1. What is this Data Privacy Policy about?

Privacy is a matter of trust, and your trust is important to us. We have therefore published this Data Privacy Policy. With regard to the new European General Data Protection Regulation ("GDPR"), this policy specifies which personal data we process, in which way and for what purposes. It is important to us that you are fully informed about the processing of your personal data. This Data Privacy Policy therefore provides information about how and why we collect, process and use your personal data. It is important to us that you understand:

  • what personal data we collect and process about you;
  • when we collect your personal data;
  • the purpose for which the data is processed;
  • how long we store your personal data;
  • who has access to your personal data; and
  • what rights you have with respect to your personal data.

You will find corresponding notes and explanations in the following. If you have any questions, feel free to contact us at any time at privacy@movenpick.com.

2. Who are we?

A specific company is responsible for data protection whenever data is processed. In each case, this is the company which determines whether certain data processing, e.g. processing within the context of a service, with the use of a web page etc. is to take place, the purpose of the processing and the principles which apply (if these decisions are made by several companies together, they can also be jointly responsible). An company of the Mövenpick Group is responsible for every website (including online shops and mini-sites for special offers), all presence on social media, multimedia portals, chat bots and every app (one website each).

Unless otherwise stated in Section 14 of this Data Privacy Policy, Mövenpick Hotels & Resorts Management AG, Oberneuhofstrasse 12, 6340 Baar, Switzerland is responsible for the processing of your personal data.

In some cases, a different company is responsible:

  • If you are in contact with another Mövenpick Group company, e.g. if you contact Customer Support, that company will be responsible for the associated data processing, unless specified otherwise in this Data Privacy Policy.
  • We may transfer your personal data to another company of the Mövenpick Group or to third parties so that these recipients can process personal data for their own purposes (i.e. not on our behalf). This may also include authorities. In such cases, the respective recipient will be the controller. Information about this controller can be found in the recipient's privacy policy, which you can usually find on their website.

You can always contact the Mövenpick Group (all companies and participations) with any questions, claims or concerns relating to data privacy at privacy@movenpick.com.

3. What is "personal data" and what does "processing" mean?

Data protection law regulates the processing of personal data. Personal data is all information that can be associated with a particular natural person, i.e. an individual. This may include, for example, the following information:

  • Contact information, e.g. name, postal address, e-mail address, telephone number;
  • Further personal data, e.g. gender, birthday and age, marital status, nationality;
  • Job-related information, e.g. occupation, title, position, training, previous employers, skills and experience, permits and approvals and memberships;
  • Booking information, e.g. information about bookings, reservations, booking history, preferred hotels, resorts and length of stay, preferences and affinity for particular offers;
  • Financial information, e.g. credit card number, account information, creditworthiness;
  • Health data, e.g. information about physical and mental impairments;
  • Image, sound and video recordings;
  • Records of your visits to websites and your use of apps.

Some personal is specially protected by law. These include "particularly sensitive personal data" (also referred to as special categories of personal data"). This includes e.g. data indicating race or ethnic origin, political opinions, religious or ideological beliefs or affiliation, genetic data, biometrics for unambiguous identification, health and sex or sexual orientation data and finally, data on criminal convictions and offences and, in some cases, data about welfare measures.

We do not necessarily process all of the personal data categories mentioned in this section. Specific information on the personal data we process can be found in Section 5 and Section 14 of this Data Privacy Policy. Depending on the type of processing, we will also inform you in a separate data privacy policy or notice, especially if a particular type of data processing is not self-explanatory.

"Processing" means any handling of your personal data.

This includes, for example, the following actions:

  • Collection and storage;
  • Organisation and administration;
  • Adaptation and change;
  • Use and utilisation;
  • Transfer and disclosure;
  • Linking up;
  • Limitation:
  • Deletion and destruction.

4. For whom and for what purpose is this Data Privacy Policy intended?

This Data Privacy Policy applies to our processing of personal data in all business areas of Mövenpick Hotels & Resorts. It is applicable to the processing of data which has already been collected as well as personal data collected in the future. Additional data privacy terms may also be applicable for specific services.

In particular, our data processing may affect the following individuals ("data subjects"):

  • Individuals who write to us or otherwise contact us;
  • Customers in our hotels and resorts;
  • Visitors to our premises;
  • Customers on our online booking platforms;
  • Users of online services and apps;
  • Individuals who use our services or come into contact with our services;
  • Visitors to our website;
  • Recipients of information and marketing communications;
  • Participants in competitions, sweepstakes and customer events;
  • Participants in market research and opinion polls;
  • Contact persons of our suppliers, customers and other business partners, and job applicants.

For more information on data processing relating to individual services, please refer to the general booking conditions, terms and conditions of participation and similar terms.

5. What personal data we process and for what purposes?

We process different personal data, depending on the occasion and purpose. You will find more details in this section and often also in general booking conditions, terms and conditions of participation and additional data privacy policies. We collect your personal data directly from you, e.g. when you submit data to us, communicate with us or use our WI-FI login. However, it can also be collected from other sources, e.g. from third parties, such as credit reporting agencies and online service providers, such as internet analytics service providers. Among other things, we may also process personal data that is particularly sensitive in the following situations for the purposes of payments, public registers, etc.

