An outdoor Dining & lounge area at Hotel Palace Munich

Our policies

Read the privacy and cookie policy of Hotel München Palace

I.          Name and address of the Controller

The controller within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the Member States as well as other data protection statutes (hereinafter the "Controller") is:

Roland Kuffler GmbH

Residenzstr. 12

80333 München

Germany

Telephone: ++49 89 290 705-0

Fax: ++49 89 294 076

email: direkt@kuffler.de

website: www.kuffler.de

-          II.         Name and address of the data protection officer

The data protection officer of the Controller is:

Eberhard Mayer

Residenzstr. 12

80333 München

Germany

Telephone: ++49 89 290 705-0

email:  datenschutzbeauftragter@kuffler.de

-          III.        General on data processing

1.         Extent of personal data processing

As a principle, we collect and use the personal data of our users only to the extent required to provide a functioning website, as well as our contents and services. As a rule, we collect and use personal data of users only subject to their consent, except where obtaining such consent before collection of the data is not possible for actual reasons and/or where processing of such data is allowed by virtue of applicable statutory provisions. The corresponding legal bases will be indicated below.

2.         Data processing by "Processors"

In order to ensure an effective visit of our website and use of the features offered, we partly rely on processors (see also art. 4 no. 8 GDPR) that are bound to observe our instructions, such as computer centre operators, mailing service providers and/or other parties involved (hereinafter: “Processors”) in the performance of the contract.

Such external service providers processing on behalf of us (said „Processors“) are carefully selected and strictly bound by contract to observe the requirements of GDPR (see art. 28 et seq. GDPR – processing carried out on behalf of a controller). These Processors process your data in accordance with our instructions, which is ensured by strict contractual provisions stipulating technical and organisational and supplementary control measures.

Your data are only transmitted to such a Processor if you have given your express consent or this is based on statutory provisions.

The data are not transmitted to third-party countries outside the EU/EEA or to international organisations, unless such transmission is subject to reasonable guaranties, including the EU standard contract clauses and the so-called Adequacy Decision of the EU Commission.

The third parties to whom data are disclosed include in particular the host provider of our website, the provider of dispatching services when you subscribe and confirm your subscription to newsletters, and the technical operator of the reservation system (e.g. Preferred, OpenTable, see below in more detail) when you make reservations.

3.         Legal basis for the processing of personal data

To the extent that processing of personal data is subject to the consent of the person concerned, the legal basis for such processing is art. 6 para. 1 lit. a GDPR.

If processing of personal data is required to perform a contract which the person concerned is a party to, the legal basis is art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are required to perform contractual measures.

If processing personal data is required to perform a legal obligation to which our company is subject, the legal basis is art. 6 para. 1 lit. c GDPR.

In the event that processing is necessary in order to protect the vital interests of the person concerned or another natural person, the legal basis is art. 6 para. 1 lit. d GDPR.

If processing is necessary for the purposes of the legitimate interests of our company or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, art. 6 para. 1 lit. f GDPR is the legal basis for processing.

4.         Data erasure and duration of storage

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage does not exist any longer. However, data may be stored beyond that point in time if this is provided by European or national legislation in the form of EU Regulations, national laws, or any other statutory provisions to which the Controller is subject. The data will also be blocked or erased if the time-limit provided by said statutory provisions for the storage of data expires, unless further storage of the data is required for the conclusion or performance of a contract, or the person concerned has given his/her consent to such further storage.

 

IV.       Provision of the website and creation of log files

Description and extent of data processing

Every time you visit our website, our system automatically collects data and information from the calling computer system. The following data is collected:

(1)    the IP address of the calling computer;

(2)    information about the type of browser and its version;

(3)    the operating system of the user;

(4)    the country from which our website is accessed;

(5)    date and hour of access;

(6)    any other website from which our Internet site is accessed.

The data are stored by our host provider who is a processor, see above. There is no storage of these data together with any other personal data of the user. IP addresses are anonymized with an 'x' after 7 days from their collection.

2.         Legal basis for the data processing

The legal basis for the temporary storage of data and log files is art. 6 para. 1 lit. f GDPR.

3.         Purpose of data processing

Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the computer of the user. To this end, the user's IP address must remain stored for the duration of the session.

The storage described herein is aimed at ensuring the functioning of the website.

The above-described purposes justify our interest in the processing of these data pursuant to art. 6 para. 1 lit. f GDPR.

