The operator of these websites is taking the protection of your personal data very seriously. We are treating your personal data confidentially and according to legal data protection policies.
With the information provided to you below, we would like to give an overview of how your personal data are processed when you stay at our hotel or when you use our website pages or our app and to inform you of your rights under data protection legislation.
Information on processing of personal data
By way of introduction, we would like to draw your attention to our extensive information on creating transparency according to Articles 13 and 14 GDPR.
Controller for data processing
The controller for data processing on this website pursuant to Article 4 No 7 GDPR and the provider of the website (service provider) within the meaning of the German Tele Media Act (Telemediengesetz – TMG) is
Millennium Hospitality International GmbH
61449 Steinbach Ts.
Tel: +49 69 90020620
Fax: +49 69 90020620
Complete details pursuant to section 5 TMG (Imprint)
Contact details of the Data Protection Officer
You can reach our Data Protection Officer at
Purposes and legal basis for processing personal data
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG-new) as well as all other relevant legislation for the purposes and on the legal basis as set out below:
(a) For processing and managing reservation inquiries and reservations as well as for providing our services under the accommodation agreement, including execution of your hotel stay and payments processing (in particular also for tracking your use of our services (telephone, bar, pay TV programmes, etc.), for performing check-in and managing access to the rooms) – the legal basis for this is the first sentence of Article 6(1)(b)) GDPR.
(b) For fulfilling a legal obligation to which our company is subject as controller (e.g. by reason of reporting legislation, tax laws, accounting obligations, etc.) – the legal basis for this is the first sentence of Article 6(1)(c)) GDPR.
(c) For executing and managing your participation in our loyalty programme – the legal basis for this is your consent pursuant to the first sentence of Article 6(1)(a)) GDPR.
(d) For maintaining, safeguarding and improving the quality of our products and services, in particular by performing and analysing satisfaction surveys and guest comments, by processing your personal data in our centralised guest database enabling us to recognise you as a returning guest, to better appreciate your expectations and wishes, to improve the quality and individual character of our communication with you and to create offerings tailored to you – the legal basis for this is the first sentence of Article 6(1)(f)) GDPR. Our overriding legitimate interests arise from the accommodation agreement entered into with you representing a relative and appropriate relationship within the meaning of Recital 47 of the GDPR, as well as from the fact that this type of data processing is standard industry practice with international hotel chains and is in keeping with the reasonable expectations of the majority of guests. As a franchise partner of Choice Hotels International our company moreover has a legitimate interest, pursuant to Recital 48 of the GDPR, in transmitting personal data of the guests within the group of undertakings for internal administrative purposes.
(e) For direct advertising of our offerings and services – the legal basis for this is the first sentence of Article 6(1)(f)) GDPR. Our overriding legitimate interest follows from Recital 47 of the GDPR.
(f) For ensuring compliance with house rules, for preventing and clarifying criminal acts (in particular also by video monitoring), for establishing and defending against legal claims and for safeguarding interests in legal disputes, for ensuring IT security and IT operation, for identifying credit risks – the legal basis for this is the first sentence of Article 6(1)(f) GDPR. Our overriding legitimate interests following from our obligation to ensure that our guests have a safe stay in the hotel as well as from our interest in enforcing our tangible and intangible claims and safeguarding our rights as well as defending against unjustified claims. Furthermore, the processing of personal data in the scope which is absolutely required to prevent fraud pursuant to Recital 47 of the GDPR likewise constitutes a legitimate interest of our company.
Candidate / Recruitment
(b) You may provide us or another company (see list of hotel operators) with personally identifiable information about your education, employment, contacts, preferences, qualifications and professional activities when you submit an application. You can also volunteer additional information, such as resumes, credentials, references, and salary expectations. We recommend that you do not disclose sensitive personal information (for example, height, weight, religious, philosophical or political beliefs, financial information, sexual orientation, membership of a trade union or political party) in your resume or other application documents. To the extent to which you provide sensitive personal information, you expressly authorize us to handle such information in accordance with this statement.