  • Communication: We process personal data when you contact us or we contact you, e.g. if you contact customer services, if you write to us or call us. Data such as names and contact details, the time of the relevant messages and their content, which may also include personal data of third parties, are generally sufficient for us. We use this data to provide you with information or messages, to process your requests and communicate with you and for quality assurance and training. We also pass on notifications to responsible corporate offices, e.g. if your request relates to another company.
  • Online bookings on the website and use of services: We also process personal data if you use our services, e.g. when you buy goods from us, book a room or purchase another service. In doing so, we process your personal data e.g. when processing orders and bookings and for the provision of services and invoicing. In the case of online bookings and the use of a customer or loyalty card, we also collect and process personal data in connection with your credit rating and your booking and payment behaviour. For example, we collect third-party credit ratings to determine if we should offer you bookings on account, and we process information about the bookings and reservations you make when and how often, in which hotels and resorts or online booking platforms, to provide information about your preferences and affinity towards particular hotels, resorts or services. This information helps us to inform you specifically about additional offers and tailor our services according to demand.
  • Loyalty and customer programmes: We process personal data as part of our loyalty and customer programmes "Advantage M and Circle M". In addition to contact data, we also process personal data about your use of the programmes and use by any other members of the same household, in addition to other information, such as your booking habits, your preferences and affinity towards specific hotels or resorts and services that help us to provide you with targeted information about offers and ensure that our services are meeting demand more effectively. Further details can be found in this Data Privacy Policy under "Online bookings on the website and use of services" and in the corresponding general terms and conditions or conditions of participation
  • Visiting websites: When you visit our websites, we process personal data depending on the service and functionality. This includes technical data, such as information about the time our website was accessed, the duration of the visit, the pages accessed and information about the device used (e.g. tablet, PC or smartphone; "end device"). We use this information to provide the website services, for IT security reasons and to improve the user-friendliness of the website. We also use "cookies", which are small data packages that your browser automatically creates and that are stored on your device when you visit our website. Cookies are required in many cases for the functionality of the website and are automatically deleted after the visit. Other cookies are used to personalise the service or allow us to show you targeted advertising from third parties. We also use analytics services from vendors such as Google, in the USA or worldwide. In doing so, the provider does not receive any personal data from us, but can collect information about the behaviour on the website in question in order to provide us with analyses on the basis of this data. We may also integrate features from providers such as Facebook, as a result of which the provider can receive data about you. However, in most cases we do not know the name of the website visitors.
  • Online services and apps: If you use our online services, we also process personal data (even if you do not purchase any goods or services) to provide, improve and further develop these services. Depending on the type of service, this includes information about a customer account and the use of the account, as well as information about the installation and use of mobile applications ("apps").
  • Information and direct marketing: We process personal data to send informational and advertising communications, unless you have objected to this type of processing. For example, if you sign up for a newsletter or SMS, we will process your contact information to get to know you better, tailor our offers to you and generally improve our services.
  • Competitions, raffles and similar events: From time to time, we organise competitions, raffles and similar events. In doing so, we process your contact details and information about your participation for the facilitation of the competitions and raffles to communicate with you in this context and for advertising purposes, if relevant. Further details can be found in the respective conditions of participation.
  • Visiting our premises: When you visit our premises, we may make video recordings in designated areas for security and evidence purposes. You may also use the WIFI service. In this case, we will collect device-specific data during the registration process and, if necessary, ask you to register by providing your name and e-mail address or mobile phone number.
  • Customer events: We also process personal data when we hold customer events (such as promotional events and sponsorship events). This includes the name and postal or e-mail address of the participants or interested parties and further data where necessary. We process this information for the facilitation of the customer events, but also to communicate with you and get to know you better. Further details can be found in the respective conditions of participation.
  • Market research and media observation: We process personal data for market and opinion research. For this purpose, we may use information about your booking behaviour (further information can be found above under "Online bookings on the website and use of services"), but also information from surveys and studies and other information, e.g. from the media, social media, the internet and other public sources. We can also use media monitoring services or conduct our own media observations and process personal data.
  • Business partners: We work with various companies and business partners, e.g. suppliers, commercial service buyers, cooperation partners and service providers (e.g. IT service providers and travel agencies). In doing so, we also process personal data about the contact persons in these companies, such as their name, function, title and communication with us, in order to initiate and process contracts, for planning purposes, for accounting purposes and other purposes related to the contract. Depending on the field of activity, we are also required to examine the company in question and its employees in more detail, for example by means of a security review. In this case, we collect and process further information from third-party providers. We may also process personal data to improve our customer focus, customer satisfaction and customer retention (Customer Relationship Management).
  • Administration: We process personal data for our own and intra-group administration. For example, we may process personal data as part of IT administration. We also process personal data for accounting and archiving purposes and generally for reviewing and improving internal processes.
  • Corporate transactions: We may also process personal data to prepare for and process corporate acquisitions and sales, and purchases or sales of assets. The subject and scope of the data collected or transferred depends on the stage and subject of the transaction.
  • Job applications: We also process personal data when you apply for a job with us For this purpose, we usually need the standard information and documents mentioned in a job advertisement, which may also include personal data of third parties.
  • Compliance with legal requirements: We process personal data in order to comply with legal requirements and prevent and detect violations. These include, for example, the receipt and processing of complaints and other notifications, internal investigations or the disclosure of documents to an authority, if we have a good reason or are legally obliged to do so. In doing so, we can also process personal data of third parties.
  • Legal defence: We process personal data in different combinations in order to protect our rights, e.g. to enforce claims in court, out of court and when dealing with authorities in Germany or abroad and to defend ourselves against claims. For example, we may ask for the prospects of legal proceedings to be clarified or submit documents to an authority. We can process your personal data and the personal data of third parties or pass on personal data to third parties in Germany and abroad, to the extent that this is necessary and permissible.

Section 14 of this Data Privacy Policy describes in more detail the types of personal data we collect and process about you, how it is used, for what purposes and on what legal basis and whether you are required to disclose personal data.

6. Who do we share your personal data with?

Our employees have access to your personal data to the extent necessary for the described purposes and for the employees concerned to perform their duties. This includes employees in other departments and support areas, such as IT. In doing so, they act in accordance with our instructions and are obliged to maintain confidentiality and secrecy when dealing with your personal data.

We can also transfer your personal data to other companies in the Mövenpick Group for internal administration and for the various processing purposes. Your personal data may therefore also be processed for the respective purposes and may be linked with personal data from other Mövenpick Group companies.

We may disclose your personal data to third parties within and outside the Mövenpick Group if we wish to use their services ("Processor"). In particular, this relates to services in the following areas:

  • Business administration services (e.g. accounting and asset management)
  • Consultancy, e.g. tax consultancy services, lawyers, business consultants, consultants in the field of personnel recruitment and placement;
  • IT services, e.g. data hosting services, cloud services, e-mail newsletters, data analysis and enhancement, etc.;
  • Credit checks, e.g. if you want to make a purchase on account;

By carefully selecting the order data processor and by entering into suitable contractual agreements, we ensure that data protection is also ensured by third parties during all processing of your personal data. Our order data processors are obliged to process the personal data exclusively on our behalf and according to our instructions.

