Veri Güvenliği

I. DEFINITION

The protection of your privacy is important to us. The protection of your personal data is therefore our top priority. That is why we handle your personal data extremely carefully by observing and implementing the measures in accordance with the European General Data Protection Regulation (GDPR) in order to counteract unauthorized access.

This data protection declaration is addressed to our customers. With this data protection declaration we inform you about the processing of your personal data by Migoda Services GmbH when you visit the website and register. It applies to the following website: www.migodahotels.com.

All terms used in this privacy policy, are compliant with the European GDPR. In order to ensure easy readability and comprehensibility, you will find below the explanations of some frequently occurring terms:

1. Personal data:

Personal data is information that relates to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is regarded as identifiable who can be identified

directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

2. Affected person:

“Affected” means any natural person who is identified or identifiable and whose data is processed by the Controller.

3. Person/ Entity responsible:

The Controller for the processing is the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of processing personal data. If the purposes and means of this processing are determined by the law of the Union or the Member States, the data controller or the specific criteria for their designation can be determined by the law of the Union or the Member States.

4. Processing:

“Processing” is understood to mean any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading out, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

5. Profiling:

“Profiling” is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, to analyze or predict personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.

6. Pseudonymization:

“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be assigned to a specific person concerned without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal Data cannot be assigned to an identified or identifiable natural person.

7. Processor:

“Processor” is a natural or legal person, authority, institution or other body that processes personal data on behalf of the Controller.

8. Recipient:

“Recipient” is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients. The processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in accordance with the purposes of the processing.

9. Third party:

“Third party” is a natural or legal person, authority, institution or other body, apart from the specific person, the Controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the Controller or the processor.

10. Consent:

“Consent” of the person concerned means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the concerned person signifies his or her agreement to the processing of personal data relating to him or her.

II. Name and address of the Controller for processing

Migoda Services GmbH
Neuer Wall 38
20354 Hamburg
Germany
E-Mail: [email protected] | Website: www.migodahotels.com

III. General information on the collection and processing of your data

1. Scope of Processing

We generally only process personal data from our website visitors and users to the extent that this is necessary to provide a functional website and our content and services, i.e. when using the website for information purposes only, so if you do not register or otherwise provide us with information we only collect the personal data that your browser transmits to our server. (See “Information that will be processed automatically”)

The processing of personal data of our users takes place regularly only with the consent of the user. (The legal basis is Art. 6 Para. 1 lit. a GDPR) An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

– Personal information that is offered by you:

– Contact details: The contact details of a business partner/ hotel, which contain e.g. the first and last name of the owner or an employee, the business e-mail address, address, website as well as telephone and fax numbers, are recorded.

– Financial data: The data required for payment and invoicing, such as your bank details, account number and sales tax number and payment advice notes are processed.

– Verification details: Migoda can ask its business partners/ the hotels for the verification of your company, for a copy of your identity card or passport, a photo, video, possibly insurance documents, tradelicenses or other relevant information.

– Other data; Telemarketing etc.: During every communication with www.migodahotels.com data is collected and processed. Even through customer service calls, the phone call can be overheard or recorded for training purposes or for quality management, including the use of the recordings when dealing with claims and uncovering cases of fraud. Recorded calls are stored for a limited time and automatically deleted, unless Migoda has a legitimate interest in keeping such recordings for a longer period, for example in the context of uncovering fraudulent activities or for legal reasons.

By sharing the personal data of other people in relation to your company (e.g. your employees), you confirm that these people have been informed about the use of their personal data by www.migodahotels.com in accordance with this data protection statement and all of them have given the necessary consents. (The legal basis is Art. 6 Para. 1 lit. a GDPR)

– Information that is automatically processed for the provision of the website and the creation of log files (legal basis Art. 6 Para. 1 S. 1 lit. f GDPR):

– When you visit our website www.migodahotels.com, information is automatically collected. This includes data such as the language settings, IP address, location, device settings, operating system of the device, access times, duration of use, date and time of the request, time zone difference to Greenwich Mean Time (GMT), requested URL, access status/ HTTP status code, each amount of data transferred, Website from which the request came, status report, information about the browser, operating system, result of the visit (visit or booking), the browser history, the booking ID of the user and the type of data viewed.

– The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

– The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.

2. Purpose of Processing

The information collected from business partners (hotels) is used by the Controller (Migoda Services GmbH) for the following purposes:

– Registration and Account Management:

When visiting the website www.migodahotels.com account details, financial data and contact details are required for registration with www.migodahotels.com, including the verification or maintenance of the business relationship with the business partner (hotel).

– Customer Service

When visiting the website www.migodahotels.com, the data provided, including personal data, is used to process and clarify inquiries, questions and concerns from business partners (hotels). If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved. In addition to the specific input mask data, the IP address and the date and time of the request are collected and stored. You give your consent for the processing of the data by sending the data. (The legal basis is Art. 6 Para. 1 lit. a GDPR). Alternatively, you can contact us via email address. (The legal basis is Article 6 (1) (f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR). In this case, the user’s personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties, unless this is necessary to process the query. In any case, the data will only be used to process the conversation.

– Analysis, Improvement and Research

Personal data is used when visiting the websites www.migodahotels.com for research and analysis purposes as well as to improve the www.migodahotels.com services and the user experience, as well as for test purposes, to improve the functionality and quality of the online services from www.migodahotels.com.

3. Storage and Deletion of the Data

We delete personal data of the person concered as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which our companyis subject. The data will also be deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4. Data Transfer

– Data transfer to partner companies: In order to support the use of the services of www.migodahotels.com, your data, which may contain personal data, may be shared with subsidiaries of the Migoda group of companies, including customer service.

