Information pursuant to Article 13 et seq. of the General Data Protection Regulation (GDPR)

for guests, business partners and beOne members

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), national data protection legislation and all other applicable laws. This website contains the following data protection information pursuant to Article 13 et seq. GDPR:

 

I. Contact information of our data protection officer

II. Information pursuant to Article 13 et seq. GDPR for guests and business partners

III. Information pursuant to Article 13 et seq. GDPR for beOne customers

IV. Information pursuant to Article 13 et seq. GDPR during digital check-in

 

I. Contact information of our data protection officer

 

For any questions relating to data protection issues, please contact our data protection officer at:

KINAST Rechtsanwaltsgesellschaft mbH

Hohenzollernring 54

50672 Cologne, Germany

E-Mail: mail@kinast.eu

 

II. Information pursuant to Article 13 et seq. GDPR for guests and business partners

 

The following data protection information applies to the data processing of Motel One and The Cloud One hotels when providing contractually agreed services to guests and business partners.

 

1. Controller responsible for data processing

Your contractual partner is responsible for data processing.

 

2. Legal basis for data processing

2.1. Performance of contractual obligations

Motel One and The Cloud One hotels collect, process and use personal data for the purpose of executing an existing business relationship with you, including the communication required for this purpose, in particular for the provision of contractually agreed services, the processing of payment transactions and invoicing. The controller processes personal data on the basis of Art. 6(1)(b) GDPR. Data may be processed provided that this is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.

 

2.2. Legitimate interests

The controller also processes personal data on the basis of Art. 6(1)(f) GDPR insofar as this is necessary to protect their own legitimate interests or those of a third party and insofar as the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not take precedence. This applies in particular to the prevention and investigation of criminal offences as well as for the purposes of corporate management, internal communication and other administration.

 

2.3. Consent

In addition to the above, the controller processes personal data on the basis of Article 6(1)(a) GDPR if contractual partners have given their consent to the processing of their personal data for one or more specific purposes. Consent is given voluntarily and may be revoked at any time.

 

2.4. Statutory obligations

An obligation to provide personal data pursuant to Article 6(1)(c) GDPR may arise from statutory obligations to which we are subject, such as tax laws, the Federal Act on Registration and other obligations under public law.

 

3. Origin of the data

In general, we receive your personal data from you or from contractual partners, service providers and clients with whom we have concluded corresponding data protection agreements. In certain situations, your personal data may also be collected by other offices on the basis of legal provisions. These include, in particular, event-related queries about tax-relevant information at the responsible tax office.

 

4. Categories of personal data processed

The categories of personal data processed include, in particular, the following data or categories of data:

 

When booking:

  • • Personal details (First name, surname, additional names, date of birth, nationality, passport and/or personal ID number);
  • • Number of persons travelling in your group, your nationality, passport number;
  • • Reason for stay (business/personal);
  • • Name and address of employer;
  • • Contact information (private address, telephone number, email address) that results from the use of the IT systems;
  • • Bank account information;
  • • Identifying financial data;
  • • Overnight stays with associated turnover.
  • • For quality management, marketing, security and other similar purposes:
  • • Recording of telephone calls for quality and training purposes.
  • • Video recordings captured by surveillance cameras in public areas such as hallways and lobbies of our buildings.

 

5. Categories of recipients of personal data

Within the company of the controller, only people and offices (e.g. specialist departments) receive your personal data who need it to fulfil our services and legal obligations. Under certain circumstances, certain data is transferred to all associated companies if the data processing function is performed centrally for all associated companies. In addition, in order to fulfil their contractual and legal obligations, the controller sometimes makes use of various service providers with whom – depending on the particular situation – an agreement on contractual processing has also been concluded in accordance with the requirements of Articles 28 and 29 GDPR. The controller may also transfer your personal data to other recipients outside the company, insofar as this is necessary to fulfil their legal obligations as the controller (Federal Act on Registration, tax and duty laws, etc.). These may be, for example:

 

  • • Local authorities, municipalities, cities;
  • • Tax authorities, courts, banks (SEPA payment medium);
  • • Offices, in order to be able to pay out capital-forming payments;
  • • Insolvency managers in the case of individual bankruptcy.

 

6. Duration of data retention

After termination of a contractual relationship, personal data is stored for as long as the controller is legally obliged to do so pursuant to Article 17 GDPR. Such obligations often include legal requirements to provide evidence and to keep records under commercial and tax law. The retention periods under these are up to ten years. Furthermore, personal data may also be stored for the time period when claims against the controller could be made. After the obligation has ceased to exist or these periods have expired, the data is routinely blocked or deleted in accordance with the legal requirements.

 

7. Rights of data subjects

Data subjects can request information on the personal data stored about them from the above-mentioned address. In particular circumstances, data subjects can also request the correction or deletion of their data. Data subjects are also entitled to the restriction of the processing of their data and to the release of their data in a structured, current and machine-readable format. Furthermore, data subjects have the right to withdraw any consent they have given. Data subjects may file a complaint with the data protection officer or a supervisory authority if they believe that the processing of their personal data violates the GDPR.

 

Pursuant to Article 21(1) GDPR, the processing of data may be objected to on grounds relating to the particular situation of the data subject at the above address. The data subject has the right to object to the processing of their personal data for the purposes of direct advertising, without giving reasons. If the controller processes the data in order to protect legitimate interests, the data subject may object to such processing on the basis of their individual situation. The controller will then no longer process the data subject’s personal data unless they can prove compelling legitimate reasons for the processing that outweigh the data subject’s interests, rights and freedoms or the processing serves to enforce, exercise or defend legal claims.

