Online booking

Disclaimer

The following describes how we handle your personal data.

1. Details of the data controller

The controller within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

HOTEL TORBRÄU GMBH & CO. KG

Tal 41

80331 Munich

Phone: +49 (0)89 24 234-0

Email: sr@torbraeu.de

2. Details of the data protection officer (DPO)

We have appointed a data protection officer:

activmind AG Management- und Technologieberatung

Potzdammer Straße 3

80802 Munich

Telefon: +49 (0)89 / 91 92 94 – 900

E-Mail: datenschutz@torbraeu.de

3. Your rights as a data subject

You can exercise the following rights at any time using the contact details provided:

• Information about your data stored by us and the processing of such (Art. 15 GDPR)

• Rectification of incorrect personal data (Art. 16 GDPR)

• Erasure of your data stored by us (Art. 17 GDPR)

• Restriction of data processing if we are not yet permitted to delete your data due to legal obligations (Art. 18 GDPR)

• Objection to the processing of your data by us (Art. 21 GDPR) and

• Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us your consent, you can revoke it at any time with effect for the fu-ture. You can lodge a complaint with a supervisory authority at any time, e.g. with the competent supervisory authority in the federal state of your place of residence or with the authority responsible for us as the controller.

A list of supervisory authorities (for the non-public sector) with addresses is available at: www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

The supervisory authority responsible for us is the Bavarian State Office for Data Protec-tion Supervision. You can submit a complaint online: https://www.lda.bayern.de/de/be-schwerde.html.

4. Processing activities

4.1. Contact us

Type and purpose of processing:

A contact form is available on our website which can be used to contact us electronically. We provide the form for the purpose of communicating with users. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is also stored at the time the message is sent:
- Date and time of the enquiry
- URL from which the enquiry was made and other server log files

Users can also contact us via the email addresses provided. In this case, the user's per-sonal data transmitted with the email will be stored. This includes the date and time the email was sent, email address, IP addresses and information on the servers used in the email communication.

You can also contact us via the telephone number provided. We collect log data that in-cludes your telephone number and the duration of the call.

We collect the content of your enquiry regardless of the type of communication selected. Your data will be stored for the purpose of personalised communication with you.

Legal basis:

The data entered in the contact form is processed on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest in processing your data is to enable you to contact us easily.

If you contact us to request a quote, the data entered in the contact form will be pro-cessed to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period:

Data will be deleted no later than 6 months after the enquiry has been processed.

If a contractual relationship exists, we are subject to the statutory retention periods. These are generally 6 or 10 years for reasons of correct accounting and tax law require-ments.

Provision mandatory or required:

The provision of your personal data is voluntary. How-ever, we can only process your enquiry if you provide us with the necessary data and the reason for the enquiry.

Objection:

Please read the information on your right to object under Art. 21 GDPR below.

4.2. Non-binding room enquiry

Type and purpose of processing:

Our website contains a form for non-binding room enquiries which can be used to con-tact us electronically. We provide the form to enable our potential customers to use an efficient way to obtain information about our capacities and other options. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored

The following data is also stored at the time the message is sent:

- Date and time of the enquiry
- URL from which the enquiry was made and other server log files

Users can also contact us via the email addresses provided. In this case, the user's per-sonal data transmitted with the email will be stored. This includes the date and time the email was sent, email address, IP addresses and information on the servers used in the email communication.

You can also contact us via the telephone number provided. We collect log data that in-cludes your telephone number and the duration of the call.

We collect the content of your enquiry regardless of the type of communication selected. Your data will be stored for the purpose of personalised communication with you.

Legal basis:

If you contact us to request a quote, the data entered in the contact form will be pro-cessed to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period:

Data will be deleted no later than 6 months after the enquiry has been processed.

If a contractual relationship exists, we are subject to the statutory retention periods. These are generally 6 or 10 years for reasons of correct accounting and tax law require-ments.

Provision mandatory or required:

The provision of your personal data is voluntary. How-ever, we can only process your enquiry if you provide us with the necessary data and the reason for the enquiry.

Objection:

Please read the information on your right to object under Art. 21 GDPR below.

4.3. Server log files and delivery of the website

Collection of general information when visiting our website.

Type and purpose of processing:

When you access our website, i.e. if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and similar.

They are processed in particular for the following purposes:

- Ensuring a problem-free connection to the website

- Ensuring the seamless use of our website

- Ensuring and evaluating system security and stability, in particular to detect misuse

- Ensuring the technically error-free presentation and optimisation of our website

We do not use your data to draw conclusions about your person. However, we reserve the right to check the server log files retrospectively in the presence of specific indica-tions of illegal use.