It is also possible that personal data may (also) be passed on to other third parties for their own purposes. In these cases, the recipient of the data is also a controller in accordance with data protection law. This applies, for example, to the following cases:

  • When we review or conduct transactions, such as business mergers and the acquisition or sale of individual parts of an company or its assets, we must, in this context, transfer personal data to another company.
  • We may disclose your personal data to third parties (e.g. courts and authorities in Switzerland and abroad) if required by law. In addition, we reserve the right to process your personal data in order to comply with a court order or assert or defend legal claims or if we deem it necessary for other legal reasons. In doing so, we can also disclose personal data to other parties in the proceedings.
  • We may disclose personal data about you to former employers when you apply to us (reference information) or to future employers when you apply for a new job. However, we will not do so without you requesting this transfer or after obtaining your consent.
  • When we transfer claims against you to other companies, such as collection agencies.

7. When do we send your personal details abroad?

The recipients of your personal data may also be located abroad, including outside the EU or the ERA. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland, the EU or the EEA. If we transfer your personal data to one of these states, we are obliged to ensure the protection of your personal data in an appropriate manner. One way to do this is to conclude data transfer agreements with the recipients of your personal data in third countries, which ensure the necessary data protection. These include contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner and are referred to as standard contractual clauses. Likewise, transfer is permitted to recipients who are subject to the US Privacy Shield Program. Please contact us if you would like a copy of our data transfer agreements. In exceptional cases, transfer to countries without adequate protection is also permitted, e.g. on the basis of express consent, to fulfil a contract with the data subject or to process their contract application, to conclude or perform a contract with someone else in the interests of the data subject or to assert, pursue or defend legal claims.

8. Do we perform profiling and automatic individual decisions?

"Profiling" refers to a process in which personal data is processed automatically in order to evaluate, analyse or predict personal aspects. We carry out profiling e.g. when analysing booking behaviour, etc.

"Automated case-by-case decision" refers to decisions that are automated, i.e. without relevant human influence, which have negative legal effects or other, similarly negative effects on you. We will inform you separately if we use automated individual case-by-case decisions in individual cases and if this is required by law.

9. How do we protect your personal data?

We take appropriate safety measures of a technical nature (e.g. encryption, pseudonymisation, logging, access restriction, data protection, etc.) and of an organisational nature (e.g. instructions to our employees, confidentiality agreements, reviews, etc.) to safeguard the security of your personal data in order to protect against unauthorised or unlawful processes and to counteract the risk of loss, unintentional change, unwanted disclosure or unauthorised access. However, security risks can generally not be completely ruled out; certain residual risks are usually unavoidable.

10. How long do we save your personal data?

We store your personal data in an individual-related form as long as necessary for the specific purpose we collected it, in the case contracts usually at least for the duration of the contractual relationship. We also store personal data if we have a legitimate interest in storing this data. This may in particular be the case if we need to use personal data to enforce or defend claims, for archiving purposes or to guarantee IT security. We also store your personal data as long as it is subject to a legal storage obligation. For example, a ten-year retention period applies to certain types of data. Short retention periods apply to other data, e.g. when recording from video surveillance or when recording specific processes on the internet (log data). In certain cases, we ask for your consent if we want to save personal data for a longer period of time (e.g. job applications which we would like to keep on record). After expiry of the specified deadlines, we will delete or anonymise your personal data.

11. What rights do you have in connection with the processing of your personal data?

You can object to data processing at any time and generally freely revoke your consent to data processing. You in particular have a right to object to data processing in connection with direct advertising (e.g. to advertising e-mails).

You also have the following rights, to the extent that the respective requirements are fulfilled and no legal exceptions are applicable:

  • Right to information - You have the right to be informed transparently, clearly and comprehensively about how we process your personal data and what rights you have in connection with the processing of your personal data. We comply with this obligation by following this Data Privacy Policy. If you want any further information, feel free to contact us at privacy@movenpick.com.
  • Right to information - You have the right to request information about your personal data stored by us at any time free of charge if we process this data. This will allow you to review the personal data we process which relates to you and how use this data in accordance with applicable privacy policies. In individual cases, the right to information may be restricted or excluded, in particular: • If we have doubts about your identity and you are unable to identify yourself; • For the protection of other persons (e.g to maintain secrecy obligations or protect the data protection rights of third parties); • In cases where the right of access are excessively exercised (alternatively, we may demand a fee for the information); or • If providing full information would lead to disproportionate expense.
  • Right to request correction of the data - You have the right to correct or complete incorrect or incomplete personal data and to be informed about the report.
  • Right to request deletion - You have the right to have your personal data deleted. You can request the deletion of your personal data if:

- the personal data is no longer required for the purposes being pursued;

- You have effectively revoked your consent or have filed an objection to the processing with legal effect;

- The personal data is being processed unlawfully.

In individual cases, the right to information may be restricted or excluded, in particular if processing is required:

- To exercise freedom of expression;

- To fulfil a legal function or in the public interest;

- To exercise legal rights.

  • Right to restrict processing - Under certain circumstances, you have the right to demand that the processing of your personal data be restricted. This may mean, for example, that personal data is (temporarily) not processed or that published personal data is (temporarily) removed from a web page.
  • Right to the transfer of data - You have the right to receive the personal data which you provide to us free of charge in a readable format, provided that: 

- The specific data processing is based on your consent or is necessary for the fulfilment of the contract; and

- The processing is performed using automated methods.

Depending on the individual case, your personal data may be transferred to you or directly to the third party.

  • Right to complain - You have the right to lodge a complaint with a competent regulatory authority with regard to the way your personal data is processed. In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) is the responsible body.
  • Right of withdrawal - You generally have the right to withdraw your consent at any time. Processing activities performed in the past on the basis of your consent will, however, not become unlawful as a result of the withdrawal of your consent.