4.         Duration of the storage

The data will be deleted as soon as they are no longer required for achieving the purpose of their collection. If the data are collected to provide the website, this is the case when the respective session is terminated.

Storage of the data in said log files is possible for an additional 7 days from termination of the session, but then only in an anonymized form, see above: in such cases, the IP addresses are modified so as to make their attribution to the calling user no longer possible, see above.

5.         Right to object and eliminate

Collection and processing of personal data is mandatorily required to provide the website and storage of these data in log files (not anonymized, but not longer than 7 days), and is necessary for operation of the website. Therefore, the user cannot object to such collection and processing. However, you have a right to object to any other collection and processing of your personal data.

 

V.        Use of cookies

1.         Description and extent of data processing

Our website uses cookies. Cookies are small text files that are stored by the Internet browser on the computer system of the user. If a user calls a website, a cookie may be stored on the hard disk of the user. This cookie contains a characteristic string array allowing identification of the browser when calling the website again.

We use cookies in order to make our website more user-friendly.

Some elements of our Internet site require that the calling browser can be identified after having called another site. The cookies are used to store and transmit the following data:

(1)       Language settings

(2)       Log-in information

In addition, we use cookies on our website to analyse the surfing behaviour of users. Thereby, the following data may be transmitted:

(1)       Frequency of calls of the site

(2)       Activation of functions of the website

When calling our website, users are informed by an info banner about the use of cookies, asking for their consent to processing their personal data used in this connection, and referring to this Privacy Statement. Users are also informed on how to stop storage of cookies by modifying the browser settings, see below.

2.         Legal basis for data processing

The legal basis for processing personal data by using technically necessary cookies is art. 6 para. 1 lit. f GDPR.

The legal basis for processing personal data by using cookies for analysis purposes, due to the necessary consent of the user, is art. 6 para. 1 lit. a GDPR.

3.         Purpose of data processing

The purpose of using technically necessary cookies is to facilitate navigation in our website. Some functions of our Internet site cannot be implemented without using cookies. To this end, it is required that the user's browser is recognized even after a change of site. We need cookies for the following applications:

(1)          Takeover of language settings

The user data collected by technically necessary cookies are not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its contents. Analysis cookies help understand how the website is used and thus enable us to continuously optimize our offers. Such processing of your personal data is in our justified interest pursuant to art. 6 para. 1 lit. f GDPR.

4.         Duration of storage, right to object and have the data deleted

Cookies are stored on the computer of the user and transmitted to our site. So you, as the user, have full control over the using of cookies. You may deactivate or restrict the transmission of cookies by modifying the settings of your Internet browser. Cookies stored in the past may be deleted at any time. This can also be done in an automated manner. If cookies are deactivated for our website, it is possible that not all functions of the website can be used up to their full extent any longer, in particular if the deleted cookies are technically necessary cookies.

VI.       Use of Google Analytics

1.         Description and extent of data processing

We use Google Analytics, a web analysis service of Google Inc. (https://www.google.co.in/about/ ) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") in order to be able to tailor our websites to the users' needs and optimize them continuously. In  this context, pseudonymized user profiles are compiled and cookies are used (see above). The information about your use of this website as collected by the cookies, such as

    browser type/version,
    used operating system,
    referrer URL (the site visited before),
    host name of the accessing computer (IP address),
    time of the server quest,

is transmitted to a Google server in the USA and stored there. The information is used to analyse the use of the website in order to compile reports on website activities, to perform services related to the use of the website and the Internet for market research purposes, and to design this Internet site in a manner tailored to the user's needs. If appropriate and statutorily required, or if third parties process these data by order, this information is also transmitted to third parties. In no case is your IP address combined with other Google data.

Important in particular: IP addresses are anonymized immediately, so that attributing your user data to you will no longer be possible with reasonable means (IP masking). This will be done on Google servers in the USA, at the latest, but normally even before that.

Further information on data protection in connection with Google Analytics can be found in Google Analytics Help under the link: https://support.google.com/analytics/answer/6004245? hl=en .&hl=en

2.         Legal basis of data processing

The tracking measures described below which we use are carried out under art. 6 para. 1 phrase 1 lit. f GDPR.

3.         Purpose of data processing

The tracking measures under Google Analytics help us designing our website in a manner fitting users' needs and ensure its ongoing optimization. In addition, we use tracking measures to compile statistics on the use of our website and to optimize our offers for you. These interests are justified within the meaning of the above-mentioned Regulation.