Legal basis and legitimate interest:

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website as well as ensuring system security and detecting misuse.

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period:

Data is stored in server log files in a form that enables the identification of the data sub-jects for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack).

In the event of such incident, server log files are stored until the security-relevant inci-dent has been rectified and fully clarified.

Provision required or necessary:

The provision of the aforementioned personal data is neither required by law nor by con-tract. Without the IP address, however, the service and functionality of our website can-not be guaranteed. Individual services may also be unavailable or restricted.

Objection:

Please read the information on your right to object under Art. 21 GDPR below.

4.4. Applications

You can send us your application by email. We will process the data you provide exclu-sively for the purpose of assessing your professional suitability and contacting you. The user's personal data transmitted with the email will also be stored. This includes the date and time the email was sent, email address, IP addresses and information on the servers used in the email communication.

Legal basis:

The processing is carried out to establish an employment relationship, Art. 6 para. 1 lit. b GDPR.

Recipients:

Within the company, the departments that require your data to fulfil contractual, legal and regulatory obligations will have access to such data.

Storage period:

If we reject your application, it will be deleted 6 months after notification of the decision. If an employment relationship is established, the application documents will be filed for the period of employment as a minimum.

Provision is mandatory or required:

The provision of personal data is neither required by law nor by contract. However, it is not possible to process the application without this information.

4.5. Cookies

A cookie is a small data set that is created when you visit a website and temporarily stored on the user's system. When the server of this website is called again by the user, the browser of the user sends the previously received cookie back to the server. The server can evaluate the information obtained through this process. Cookies can particularly facilitate navigating a website.

Deleting cookies:

You can delete individual cookies or the entire cookie storage. In addition, you can find information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you can find the necessary information under the following links:

• Mozilla Firefox: support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

• Internet Explorer: support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

• Google Chrome: support.google.com/accounts/answer/61416?hl=en

• Opera: www.opera.com/en/help

• Safari: support.apple.com/kb/PH17191?locale=en_US

Additionally, you can block the loading of scripts by default. NoScript allows the execution of JavaScript, Java, and other plugins only for trusted domains of your choice. Information and instructions on how to edit this function can be found through the provider of your browser (e.g., for Mozilla Firefox: addons.mozilla.org/en-US/firefox/addon/noscript/).

4.6. Technically Necessary Cookies

Type and Purpose of Processing:

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after a page change.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be provided without the use of cookies. This requires the browser to be recognised even after a page change.

We require cookies for the following applications:
- Consent Management System

An overview of the technically necessary cookies used is available below.

Legal Basis and Legitimate Interest:

In this respect, data processing is carried out solely on the basis of our legitimate interest in a user-friendly design of our website and in the documentation of consent in accordance with Art. 6 para. 1 lit. f GDPR with a balancing of interests in accordance with § 25 para. 2 TTDSG (German Telecommunications and Telemedia Data Protection Act).

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

We use the consent management platform Usercentrics to obtain, manage and document your consent in a legally compliant manner. Further information on the processing of data by Usercentrics is available here: usercentrics.com/en/privacy-statement/.

Storage Period:

We store your personal data using technically necessary cookies for the period required for the purposes for which we collected it. You can delete the cookies at any time manually or by adjusting the appropriate settings in your browser.

Provision Required or Necessary:

The provision of the aforementioned personal data is neither required by law nor by contract. However, we cannot guarantee the service and functionality of our website without this data. Individual services may also be unavailable or restricted.

Objection:

Please read the information on your right to object under Art. 21 GDPR below.

4.7. Technically Unnecessary Cookies

Type and Purpose of Processing:

We also use cookies that enable an analysis of the user's surfing behaviour. The cookies serve to make the use of the website more efficient and attractive.
Detailed information on the subject of cookies and which cookies are used on this website (after consent) and information is available in the cookie settings: https://www.torbraeu.de/#uc-corner-modal-show
Legal basis: The storage of information on your end device or access to information that is already stored in the end device is voluntary and solely on the basis of your consent in accordance with § 25 para. 1 TTDSG. If personal data is also processed, the provision of your data is also voluntary and solely on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Additional recipients can be viewed in the cookie settings.

Third Country Transfer:

Information on this is available in the cookie settings.

Storage Duration:

Please refer to the cookie settings for more information.

Mandatory or Required Provision:

The provision of your data is voluntary and solely on the basis of your consent. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Revocation of Consent:

You can revoke your consent for the future in the cookie settings.

