Information in accordance with section 5 TMG
Badenstedter Straße 42
Managing Director: Oliver Blume
Call us: +49 (0) 551-63 37 48 58
Send a message: info[at]boxhotel.de
Court of Registration
Register Number: HRB212948
Registered at trade register of district court Hannover
VAT indentification number in accorance with section 27 a of the German VAT act
VAT number DE815670941
Conception, realisation and design:
Accountability for content
The contents of our pages have been created with the utmost care. However, we cannot guarantee the contents’ accuracy, completeness or topicality. According to statutory provisions, we are furthermore responsible for our own content on these web pages. In this context, please note that we are accordingly not obliged to monitor merely the transmitted or saved information of third parties, or investigate circumstances pointing to illegal activity. Our obligations to remove or block the use of information under generally applicable laws remain unaffected by this as per §§ 8 to 10 of the Telemedia Act (TMG).
Accountability for links
Responsibility for the content of external links (to web pages of third parties) lies solely with the operators of the linked pages. No violations were evident to us at the time of linking. Should any legal infringement become known to us, we will remove the respective link immediately.
Our web pages and their contents are subject to German copyright law. Unless expressly permitted by law (§ 44a et seq. of the copyright law), every form of utilizing, reproducing or processing works subject to copyright protection on our web pages requires the prior consent of the respective owner of the rights. Individual reproductions of a work are allowed only for private use, so must not serve either directly or indirectly for earnings. Unauthorized utilization of copyrighted works is punishable (§ 106 of the copyright law).
Information about the processing of your data
Personal data is any information that relates to an identified or identifiable natural person. These include e.g. your name, address and communication data, e-mail address, or user behavior.
Processing means any process or series of operations performed with or without the aid of automated processes in connection with personal data such as collection, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
Responsible or “controller” is the natural or legal person, agency, agency or other in which the processing of personal data is established.
Users include all categories of data subjects, including our customers, guests and visitors to our site.
Badenstedter Straße 42
Tel .: +49 (0) 511-51949890
Managing Director: Oliver Blume
2. Data Protection Officer
For all concerns regarding data protection our data protection officer is at your disposal. You reach this under:privacy [@] boxhotel.de or contact us via our postal address with the addition “the data protection officer”.
According to Art. 37 GDPR and § 38 BDSG, there is no obligation to appoint a data protection officer.
3. Processing of personal data
3.1. Visit our website
3.1.1. Scope of data processing
If you visit our website, your browser will transfer certain data to our web server for technical reasons.
These are the following data (so-called server log files):
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (concrete page)
• Operating system and it’s access status / HTTP status code
• Transmitted amount of data
• Website that receives the request (“Referrer URL”)
• Browser, language, and version of the browser software
3.1.2. Purpose of data processing
The storage of this data in log files is necessary to ensure the functionality of the website. They help us to optimize the website and to ensure the security of our information technology systems.
3.1.3. Legal basis of data processing
We collect this data on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR to be able to view our website and to ensure it’s safety.
3.1.4. Duration of storage
Information in the log files is stored for security reasons (for example, to investigate abuses or frauds and attempts to attack) for a maximum of 12 months and then deleted.
3.1.5. Opposition & removal possibility
The collection of data for the provision of the website and it’s storage in log files is essential for operation for technical reasons. There is consequently no contradiction on the part of the user.
3.2. Online booking
3.2.1. Scope of data processing
If you would like to book a room online with us, we process the following data: title, first name, last name, e-mail address, telephone number, street, house number, postal code, city, country, nationality, name of the person or passengers.
3.2.2. Purpose of data processing
The listed data will be needed to book your hotel room.