(c) We use your personal information for recruitment purposes, vacancies and other purposes related to your employment. These purposes include, but are not limited to, examining past employment and / or training, reviewing credentials and your ability to work lawfully in your country, contacting you and / or your emergency contacts at home, determining and adjusting your compensation, Tasks and positions, managing benefits including health insurance, managing savings and retirement programs, managing your performance, withholding and paying applicable taxes, and compliance with legal and regulatory obligations.
(d) We may retain your information for up to three years from the date of your application, even after the recruitment process has been completed, in order to contact you regarding future job opportunities or to ensure the completeness of our records. We can also save your information anonymously for statistical purposes for longer. If you provide information about others (ie contact details for references), please ensure that you have informed them about the provision of their information.
(e) By submitting your CV or other information and other application materials to us, you agree that we may use this information for recruitment, hiring and employment purposes.
Personal Data are data that identify you as an individual or relate to an identifiable individual. At touchpoints throughout your guest journey, we collect Personal Data in accordance with law, such as: Name, Gender, Postal address, Telephone number, Email address, Credit and debit card number or other payment data, Financial information in limited circumstances, Language preference, Date and place of birth, Nationality, passport, visa or other government-issued identification data, Important dates, such as birthdays, anniversaries and special occasions, Membership or loyalty program data (including co-branded payment cards, travel partner program affiliations), Employer details, Travel itinerary, tour group or activity data, Prior guest stays or interactions, goods and services purchased, special service and amenity requests, Geolocation information, Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts
In more limited circumstances, we also may collect:, Data about family members and companions, such as names and ages of children, Biometric data, such as digital images and video data via our security cameras located in public areas, such as hallways and lobbies, in our properties, Guest preferences and personalized data, such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit.
Minors may not send any personal data to us without the consent of their parents or guardians. Through our website, we do not process any personal data knowingly acquired from minors.
Categories of personal data recipients
If and to the extent required for the purposes as set out above, we also disclose your personal information to the following recipients or categories of recipients pursuant to Article 4 No 9 GDPR:
Within our company only those persons or entities are permitted to view or access your data (to the extent required in each case) who need such data for performance of our contractual and statutory duties.
In the extent to which your personal data are processed in our centralised guest database, the data are also disclosed to the other undertakings that operate in partnership with our hotels (Ramada Hotel Frankfurt City Centre & Financial District, Mercure Hotel Frankfurt City Messe). The respective operators of these hotels are found in the List of Hotel Operators. Those hotels that use our centralised guest database are specifically identified in this List, which is updated on a regular basis.
The service providers (e.g. as part of contract processing pursuant to Article 28 GDPR) and agents engaged by us may receive personal data for these purposes. These are undertakings from the categories credit services and payments processing, IT services, cleaning services, logistics, printing services, telecommunications, collecting, advising and consulting as well as distribution and marketing. The respective service providers are found in the List of Service Providers/Processors, which is updated on a regular basis.
Furthermore, a disclosure of data may be made to public bodies and institutions if a statutory obligation to do so exists (e.g. financial authorities, criminal prosecution authorities).
Further data recipients may be those entities for which you have given us your consent to data transfer.
Transfer of personal data to a third country
A transfer of personal data to entities in countries outside the European Union (third countries) takes place if
(a) it is required to carry out your reservations or execute your hotel stay,
(b) it is prescribed by law, or
(c) you have given us your consent.
As can be seen from the List of Service Providers/Processors in detail, our company for certain tasks uses service providers which have their corporate seat in a third country or which belong to an international group with companies in third countries or which for their part work together with service providers having their seat in a third country. A transfer of personal data to such service providers is permissible if the European Commission has decided that the third country in question ensures an adequate level of protection (pursuant to Article 45 GDPR). If the Commission has not made such decision, our company or the service provider may transfer personal data to a third country or an international organisation only if appropriate safeguards are provided for and enforceable data rights and effective legal remedies are available (Article 46(1) GDPR).
Beyond the cases mentioned above, our company does not transfer personal data to entities in third countries or to international organisations.
