We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), national data protection legislation and all other applicable laws. This website contains the following data protection information pursuant to Article 13 et seq. GDPR: 

I. Contact information for our data protection officer 

II. Information pursuant to Article 13 et seq. GDPR for guests and business partners 

III. Information pursuant to Article 13 et seq. GDPR for beOne customers 

IV. Information pursuant to Article 13 et seq. GDPR during digital check-in 

V. Information pursuant to Article 13 et seq. GDPR for applicants 

VI. Information pursuant to Article 13 et seq. GDPR for Creator Club members and business partners 

I. Contact information for our data protection officer 

  

For any questions relating to data protection issues, please contact our data protection officer at: 

KINAST Rechtsanwaltsgesellschaft mbH 

Nordstraße 17a 

50733 Cologne 

Email: dsb-motelone@kinast.eu 

II. Information pursuant to Article 13 et seq. GDPR for guests and business partners 

  

The following data protection information applies to the data processing of Motel One and The Cloud One Hotels when providing contractually agreed services to guests and business partners. 

 

1. Controller responsible for data processing 

Your contractual partner is responsible for data processing.  

 

2. Legal basis for data processing 

2.1. Performance of contractual obligations 

Motel One and The Cloud One Hotels collect, process and use personal data for the purpose of executing an existing business relationship with you, including the communication required for this purpose, in particular for the provision of contractually agreed services, the processing of payment transactions and invoicing. The controller processes personal data on the basis of Article  6(1)(b) GDPR. Data may be processed provided that this is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract. 

  

2.2. Legitimate interests 

The controller also processes personal data on the basis of Article 6(1)(f) GDPR insofar as this is necessary to protect their own legitimate interests or those of a third party and insofar as the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not take precedence. This applies in particular to the prevention and investigation of criminal offences as well as for the purposes of corporate management, internal communication and other administration. 

  

2.3. Consent 

In addition to the above, the controller processes personal data on the basis of Article 6(1)(a) GDPR if contractual partners have given their consent to the processing of their personal data for one or more specific purposes. Consent is given voluntarily and may be revoked at any time. 

  

2.4. Statutory obligations 

An obligation to provide personal data pursuant to Article 6(1)(c) GDPR may arise from statutory obligations to which we are subject, such as tax laws, the Federal Act on Registration and other obligations under public law. 

  

3. Origin of the data 

In general, we receive your personal data from you or from contractual partners, service providers and clients with whom we have concluded corresponding data protection agreements. In particular situations, your personal data may also be collected by other offices because of legal provisions. These include, in particular, event-related queries about tax-relevant information at the responsible tax office. 

  

4. Categories of personal data processed 

The categories of personal data processed include, in particular, the following data or categories of data: 

  

When booking: 

  

• Personal details (First name, surname, additional names, date of birth, nationality, passport and/or personal ID number); 

• Number of persons travelling in your group, your nationality, passport number; 

• Reason for stay (business/personal); 

• Name and address of employer; 

• Contact information (private address, telephone number, email address) that results from the use of the IT systems; 

• Bank account information; 

• Identifying financial data; 

• Overnight stays with associated turnover. 

 

Quality management, marketing, security and other similar purposes: 

• Recording of telephone calls for quality and training purposes; 

• Video recordings captured by surveillance cameras in public areas such as hallways and lobbies of our buildings. 

 

You can only provide your credit card details via a tokenised payment link. Your credit card details are not processed or stored in our systems. We simply receive a confirmation of the payment and/or guaranteed booking. We are not allowed to accept and process your payment details by other means, e.g. via email. If we do receive such emails, they are irrevocably deleted. 

  

5. Categories of recipients of personal data 

Within the company of the controller, only people and offices (e.g. specialist departments) receive your personal data who need it to fulfil our services and legal obligations. Under certain circumstances, certain data is transferred to all associated companies if the data processing function is performed centrally for all associated companies. In addition, in order to fulfil their contractual and legal obligations, the controller sometimes makes use of various service providers with whom – depending on the particular situation – an agreement on contractual processing has also been concluded in accordance with the requirements of Articles 28 and 29 GDPR. The controller may also transfer your personal data to other recipients outside the company, insofar as this is necessary to fulfil their legal obligations as the controller (Federal Act on Registration, tax and duty laws, etc.). These may be, for example: 

  

• Local authorities, municipalities, cities; 

• Tax authorities, courts, banks (SEPA payment medium); 

• Offices, in order to be able to pay out capital-forming payments; 

• Insolvency managers in the case of individual bankruptcy. 