12. What else needs to be taken into consideration?

The processing of personal data is in particular permitted if

  • It is required for the fulfilment of a contract of the data subject or for pre-contractual measures on the basis of your inquiry (e.g. the review of your contract application;
  • It is required due to legitimate interests. Our legitimate interests include our own interests and third party interests. These are very diverse and include, for example, interest in good customer service, maintaining contacts and other communication with customers, even outside of a contract; advertising and marketing activities; to get to know our customers and other people better; to improve products and services and develop new ones; within the scope of intra-group administration and intra-group traffic, which is necessary for a cooperative company; the fight against fraud, for example in connection with online bookings, and the prevention and investigation of offences; the protection of customers, employees and other persons and data, secrets and assets of the Mövenpick Group; ensure IT security, particularly in connection with the use of websites, apps and other IT infrastructures; to ensure and organise business operations, including the operation and development of websites and other systems; corporate governance and development; the sale or purchase of companies, parts of companies and other assets; the enforcement or defence of legal claims; and compliance with applicable laws and internal rules;
  • It is based on effective consent which has not been withdrawn;
  • It is required to comply with legal requirements.

The processing of particularly sensitive personal data is more limited. It is permitted, among other things,

  • On the basis of effective consent which has not been withdrawn;
  • If it relates to personal data that the data subject has clearly publicly disclosed;
  • If necessary for legal protection;
  • If necessary to comply with specific legal requirements.

Only under certain conditions is the transfer of data to foreign countries permitted. Further details are provided in Section 7.

Section 14 at the end of this Data Privacy Policy provides additional information regarding the legal basis for the relevant data processing. Due to the complexity of data processing in many cases, however, it is not possible to rule out that, depending on the circumstances, other legal bases may apply in individual cases.

As a rule, there is no legal obligation to disclose personal data to us unless you are in a contractual relationship with us which justifies such an obligation. However, we need to collect and process the personal data required or to enter into and execute a contractual relationship, for the fulfilment of the associated obligations and to comply with legal requirements. Otherwise we will not be able to conclude or continue with the contract in question. The processing of certain data is also mandatory when using websites. You can prevent cookies (further details are provided in this Data Privacy Policy). The logging of certain data, but usually not personal data, such as your IP address, cannot be prevented for technical reasons.

You may or may not want us to transfer personal data of third parties. We remind you that in this case, you are obliged to inform the data subject about this data transfer and this Data Privacy Policy and ensure the accuracy of the personal data concerned.

13. Changes to this Data Privacy Policy

This Data Privacy Policy may be amended over time, especially if we change our data processing or if new legislation becomes applicable. In general, the Data Privacy Policy in the version current at the beginning of the relevant processing applies to the data processing.

14. Reasons for data collection; scope, purpose and obligation to provide information; legal basis of the data processing

Communication

1. Processed personal data

We collect and process personal information when you contact us in writing, electronically or by telephone, or when we contact you. For example, if you contact customer services and if you write to us by e-mail/post or if you call us. We process contact and communication information, in particular the following personal data:

  • Name;
  • Depending on the method of communication used, contact data such as postal address, e-mail address and telephone number;
  • If applicable, information about third parties mentioned in the communication;
  • Time of communication and its content, which may also include personal data of third parties.

The exact scope of the personal data depends largely on the content of the communication. If you provide us with sensitive personal data, we will also process this data. Telephone conversations with us are recorded if need be, which you will be informed about in advance.

2. Reasons for data collection and obligation to provide information

We process personal data in this context, in particular for the following purposes: 

  • Communication with you;
  • Customer services and care;
  • Quality assurance and training;
  • All other processing purposes, to the extent that communication is required (e.g. contract settlement).

As a rule, you are not required to give us specific information. However, we can often only reply to you, process your request, and communicate with you if we are able to process certain minimum details. If you do not want us to record telephone conversations, you have the option at any time to stop the telephone conversation and communicate with our customer services in another way (e.g. by e-mail).

3. Legal basis

When communication takes place on your initiative, we regard this as consent to process your personal data. In many cases, customer service and communication are in our legitimate interests, as it enables us to communicate with customers and others, improve the quality of our services, avoid errors in our processes and achieve greater customer satisfaction.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Online bookings on the website and use of services

1. Processed personal data

If you use our services, e.g. if you make an online booking or receive a service, we process personal data in connection with your booking and payment behaviour. In particular, these include the following personal data that may require special protection:

  • Name, address, contact details, billing address(s);
  • Credit and payment information obtained from providers such as credit reporting agencies;
  • Information about what bookings you make, when you make them and how often, using which type of payment method in which hotels, resorts or online booking platforms;
  • Information about your behaviour on an online booking platform (confirmed and cancelled reservations, shopping lists, services viewed, such as room categories, etc.).

However, this requires that you book online and use a customer or loyalty card or identify yourself in another way. You can usually also use certain services at our hotels and resorts without us knowing your name.

We may also evaluate information about bookings and behaviour on our premises and on-line booking platforms and link this to other personal information, such as non-personal statistics and other personal data we collect about you. We can also check your credit rating in connection with the contract. For this purpose, we usually obtain information from specialised companies called credit reporting agencies.

To prepare for your stay, we can obtain your photo from publicly available sources. This allows us to recognise you and provide you with outstanding customer service. If you book online, please also observe the provisions of the section "Use of online services" in this Data Protection Statement.

2. Reasons for data collection and obligation to provide information

In this case, we in particular process your personal data for the following purposes:

  • Contract initiation and processing: We process your personal data so that we can decide whether and how (e.g. with which payment terms) we enter into a contract with you so that we can record booking and service charges, manage and fulfil reservations and bookings and in general to conclude, execute and if necessary enforce the contract;
  • Information about your booking behaviour: We analyse the booking behaviour of our customers and gain information about their preferences and affinities for specific products or services, along with further information that we take into account when improving our services (room categories, location selection, etc.). This allows us to tailor our services to the needs of our customers (overall and individually) and to respond optimally to your enquiry.
  • Statistical purposes: We process your personal data for statistical purposes, e.g. to evaluate information about interactions between us and our customers with on a non-individual basis. This also makes it easier for us to respond better to the needs of our customers. We also know which products are preferred and how we can improve our services.

You are not required to disclose personal information. However, reservations and the purchase of services and certain goods are not possible without us processing your personal data. Booking via the website also means that we need to process the required personal data.

