Book now
MENU

Data protection

PRIVACY POLICY

The protection of your personal data is very important to us. We would therefore like to take this opportunity to inform you about data protection in our company. Your personal data will only be used in accordance with the statutory data protection regulations, such as the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG). Our employees and service providers are obliged to comply with data protection regulations. Below you will find information on the type, scope and purpose of the collection and use of your personal data as well as your rights.

Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is

"Cantinetta Popolare" at the Pullman Stuttgart Fontana
Vollmoellerstrasse 5
70563 Stuttgart
Germany

Phone: +49 (0)711 73 00
Fax: +49 (0)711 73 025 25
E-Mail: h5425@accor.com

Company: Hotels by HR Stuttgart GmbH
Registered office of the company: Berlin
Register court: Local court Berlin-Charlottenburg
Reg. no.: HRB 146577B
VAT ID No.: DE 286 112 837
Managing directors: Robert K. Kennedy, Jörg Beginen

The company "Hotels by HR Stuttgart GmbH" is an affiliated company of the HR Group in accordance with Section 15 AktG.

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

You can contact the data protection officer here and assert your rights as a data subject: h5425@accor.com

General information on the privacy policy

Scope of the processing of personal data

We only process our users' personal data insofar as this is necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.

Legal basis for the processing of personal data

  • ConsentArt. 6 para. 1 sentence 1 lit. a GDPR - if the data subject has given their consent.
  • Performance of a contractArt. 6 para. 1 sentence 1 lit. b GDPR - if the processing is necessary for the performance of a contract.
  • Legal obligationArt. 6 para. 1 sentence 1 lit. c GDPR - if the processing is necessary to fulfill a legal obligation.
  • Vital interestsArt. 6 para. 1 sentence 1 lit. d GDPR - if processing is necessary to protect vital interests.
  • Legitimate interestArt. 6 para. 1 sentence 1 lit. f GDPR - if processing is necessary for the purposes of the legitimate interests pursued, except where such interests are overridden by the interests or fundamental rights of the data subject.

Data erasure and storage duration

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Personal data collected in connection with reservations, whether by telephone, online or by email, will be deleted or blocked after 6 months. Data will only be stored beyond this period if this is required by European or national law. The data will also be deleted if a legally prescribed storage period expires, unless further storage is necessary to fulfill a contract.

Protecting privacy in telecommunications and digital services

The Telecommunications Digital Services Data Protection Act (TDDDG) codifies the principles previously established by case law on consent to the storage of information on end devices and regulates the legality of access to existing information. Insofar as consent within the meaning of Art. 6 para. 1 GDPR is mentioned as the legal basis in the context of the processing listed in this privacy policy, this also constitutes consent within the meaning of Section 25 para. 1 TDDDG. If no consent is required for the processing of the information, for example because access to information already stored in the end user's terminal equipment is absolutely necessary so that the controller can provide you with a digital service such as the website, Art. 25 para. 2 TDDDG must also be mentioned as the legal basis.

Rights of the data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information (Art. 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this data.

Right to rectification (Art. 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to request immediate correction or completion of the personal data.

Right to erasure ("right to be forgotten") (Art. 17 GDPR)

If one of the reasons listed in Art. 17 GDPR applies, you have the right to demand that your personal data be deleted immediately.

Right to restriction of processing (Art. 18 GDPR)

If one of the conditions listed in Art. 28 GDPR is met, you have the right to request that the processing of your personal data be restricted.

Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.

Right to object to certain data processing (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

You can send your objection to the following e-mail address: h5425@accor.com.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

E-mail contact

Description and scope of data processing

You can contact us via the e-mail address provided on our website. We regularly use this to receive your contact details for reservations or other inquiries. In this case, the personal data transmitted with the e-mail will be stored. The data is used exclusively for processing the conversation.

Purpose of data processing

The processing of the data serves to process the contact and the associated communication.

Legal basis for data processing

The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to process and respond to your request. If you also provide us with personal health data, such as food intolerances, your consent is required in accordance with Art. 9 para. 2 lit. a GDPR in conjunction with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. a GDPR is the legal basis. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation has ended and the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Possibility of objection/revocation

If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case. If you have transmitted personal data on the basis of your voluntary consent, you can revoke this at any time. In this case, data will also be deleted immediately.