3.2.3. Legal basis of data processing
For the realization of an accommodation contract we will exclusively process this data. The legal basis for this is Art. 6 para. 1 lit. b) GDPR
3.2.4. Duration of storage
As soon as the data stored by us is no longer necessary for their purpose and deletion does not conflict with any statutory storage requirements, it will be deleted from us. Retention requirements arise for commercial and tax reasons. According to the legal provision the storage takes place for 6 years according to § 257 Abs. 1 HGB (commercial letters, accounting vouchers.) As well as for 10 years according to § 147 Abs. 1 AO (accounting documents, commercial and business letters, documents relevant for taxation).
3.2.5. Contradiction & disposal option
All of the above data are subject to commercial and tax retention requirements. Consequently, there is no possibility of contradiction on the part of the user.
3.3.1. Scope of data processing
The BoxHotel website uses different types of cookies. These are small text files that are stored when you visit our website on your PC, laptop, smartphone or the corresponding medium used. Cookies do not harm your device and do not contain malware (such as viruses). They contain a characteristic string that allows the browser to be uniquely identified when the website is reopened. Some elements of our website require that the calling browser be identified even after a page break. This website uses transient (temporary) and persistent (permanent) cookies.
- Temporary cookies are automatically deleted, e.g. as soon as you close the browser. These are in particular so-called session cookies. You save a session ID, which allows different requests from your browser to be assigned to a shared session. If you return to our website, your computer can be recognized. The session cookies are deleted when you log out or close your browser.
- Permanent cookies are automatically deleted after a given time / duration, these may differ depending on the cookie. In the security settings of your browser you can delete stored cookies at any time.
3.3.3. Legal basis of data processing
The legal basis for the processing of personal data using the technically necessary cookies is Article 6 (1) lit. f) GDPR.
3.3.4. Duration of storage
Session cookies are deleted as soon as the browser is closed.Persistent cookies are automatically removed after a specified period of time.
3.3.5. Contradiction & disposal option
By selecting in your browser the following settings: Browser settings: “do not accept cookies”.
In Microsoft Internet Explorer, select: “Tools> Internet Options> Privacy> Settings”;
For Firefox, choose: Tools> Settings> Privacy> Cookies);
If you use an alternative internet browser, please refer to the help function of the respective browser the necessary instructions to prevent the storage of cookies or to cause their deletion. The above changes in your settings will allow you to configure your internet browser so that cookies will not be stored or automatically deleted at the end of your internet session. Please note, however, that you may not be able to use all features of our website in this way.
3.4.1. Scope of data processing
3.4.2. Receiver of data processing
3.4.3. Purpose of data processing
The collection of your e-mail address serves to send the newsletter. The survey of your name is a personal address.
3.4.4. Legal basis of data processing
Legal basis for the processing of the data after registration to the newsletter by the user is his consent acc. Art. 6 para. 1 lit. a) GDPR.
3.4.5. Duration of storage
Your data will be deleted as soon as they are no longer necessary for the purpose of their survey. As a result, the user’s e-mail address will only be saved for as long as the subscription to the newsletter is active.
3.4.6. Opposition & removal possibility
You can cancel the further receipt of our newsletter at any time, that is, revoke your consent to this service. You will find a corresponding unsubscribe link in each of our BoxHotel newsletters. With just one click, you can unsubscribe from receiving the newsletter.
3.5. Contact form & e-mail contact
3.5.1. Scope of data processing
On our website, you will find a contact form with which you can send us electronic questions, feedback or suggestions. If you use this way to get in contact with us, the data entered in the contact form will be transmitted to us and stored. This concerns the following data: name, first name, e-mail address, telephone number, your message to us, date and time of the sending process. Alternatively, it is possible to contact us via e-mail addresses provided by us. In this case, the personal data transmitted with your e-mail will be stored. Your data will only be used to process your e-mail interview and to process your request.
3.5.2. Purpose of data processing
The processing of your personal data from the contact form is solely for us to process your contact. In the case of contact via e-mail this is also the necessary legitimate interest in the processing of your data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
3.5.3. Legal basis of data processing
When contacting us using the contact form or by e-mail, your user details will be processed in order to process the contact request and process it. Art. 6 para. 1 lit. b) processed – GDPR.