4.8. Tracking and Analysis Tools

4.8.1. Use of Google Maps

Type and Purpose of Processing:

We use Google Maps on this website, an Internet map service operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter ‘Google’). By integrating Google Maps, we can provide the most important information about our locations.

If you give your consent, information about your use of our website (e.g. your IP address) will be transmitted to Google's servers and stored there when you access the sub-pages on which Google Maps is integrated. A minimum of one cookie (Name: NID) is also set by Google in your browser. When this data is collected and stored, it may also be transmitted to the servers of Google LLC. in the USA.

When you visit the website, Google receives information that you have accessed the corresponding sub-page of our website. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want the assignment in your Google profile, you must log out of Google before activating the button. Google stores your data as usage profiles (even for users who are not logged in) and uses them for the purposes of advertising, market research and/or customising its websites. In particular, you have the right to object to the creation of user profiles and you must contact Google to exercise this right.

You can find more information about data processing by Google in the Google privacy policy: policies.google.com/privacy. You can also adjust your personal data protection settings there in the data protection centre.

Google's terms of use are available at www.google.de/intl/de/policies/terms/regional.html and the additional terms of use for Google Maps are available at www.google.com/intl/de_US/help/terms_maps/.

Legal Basis:

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Recipient:

We use technical service providers who act as our processors for the operation and maintenance of our website and for the analysis of cookies.

Other recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider.

Third Country Transfer:

As Google is headquartered in the USA, it cannot be ruled out that the data will be processed on Google servers in the USA. The European Commission has issued an adequacy decision for the USA whereby companies certified under the Privacy Shield Framework are not obliged to provide additional guarantees. Google LLC is a certified service provider.

Storage Duration:

Information on the storage period of the cookies set is available in the cookie settings. In some cases, Google anonymises information (e.g. advertising data) in server logs. For this purpose, part of the IP address and cookie information is deleted after 9 or 18 months.

Revocation of Consent:

You can revoke your consent for the future at any time in the cookie settings.

4.8.2. Use of Google Remarketing (formerly DoubleKlick)

Type and purpose of processing:

This website uses the remarketing function of Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

This function is used to present interest-based adverts to website visitors within the Google advertising network. A ‘cookie’ is stored in the browser of the visitor to the website which recognises visitors when they visit websites that belong to the Google advertising network. The visitor may be presented with adverts on these pages that relate to content the visitor has previously accessed on websites that use the Google remarketing function.

More information about data processing by Google is available in the Google data protection information (policies.google.com/privacy). You can also adjust your personal data protection settings there in the data protection centre.

Legal basis:

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Recipient:

We use technical service providers who act as our processors for the operation and maintenance of our website and for the analysis of cookies. Other recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider.

Third country transfer:

As Google is headquartered in the USA, it cannot be ruled out that the data will be processed on Google servers in the USA. An adequacy decision by the European Commission exists for the USA whereby companies certified under the Privacy Shield Framework are not required to provide additional guarantees. Google LLC is a certified service provider.

Storage duration:

Data is deleted when it is no longer required for the processing purposes.

Revocation of consent:

You can revoke your consent for the future at any time in the cookie settings.

4.8.3. Use of Microsoft Advertising (formerly BingAds)

Type and purpose of processing:

This website uses the Microsoft Advertising marketing function from Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland 18, D18 P521).

The function is used to present interest-based adverts to website visitors within the Microsoft advertising network. A ‘cookie’ is stored in the browser of the visitor to the website which recognises visitors when they visit websites that belong to the Google advertising network. The visitor may be presented with adverts on these pages that relate to content the visitor has previously accessed on websites that use Google's remarketing function.

More information about data processing by Microsoft is available in the Microsoft data protection information (https://www.microsoft.com/en-us/privacy/privacystatement).

Legal basis:

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Recipient:

We use technical service providers who act as our processors for the operation and maintenance of our website and for the analysis of cookies. Another recipient of the data is Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland 18, D18 P521).

Third country transfer:

As Microsoft is headquartered in the USA, it cannot be ruled out that the data will be processed on Microsoft servers in the USA. An adequacy decision by the European Commission exists for the USA whereby companies certified under the Privacy Shield Framework are not required to provide additional guarantees. Microsoft Corporation is a certified service provider.

Storage duration:

Data is deleted when it is no longer required for the processing purposes.

Revocation of consent:

You can revoke your consent for the future at any time in the cookie settings.

4.8.4. Use of Google Tag Manager

Type and purpose of processing:

This website uses the Google Tag Manager from Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

This function is used to collect data from website visitors and forward it to Google's analysis tools. These tools evaluate the data to display personalised advertising, among others. More information about data processing by Google is available in the Google data protection information (policies.google.com/privacy). You can also adjust your personal data protection settings there in the data protection centre.