Online reservation

Description and scope of data processing

An online reservation request is possible on our website. We use this to record your contact details for the reservation, save them and use the data provided to contact you and confirm your reservation. We also process any additional information that you provide to us via the reservation form. The data is used exclusively for processing the reservation and is deleted or blocked after 6 months.

Purpose of data processing

The processing of the data serves to process the contact and the associated communication.

Legal basis for data processing

The legal basis for the processing of the data transmitted in the course of the online reservation request is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you also provide us with personal health data, such as food intolerances, your consent is required in accordance with Art. 9 para. 2 lit. a GDPR in conjunction with Art. 6 para. 1 lit. a GDPR. Art. 6 para. 1 lit. a GDPR is the legal basis. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent via the online reservation request, this is the case if the reservation has been made and there is no legitimate interest in further storage or if it is not subject to any statutory storage obligations.

Possibility of revocation

You can revoke your consent at any time.

Reservation by telephone

Description and scope of data processing

You can make reservation requests by telephone. In this case, we process your telephone number, your name and other reservation details. We will also process any additional information you provide us with. The data will be used exclusively for processing the reservation and will be deleted or blocked after 6 months.

Purpose of data processing

The processing of the data serves to process the contact and the associated communication.

Legal basis for data processing

The legal basis for the processing of data transmitted in the course of telephone reservations is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you provide personal health data, such as food intolerances, then your consent pursuant to Art. 9 para. 2 lit. a GDPR in conjunction with Art. 6 para. 1 lit. a GDPR is the legal basis. Art. 6 para. 1 lit. a GDPR is the legal basis. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the personal data sent via the telephone reservation if the reservation has been made and there is no legitimate interest in further storage or if it is not subject to any statutory storage obligations.

Possibility of revocation

You can revoke your consent at any time.

Hosting

The website is hosted on servers of a service provider commissioned by us.

Our service provider is:

Kinsta Inc.
8605 Santa Monica Blvd #92581
West Hollywood,
90069 California
USA

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Websites that are accessed by the user's system via our website
  • Date and time of the server request
  • IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

The website server is geographically located in Germany. As a result, no data is transferred to the USA and an appropriate level of data protection is guaranteed for data processing.

Further information on the processing of data by Kinsta Inc. can be found here: https://kinsta.com/legal/privacy-policy/

Cookies and other tracking technologies

What are cookies?

Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognize preferences and target content according to areas of interest.

There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that do not operate the website you are visiting.

The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 lit. a) GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 lit. f) GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionalities, to measure reach and - with your consent - to tailor our services to your preferred areas of interest. We use both transient cookies and persistent cookies for this purpose.

Manage cookies

You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do this via the settings in your Internet browser.

Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Information on providers based in third countries

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.

Google Analytics

Scope of the processing of personal data

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). Google Analytics analyzes, among other things, the origin of visitors, the time they spend on individual pages and the use of search engines, thus enabling better monitoring of the success of advertising campaigns. Google places a cookie on your computer. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data from advertising partners (in particular pseudonymized user IDs).

We use Google Analytics (Universal Analytics) to evaluate your use of our online presence, to compile reports on your activities and to use other Google services associated with the use of our online presence and the Internet. We have requested the anonymization of IP addresses, whereby Google shortens your IP address as soon as technically possible. However, it cannot be ruled out that your data will be transmitted to the servers of Google LLC based in the USA. On behalf of the operator of this online presence, Google will use this information to evaluate your use of the online presence, to compile reports on the activities of the online presence and to provide other services related to the use of the online presence and internet usage to the operator of the online presence.

Further information on the processing of data by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=de

Purpose of data processing

We use Google Analytics (Universal Analytics) to analyze the use of our online presence and to display targeted advertising to people who have already shown an initial interest by visiting our website.

Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG.

Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or until you exercise your right of withdrawal.