3.5.4. Duration of storage
Your data will be deleted as soon as they are no longer necessary for the purpose of their survey. For the personal data from the input form of the contact form and those who have been sent to us by e-mail, this is the case when the respective vote with you as a user is completed. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified and that you have received the information you requested.
3.5.5. Contradiction & disposal option
As a user, you have the option at any time to revoke your consent to the processing of your personal data. If you contact us as a user by e-mail, you may object to the storage of your personal data at any time. If this happens, we cannot continue communication with you.
A revocation should be directed to info[at]boxhotel.de
All of your personal information saved with the contact will be deleted.
3.6.1. Scope of data processing
If you are interested in an open position in one of our BoxHotels, you can apply online with us. Please send your meaningful application stating the advertised position with the subject “Application” to info[at]boxhotel.de.
If you have applied to us by e-mail, we process the data you have sent to us for the regular application process. Your personal information can be viewed by our human resources department and the staffing department.
3.6.2. Purpose of data processing
We process your personal data for the decision on the justification of a possible employment with BoxHotel, here for the selection process suitable candidates and the administrative execution of the application procedure.
3.6.3. Legal basis of data processing
Legal basis is § 26 Abs. 1 BDSG-new
3.6.4. Duration of storage
If the application leads to a job, we process your data for the employment. Your personal data will then be transferred to our personnal management system. If the application does not lead to employment, your data will be deleted six months after completing the application process, unless you give us your consent under Art. 6 para. 1 lit. a) GDPR and Art. 7 GDPR for the long-term retention of your personal data in order to be able to get in touch with new job offers if necessary.
3.6.5. Opposition & removal possibility
You can have your information transmitted to us renewed or deleted at any time upon request. Please send us an e-mail for this. This does not apply if you have applied for a specific position with us in an ongoing application process. If the latter is correct, we will store your specified information until expiry of the statutory periods of grace (especially § 15 AGG).
3.7. Web analytics Google Analytics
3.7.1. Scope of data processing
This website uses features of the web analytics service Google Analytics, Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). Google analyzes on our behalf your use of our website. For this we use u.a. Cookies. What cookies are and how they can be deleted, we have explained in section 3.3 “Cookies” for you.
The information collected by Google about your use of our website (for example, the pages we visit) is transmitted to a Google server in the USA, stored there, analyzed and the result made available to us in anonymous form.We use on our website the IP anonymization offered by Google. Your IP address will be shortened beforehand by Google within member states of the EU (European Union) or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google is certified in the EU-US Privacy Shield, which provides reasonable privacy levels for data on Google in the United States.
3.7.2. Purpose of data processing
To analyze the use of our website and to report on various activities within our website, Google uses the information listed above on our behalf. Thus, we have the opportunity to improve your online experience and to improve the user-friendliness of our website steadily.
3.7.3. Legal basis of data processing
Our legitimate interest in the processing of data by Google Analytics is justified in the aforementioned purposes. The legal basis here is Art. 6 para. 1 lit. f) GDPR.
3.7.4. Duration of storage
After a defined period of time, campaigns and sessions will be terminated. Without activity, sessions usually end by default after 30 minutes. Campaigns will end after a maximum of six months. Campaign timeout can be a maximum of two years.
3.7.5. Opposition & removal possibility
The IP address provided by your browser will not be merged with other data provided by Google. You can prevent cookies from being stored by setting their browser software accordingly, as described under point 3.3. In addition, if you wish to prevent Google from collecting the data generated by the cookie and referring to your use of our website as well as the processing of this data by Google, then you must independently download and install the available browser plug-in from Google: https://tools.google.com/dlpage/gaoptout?hl=en. If you want to prevent Google Analytics from collecting your data in the future on any of your used devices, you will need to opt-out on all systems used. Mobile devices can be especially smartphones or tablets. Please note that this opt-out cookie only prevents web analysis as long as you have not deleted it.