4.         Duration of storage, right to object and have the data deleted

On this issue, we refer to our above explanations on other cookies, which apply in this case as well.

You can prevent collection of the data collected by cookies and relating to your use of the website (including your IP address) as well as processing of these data by Google by downloading and installing the browser add-on to be found under the following link: (https://tools.google.com/dlpage/gaoptout?hl=en).

 

VII.      Google Adwords Conversion Tracking

In order to collect statistical data on the use of our website and analyze them for you, we use Google Conversion Tracking. Google Adwords stores a cookie (see above) on your computer if and when you come to our website via a Google ad.

Such cookies become invalid after 30 days and do not serve personal identification purposes. If users visit specific websites starting from the website of an Adwords customer, and if the cookie has not yet expired, Google and the customer can check that the user clicked on the ad and was forwarded to this specific site.

Each Adwords customer is assigned another cookie. Thus, cookies cannot be tracked through the websites of Adwords customers. The information obtained with the help of conversion cookies is used to compile conversion statistics for Adwords customers who decided to use Conversion Tracking. Adwords customers are informed about the total number of users who clicked on their ad and were forwarded to a site equipped with a conversion tracking tag. However, they do not receive any information allowing to identify users personally.

If you do not wish to participate in the tracking procedure, you may refuse storage of the required cookie on your computer – by choosing the corresponding settings of your browser, either by generally deactivating the automatic setting of cookies, or by blocking cookies for conversion tracking coming from the domain "www.googleadservices.com".

 

VIII.     Online bookings of rooms - Preferred

Our Internet site offers the possibility to book hotel rooms online by entering the dates, number of persons and nights. Such online reservation is carried out by another data controller, Preferred Hotel Group, Inc.,  311 South Wacker Drive, Suite 1900, Chicago, Illinois 60606 USA (link: https://preferredhotels.com/contact-us). The reservation mask operated by Preferred is integrated into our website concerned.

In our opinion, Preferred is a data processor on behalf of us as its controller within the meaning of art. 4 no. 8 GDPR. Therefore, we have entered into a contract according to art 28 et seq. GDPR, for further information as to such contract see above III.2

The data to be entered using our website but via Preferred reservation mask, are the following:

(1)          In the first level of the input mask

    a.         date of arrival
    b.         date of departure
    c.         number of adult persons
    d.         number of children
    e.         if applicable, query of special and/or discount codes, company codes or travel industry IDs

(2)     After having entered these data by clicking "check availability" and having selected the offered rooms and best available prices, you go to the second level of the input mask and enter the following data:

    a.         title
    b.         first name
    c.         last name
    d.         email address
    e.         date of birth
    f.          address data
    g.         phone number
    h.         If appropriate, you may be asked to enter optional information and further wishes that you think could be relevant for the contractual relationship in the technically optional field "remarks", or by clicking on additional categories.
    i.          Furthermore, payment data such as type of credit card, name of holder, number and validity are to be entered. The security code will not be asked.

Compulsory entries are marked with a small triangle before the respective entry line.

2.         Legal basis for this data processing via our website

The legal basis for the processing of reservation data as described in this Section VI is art. 6 para. 1 lit. b GDPR, since both a reservation contract is concluded, which means that such processing is needed to perform a contract, and another contract (accommodation contract) is intended and prepared by this reservation.

3.         Purpose of data processing

The above-described data processing serves the purpose of enabling you and us to conclude an effective, reliable and comprehensible reservation agreement for hotel rooms and to perform as you intended, i.e. by entering into an accommodation contract. Our aim thereby is to guarantee that you will enjoy a delightful stay in our hotel, free of complications and fitting the occasion that you (voluntarily) indicated, and being in accordance with your wishes at the reserved time and place.

Processing of these data is thus required both for performing the reservation contract and performing pre-contractual measures (preparation of the desired accommodation contract, to be closed at the concretely reserved point in time). All this is done upon your enquiry, and you are the person concerned within the meaning of GDPR.

4.         Duration of storage

    The data will be deleted as soon as they are no longer needed for achieving the purpose of their collection. This is the case if the reservation is cancelled.
    If an accommodation contract is concluded, your data will be kept for accounting and other purposes in the follow-up.

Furthermore, we keep your data to respond faster to your future enquiries and, in the event of future reservations in our restaurants, to meet your needs individually and actively.

In high-class hotels – such as ours – this procedure is in the express interest of both the guest and the hotel. The guest expects that his/her personal habits and wishes are not only taken into consideration in future reservations/bookings, but that the hotel can actively rely on corresponding data and transpose them positively and expressly in appropriate recommendations, without having to ask again. This shall be made possible in the interest of both parties.

In the latter case, the legal basis for data storage is art. 6 para. 1 lit. f GDPR.

5.         Right to object to such use and to have the data deleted

The reservation may be cancelled by the user concerned in accordance with the cancellation conditions.

You may object to the processing described under Section 4 b at any time. Since only the reservation itself is carried out via the website, the website cannot offer any stand-alone function for such purpose: in such a case you will have to contact by email and/or telephone the restaurant where you wish to make the reservation via the contact data indicated on the website for reservations/bookings, which are the following:

Email: info@hotel-muenchen-palace.de; telephone +49 / (0) 89 / 419 71 – 0

 

IX.       Online-reservations/bookings in restaurants and bars (OpenTable)

1.         Description and extent of data processing

Our Internet site offers the possibility to make reservations online in our restaurants (Palace Wintergarten and Palace Restaurant) and in our Palace Bar by entering the dates, number of persons, and hour. Such online reservation is carried out by another data controller, OpenTable, Inc., 1 Montgomery St., Suite 700, San Francisco, CA 94104, USA. The external reservation mask operated by OpenTable is integrated into our website under the name of the restaurant concerned.

In our opinion, OpenTable is a data controller within the meaning of art. 4 no. 7 GDPR and accordingly offers its own Privacy Statement on the reservation mask, relating exclusively to the processing of data by OpenTable, to which we refer, for the sake of completeness, under the following link: https://www.opentable.de/legal/privacy-policy

The data to be entered via OpenTable by using our website are the following:

(1)          In the first level of the input mask

a.  number of persons

b.  date

c.  time

d.      when entering these data, you will be automatically assigned to the selected restaurant

(2)     After having entered these data, you get to the second level of the input mask and enter the following data:

    a.         first name
    b.         last name
    c.         email address
    d.         telephone number
    e.         If appropriate, you may be asked to enter optional information and further wishes that you think could be relevant for the contractual relationship in the technically optional field "remarks".
    f.          If desired – technically optional field – you may enter further wishes into the field "remarks" – as under e. above.
    g.         If desired – technically optional field – you may enter into a further field – as under e. above – the occasion of your visit by selecting it from a list.

(3)     Automatically, without your direct involvement, the date and time when you made the reservation will be recorded.

When you reserve a table this way, your reservation with the entered data will be automatically stored in our computer-based reservation book for the restaurant selected from the list.

2.         Legal basis for this data processing via our website

The legal basis for the processing of reservation data as described in this Section VI is art. 6 para. 1 lit. b GDPR, since both a reservation contract is concluded, which means that such processing is needed to perform a contract, and another contract (entertainment contract) is intended and prepared by this reservation.

Another case subject to the legal basis of art. 6 para. 1 lit. 1 GDPR is described and explained under paragraph 4 b below.

3.         Purpose of data processing

The above-described data processing serves the purpose of enabling you and us to conclude an effective, reliable and comprehensible reservation agreement and to perform as you intended. Our aim thereby is to guarantee that you will enjoy a delightful stay in our restaurant, free of complications and fitting the occasion that you (voluntarily) indicated, and being in accordance with your wishes at the reserved time and place.

Processing of these data is thus required both for performing the reservation contract and performing pre-contractual measures (preparation of the desired entertainment contract, to be closed at the concretely reserved point in time). All this is done upon your enquiry, and you are the person concerned within the meaning of GDPR.

4.         Duration of storage

    The data will be deleted as soon as they are no longer needed for achieving the purpose of their collection. This is the case if the reservation is cancelled.
    If an entertainment contract is concluded, your data will be kept for accounting and other purposes in the follow-up.

Furthermore, we keep your data to respond faster to your future enquiries and, in the event of future reservations in our restaurants, to meet your needs individually and actively.

In high-class restaurants – such as ours – this procedure is in the express interest of both the guest and the restaurant. The guest expects that his/her personal habits and wishes are not only taken into consideration in future reservations/bookings, but that the restaurant can actively rely on corresponding data and transpose them positively and expressly in appropriate recommendations for the choice of meals and drinks, without having to ask again. This shall be made possible in the interest of both parties.

In the latter case, the legal basis for data storage is art. 6 para. 1 lit. f GDPR.

