Privacy Policy

Privacy Policy

The following information is intended to give you an overview of the processing of your personal data in connection with the usage of the website and to inform you about your rights under the GDPR:

·         in the course of general contact

·         in the course of using the website

I. Information on processing of personal data

By way of introduction, we would like to draw your attention to our information on creating transparency according to Articles 13 and 14 GDPR.

1. Controller for data processing
The controller for data processing on this website pursuant to Article 4 No 7 GDPR and the provider of the website (service provider) within the meaning of the German Tele Media Act (Telemediengesetz – TMG) is

Steigenberger Hotels GmbH
Lyoner Straße 25
60528 Frankfurt am Main
Telefon: +49 69 66564-460
Fax: +49 69 66564-888 

Complete details pursuant to section 5 TMG (Imprint)


2. Contact details of the Data Protection Officer

You can reach our Data Protection Officer at

TÜV Informationstechnik GmbH
Am TÜV 1
45307 Essen

3. Data processing

In the course of general contact, we receive, process and store the personal data that you transmit to us with your request in accordance with the requirements of the request. If your request has been processed, the data will be deleted, but no later than after one year.

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) as well as all other relevant legislation for the purposes and on the legal basis as set out below:

(a) For the purpose of processing your enquiries, information and complaints, insofar as the processing is connected with the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, the legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b) GDPR. In other cases, the legal basis is our legitimate interest in the effective processing of inquiries addressed to us in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR.


4. Minors
Minors may not transmit any personal data to us without the consent of a parent or guardian. Furthermore, we do not store any personal data of minors without the consent of their parents or guardians. Through this website, we do not process personal data of minors that we knowingly obtain.


5. Categories of personal data recipients
If and to the extent necessary for the purposes set out in point 4 above, we will also disclose your personal data to the following recipients or categories of recipients in accordance with Art. 4 No. 9 GDPR:

Within our company, only those entities will be granted access to your data (to the extent necessary in each case) that need it to fulfil our contractual and statutory obligations.

We may also obtain personal data for these purposes from service providers (e.g. within the scope of order processing in accordance with Art. 28 GDPR) and vicarious agents. These are companies in the following categories: credit services and payment processing, IT services, cleaning services, logistics, printing services, telecommunications, debt collection, consulting and advisory services, and sales and marketing. The respective service providers can be seen from the list of service providers/processors, which is updated regularly.

Furthermore, data may be passed on to public bodies and institutions if there is a legal obligation to do so (e.g. financial authorities, law enforcement agencies).

Other data recipients may be those entities for which you have given us your consent to transfer data.


6. Transfer of personal data to a third country
A transfer of personal data to bodies in states outside the European Union (so-called third countries) takes place insofar as

(a) it is required by law
(b) you have given us your consent

The website is hosted by H World, the Chinese parent company of Steigenberger Hotels GmbH. However, no personal data from you will be collected or stored as part of your visit to the website.  As part of your visit to the website, your personal data will be collected and stored like described in "II. Additional information on data processing on this website". The data transfer is carried out on the basis of standard contractual clauses (module two: Data transfer from controller to processor). The standard contractual clauses can be accessed here:

Beyond the cases mentioned above, our company does not transfer personal data to bodies in third countries or to international organisations.


7. Period of retention of personal data and criteria for determining that period
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual obligations, they are regularly deleted, unless their temporary further processing is necessary due to

(a) national commercial and fiscal retention periods at the place of data collection or contract implementation


8. Your rights as a data subject
Every data subject whose personal data are processed has the right of access by the controller to the personal data concerned in accordance with Art. 15 GDPR, the right of rectification in accordance with Art. 16 GDPR, the right of deletion in accordance with Art. 17 GDPR, the right to limit processing in accordance with Art. 18 GDPR, the right to object to processing in accordance with Art. 21 GDPR and the right of transferability in accordance with Art. 20 GDPR. The right of information and the right of deletion are also subject to the restrictions pursuant to Articles 34 and 35 of the new Federal Data Protection Act.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) GDPA (processing in the public interest) or Article 6(1)(f) GDPA (processing based on a balancing of interests); this also applies to profiling based on this provision in accordance with Article 4(4) GDPA.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your personal data are processed by us in order to acquire existing customers, you have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such acquisition of existing customers.

The objection is possible by using the unsubscribe function in digital media, corresponding settings in the Member Area or Subscriber Area, using the contact form on the website or by sending an informal letter to the contact data mentioned under point 2.

If the processing of your personal data is based on a consent granted to us, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

Furthermore, you have the right of appeal to the competent data protection supervisory authority in accordance with Art. 77 GDPR in conjunction with § 19 BDSG.


9. Obligation to provide data
If you want us to make contact with you, we will need (i) your name, and (ii) your telephone number or your e-mail address at the very least.

If you do not provide us with the necessary information, we may not be able to provide the services you have requested or may not be able to provide them completely.


10. Automated decision-making and profiling
When establishing and executing our contractual relationship, you will not be subjected to a decision based solely on automated processing, including profiling, pursuant to Article 22 GDPR, which produces legal effects concerning you or similarly affects you in a serious way.

II. Additional information on data processing on this website

Every time our website is accessed, our system automatically collects data and information from the system of the accessing device.

The following data is collected:

·                     Information about the type of browser and the version used

·                     The user's operating system

·                     The user's IP address

·                     Date and time of access

·                     Websites from which the user's system reaches our website

·                     Websites accessed by the user's system through our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

The storage of the IP address by the system is necessary to enable the website to be delivered to the user's end device. For this purpose, the user's IP address must be stored for the duration of the session. The data is stored in log files in order to ensure the functionality of the website. In addition, we use the data for the technical optimisation of the website and to ensure the security of our information technology systems. In this context, the data is not evaluated for marketing purposes.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The data is stored in log files for a maximum of 6 month. Storage beyond this is possible.

2. Cookies

We do not use cookies on our website.