Use this link to opt out of Google Analytics tracking: Disable Google Analytics tracking
4. Data security
4.1. Technical, contractual & organizational measures
In accordance with the current state of the art, we take technical, contractual and organizational measures for the security of data processing. To ensure that the data protection laws, in particular the General Data Protection Regulation, are complied with and that the data processed by us is protected against loss, unauthorized access, destruction and alteration. One of these security measures is the encrypted transfer of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions made over the Internet if the key symbol appears in the lower menu bar of your browser window.
The address must always begin with https: //. Secure Socket Layer (SSL) protects data transmission against third-party data piracy using encryption technology. If this option is not available, you may choose to not send certain information over the Internet.
Unless otherwise stated in this document, any information you submit to us will be stored on our servers located in the Federal Republic of Germany.
5. Disclosure of data to third parties and processors
A transfer of data to third parties is only within the scope of legal requirements. We only pass on the data of the users to third parties if, for example, on the basis of Art. 6 para. 1 lit. b) GDPR is required for contractual purposes or based on legitimate interests in accordance with Art. Art. 6 para. 1 lit. f) GDPR on the economical and effective operation of our business operations.
We set in the context of a order processing gem. Art. 28 GDPR Subcontractors for the provision of various services, in particular for the operation, maintenance and hosting of IT systems. We have taken appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law. The Channel Manager we use for your bookings made by providers such as booking.com, expedia.com, etc. is operated by Availpro, WeWork Sony Center Potsdamer Platz, Kemperpl.1, 10785 Berlin. The mobile app and the administration of the mobile keys, is operated by hotelbird GmbH, Sonnenstr. 23, 80331 Munich. The hotel management system, with which we organize your stay with us, is operated Infor (Germany) GmbH, Hollerithstrasse 7, 81829 Munich.
The data processing takes place in Germany.
6. External services & content on our website
We integrate external services or content on our website. This is done on the basis of our legitimate interests in the analysis, optimization and economic operation of our online service as defined in Art. 6 para. 1 lit. f) GDPR.
For technical reasons, when using such a service or the display, third-party communication data such as e.g. IP address, time and date exchanged between you and the respective provider. Specifically, this is your IP address, which is required to display content in your browser.
We are currently using the following social media plug-ins: Facebook, Instagram, Twitter and youtube. If you visit our site, initially no personal data will be passed on to the providers of the plug-ins. You can recognize the provider of the plug-in via the icon/logo in our website footer.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, the retention periods. We also have no information to delete the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses these for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact the respective plug-in provider to exercise it. Through the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. f) GDPR.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly linked to your existing account with the plug-in provider. If you press the activated button and z. For example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out after using a social network, but especially before activating the button, as this will prevent you from being associated with your profile with the plug-in provider.
For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the following privacy statements of the respective provider. Here we provide you with more information about your rights and settings options for the protection of your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php;
For more information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework
- Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States
If you’re logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that we as the provider of the pages do not receive knowledge of the content of the transmitted data and their use by Instagram.
Privacy information: https://instagram.com/about/legal/privacy/.
Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Twitter, Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA; More information about privacy: https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.
- Third-party platform “YouTube” videos Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
More about privacy: https://www.google.com/policies/privacy/
You can opt-out via https://www.google.com/settings/ads/
YouTube has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework
- PayPalOn our website we offer you the payment with PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: “PayPal”).
If you choose to pay via PayPal, the payment details you enter will be sent to PayPal. The transmission of your data to PayPal is based on Art. 6 para. 1 p. 1 lit. b) GDPR (processing to fulfill a contract). We have no knowledge of the storage period with PayPal and on this also no influence.
- If you use third-party payment services (such as PayPal, Visa, Mastercard, Maestro, American Express), our Electronic Payments Partner’s Terms of Business and Privacy Notice (Saferpay), which are available in the Transaction Application, apply.