Legal basis:

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Recipient:

We use technical service providers who act as our processors for the operation and maintenance of our website and for the analysis of cookies.

Third country transfer:

Storage duration:

Data is deleted when it is no longer required for the processing purposes.

Revocation of consent:

You can revoke your consent for the future at any time in the cookie settings.

5. Data Security

We use state-of-the-art encryption methods (e.g. TLS) via HTTPS to protect the security of your data during transmission.

6. Information about Your Right to Object in Accordance with Art. 21 GDPR

You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, which is based on Art. 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 para. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend a legal claim.

Recipient of an Objection

The objection can be sent informally with the subject "Objection", stating your name, address, or other identifying features, to:

Data Protection Officer
HOTEL TORBRÄU GMBH & CO. KG
Email: datenschutz@torbraeu.de
Phone: +49 (0)89 24 234-0

7. Changes to Our Privacy Policy

We reserve the right to adapt this privacy policy to ensure it complies with the current legal requirements at all times or to implement changes to our services in the privacy policy, e.g. the introduction of new services. The updated privacy policy will then apply to your next visit.

Questions About Data Protection

If you have any questions about data protection, please email us at: datenschutz@torbraeu.de

Customer Advisory on Phishing Emails

‘Phishing’ is one of the most common types of email fraud. It takes place when a perpetrator sends a fake email message that appears to come from a legitimate company in an attempt to obtain personal and/or financial information. A typical phishing email will direct recipients to click on a link that redirects them to a fake website that looks like the real website. Once on the fake site, the email recipient is asked to disclose personal information (e.g. a credit card number or account information) that is later used to commit fraud. Sometimes a phishing email will ask the recipient to email various personal details or may also have attachments that may contain potential email viruses.

Typical signs of a phishing email include:

Urgency: Phishing emails tend to create a false sense of urgency, with messages such as ‘Your Account Is Suspended’ or ‘Urgent: Financial suspension – log in to pay’. Scammers will always adapt their techniques in order to make their phishing emails look as legitimate as possible.

Errors and mistakes: Phishing emails often include spelling errors or grammatical mistakes. If you spot numerous spelling/grammar mistakes or a mix of different languages in the same email, it’s likely a phishing email.

A phishing email will also be typically written entirely or partially in a language that doesn’t match your own. You can always check the real sender in the ‘From:’ field of your email client and check the sender located inside the arrowheads (‘<’, ‘>’).

Please note that our Hotel Torbräu will never send you an email requesting your username, password, credit card, social security, or national insurance numbers. If you receive an email that looks like it is from us, but asks you for your credit card number, social security, or national insurance number, it is a fraudulent email or ‘phish’.

If you receive an email claiming to be from our hotel that you believe may be fraudulent, do not respond, and do not click on any links or open attachments contained within the email.

If you believe ‘phishers’ have obtained access to your personal or financial information, we recommend that you:

Change your account password.
Scan your device with an updated malicious software scanner. Not all phishing attacks steal passwords – some can have malicious software embedded in a ‘file’ that may be malware, spyware, ransomware, or a virus. It is very important to scan your device if you think you clicked on a malicious link or downloaded unrecognised files.
Contact credit reporting services and have a fraud alert attached to your credit report file.
Contact us immediately to let us know that your account may have been compromised by a phishing attack.

Please be aware that the perpetrator may attempt to use your information to establish accounts or obtain credit at other businesses in their name or yours. We will not be able to secure your information and we will not be liable for any resulting breach of any law if you reveal your password to anyone.

Disclaimer

1. Content
The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect,will therefore be rejected.
All offers are not-binding and without obligation. Parts of the pages or the complete publication including all offers and information might be extended, changed or partly or completely deleted by the author without separate announcement.

2. Referrals and links
The author is not responsible for any contents linked or referred to from his pages - unless he has full knowledge of illegal contents and would be able to prevent the visitors of his site fromviewing those pages. If any damage occurs by the use of information presented there, only the author of the respective pages might be liable, not the one who has linked to these pages. Furthermore the author is not liable for any postings or messages published by users of discussion boards, guestbooks or mailinglists provided on his page.

3. Copyright
The author intended not to use any copyrighted material for the publication or, if not possible, to indicate the copyright of the respective object.
The copyright for any material created by the author is reserved. Any duplication or use of objects such as images, diagrams, sounds or texts in other electronic or printed publications is not permitted without the author's agreement.

4. Legal validity of this disclaimer
This disclaimer is to be regarded as part of the internet publication which you were referred from. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.