– Passing on to third parties: We pass on information from business partners (hotels), including personal data, to third parties, insofar as this is legally permissible and is described below:

a) Service providers (including suppliers): We pass on your data to third-party service providers in order to provide our products and services, to store data and or to conduct business on our behalf. These service providers process personal data only in accordance with the instructions from and for the provision of services for Migoda Services GmbH.

b) Payment providers and other financial institutions: In order to process payments between a business partner (hotel) and Migoda Services GmbH, personal data is passed on to payment providers and other financial institutions.

– Financial data: The data required for payment and invoicing, such as your bank details, account number, sales tax number and payment advice notes are processed.

c) Forced disclosure: If required by law, absolutely necessary for the provision of our services, in legal proceedings, or to protect our rights, the rights of the group of companies, we pass on personal data to law enforcement and investigative authorities as well as to other companies in the group of companies.

5. International Data Transfers

A transfer of personal data outside the EU is generally not intended. All of our databases are located within the EU. Insofar as this is required under European law, we only transmit personal data to recipients who offer an adequate level of data protection in compliance with the Schrems II judgment by ensuring suitable protective measures.

IV. Data Collection from Partners (hotels) by Migoda

1. Scope of data processing

We offer the opportunity, by providing personal data to become a partner. The data is collected and stored in the contract process. A transfer of data to third parties does not take place. The following data is collected during the registration process:

– Your email address,
– First name and surname,
– possibly company affiliation,
– Payment information (possibly from the company),
– further data that we request from you and
– possibly data that we receive in the context of the business relationship.

2. Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

3. Purpose of data processing

Registration is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case during the registration process to fulfill a contract or to carry out precontractual measures when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to save personal data of the contractual partner in order to meet contractual or legal obligations.

V. Order data processing

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authoritieswhen using Google Analytics. This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google, as well as from visitor data from third-party providers. These data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the point “Objection to data collection”.

VI. Minors

Our services are not aimed at minors under the age of 18. We do not knowingly collect information from children under the age of 18. If you have not yet reached the age limit, do not use the services and do not give us your personal data. If you are a parent of a child under the age limit and you learn that your child has submitted personal information to Migoda, contact us at [email protected] and insist on exercising your rights of access, correction, deletion and/ or objection.

VII. Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and – after successful identification – you have the following rights towards us:

1. Right of providing information:

You can request confirmation from our company as to whether we are processing personal data relating to your person.

If such processing is available, you can request information from us about a large number of issues in accordance with the GDPR, such as:

– the purposes for which your personal data are processed;
– the categories of personal data that are processed;
– the recipients or the categories of recipients to whom your personal data have been disclosed or are still being disclosed;
– the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;
– the existence of a right to correction or deletion of your personal data, a right to restrict processing by our company or a right to object to this processing;
– the existence of a right of appeal to a supervisory authority;
– all available information about the origin of your personal data, if your personal data has not been collected from yourself;
– the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

2. Right of correction:

You have the right to have your personal data corrected and/or completed if this data is incorrect or incomplete. We will make the correction immediately.

3. Right to restriction of processing:

Under certain conditions, you can request that the processing of your personal data be restricted:

– if you dispute the correctness of the personal data concerning you for a period that enables us to check the correctness of the personal data;
– if the processing is unlawful and you reject the deletion of your personal data and instead request that the use of your personal data be restricted;
– if we no longer need your personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or
– if you have objected to the processing and it has not yet been determined whether the legitimate reasons of our group of companies and affiliated subsidiaries outweigh your reasons.

If the processing of your personal data has been restricted, we may only process this data – apart from its storage – with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

If the processing restriction has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right to erasure:

You can ask us to delete your personal data immediately, and we are then obliged to delete this data immediately if one of the following reasons applies:

– Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
– You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing;
– You object to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Paragraph 2 GDPR;
– The personal data concerning you have been processed unlawfully;
– The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.

If we have made your personal data public and we are obliged to delete it in accordance with Art. 17 Paragraph 1 GDPR, we must take appropriate measures, taking into account the available technology and the implementation costs, to inform other companies that process your personal data inform that you have asked them to delete all links to your personal data (and all copies thereof) (“right to be forgotten”).

The right to deletion does not exist if the processing is necessary:

– to exercise the right to freedom of expression and information;
– to fulfill a legal obligation that requires processing under the law of the Union or the Member States to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the person responsible;
– for reasons of public interest in the area of public health in accordance with Art. 9 Paragraph 2 lit. h and i and Art. 9 Paragraph 3 GDPR, or
– to assert, exercise or defend legal claims.

5. Right to information of third parties by our company:

If you have asserted the right to correction, deletion or restriction of processing against our company, we are obliged to notify all recipients to whom we have disclosed your personal data of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed by us about these recipients.

6. The right to data portability:

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible withouth indrance from the person responsible to whom the personal data was provided, provided that:

– the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
– the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.

7. Right to object:

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

In this case, we will no longer process the personal data relating to you, unless there are compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

8. Right to revoke the declaration of consent under data protection law:

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.

9. Right to complain to the supervisory authority:

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR. The names and contact information of the competent supervisory authorities in the European Union can be found at: http://ec.europa.eu/justice/data-protection/article -29 / structure / data-protection-authorities / index_en.htm

The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

VIII. Data security

In accordance with European data protection laws, we act in accordance with appropriate security guidelines to ensure the protection of your personal data from loss, misuse and unauthorized access, alteration, disclosure or destruction.

SSL Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

IX. Updates

Please note that our data protection regulations may change from time to time. We therefore ask you to visit this page regularly to keep up to date.

X. Questions or complaints

If you have any questions or concerns about the processing of your personal data or if you would like to exercise any of the rights under this privacy policy, please contact us at [email protected]. All questions and complaints that are reported to the above email address are carefully checked on our part.