7. Your rights
When we process personally identifiable information from you as a BoxHotel, you are i.S.d. Basic Data Protection Ordinance (GDPR) and you have the following rights of personal data concerning you:
• Right to information (Article 15 of the GDPR)
• Right to rectification (Article 16 of the GDPR)
• Right to cancellation (Article 17 of the GDPR)
• Right to restriction of processing (Article 18 of the GDPR)
• Right to data portability (Article 20 of the GDPR)
• Right to object to processing (Article 21 of the GDPR)
• Right to complain to a data protection supervisory authority (Article 77 GDPR)
8. Online Dispute Resolution
Online Dispute Resolution (Art. 14 para. 1 ODR-VO *)
The European Commission provides an online dispute resolution (OS) platform, available at http://ec.europa.eu/consumers/odr/.
For first questions about a possible dispute resolution, we are at info[at]boxhotel.de available.
* Regulation (EU) No 524/2013 on the online settlement of consumer disputes
All of us at the BoxHotel are pleased to have you as our guest. To make sure you stay at the BoxHotel is even more enjoyable, we ask you to read and follow the house rules below. BoxHotels General Terms and Conditions are for download in PDF format online at www.boxhotel.de
- Smoking and open fires are prohibited throughout entire BoxHotel. Whoever negligently triggers the fire alarm system (smoke detectors) by cigarette smoke or by igniting fire, or manually sets off a false alarm is subject to the full expense associated with the dispatch of the fire department. Additionally, a contractually agreed upon fine of up to €1,000 is applied if we determine that your room has been smoked in; we will charge an extra cleaning fee of €100.00. BoxHotel assumes no liability for damages due to false alarms. Fire prevention regulations (see separate notice in the corridors) must be observed. Please read the regulations about extinguishing fires, handling of fire extinguishers, and escape routes carefully.
- Please report damages or malfunctions to the BoxHotel immediately to hotel staff.
- The BoxHotel has a lobby as a common room and lounge. The BoxHotel does not have a separate kitchen. For safety and hygienic reasons, the preparation of hot food and drinks is not permitted in the boxes.
- When leaving and returning to the BoxHotel after 22:00, please avoid creating any noise in all boxes, corridors, and in front of the hotel out of consideration for other guests and hotel neighbors. Non-observance of quiet hours can result in immediate removal from the property. Please avoid showering between 22:00 and 6:00, if at all possible.
- Overnight stays in the boxes are allowed for BoxHotel guests exclusively.
- The boxes are available for check-in as early as 3:00pm. Check-out is until 11:00am.
- Animals are not allowed in the BoxHotel.
- The excessive consumption of alcohol is prohibited in the whole hotel.
- Robots, cyborgs and other WiFi inhaling individuals are asked to exercise moderate data consumption during their stay.
- The BoxHotel employee on duty reserves the right to refuse service to anyone. In urgent cases, the BoxHotel is authorized to enter the boxes, in the event of disturbances of the peace or violations of the house rules, and take appropriate measures to restore order.
- BoxHotel will provide you with Wi-Fi internet access for the duration of your stay. BoxHotel is not in a position nor obligated to ensure actual availability, suitability, or reliability of this internet access, even in terms of volume. BoxHotel is authorized to restrict your access in part, in whole, temporarily or completely from further use. Use the Wi-Fi network at your own risk. BoxHotel accepts no liability for damages to devices or data resulting from the use of the Wi-Fi. You agree to comply with the applicable laws when using the Wi-Fi. You hereby release BoxHotel from all damages and claims by third parties due to illegal use of the Wi-Fi and/or from violations of the present agreement. This exemption also extends to expenses and charges associated with its claim or defense.
- You are responsible for your personal belongings. There is a mobile phone charging station in the BoxHotel lobby for all common smartphones. Please keep an eye on your property. BoxHotel assumes no liability for the loss of valuables.
- Public areas of the BoxHotel are monitored by video for security purposes.
House rules may change at any time and can be read at the entrance area at check-in. Please do not hesitate to contact us should you have any further questions about your stay.
Have a great stay in the BoxHotel.