 

Data subjects can assert their rights at privacy@motel-one.de or privacy@the-cloud-one.com.

 

III. Information pursuant to Article 13 et seq. GDPR for beOne customers

The following data protection information applies in particular to the processing of personal data of customers of the beOne Membership Programme.

 

1. Controller responsible for data processing

The controller responsible for data processing is:

Motel One GmbH

Tegernseer Landstraße 165

81539 Munich, Germany

Tel: + 49 (0)89 / 665025-0

Fax: +49 (0)89 / 665025-50

 

Internet: www.motel-one.com and www.the-cloud-one.com

E-Mail: privacy@motel-one.com and privacy@the-cloud-one.com

 

2. Purpose and legal basis of data processing

Motel One GmbH processes your personal data in order to run the beOne membership programme in the context of bookings. Your personal data is also processed in order to send you regular information about news, campaigns and offers related to hotels and travel by email, text, WhatsApp and other electronic media. In addition, personal data is processed in order to place advertisements in a targeted manner on our websites and on social media platforms.

 

Personal data is processed based on your declaration of consent (see above), which you provided in accordance with Art. 6(1)(a) GDPR when registering for the beOne membership programme. Processing of personal data is also necessary in order to execute our contract with you via the beOne membership programme pursuant to Article 6(1)(b) GDPR. In addition, the data processing is necessary in order to safeguard legitimate interests pursuant to Article 6(1)(f) GDPR.

 

3. Categories of personal data

Specifically, we process the personal data you provide when you register for the beOne membership programme. This includes the following categories of data:

  • • Title
  • • Address
  • • Name
  • • Email address
  • • Password
  • • Phone number
  • • Street and house number
  • • Postcode
  • • Town/city
  • • Country
  • • Birthday

 

We also collect and process your booking data that was provided in the context of previous bookings at Motel One hotels.

 

In collaboration with our partner m3 connect, we also offer beOne members the opportunity to take advantage of the beConnected service, whereby you log into our hotel wifi once with a device (laptop, smartphone, tablet, etc.) and then have permanent wifi access (over multiple stays) with this device. Your MAC address is processed by m3 connect and can be assigned to your beOne account by us.

 

4. Recipients of personal data

The aforementioned categories of personal data are transferred to the databases of the various companies in order to process bookings. An overview of the companies can be found here..

 

Your personal data will not be transferred to third parties.

 

5. Transfer of personal data to third countries

Within the context of the transfer of personal data to the national databases, personal data will also be transferred to the new hotel location in New York, US. For this purpose, the current EU decision on standard contractual clauses dated 04.06.2021 was concluded in accordance with Art. 46(2) (c) GDPR. The EU decision on standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN

 

6. Duration of storage

Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed. This applies if you personally delete your beOne profile.

 

Your personal data will also be deleted if you withdraw your consent to the processing. The data will not be deleted if such deletion is in conflict with statutory retention periods.

 

7. Rights of data subjects

You are also entitled to the data subject rights pursuant to II.7 (ggf. in die obigen Datenschutzhinweise zu den Betroffenenrechten verlinken) with regard to the data processing within the framework of the beOne Membership Programme.

 

Data subjects can assert their rights at privacy@motel-one.com or privacy@the-cloud-one.com.

 

IV. Information pursuant to Article 13 et seq. GDPR during digital check-in


The following data protection information applies in particular to the processing of personal data during digital check-in.

 

1. Controller responsible for data processing

The controller responsible for data processing is:

 

Motel One GmbH

Tegernseer Landstraße 165

81539 Munich, Germany

Tel: + 49 (0)89 / 665025-0

Fax: +49 (0)89 / 665025-50

 

Internet: www.motel-one.com and www.the-cloud-one.com

E-Mail: privacy@motel-one.com and privacy@the-cloud-one.com

 

2. Purpose and legal basis of data processing

Motel One GmbH processes your personal data in order to facilitate digital check-in.

 

This processing is based on your consent to data processing during digital check-in procedures in accordance with Article 6(1)(a) GDPR. Processing of personal data is also necessary in order to execute our contract with you pursuant to Article 6(1)(b) GDPR.

 

3. Categories of personal data

We specifically process the following personal data for digital check-in:

 

  • • Name and surname
  • • Gender
  • • Street and house number
  • • Place of residence
  • • Email
  • • Phone number
  • • Data regarding your visit (e.g. duration, costs)
  • • Other personal data (nationality, passport number, etc.) recorded via the registration form in accordance with Section 30(2) of the Federal Registration Act

 

If you use our digital check-in service, the personal data already stored in our SIHOT reservation system will also be used for digital check-in. During digital check-in, you have the option of supplementing the data in the profile created for this purpose with personal data regarding your visit to a Motel One or The Cloud One hotel.

 

4. Recipients of personal data

This personal data will be transmitted internally to the responsible staff, as well as to our service provider and order processor, Hotelbird GmbH. The Hotelbird GmbH privacy policy is available here.

 

5. Transfer of personal data to third countries

Your personal data will not be transmitted to third countries during digital check-in.

 

6. Duration of storage

Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed. Your personal data will not be deleted if we are subject to statutory retention requirements with regard to its storage. The usual deletion and retention periods for hotel bookings apply (see I.6. above).

 

7. Rights of data subjects

You are also entitled to the data subject rights pursuant to II.7 with regard to data processing during digital check-in.

 

Data subjects can assert their rights at privacy@motel-one.com or privacy@the-cloud-one.com.