Period of storage of personal data and criteria for defining such period
We process and store your personal data for as long as required for us to fulfil our contractual and legal duties. If the data are no longer required for fulfilment of contractual duties, they are normally deleted unless their further processing for a limited term is required by retention periods prescribed by commercial or tax legislation (including the German Commercial Code (Handelsgesetzbuch – HGB), German Tax Code (Abgabenordnung – AO)). The periods prescribed their for storage and/or documentation purposes range from two to ten years.
Your rights as a data subject (access, change, deletion)
Every data subject whose personal data are processed has the right to obtain information from the controller about the personal data in question pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object to the processing pursuant to Article 21 GDPR as well as the right to data portability pursuant to Article 20 GDPR. The right to obtain information and the right to erasure are further subject to the restrictions pursuant to sections 34 and 35 BDSG-new.
Further information on your right to object to processing pursuant to Article 21 GDPR.
If the processing of your personal data is based on a consent granted to us, you have the right to revoke your consent at any time without the legality of the processing performed on the basis of such consent up to revocation being affected thereby.
Your also have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Article 77 GDPR in conjunction with section 19 BDSG-new.
Obligation to provide data
As part of our contractual relationship, you are required provide such personal data which are required to establish and perform the accommodation agreement or which we are legally required to collect. Without such data, we will generally not be able to conclude the agreement with you or to execute the same. We are particularly required by section 30 (2) of the German Federal Registration Act (Bundesmeldegesetz – BMG) to record certain personal data about you on the registration card (Meldeschein). In the event you should not provide us with the necessary information, we might not be able to provide you with the requested services or might not be able to do so completely.
Automated decision-making and profiling
When establishing and executing our contractual relationship, you will not be subjected to a decision based solely on automated processing, including profiling, pursuant to Article 22 GDPR, which produces legal effects concerning you or similarly affects you in a serious way.
Additional information on your right to object pursuant to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which are based on the first sentence of Article 6(1)(e)) GDPR (data processing in the public interest) or the first sentence of Article 6(1)(f)) GDPR (data processing based on a balancing of interests), including profiling based on those provisions pursuant to Article 4(4) GDPR.
If you make an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If your personal data are processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The objection may be made without any particular form and should be directed to our Data Protection Officer – see above.
Additional information on data processing on this website
Specifically, we use the following types of cookies:
• Necessary cookies: These cookies are essential when it comes to helping improve your navigating and booking experience on our website. With them, fundamental functionalities and applications such as shopping carts or electronic invoicing processes are optimised and made easier to use. These cookies do not collect any information on you that can be used for marketing campaigns or statistical analyses.
• Performance cookies: Performance cookies are used to collect anonymous statistical data on how Internet sites are used and at what places errors occur. They are supplemented by anonymised general data, such as information on visitor demographics or coverage. These cookies are essential when it comes to keeping Internet sites as performance-oriented as possible and make it possible to discover any errors or weaknesses.
• Advertising cookies: With the help of these cookies, advertisements with content of relevant interest are supported. They are normally used by marketing networks with the operator’s consent and recognise users on different Internet sites of the participating organisations. These cookies are also used for services of third parties and make data available. We use targeted or advertising cookies for the link e.g. to Facebook in order to measure the effectiveness of our online and offline advertising.
The data processed by cookies are required for the aforementioned purposes of safeguarding our legitimate interests as well as those of third parties pursuant to the first sentence of Article 6(1)(f) GDPR.
In your browser settings you may allow cookies to be stored only if your give your consent. Most browsers accept cookies automatically. However, you may configure your browser in such a way that no cookies are stored on your computer or that a notice is always displayed before a new cookie is created. But completely deactivating cookies may mean that you cannot use all functions of our website. If you wish to use only our cookies but do not wish to accept cookies of partners, please select the option “Block cookies of third-party providers” in your browser. In the drop-down menu of your web browser, you will be displayed a help function showing you how to reject cookies and to disable cookies already received. In the case of shared-use computers that accept cookies and flash cookies, we recommend always logging off completely after the end of the session.
The tracking measures used by use as specified below are performed on the basis of the first sentence of Article 6(1)(f) GDPR. With the tracking measures used we want to ensure that our website is designed to meet the needs of users and optimised on a continuous basis. We moreover use the tracking measures to statistically record the use of our website and to evaluate such use to optimise our offering for you. Such interests are to be deemed legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the relevant statements on such tracking tools.
This website also uses Google Analytics, a web analysis service of Google Inc. based in Mountain View, USA (“Google”). Google Analytics uses “cookies”. These are text files that are saved to your computer that allow your usage of the website to be analysed. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on a server in the United States.
Google provides IP anonymisation (so-called IP masking) and this is activated on this website (by extending Google Analytics by the code “gat._anonymizeIp();”); Google will therefore shorten and therefore anonymise your IP address within the European Union or in another member state of the European Economic Area. Only in exceptional cases will a full IP address be transmitted to a Google server in the USA and be shortened there.
On behalf of the operator of this website, Google will use the information collected through Google Analytics to analyse your use of the website, to compile reports on website activities and to render other services related to the use of the website and of the Internet in general to the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be mixed with other Google data.
You may prevent the setting of cookies by Google Analytics by configuring your browser software accordingly; however, please note that in this case you may not be able to make full use of all functions of this website. In addition, you may prevent collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google and processing of these data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
Furthermore, you can prevent Google Analytics from recording your use of the website by setting an “opt-out cookie” that will prevent your data from being collected during any future visits to this website. The opt-out cookie will be set if you click on the following link: Please click here to complete your objection.
The operator of this website also uses Google Analytics to analyse data from AdWords and the DoubleClick cookie for statistical purposes. If you wish to opt out, please deactivate this function via the ads settings manager (http://www.google.com/settings/ads?hl=de).
You will find more information on the terms and conditions of usage and data protection of Google Analytics at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.
Inclusion of third-party services and content (e.g. YouTube and Google Maps)
Third-party content such as videos from YouTube or maps from Google Maps (hereafter referred to as “Third Party Providers”) are included in this website. To use such content, the user’s IP address for technical reasons must be sent to the respective Third Party Provider, since without the IP address the Third Party Providers would not be able to send the content included in the Website to the browser of the respective user. We do not have any control over whether a Third Party Provider stores the IP address e.g. for statistical purposes or otherwise.
Social media plug-ins
The plug-in provider stores the data collected about you in the form of a user profile and uses the data for advertising and market research and/or to make any required changes in the design of its website. Such evaluation is performed particularly (also for users not logged in) enable ads tailored to user demand and to inform other users of the social network about your activities on our website. You have a right to object to the creation of such user profiles. To exercise such right, you must contact the plug-in provider by following the procedure as set out below. Through plug-ins we offer you the possibility of interacting with social networks and other users. In that way we can improve our offering and make it more attractive for you as a user. The legal basis for the user of plug-ins is the first sentence of Article 6(1)(f) GDPR.
Data are disclosed regardless of whether you have an account with the plug-in provider and have logged in there. If you are logged in to the plug-in provider, your data collected from us are allocated directly to the account you hold with the plug-in provider. If you click on the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and publicly discloses it to your contacts. As a rule, we recommend logging off after using a social network, especially, though, before activating the button, since that allows you to avoid your data being allocated with your profile with the plug-in provider.
The website uses social plug-ins (hereafter referred to as “plug-ins”) for the social network facebook.com, which is run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereafter referred to as “Facebook”). The plug-ins display one of the Facebook logos (white “f” on blue tile or “thumbs up” symbol) or are designated with the comment “Facebook social plug-in”. A list and display of Facebook social plug-ins is available here: https://developers.facebook.com/docs/plugins/.
When a user accesses a page of our website that contains such a plug-in, his/her browser establishes a direct link to the servers of Facebook. The content of the plug-in will be transmitted from Facebook directly to the user’s browser, which will integrate it into the web page. The provider therefore has no control over the extent of data which Facebook collects through this plug-in. Based on the Provider’s most recent knowledge, Facebook proceeds as follows:
By imbedding of the plug-ins, Facebook receives the information that a user has accessed the respective web page of the Provider’s website. If the User is logged in to Facebook, Facebook may allocate the visit to the user’s Facebook account. If users interact with the plug-ins, for instance by clicking the “Like” button or leaving a comment, this information will be sent from the user’s browser directly to Facebook where it will be stored. If a user is not a Facebook member, there is still a possibility that Facebook will register and store this user’s IP address. According to Facebook, in Germany only anonymised IP addresses are stored.
For details on the purpose and scope of the data collection and further processing and use of the data by Facebook and users’ rights and configuration options to protect their privacy, users are advised to refer to the privacy information of Facebook at https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not wish Facebook to collect data about him/her via the Provider’s website and to link this to the user’s member data stored at Facebook, the user must log out of Facebook before visiting the provider’s website.
Likewise, it is possible to block the Facebook social plug-in with add-ons for the user’s browser, e.g. the “Facebook blocker”.
The website uses plug-ins of Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are designated with an Instagram logo, e.g. in form of an Instagram camera.
When you access a page of this website which contains such a plug-in, your browser will establish a direct connection to the servers of Instagram. The content of the plug-in will be transmitted from Instagram directly to your browser, which will integrate it in the web page. Through this embedding, Instagram is provided with the information that your browser has accessed the respective page of our website, even if you do not have an Instagram profile or are not logged in to Instagram at the time. This information (including your IP address) will be transmitted directly to an Instagram server in the USA by your browser, and will be stored there.
If you are logged in to Instagram, Instagram may directly allocate the visit to our website to your Instagram account. If you interact with the plug-ins, e.g. click the “Instagram” button, this information will likewise be transmitted directly to an Instagram server and be stored there. This information will also be published in your Instagram account and be displayed alongside your contacts.
For details on the purpose and scope of the data collection and further processing and use of the data by Instagram and your rights as a user and configuration options to protect your privacy, please refer to the privacy information of Instagram: https://help.instagram.com/155833707900388/
If you do not wish Instagram to allocate the data collected through our website directly to your Instagram account you must log out of Instagram before you access our website. You may also completely prevent the loading of Instagram plug-ins by using add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).
Our pages use features of Google+. Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.
Collection and sharing of information: With the use of the Google + button you can post information worldwide. The Google + button will provide you and other users with personalized content from Google and our partners. Google stores both, the content that you have provided to + 1 as well as piece the page you viewed when you clicked +1. Your + 1 may appear alongside your profile name and photo in Google services, such as search results or in your Google profile, or elsewhere on websites and ads on the web.
Google records information about your + 1 activity to improve Google’s services to you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name will be used in all Google services. In some cases, this name may also replace a different name you used when sharing content through your Google Account. The identity of your Google Profile may be displayed to users who know your email address or have other identifying information from you.
Our website uses features of the LinkedIn network. Providers is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States. Each time you visit one of our pages that contains LinkedIn features, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn’s “Recommend Button” and are logged in to your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn.
For more information, see the LinkedIn privacy statement at: https://www.linkedin.com/legal/privacy-policy
On our site, we use social plugins from the Pinterest social network operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”). When you visit a page that contains such a plugin, your browser connects directly to the servers of Pinterest. The plugin transmits protocol data to the server of Pinterest in the USA. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.
Our website uses functions of the network XING. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you visit one of our sites that contains XING features, it will connect to XING servers. A storage of personal data is not done to our knowledge. In particular, no IP addresses are stored or the usage behavior is evaluated.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the Contact details of the Data Protection Officer section.
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).
Current version and updating of this Private Policy
This Private Policy shall apply with effect from 1 May 2018.
We will update this Private Policy from time to time to reflect relevant changes to our website, changes in the processing of personal data or amendments to legislation. The revised version shall apply as of the published effective date. In the event of any material amendments to this Private Policy, we will inform you in good time prior to the effective date of such amendments by posting a notice on our website. Where applicable, we will also inform our guests of the amendments by e-mail or other means.