Possibility of revocation

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online presence (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de

You can use the following link to deactivate the use of your personal data by Google: https://adssettings.google.de

Further information on objection and removal options vis-à-vis Google can be found at https://policies.google.com/privacy?gl=DE&hl=de

Google Tag Manager

Scope of data processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). With Google Tag Manager, tags from Google and third-party services can be managed and embedded in a bundle on an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behaviour, to record the impact of online advertising and social channels, to use remarketing and targeting and to test and optimize online presences. When a user visits the online presence, the current tag configuration is sent to the user's browser. It contains instructions on which tags should be triggered. Google Tag Manager triggers other tags, which in turn may collect data. Information on this can be found in the sections on the use of the corresponding services in this privacy policy. Google Tag Manager does not access this data.

You can find more information about Google Tag Manager at https://www.google.com/intl/de/tagmanager/faq.html and in Google's privacy policy: https://policies.google.com/privacy?hl=de

Purpose of data processing

The purpose of processing personal data is to collect and clearly manage and efficiently integrate the services of third-party providers.

Legal basis for data processing

The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG.

Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. Advertising data in server logs is anonymized by Google deleting parts of the IP address and cookie information after 9 and 18 months respectively.

Google Webfonts

Scope of the processing of personal data

We use Google Web Fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). The web fonts are transferred to the browser's cache when the page is called up in order to be able to use them for the visually improved display of various information. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor's computer when the page is accessed. Data that is transmitted in connection with the page view is transferred to resource-specific domains such as https://fonts.googleapis.com or https://fonts.gstatic.com are sent. This allows personal data to be stored and analyzed, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and operating system).

The data will not be associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. Further information on the processing of data by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=de

Purpose of data processing

The use of Google Web Fonts serves the purpose of an appealing presentation of our texts. If your browser does not support this function, a standard font will be used by your computer for display.

Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG.

Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law (e.g. for tax and accounting purposes).

Possibility of objection and removal

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can use the following link to deactivate the use of your personal data by Google: https://adssettings.google.de

Further information on objection and removal options vis-à-vis Google can be found at https://policies.google.com/privacy?gl=DE&hl=de.

Wordfence Security

Scope of the processing of personal data

We use Font Awesome from the US company Defiant Inc (1120 N. 1st St., Suite 200, San Jose, CA 95112, USA) on our website. When you visit our website, Wordfence Security stores a cookie on your end device to save the language setting you have selected. This allows personal data to be stored and analyzed, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular the IP address and operating system).
Further information on the collection and storage of data by Defiant/Wordfence can be found here: https://www.wordfence.com/privacy-policy/

Purpose of data processing of personal data

Wordfence Security is used to increase the security of our website. The plugin analyzes traffic in real time, detects and blocks potential threats, protects against malware and improves overall security.

Legal basis for the processing of personal data

The legal basis for the described data processing is the legitimate interest, Art. 6 para. 1 sentence 1 lit. f GDPR, § 25 para. 2 no. 2 TDDDG. This legitimate interest arises from our efforts to ensure the security of our website. Wordfence protects our website from external attacks and malware. The tool therefore increases both our website and your security when visiting and using our website.

Duration of storage

Defiant Inc. stores cookies on your end device. Information on the storage duration of cookies can be found at https://www.wordfence.com/privacy-policy/

Possibility of objection and removal

You can prevent the collection and processing of your personal data by Defiant Inc. by preventing the storage of third-party cookies on your computer, by using the "Do Not Track" function of a supporting browser, by deactivating the execution of script code in your browser or by using a script blocker such as NoScript (www.noscript.net) or Ghostery (www.ghostery.com) in your browser.

You can find more information on data processing by Defiant Inc. in the privacy policy at https://www.wordfence.com/privacy-policy/.

Company appearances

We offer information about events related to the HR Group on our website. We also use the possibility of company appearances on social and professional networks for communication and the exchange of information with (potential) customers.

The publications on the company websites may contain information on services, advertising and information on customer contact.

We maintain a company presence on the following social/professional networks:

  • Facebook and Instagram: Meta Platforms Ireland Limited - Dublin, Ireland

If you carry out an action on one of our company websites (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your personal data by the companies jointly responsible for the corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. Further information on objection and removal options vis-à-vis the providers of the social/professional networks can be found here: