The protection of personal data is important to us. Your personal data will be processed by us when visiting our websites, when using our services and when contacting us as a supplier, service provider or comparable contractual partner. In the following, we would like to inform you about the nature, extent and purpose of the processing of your personal data. The terms we use, such as “Processing” or “Responsible” follow the content of the definitions of the General Data Protection Regulation (Article 4 GDPR).
Beds24 (hereinafter also: we) provides its customers with Software as a Service. Our customers can use this service to generate and manage their guests’ bookings which they receive directly, via their own websites or third parties and link these with other processing operations.</ P>
Insofar as Beds24 processes customers’ booking data, Beds24 acts as a data processor. Rights and obligations arising from data processing ensue in this respect from a separate agreement.
I. What types of data are processed for what purpose?
We process personal data only to the extent necessary to provide a functional website, content and services or with the consent of the user. An exception applies in cases where prior consent is not possible or where the processing of the data is permitted by other applicable legal provisions.
1. Provision of the website and creation of log files
Our website can be visited without registration. However, in such cases we also collect data on access to our pages and save them as “server log files”. The following data is logged:
- Information about the browser type and version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites accessed by the user’s system via our website
The data is collected for statistical purposes and in order to improve our website. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. The server log files are regularly checked to maintain the performance of the server, especially when there are concrete indications of unlawful use. The legal basis for the temporary storage of data and log files is Art. 6 paragraph 1 letter f GDPR.
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) letter f GDPR.
Google will use the information we collect on our behalf to evaluate the use of our online offering, to compile reports on the activities within this online offering and to provide us with other services related to the use of the online offering and internet usage. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that Google’s IP address will be truncated within member states of the European Union and in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there.
The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users may also prevent the collection by Google of the data generated by the cookie related to their use of the online offering and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com.
Google is certified under the Privacy Shield Agreement and therefore guarantees compliance with European data protection law https://www.privacyshield.gov
For more information about data usage by Google, settings and contradictory options, please visit the websites of Google:
“Google Uses Your Data When You Use Our Partners Sites or Apps”, ” Advertising “, ” Managing information that Google uses to show you advertising “</a >.
In order to detect bots, e.g. when entering information on online forms (“reCAPTCHA”), we incorporate the function of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, into our online offering. Further information:
opt out .
2. Contact form and e-mail contact
A contact form is available on our website that can be used for electronic contact. If a user uses this option, the data entered in the input form will be transmitted to us and saved. These data are:
- First name
- Last Name
- Email address
- Message content
At the time the message is sent, the following data is also stored:
- The user’s IP address
- Date and time of sending
Alternatively it is possible to contact the provided e-mail address. In this case, the user’s personal data transmitted by e-mail will be stored. There is no transfer of the data to third parties. The data is used exclusively for processing the message.
The processing of the personal data from clients’ input is used only to deal with the communication. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the processing of the data, given the provision of consent by the user, is Art. 6 paragraph 1 letter a GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) letter f GDPR. If the purpose of the e-mail is to conclude a contract, then the additional legal basis for processing is Art. 6 paragraph 1 letter b GDPR.
II. Data deletion and storage duration
III. Your rights
If your personal data are processed by us, you are a concerned person within the meaning of the GDPR. You then have the following rights in relation to us or the “controller” within the meaning of the GDPR:
Who is responsible for processing personal information?
Responsibility for the processing of personal data lies with MPK Systems Ltd., Davoser Str. 1g, D-14199 Berlin, email@example.com, Managing Director: Mark Kinchin.
Right of access to personal data
You may request confirmation from us as to whether personal information concerning you is processed by us. You can then request information from the controller regarding the following:
- The purposes for which the personal data are processed;
- The categories of personal data being processed;
- The recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
- The planned period of storage of personal data concerning you or, if specific information is not available, criteria for determining the duration of storage;
- The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; </ li>
- The existence of a right of appeal to a supervisory authority;
- All available information on the source of the data if the personal data are not collected from the data subject;
- The existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether the personal data relating to you are transferred to a third country or to an international organization. You can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with such transfers.
Right to Correction
You have a right to the correction and/or completion of your personal data by the controller, insofar as the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
You may request the restriction of the processing of your personal data under the following conditions:
- If you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
- The processing is unlawful and you reject the deletion of personal data and instead demand the restriction of the use of personal data;
- The controller no longer needs personal information for the purposes of processing, but you need it for the purposes of enforcing, exercising or defending legal claims;
- If you have objected to the processing in accordance with Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, your personal data may be processed only with your consent, or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons concerning the important public interest of the Union or of a Member State.
If processing is restricted according to the conditions referred to above, you will be informed by the controller before the restriction is lifted.
You may request that your personal information be deleted immediately if one of the following applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent to the processing in accordance with Art. 6 paragraph 1 letter a or Art. 9 paragraph 2 letter a GDPR and there is no other legal basis for processing.
- You register an objection in accordance with Art. 21 paragraph 1 GDPR to the processing and there are no overriding justifiable reasons for the processing, or you register an objection to the processing in accordance with Art. 21 paragraph 2 GDPR.
- Your personal data has been processed unlawfully.
- The deletion of the personal data concerning you is required to fulfil a legal obligation under European Union law or the law of the Member States to which the controller is subject.
- The personal data relating to you were collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
Right to information disclosed to third parties
If the controller has made the personal data concerning you public and is obligated to delete this data in accordance with Article 17 (1) of the GDPR, the controller, taking into account the available technology and implementation costs, shall take appropriate measures, including of a technical nature, to inform data controllers who process the personal data that you as an affected person have demanded that such data controllers delete all links to this personal data or to copies or replications of this personal data.
The right to deletion does not exist if the processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation which requires the processing under the law of the European Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) letter h and i and Art. 9 (3) GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing;
- to assert, exercise or defend legal claims.
Right to Information
If you have made known to the controller your assertion of your right to the correction, deletion or restriction of the processing of your personal data, the controller is obliged to notify all recipients of your personal data of the correction or deletion of the data concerned or of the restriction of its processing unless this proves impossible or involves disproportionate effort. You have a right to demand that the controller inform you about these recipients.
You have the right to receive data relating to your person that you have passed on to the controller in a structured, current and machine-readable format. In addition, you have the right to transfer this information to another person without hindrance by the controller who has provided you with the data relating to your person, provided that
- the processing is based on an agreement pursuant to Art. 6 paragraph 1 letter a GDPR or Art. 9 paragraph 2 letter a GDPR or on a contract pursuant to Art. 6 paragraph 1 letter b GDPR and
- processing is done by automated methods.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another party, insofar as this is technically feasible. The freedoms and rights of others may not hereby be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
Right to object
You have the right at any time, for reasons arising from your particular situation, to register your objection to the processing of personal data concerning you that takes place pursuant to Art. 6 paragraph 1 letter e or f; this also applies to profiling based on these provisions.
The controller will no longer process the personal data relating to you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If the personal data relating to you are processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the revocation.
Right to complain to a regulator
Irrespective of any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
Dieses Impressum gilt für alle von MPK Systems betriebenen Webseiten.
This Imprint applies to all websites operated by MPK Systems.