  

6. Duration of data retention 

After termination of a contractual relationship, personal data is stored for as long as the controller is legally obliged to do so pursuant to Article 17 GDPR. Such obligations often include legal requirements to provide evidence and to keep records under commercial and tax law. The retention periods under these are up to ten years. Furthermore, personal data may also be stored for the time period when claims against the controller could be made. After the obligation has ceased to exist or these periods have expired, the data is routinely blocked or deleted in accordance with the legal requirements. 

  

7. Rights of data subjects 

Data subjects can request information on the personal data stored about them from the above-mentioned address. In particular circumstances, data subjects can also request the correction or deletion of their data. They also have the right to limit the processing of your data and the right to receive their data in a structured, current and machine-readable format. Furthermore, they have the right to revoke any consent they have given. Data subjects may file a complaint with the data protection officer or a supervisory authority if they believe that the processing of their personal data violates the GDPR. 

  

Pursuant to Article 21(1) GDPR, the processing of data may be objected to on grounds relating to the particular situation of the data subject at the above address. The data subject has the right to object to the processing of their personal data for the purposes of direct advertising, without giving reasons. If the controller processes the data in order to protect legitimate interests, the data subject may object to such processing on the basis of their individual situation. The controller will then no longer process the data subject’s personal data unless they can prove compelling legitimate reasons for the processing that outweigh the data subject’s interests, rights and freedoms or the processing serves to enforce, exercise or defend legal claims. 

  

Data subjects can assert their rights at privacy@motel-one.de or privacy@the-cloud-one.com. 

  

III. Information pursuant to Article 13 et seq. GDPR for beOne customers 

 
The following data protection information applies in particular to the processing of personal data of customers of the beOne Membership Programme. 

  

1. Controller responsible for data processing 

The controller responsible for data processing is: 

Motel One GmbH 

Tegernseer Landstrasse 165 

81539 Munich, Germany 

Tel.: + 49 (0)89 / 665025-0 

Fax: +49 (0)89 / 665025-50 

  

Website: www.motel-one.com and www.the-cloud-one.com 

Email: privacy@motel-one.com and privacy@the-cloud-one.com 

  

2. Purpose and legal basis of data processing 

Motel One GmbH processes your personal data in order to run the beOne membership programme in the context of bookings. Your personal data is also processed in order to send you regular information about news, campaigns and offers related to hotels and travel by email, text, WhatsApp and other electronic media. In addition, personal data is processed in order to place advertisements in a targeted manner on our websites and on social media platforms. 

  

Personal data is processed based on your declaration of consent (see above), which you provided in accordance with Article  6(1)(a) GDPR when registering for the beOne membership programme. Processing of personal data is also necessary in order to execute our contract with you via the beOne membership programme pursuant to Article 6(1)(b) GDPR. In addition, the data processing is necessary in order to safeguard legitimate interests pursuant to Article 6(1)(f) GDPR. 

  

3. Categories of personal data 

Specifically, we process the personal data you provide when you register for the beOne membership programme. This includes the following categories of data: 

  

• First name; 

• Surname; 

• Email address; 

• Password. 

The following types of data can also be stored via the beOne profile: 

• Title; 

• Address; 

• Phone number; 

• Street and house number; 

• Postal code; 

• Town/city; 

• Country; 

• Date of birth. 

  

We also collect and process your booking data that was provided in the context of previous bookings at Motel One or The Cloud One Hotels. 

  

4. Recipients of personal data 

The aforementioned categories of personal data are transferred to the databases of the various companies in order to process bookings. An overview of the companies can be found here.  

  

Your personal data will not be transferred to third parties. 

  

5. Transfer of personal data to third countries 

Within the context of the transfer of personal data to the national databases, personal data will also be transferred to the new hotel location in New York, US. For this purpose, the current EU standard contractual clauses dated 04/06/2021 were concluded in accordance with Article 46(2)(c) GDPR. The EU decision on standard contractual clauses can be found here https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN   

  

6. Duration of storage 

Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed. This applies if you personally delete your beOne profile. 