3. Legal basis

We base this processing on our entitlement to process personal information in order to handle your contract applications and to execute contracts. Processing also serves legitimate interests, such as when we deliver goods to third parties (such as gifts), and by evaluating information about your shopping and booking behaviour, we can more effectively tailor our services to meet your needs and interests and expand and improve our offers. This is important for us ,as it enables us to successfully compete in the market. If we process sensitive personal data, we generally base this on your express consent.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Loyalty or customer programmes

1. Processed personal data

When you sign up for our "Advantage M and Circle M" loyalty programmes, we collect and process contact information and other personal information, such as the following:

  • Title;
  • Company:
  • Name;
  • Postal address;
  • E-mail address;
  • Telephone number:
  • Nationality;
  • Credit card information;
  • Date of birth;

When you use your loyalty or customer card for bookings and payments, we also process transaction data, which may include, in particular, the following personal data which may also be confidential:

  • Information about bookings and purchases of goods and services;
  • Subject, time and place of your bookings and purchases;
  • Your bookings and purchase amounts.

We may also evaluate your personal data and link this to other personal information, such as non-personal statistics and other personal data we collect from you in order to determine information about your preferences and affinity towards certain products or services. Further details can be found in this Data Privacy Policy under "Online bookings on the website and use of services" and in the respective general terms and conditions or conditions of participation

2. Reasons for data collection and obligation to provide information

We process your personal data within the scope of the programmes, in particular for the following purposes:

  • Administration of the programmes: We use your personal data to issue you your personal loyalty or customer card etc. and send it to your home. We also require personal information to inform you quickly about changes and additional offers electronically or by post.
  • Optimising our services: We analyse the personal data we receive when the card is used in order to understand the booking and purchasing behaviour of our customers and derive information that we can use in the management of our services (offer design, choice of location, etc.).
  • Orientation of our services to meet your needs: By participating in one of the programmes and taking advantage of its benefits and services (see the general terms and conditions of the programme for details), we will gain better knowledge of your behaviour (especially when and where you make bookings and shop and how often). This allows us to more effectively tailor our services to the overall needs of our customers and fulfil individual requirements. In this way, we can coordinate our services and promotions according to the demand.
  • Marketing: We process your personal data in order to specifically inform you about goods and services, sales, competitions or other special offers according to your interests.
  • Statistics: We also process your personal data on a non-personal basis for statistical evaluation.

Participation in the programmes is voluntary, but requires that we are able to process certain personal data. The use of the data is also voluntary. For example, if you do not want us to process personal data about your booking and shopping habits, you can refrain from using the programmes. You may miss out on the special benefits associated with the programmes (such as loyalty premiums) as a result.

3. Legal basis

We must accept your application for your to be able to participate in the programmes. In doing so, a contract is concluded between you and us. The processing of personal data for the processing of the application and the execution of programmes such as the acquisition and the redemption of points is permitted. Processing is required due to legitimate interests. This allows us to run the programmes and reward customers for their loyalty, and we are able to better and more specifically align our services to your needs and interests through the personal information gathered through the programmes and expand and improve our services. If we process sensitive personal data, we generally base this on your express consent.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Visits to our website

1. Processed personal data

Technical specifications: For technical reasons, every time you visit our websites, certain data is automatically collected and stored in log files. This involves, for instance, the following data:

  • IP address and device-specific information such as the MAC address and operating system of the device;
  • The internet service provider of the user;
  • Accessed content and date and time of the website visit.

Cookies: Depending on functionality, we may store cookies. Cookies are small files that your browser automatically creates and that are stored on your device (tablet, PC, smartphone, etc.) when you visit our website. We use session cookies containing a unique identification number, called a session ID, and information about the origin and storage period of the cookie. These cookies are automatically deleted after your visit to our website. We use these cookies e.g. to save a shopping cart. We also use persistent cookies, which remain stored even after the browser session has ended. Such cookies are used to recognise a visitor on a later visit. Some cookies also originate from third parties. This is the case when we use functions on our website provided by third parties. This applies to evaluation services, which also work with cookies.

Technical data and cookies do not often contain personal data. It is usually not possible for us to assign the information collected to a specific person.

Evaluations of user behaviour: We use web analysis tools on our website, such as Google Analytics, an analytics service of Google LL in the United States. Google uses cookies for this, which allow it to analyse the use of the website. As a result, Google does not obtain any personal data about us, but does gather information about your behaviour on our website and the device used for this purpose (tablet, PC, smartphone, etc.). This involves, for instance, the following usage data:

  • Type and version of the browser;
  • The address (URL) of the website from which you accessed our website;
  • Name of your provider;
  • The IP address of the terminal;
  • Date and time of access to our website;
  • Visited pages and length of stay.

This information is usually transferred to a Google server in the USA and stored there. Your IP address will be truncated in the EU or in the EEA if you have activated the anonymised IP function. Only in exceptional cases will the full IP address be transferred to the USA. Google is subject to the US Privacy Shield in the USA. We receive evaluations from Google on the basis of this data. Google Analytics also enables us to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thereby analysing the activities of an unidentified user across several devices. Further information is available in the terms of use and Google's data privacy policy.

We use similar services from other providers located worldwide. These providers often do not receive personal data, but may record the use of the website by the user, for example through the use of cookies and other technology. These records can be linked to similar information from other websites. The behaviour of a particular user can be recorded across multiple websites and devices. The respective provider may also use this data for its own purposes, e.g. for personalised advertising on its own website and on websites that it supplies with advertising. If a user is registered with the provider, the provider may assign the usage data to this individual. As a rule, it will seek the consent of the data subject and allow them to revoke this consent in accordance with the provider's instructions. This personal data is processed by the provider in its responsibility and according to its own privacy policy.

Social plug-ins: Our websites use social plug-ins, e.g. from Facebook, Twitter, Instagram, Google+, Youtube, Pinterest, Foursquare and Weibo. Buttons of the corresponding providers are therefore displayed and content of the respective providers are integrated on the website. When you visit a website that contains this type of social plug-in, your browser makes a direct connection to the relevant providers. The content of the social plug-in is transferred by the relevant provider to your browser and is incorporated by the provider into the relevant website. As a result of this process, the provider in question in particular receives the following data:

  • A notification that your browser has accessed the website in question;
  • The IP address of the device you are using, even if you do not have an account with the provider.