5.         Right to object and have the data deleted

The reservation may be cancelled by the user concerned at any time.

You may object to the processing described under Section 4 b at any time. Since only the reservation itself is carried out via the website, the website cannot offer any stand-alone function for such purpose: in such a case you will have to contact by email and/or telephone the restaurant where you wish to make the reservation via the contact data indicated on the website for reservations/bookings, which are the following:

Email: restaurant@hotel-muenchen-palace.de;

telephone +49 / (0) 89 / 419 71 – 821.

All contact data can also be found in this website, see under the tab "contact" (link: https://www.kuffler.de/de/kontakt.php), under which you will find:

-        a phrase (with highlighted link) with the following wording:

-        "Here you may order or cancel your table in the individual restaurants by phone". Click on this phrase/link to see the relevant phone numbers of all restaurants in all cities.

-        At the bottom of the page you will find links to the contact data of all restaurants classified according to their locations (Frankfurt, Munich, Wiesbaden).

 

X.        Newsletter

1.         Description and extent of data processing

Our Internet site offers the possibility to subscribe to a free newsletter under http://www.hotel-muenchen-palace.de/en/newsletter.html (corresponding link also at the bottom left on each page of our websites under "Newsletter Sign Up "). If you subscribe to the newsletter, we collect the following data you enter into the corresponding input mask - for our international guests queried in German and English:

(1)          Please enter into the input mask:

    a.    Anrede / prefix
    b.    Vorname / first name
    c.     Nachname / last name
    d.    E-Mail-Adresse / email address
    e.    Postleitzahl / ZIP
    f.      Geburtsdatum / Birthday

(2)     During subscription and, if applicable, upon confirmation of your entry (see below), the following data will be stored automatically, i.e. without your active involvement:

    a.         IP address of the calling computer
    b.         registration – and
    c.         if you confirmed an entry (see below) – date and hour of your confirmation

The data marked with a star "*" in the afore-described input mask are so-called compulsory entries without which, for technical and organisational reasons, we cannot dispatch our newsletters.

As we need your consent for further processing your data, we will be asking for it as well as for your confirmation that you have read this Privacy Statement – the subscription cannot be technically completed without this confirmation.

To protect your data interests, the following additional steps are necessary for the subscription becoming effective:

After having received your data as described above, we will send an email to the email address indicated in the subscription (confirmation mail), in which you are asked to click on a confirmation link. Not before you clicked on this link will you be listed in our files as a subscriber to the desired newsletter(s).

In connection with data processing for newsletter subscriptions, your data will not be disclosed to other third parties which are not processors as described above (see Section III.2 above). Together with such processors, we use these data exclusively for selecting the requested newsletters, dispatching them, and analysing your reading behaviour. Results of such analyses are stored in a completely anonymized form.

2.         Legal basis for data processing

The legal basis for the processing of the data after subscription to newsletters by the user is art. 6 para. 1 lit. a GDPR, if the user has given his/her consent to such processing. The described analysis is based on art. 6 para. 1 lit. f GDPR.

3.         Purpose of data processing

Collection of the user's email address serves the purpose of dispatching the newsletter.

Confirmation of the email is necessary to prevent third-parties from using your email address.

Your subscription to, and confirmation of, the newsletter is laid down in a protocol to evidence the subscription process in accordance with legal requirements.

Furthermore, our newsletters contain information about our offers and news about our hotel.

The analysis of your reading behaviour serves our justified interest of selecting and designing the information offered in the newsletter in an as attractive as possible manner; we assume that this is also in your interest and is at least not overridden by other opposing interests – anyway, you may object to such analysis at any time, see below.

4.         Duration of storage

The data will be deleted as soon as they are no longer needed for achieving the purpose of their collection. Thus, the email address of the user, prefix, last name and first name, and the confirmation via confirmation mail, are stored as long as the newsletter subscription is active.

5.         Right to object and have the data deleted

Subscription to newsletters may be terminated at any time by the user concerned. To this end, a corresponding link can be found at the bottom of every newsletter. Another link can be found on the website of the subscription mask, directly before the beginning.

This allows you to revoke your consent to the storage of personal data collected during subscription; however, any processing of data carried out so far is not affected by the revocation and remains rightful.

 

XI.       Contact form and email contact

1.         Description and extent of data processing

Our Internet site features a general contact form "CONTACT", which may be used for electronic contacting.

During your registration, we collect the following data entered by you in t