  

Your personal data will also be deleted if you withdraw your consent to the processing. The data will not be deleted if such deletion is in conflict with statutory retention periods. 

  

7. Rights of data subjects 

You are also entitled to the data subject rights pursuant to II.7 with regard to the data processing within the framework of the beOne Membership Programme.  

  

Data subjects can assert their rights at privacy@motel-one.com or privacy@the-cloud-one.com. 

  

IV. Information pursuant to Article 13 et seq. GDPR during digital check-in 

 
The following data protection information applies in particular to the processing of personal data during digital check-in. 

  

1. Controller responsible for data processing 

The controller responsible for data processing is: 

  

Motel One GmbH 

Tegernseer Landstrasse 165 

81539 Munich, Germany 

Tel.: + 49 (0)89 / 665025-0 

Fax: +49 (0)89 / 665025-50 

  

Website: www.motel-one.com and www.the-cloud-one.com 

Email: privacy@motel-one.com and privacy@the-cloud-one.com 

  

2. Purpose and legal basis of data processing 

Motel One GmbH processes your personal data in order to facilitate digital check-in. 

This processing is based on your consent to data processing during digital check-in procedures in accordance with Article 6(1)(a) GDPR. Processing of personal data is also necessary in order to execute our contract with you pursuant to Article 6(1)(b) GDPR. 

  

3. Categories of personal data 

We specifically process the following personal data for digital check-in: 

  

• Name and surname;
• Gender;
• Street and house number;
• Place of residence;
• Email;
• Phone number;
• Data regarding your visit (e.g. duration, costs);
• Other personal data (nationality, passport number, etc.) recorded via the registration form in accordance with Section 30(2) of the Federal Registration Act. 

  

If you use our digital check-in service, the personal data already stored in our SIHOT reservation system will also be used for digital check-in. During digital check-in, you have the option of supplementing the data in the profile created for this purpose with personal data regarding your visit to a Motel One or The Cloud One hotel. 

  

4. Recipients of personal data 

This personal data will be transmitted internally to the responsible staff, as well as to our service provider and order processor, Hotelbird GmbH. The Hotelbird GmbH privacy policy is available here. 

  

5. Transfer of personal data to third countries 

Your personal data will not be transmitted to third countries during digital check-in. 

  

6. Duration of storage 

Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed. Your personal data will not be deleted if we are subject to statutory retention requirements with regard to its storage. The usual deletion and retention periods for hotel bookings apply (see I.6. above). 

  

7. Rights of data subjects 

You are also entitled to the data subject rights pursuant to II.7 with regard to data processing during digital check-in. 

  

Data subjects can assert their rights at privacy@motel-one.com and privacy@the-cloud-one.com. 

  

V. Information pursuant to Article 13 et seq. GDPR for applicants 

 
The following data protection information applies to the data processing carried out by Motel One and The Cloud One Hotels during application procedures. 

  

1. Controller responsible for data processing 

  

Your contractual partner (Motel One or The Cloud One Hotels) is responsible for data processing. 

  

Motel One GmbH 

Tegernseer Landstrasse 165 

81539 Munich, Germany 

Tel.: + 49 (0)89 / 665025-0 

Fax: +49 (0)89 / 665025-50 

  

Website: www.motel-one.com and www.the-cloud-one.com 

Email: privacy@motel-one.com and privacy@the-cloud-one.com 

  

2. Purpose and legal basis of data processing 

  

In the application process, we distinguish between personal data that is required to complete the application and personal data that is provided voluntarily. 

  

2.1 Initiating an employment relationship 

  

Personal data that is required to complete the application procedure is processed for the purpose of deciding whether to initiate an employment relationship. The legal basis for this data processing is the implementation of pre-contractual measures in relation to an employee relationship in accordance with Article 6(1)(b) of the GDPR. 

  

If your application is successful, we will process the personal data you provide during the application procedure. In this case, the processing serves to establish the employment relationship in accordance with Article 6(1)(b) of the GDPR. 