If you are logged in to the relevant provider at the same time, they can link the visit with your personal profile. If you interact with a social plug-in, for example if you press a 'Like' button or leave a comment, the corresponding information is transferred from your browser directly to the relevant provider and stored there. It may also appear on your profile with the provider and be visible to your contacts.

2. Reasons for data collection and obligation to provide information

In connection with this, we in particular process your personal data for the following purposes:

  • Provision of the website: The recording of certain log files and cookies is unavoidably linked to the provision of the website and its functions for technical reasons. Other cookies help us to ensure and secure the various functions and offers on our website.
  • Personalisation of the website: Some cookies are used to adapt our online services to your needs (e.g. by saving your language choice).
  • Website administration: The storage and processing of log files and cookies helps us to maintain and troubleshoot, ensure the security of our website and fight fraud.
  • Third party cookies allow the relevant companies to provide services or send advertising that may interest you.

The collection of the mentioned data is not obligatory, but in many cases necessary for the use of the website and certain functions. You can configure your device so that a notification always appears before a new cookie is created. This also allows you to reject cookies. You can also delete cookies from your device. Furthermore, you have the option to prevent the collection of data generated by the cookie (including your IP address) and the processing of this data by downloading and installing a corresponding browser add-on. However, rejecting or disabling cookies may mean that you are unable to use all features of our website.

This information is in particular used to better understand the use of our website and improve its content, functionality and discoverability. For example, we are able to see the pages from which most visitors come to our website, which pages are visited the most and from which page most visitors leave the website. We may also evaluate the personal data and link this to other personal information, such as non-personal statistics and other personal data we collect from you in order to determine information about your preferences and affinity towards certain products or services. You can prevent the use of Google Analytics by installing a browser add-on: tools.google.com/dlpage/gaoptout. You also have the option of revoking any consent to providers or object to data processing by these providers.

In particular, we use social plug-ins to make our website more attractive and facilitate interaction with our services, e.g. "liking" a page. This also helps us to achieve greater reach for our website. Further information on the processing of the data in question can be found in the data privacy policy of the respective provider.

If you do not want the provider concerned to collect data about you through our website, you must log out of your account with the relevant provider before visiting our website. Even if you have logged out, the providers collect anonymous data via the social plug-ins. This data can be assigned to your profile if you log in to the relevant provider at a later date. In these cases, the provider concerned processes personal data in its own responsibility and in accordance with its own data privacy policy. If you want to prevent the provider from assigning data to your profile, you must delete the corresponding cookies. You can also completely prevent the loading of the social plug-ins by installing add-ons for your browser.

3. Legal basis

The processing of log files and cookies for the stated purposes is in our legitimate interest. Some cookies are required, for example, to save individual settings or offer booking reservations. This individualisation is also in the interest of visitors to our websites. The analysis of the use of our website also constitutes a legitimate interest. The stated purposes of the data processing are in our legitimate interest. Our websites are a very important means of customer communication and acquisition for us. It is important for us to keep our websites functional, attractive and personal. The stated purposes of the data processing are in our legitimate interest. It is important for us to make our website attractive and increase interaction with our visitors. Using social plug-ins is an important tool.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Online services and apps

1. Processed personal data

Online services: If you use our online services, we also process personal data - even if you do not make a booking. For example, when you register with us, we process contact information and data related to the service, including, but not limited to, the following personal information:

  • Your name;
  • Your postal address;
  • Your e-mail address and mobile number if applicable;
  • Date and time of registration.

If you access our website using Facebook Connect or when logged into another third-party provider (e.g. Google or LinkedIn), this gives us access to certain data stored with the relevant provider, e.g. your user name, profile picture, date of birth, gender and other information. You will find details about this in the data privacy policy of the respective provider.

Apps: We may also provide mobile applications (apps). In this case, we collect and edit personal information when you install an app, when you use the app and the features available through it, and when you update the app. This data in particular includes the following information:

  • Date, time and duration of the installation;
  • Device-specific information such as the device type and the current version of your operating system;
  • Information about the use of the app.

Depending on the type of service, we may also process further personal data. This may include the following personal data, which may also contain sensitive personal data.

  • Information about the use of a user account;
  • Your age;
  • Your booking behaviour;
  • Your location
  • Health details;

We may also evaluate this personal data and link this to other information, such as non-personal statistics and other personal data we collect from you in order to determine information about your preferences and affinity towards certain products or services. Further information is available in the applicable terms of use and in this table under "Visits to our website". If you shop with us in an online shop, you will find additional information under "Purchase of goods and use of services".

2. Reasons for data collection and obligation to provide information

We process your personal data in connection with online services and apps for the following purposes:

  • Provision of the service: We process personal data in order to make the service available online or via an app and to be able to process the service. This may include the opening and administration of a user account in your name.
  • Evaluation and personalisation: We process personal information relating to online services and apps to better understand behaviour within these services and apps, and generally understand the interests and affinities of our customers, submit personalised offers, and develop our services and apps. For example, we record which apps you download, how you use them, how long you have them installed, and which services you make use of.
  • The processing of personal data also helps us in the fight against fraud.

The use of the online offers is voluntary. However, if you decide to use it, this is usually not possible without the corresponding processing of personal data (e.g. for mandatory information in online forms).

3. Legal basis

Online offers can usually only be used if you accept the terms of use. In doing so, a contract is concluded between you and us. The processing of personal data is permitted for the execution of the contract. The data processing also serves legitimate interests. In doing so, we can better tailor our services to your needs and interests and expand and improve our services. This is important for us ,as it enables us to successfully compete in the market. Depending on the features of the online offer, we can ask you for further consent.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Information and direct marketing

1. Processed personal data

In particular, when you sign up for an electronic newsletter and other electronic communications, we will process the following personal information:

  • Your name;
  • Your e-mail address and/or mobile number;
  • Information about whether you have consented to the receipt of such communications or objected to them.

