your consent, insofar as this is legally and technically possible.

Once you have given your consent to the further use of your personal data, you can revoke it at any time with effect for the future. Please send your cancellation to info@globalguest.de.

Security measures

GlobalGuest has taken specific organisational and technical security measures to protect your personal data. The security measures correspond to the state of the art and are continuously adapted to new developments.

If data are collected for the initiation or execution of a contractual relationship, communication with us is encrypted in accordance with the state of the art in order to prevent misuse by third parties.

Right to information, rectification and restriction

If you have any further questions or comments about our data protection principles, you can contact us at any time.

You are also entitled to information at any time as to whether and what personal data we have stored about you. At your request, the information can also be provided electronically. You have the right to have unauthorised data erased/restricted or incorrect data corrected. We will be happy to provide you with information on this at any time on request. You can contact us at any time at the address of the website operator given in the legal notice if you have further questions on the subject of personal data.

Links to other websites

Our online offer contains links to other websites. This Data Protection Declaration does not extend to other providers. We have no influence on whether their operators comply with data protection regulations.

Changes to this declaration

GlobalGuest reserves the right to amend or supplement this Data Protection Declaration at any time and without giving reasons. Users will be informed of changes to the data protection declaration via our website or by email.

 

As of: May 2018