  

2.2. Consent 

  

Furthermore, you may voluntarily provide personal data during the application procedure, e.g. so that we can form an initial impression of you. The legal basis for this activity is your consent in accordance with Article 6(1)(a) of the GDPR, which you have granted us for one or more specific purposes by ticking the corresponding box on our job portal or the applicant platform, or via email. These purposes include, for example, the inclusion of your application in an applicant database for future vacancies. Consent is given voluntarily and may be revoked at any time. This shall not affect the legality of the data processing that is carried out on the basis of your consent until this consent is revoked. 

  

2.3 Consent to be contacted via WhatsApp 

  

You also have the option of consenting to being contacted via WhatsApp. Here too, by ticking the corresponding box on our applicant platform, you give us your consent in accordance with Article 6(1)(a) of the GDPR to contact you via WhatsApp. Consent is given voluntarily and may be revoked at any time. This shall not affect the legality of the data processing that is carried out on the basis of your consent until this consent is revoked. 

  

Communications via WhatsApp are protected by end-to-end encryption. However, WhatsApp does have access to the metadata of the communications (sender, recipient, time, file size, etc.). Furthermore, despite having concluded all necessary data protection contracts, we cannot rule out the possibility that WhatsApp collects, processes, uses and transfers your data to third parties for its own or third-party purposes. Please note that your data may also be processed outside the European Union/European Economic Area. WhatsApp has assured us that the necessary guarantees under Article 44 et seq. GDPR for the transfer of data to third countries are in place. 

  

Nevertheless, there may be privacy risks for users, as an adequate level of data protection may not be guaranteed and it may be more difficult for the data subjects to exercise their rights. 

  

Please refer to WhatsApp’s privacy policy. WhatsApp’s terms of use and privacy policy can be found here: Privacy Policy – EEA (whatsapp.com). 

  

We do not store your mobile phone number or your personal data on the end device on which the WhatsApp chat programme is located. The record of the chat with you will be deleted after the end of the application phase at the latest. 

  

3. Origin of the data 

  

In general, we receive your personal data from you (via email or post). We also receive applications via our application platform, where you can independently upload the data required to complete the application process. Your personal data may also be transferred to us by service providers and application portals with whom we have concluded corresponding data protection agreements. These include Indeed and LinkedIn, provided that you have consented to this transfer or initiated it yourself (e.g. via the ‘Easy Apply’ button). More information on data protection at Indeed and LinkedIn can be found here: 

  

FAQ: Indeed’s approach to data protection 

LinkedIn’s privacy policy 

  

4. Categories of personal data processed 

  

The categories of personal data processed include, in particular, the following data or categories of data: 

  

4.1 Required personal data 

  

The following information is routinely required for the application process: 

• Your master data (first name, surname);
• Your contact details (address, email address, telephone number);
• Your professional and personal skills (education, training, higher education, further training, language certificate(s)). 

  

4.2 Voluntarily provided personal data 

  

The following information is routinely provided voluntarily during the application process: 

• A photo;
• Your date of birth;
• Information about your hobbies;
• Information about any skills acquired in your private life (for example, if you have led a youth organisation or completed voluntary work). 

  

5. Categories of recipients of personal data 

  

Within the company of the controllers, your personal data will only be received by people and offices (e.g. specialist departments) who need it to initiate and establish an employment relationship. Under certain circumstances, certain data is transferred to all associated companies if the data processing function is performed centrally for all associated companies. In addition, we make use of various service providers for the purposes of managing applications and operating our applicant platform, with whom – depending on the particular situation – an agreement on contractual processing has also been concluded in accordance with the requirements of Articles 28 and 29 of the GDPR. 

  

6. Transfer of data to third countries 

  

During the processing of your personal data by Motel One, The Cloud One and its service providers, some data may be transferred to third countries outside the EU or the European Economic Area (EEA). We only undertake this transfer if appropriate guarantees for compliance with the EU’s data protection level under Article 44 et seq. of the GDPR (e.g. an adequacy decision for the state in question pursuant to Article 45(1) of the GDPR, or the conclusion of standard contractual clauses pursuant to Article 46(2)(c) of the GDPR) or if you have given us your informed consent to the transfer of your data to third countries (Article 49(1)(a) of the GDPR). 