We may also process information about your use and response to such communications, including the following personal information:

  • Delivery of the message;
  • Opening and, if relevant, forwarding of the message;
  • Clicked links (destination, date and time).

We may also evaluate your personal data and link this to other personal information, such as non-personal statistics and other personal data we collect from you in order to determine information about your preferences and affinity towards certain products or services.

2. Reasons for data collection and obligation to provide information

We process your personal data to provide you with electronic communications and advertisements. We process personal data about your use and reaction to these messages in order to get to know you better and send you more relevant offers. This data processing is voluntary for you. However, if you do not provide us with your personal data, in particular your e-mail address, we will not be able to offer you this service. You may revoke your consent to electronic newsletters at any time by unsubscribing from this service. You can do this by clicking on the link provided in every electronic newsletter. Alternatively, you can request information about or the correction or deletion of your personal data stored by us at any time by contacting us at the following address: privacy@movenpick.com.

3. Legal basis

We consider your subscription to an electronic newsletter as consent to the processing of the personal data for the purposes indicated. We also have a legitimate interest in direct advertising and evaluating your response to such advertising. Both are important for us, as they enable us to successfully compete in the market.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Participation in competitions, sweepstakes and similar events

1. Processed personal data

We collect and process personal information when you participate in competitions, sweepstakes and similar events ("event" in each case). The amount of personal data processed may vary depending on the event. In particular, this includes the following personal data:

  • Your name;
  • Your date of birth;
  • Your contact details;
  • Confirmation of participation;
  • The result of participation;
  • If relevant, correspondence about the event.

Further details are available in the respective conditions of participation. We may also evaluate your personal data and link this to other personal information, such as non-personal statistics and other personal data we collect from you in order to determine information about your preferences and affinity towards certain products or services.

2. Reasons for data collection and obligation to provide information

We process your personal information in connection with events to facilitate the event and notify the winner. We can also process your name and contact details for promotional purposes.

Participation in such events is voluntary, but not possible without the processing of personal data.

3. Legal basis

By participating in an event, you consent to us processing your personal information for this purpose. The data processing also serves legitimate interests. In doing so, we can better tailor our services to your needs and interests and expand and improve our services. This is important for us ,as it enables us to successfully compete in the market.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Visiting our premises

1. Processed personal data

Video-monitored areas: We record video footage in appropriately marked areas. We may receive information about your behaviour in the relevant areas. The use of CCTV cameras is limited to specific areas and is clearly marked. The data collected is also only available to selected employees for processing.

Use of WiFi: We collect and process device-specific data from your device (tablet, PC, smartphone, etc.) as soon as you access and log in to our WIFI infrastructure. In particular, this includes the following data:

  • the MAC address of the terminal (a unique identifier of the device);
  • Date, time and duration of the connection;

It is possible that you may be required to log in before using the WIFI network using the email address or social media login you need to use our services. In this case, we collect and process in particular the following personal data:

  • Your name;
  • Your e-mail address;
  • Date and time of the successful login.

It is also possible to log in via a social network or other service (e.g. Facebook Connect). This gives us access to certain data stored with the relevant provider, e.g. your user name, profile picture, date of birth, gender and other information. You will find details about this in the data privacy policy of the respective provider.

When you use the WiFi network, we will in particular process the following information:

  • Duration of the connection;
  • Location of WiFi service;

2. Reasons for data collection and obligation to provide information

This processing is for your own security, for the security of our employees and for evidence purposes. In the event of any suspicion of criminal offences, we can provide the recordings to the law enforcement authorities. If you do not want to be recorded, we ask that you do not enter the relevant areas.

We process this information to provide you with WiFi and for IT security purposes. The use of the WiFi offers is voluntary. You are generally not required to disclose personal information. Using the WiFi service may not be possible without the corresponding personal data processing.

3. Legal basis

It is in our legitimate interests to ensure the security of our customers and employees in the relevant areas and to prevent and assist in the investigation of possible crimes against our employees and customers. If you voluntarily enter a supervised, designated area, we also consider this to constitute consent.

By using our WiFi service, you consent to us processing your personal data for this purpose.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Participation in customer events

1. Processed personaldata

We process personal data when we hold customer events (such as promotional events and sponsorship events). In particular, these include the following personal data that may require special protection:

  • Your name;
  • Your contact details;
  • Your participation or non-participation;
  • Further data associated with the the customer event.

We may also evaluate your personal data and link this to other personal information, such as non-personal statistics and other personal data we collect from you in order to determine information about your preferences and affinity towards certain products or services.

2. Reasons for data collection and obligation to provide information

In particular, we process your personal data to invite you to our events and to determine which customer events will be of interest to you. In this way, we can inform you about customer events that we hope will interest you. Participation in customer events is voluntary, but are generally not possible without the processing of personal data.

3. Legal basis

We process your personal data after you have given us your consent to inform you about corresponding customer events or if you have registered for one of our customer events. In addition, this processing is in our legitimate interests, as they allow us to get in touch with you personally and get to know you better. As a result, we can better tailor our services to your needs and interests and expand and improve our services. This is important for us ,as it enables us to successfully compete in the market.

4. Company responsible for processing

The Mövenpick Group company sending the invitation to the event.

Market research and media observation

1. Processed personal data

We process personal data for market and opinion research. For this purpose, we may use information about your booking behaviour, e.g. information about bookings, reservations, booking history, preferred booking platforms and times, preferences and affinity, but also information from market research and opinion surveys, corresponding studies and other information e.g. from the media, social media (if the information is public), the internet and other public sources. We can also use media monitoring services or conduct our own media observations and process personal data.

2. Reasons for data collection and obligation to provide information

Personal data is in particular processed for the following purposes:

  • For market and opinion research;
  • To assess and improve the acceptance of our products and services and our communications relating to products and services;
  • For the development of new offers;
  • To assess the supply situation in a given market.

3. Legal basis

This data processing is in our legitimate interest as it allows us to improve the sale of products and services and thereby improve our market situation.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Contact with our company as a business partner

1. Processed personal data

If you are working for a company that delivers goods or services to us, or obtains goods from us, or with whom we work together in any other way, we process personal data about you, such as:

  • Your name;
  • Your title, function, area of activity and relationship with the company concerned;
  • Stages of your career;
  • Your interactions with us.