  

7. Duration of data retention 

  

We only retain your personal data for as long as is required to fulfil the purpose for which it was collected or for as long as statutory retention periods apply. Your personal data will be stored for as long as is required for the application process. 

  

If your application is unsuccessful or if you withdraw your application, we will delete the personal data you provided during the application process no later than six months after the application process has been completed. We only store your personal data for a longer period of time if this is necessary and permissible for legal reasons or if you have given us your consent to do so. 

  

If you revoke your consent, the storage period specified for unsuccessful or withdrawn applications will apply. 

  

8. Automated decision-making 

  

Automated decision-making as defined by Articles 13 and 22 of the GDPR occur when data subjects are subjected to an assessment of personal aspects concerning them, which is based solely on automated processing and which produces legal effects concerning the data subject or similarly significantly affects them. The personal data of applicants is not processed in this way. 

  

9. Obligation to provide personal data 

  

The provision of the personal data listed under point 4.1 as part of the application procedure is required for the initiation or establishment of the employment relationship. Without this information, the application procedure cannot be completed. The provision of the personal data listed under point 4.2 is voluntary. 

  

10. Rights of data subjects 

  

Data subjects can request information on the personal data stored about them via the above-mentioned email address. In particular circumstances, data subjects can also request the correction or deletion of their data. They also have the right to limit the processing of your data and the right to receive their data in a structured, current and machine-readable format. Furthermore, you have the right to revoke any consent you have given. Consent is given voluntarily and may be revoked at any time by sending a message to the email addresses listed here. This shall not affect the legality of the data processing that is carried out on the basis of your consent until this consent is revoked. 

  

Data subjects may file a complaint with the data protection officer or a supervisory authority if they believe that the processing of their personal data violates the GDPR. 

  

Data subjects can assert their rights at privacy@motel-one.com or privacy@the-cloud-one.com. 

 

VI. Information pursuant to Article 13 et seq. GDPR for Creator Club members and business partners 

 

1. Purposes and legal bases of processing  

Motel One GmbH processes your personal data in order to run the membership of the Creator Club. 

 

Personal data is processed based on your consent, which you provided in accordance with Article 6(1)(a) GDPR when registering for the Creator Club. Processing of personal data is also necessary in order to execute our contract with you via the beOne membership programme pursuant to Article 6(1)(b) GDPR. In addition, the data processing is necessary in order to safeguard legitimate interests pursuant to Article 6(1)(f) GDPR. 

 

2. Categories of data 

We process the following categories of data for the above purposes: 

• Contact details: such as your name, email address, telephone number;
• Social media details: information generated by interaction with our social media channels and tools such as TikTok and Meta;
• Usage data: information about your interactions with our website and services e.g. via cookies or similar technologies, such as social media, contact details, status etc. 

 

3. Storage duration and deletion deadlines 

Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed.  

Your personal data will also be deleted if you withdraw your consent to the processing. The data will not be deleted if such deletion is in conflict with statutory retention periods. 

 

4. Recipients of data  

Your personal data may be transferred to the following recipients: e.g. Storyclash, WhatsApp Business, Meta, TikTok. 

 

5. Data subjects’ rights 

Data subjects can request information on the personal data stored about them from the above-mentioned address. In particular circumstances, data subjects can also request the correction or deletion of their data. They also have the right to limit the processing of your data and the right to receive their data in a structured, current and machine-readable format. Furthermore, they have the right to revoke any consent they have given. Data subjects may file a complaint with the data protection officer or a supervisory authority if they believe that the processing of their personal data violates the GDPR.  

 

Pursuant to Article 21(1) GDPR, the processing of data may be objected to on grounds relating to the particular situation of the data subject at the above address. The data subject has the right to object to the processing of their personal data for the purposes of direct advertising, without giving reasons. If the controller processes the data in order to protect legitimate interests, the data subject may object to such processing on the basis of their individual situation. The controller will then no longer process the data subject’s personal data unless they can prove compelling legitimate reasons for the processing that outweigh the data subject’s interests, rights and freedoms or the processing serves to enforce, exercise or defend legal claims. 

 

To exercise these rights or if you have any other questions on the processing of your personal data, you are welcome to contact our external data protection officer via dsb-motelone@kinast.eu.