We process further personal data, possibly also sensitive personal data, if we check whether we want to or can cooperate with your company (e.g. in security checks). If you work on our premises, we also process further contact details, such as information about:

  • Nationality and residence status;
  • Passport and ID copies:
  • Criminal record and criminal measures;
  • Data about user accounts and their use;
  • Badge number and use;
  • Your use of our IT infrastructure;
  • Video recordings (if you are in an area that is being monitored by video).

We usually inform you separately about such arrangements or ask for your consent.

2. Reasons for data collection and obligation to provide information

Personal data is in particular processed for the following purposes:

  • To check whether we receive services from your company or deliver them to your company or whether we want to and can cooperate with your company (e.g. in terms of of proficiency tests, conflicts of interest checks, etc.);
  • To check if your company provides the necessary security, e.g. if it were to process personal data on our behalf;
  • For communication with you and your company, e,g, within the context of contract execution;
  • For staff resource planning and, if necessary, resource planning for you or your company's staff;
  • For training purposes; • For monitoring and performance appraisal;
  • For the preparation and settlement of corporate acquisitions, sales and similar transactions;
  • For Customer and Supplier Relationship Management, to get to know you and your company better, improve our customer orientation and increase customer satisfaction and customer loyalty (Customer Relationship Management, "CRM");
  • For accounting purposes;
  • To manage and maintain our IT and other resources;
  • To exchange personal data within the group.

You are not required to disclose this personal data. If you do not want to provide us with the required personal data, we may not be able to work with you. In exceptional cases, we are even legally obliged to process such personal data.

3. Legal basis

This data processing is in our legitimate interest as it allows us to use and sell goods and services. We also have a legitimate interest in preventing abuse and ensuring an appropriate level of security. Customer care is also in our legitimate interest. If we have a contract with you directly or if you want to conclude a contract with us directly, we process your personal data for the conclusion and execution of the contract.

If we process personal data that is particularly worthy of protection for the purposes mentioned above, we usually do so to assert, exercise or defend legal claims or with your express consent.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Administration

1. Processed personal data

We may process sensitive personal data about our customers, business partners and third parties, e.g. within the context of the administration of our IT, for our internal administration and management.

2. Reasons for data collection and obligation to provide information

We in particular process your personal data for the following purposes:

  • Reviewing and improving our internal processes;
  • Accounting;
  • Archiving;
  • Training;
  • Other administration purposes.

These purposes may apply to us or to affiliated companies.

3. Legal basis

Processing for the stated purposes may be required for the execution of contracts. It is also required for the legitimate interest of corporate and group management.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Corporate activities

1. Processed personal data

We may review transactions or perform transactions in which we sell, charge or acquire companies, parts of companies or other assets. In this context, we process personal data, the scope of which depends on the purpose and stage of the transaction and which may also contain sensitive personal data. Under certain circumstances, such information may be disclosed to or collected from a potential contractor to the extent permitted. When we sell receivables, for example, we provide the acquirer with information about the reason for and level of the claim and, if necessary, the creditworthiness and behaviour of the debtor.

2. Reasons for data collection and obligation to provide information

The purpose of this data processing is, in particular, to check the corresponding transactions and to perform them if necessary. This may also require notifications to authorities at home and abroad.

3. Legal basis

Processing for the stated purposes may be required for the execution of contracts. This is also in our legitimate interest.

When we process sensitive personal data, we generally rely on your express consent.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Job applications

1. Processed personal data

If you apply for a position with us, we will process your contact details, the information provided to us (e.g. application, marital status, CV, knowledge and skills, interests, references, qualifications, certificates, etc.). This may include personal information that is particularly sensitive, e.g. health data and information about union affiliation. During the course of a job application, further personal data may be required, depending on the job and profile.

2. Reasons for data collection and obligation to provide information

We process your personal data to verify your suitability for the job in question, discuss with you any employment and, if necessary, prepare and conclude a contract. With your consent, we may keep your application on file, even if we or you do not opt for employment with our company, with a view to any future employment. The provision of the mentioned personal data is voluntary, but we are unable to process your application without the required personal data.

3. Legal basis

When you apply for a job with us, we process your personal information for a potential contract. We also deem your application as consent to this processing.

4. Company responsible for processing

The Mövenpick Group company to which you are applying.

Compliance with legal requirements

1. Processed personal data

In order to comply with legal obligations, we may or may not need to process personal data. This is the case, for example, if we receive and process complaints or reports of maladministration, or when an authority requests documents containing your name and contact details, or conducts an investigation. We may also conduct internal investigations which may also involve processing your personal data.

2. Reasons for data collection and obligation to provide information

We process your personal data for the following purposes:

  • Ensuring compliance with legal obligations, including orders from a court or public authority;
  • Preventive measures to ensure compliance;
  • Measures to detect and investigate abuses.

3. Legal basis

Processing for the stated purposes is required for compliance with legal obligations and for legitimate interests.

4. Company responsible for processing

Mövenpick Hotels & Resorts Management AG

Safeguarding of legal interests

1. Processed personal data

We process personal data in order to protect our rights, e.g. to enforce claims in court, out of court and when dealing with authorities in Germany or abroad and to defend ourselves against claims. For example, we may ask for the prospects of legal proceedings to be clarified or submit documents to an authority. The authorities may also ask us to disclose documents that contain personal data. In addition to contact details of the persons concerned, we also process further personal data depending on the situation, e.g. details of procedures that have given or could give rise to a dispute. This may also include personal data that requires special protection.

2. Reasons for data collection and obligation to provide information

We process your personal data for the following purposes:

  • Clarification and enforcement of our claims, which may include claims with our affiliates and our contractual and business partners;
  • Defence against claims asserted towards us, our employees, affiliated companies and our contractual and business partners;
  • Clarification of the prospects of court proceedings, other legal and economic issues and further questions;
  • Participation in proceedings before the courts and authorities in Germany and abroad.

3. Legal basis

Processing for the stated purposes may be required for the execution of contracts. This is also in our legitimate interest and possibly the legitimate interests of third parties.