Menu opener
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Clear dates
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

B&B HOTELS Austria: Privacy Policy

Privacy Policy

PDF Version

Status: June 2025

 

Preamble

In the course of our business operations, we process personal data of visitors to our websites, users of our app, hotel guests, participants in our loyalty programs, prospective customers, service providers, and other business partners.

This Privacy Policy is addressed to users, guests, and future guests (hereinafter "you") in connection with (i) visiting the website https://www.hotel-bb.com/de (hereinafter "Website") and the B&B HOTELS mobile application (hereinafter "App") as well as the channels on social media platforms in German, (ii) participation in one of the loyalty programs, and (iii) a stay at a hotel in Germany.

It serves to inform you, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "General Data Protection Regulation" or "GDPR"), how your personal data is processed via our Website, App, and social media channels, and especially in connection with accommodation in one of our hotels and with our loyalty programs.

The protection of your personal data is a top priority for the B&B HOTELS Group companies. Therefore, the B&B HOTELS Group companies commit to processing this data in strict compliance with the GDPR and other applicable data protection laws.

This Privacy Policy also applies to stays at B&B HOTELS Group hotels in Austria and to the use of the Website and the App by users residing in Austria. In addition, the provisions of the Austrian Data Protection Act (DSG) and the Austrian Registration Act 1991 (Meldegesetz 1991) apply.

 

1. Definitions

App: refers to the B&B HOTELS mobile application, available in iOS and Android versions.

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Website: is the website accessible at the URL https://www.hotel-bb.com/de.

User: refers to any person who accesses the Website and the App, regardless of whether they are a customer, an operator, or a normal internet user with or without an account.

For other terms used, we refer to the definitions in Art. 4 GDPR:

Personal data: means any information relating to an identified or identifiable natural person. This includes, for example, your name, address, communication details, or email address.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data subject: means an identified or identifiable natural person whose personal data are processed by the controller.

 

2. Controllers

The controller within the meaning of the GDPR is the person who decides on the purposes and means of processing personal data. If several persons jointly decide on the purposes and means of processing, they are jointly responsible for the processing. For some processing operations, the German operating company of the B&B HOTELS Group named below is solely responsible. For others, the operating companies of the B&B HOTELS Group are jointly responsible for the processing and act together with other companies.

Sole Controller:

B&B HOTELS Austria GmbH, pP CCFA, Am Heumarkt 10, 1030 Vienna, registered in the company register of the Commercial Court of Vienna under number 461990y, is solely responsible for the following processing operations:
(1) Processing of reservations not made via the online booking system;
(2) Management of accommodation contracts;
(3) Exercising the rights of data subjects according to the GDPR;
(4) Processing of insurance claims;
(5) Management of registration forms for accommodation;
(6) Setup and operation of a video camera system in self-operated hotels;
(7) Operation and provision of guest Wi-Fi in self-operated hotels;
(8) Processing of guest complaints and claims;
(9) Accounting and receivables management in connection with accommodation in self-operated hotels.

To comply with legal reporting obligations according to §§ 5 et seq. of the Registration Act 1991 (MeldeG), certain personal data will be transmitted to the responsible registration authority during a stay in Austria.

The companies of the B&B HOTELS Group operate the online booking system, which represents the central reservation system for all B&B Hotels.

B&B HOTELS Group companies act as joint controllers for the following processing operations:
(1) Operation of the online booking system and processing of reservations made through it;
(2) Implementation of direct marketing measures;
(3) Management of loyalty programs.

The companies in the list you can access here are jointly responsible for the management of the paid loyalty program B&B HOTELS Club.

The companies in the list you can access here are jointly responsible for the management of the free loyalty program B&me.

The companies in the list you can access here are jointly responsible for the other aforementioned processing operations.

The joint controllers have concluded joint controller agreements for the named processing operations, which define their respective obligations. The essential contents of these agreements are available upon request at the following address: datenschutz-austria@hotelbb.com.

Information about the processing operations carried out in this context will be provided in detail below. The data protection officer of B&B HOTELS Austria GmbH can be contacted by email at datenschutz-austria@hotelbb.com or by phone at +49 (0) 6146 9090-0 or via the postal address mentioned above with the addition "Der Datenschutzbeauftragte" (The Data Protection Officer).

 

3. General Criteria for Storage Duration

Unless a more specific storage period is mentioned within this Privacy Policy, your personal data will be retained until the purpose for data processing ceases to exist. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted, provided we have no other compelling reasons for the continued storage of your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after these reasons cease to apply.

 

4. General Information on the Legal Bases for Data Processing on this Website

If you have consented to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49 para. 1 lit. a GDPR. Consent can be revoked at any time. If your data is required for the conclusion or fulfillment of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation, based on Art. 6 para. 1 lit. c GDPR. Data processing may also occur on the basis of our legitimate interest according to Art. 6 para. 1 lit. f GDPR. We will inform you about the respective applicable legal bases in the following paragraphs of this Privacy Policy.

 

5. General Information on Data Transfer to Third Countries

Some companies of the B&B HOTELS Group are based in a third country outside the European Union and the European Economic Area. For data transfers with these B&B HOTELS Group companies, EU standard contractual clauses have been concluded, which you can obtain upon request via the mentioned contact details, e.g., by email to privacy@hotelbb.com. The EU Commission has confirmed a data protection level comparable to that of the EU for Great Britain and Switzerland through adequacy decisions of June 28, 2021 (Great Britain) and July 26, 2000 (Switzerland).

Subject to your consent, tools are used and external content and media from companies based in third countries are integrated on the Website and in the App. If these tools are activated, your personal data may be transferred to these third countries and processed there. We point out that in data protection-unsafe third countries, a data protection level comparable to that of the EU cannot be guaranteed. In these cases, data transfer takes place based on additional safeguards according to Art. 44 et seq. GDPR. The USA is classified by the EU Commission under certain conditions as a safe third country with a data protection level comparable to that of the EU. Data transfer to the USA is then permissible if the data recipient is certified under the "EU-U.S. Data Privacy Framework" (DPF). Information on transfers to third countries, including data recipients, can be found in this Privacy Policy and in the Information on Cookies and Other Trackers.

 

6. Information on the Processing of Personal Data

6.1. Visiting the Website

When you visit the Website, your browser transmits certain system and browser data for technical reasons. These are the following data (so-called server log files), which are processed by the joint controllers for the online booking system:

  • IP address
  • Date and time of the server request
  • Browser, language, and version of the browser software
  • Operating system used
  • Hostname of the accessing computer
  • Website from which the request comes ("Referrer URL")

These data are not stored together with other personal data of the users.

The temporary storage of the user's IP address by the web server is technically necessary to display the website. For this purpose, the IP address must necessarily remain stored for the duration of the session.

The storage of the aforementioned data in log files takes place to ensure the functionality of the online booking system. These data also serve to ensure the security of the information technology systems (e.g., for attack detection). An evaluation of the data for marketing purposes does not take place in this context.

The legal basis for the temporary storage of these data and the log files is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the technically flawless presentation and optimization of the website – for this purpose, the server log files must be recorded.

The aforementioned data will be deleted as soon as they are no longer required to achieve the purpose of their collection. In the case of data collection for the provision of the website, this is the case when the respective session is ended. In the case of data stored in log files, the retention period is up to 3 months. Further storage is possible if these data are necessary for (e.g., clarification of attacks, misuse or fraudulent activities). Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.

The collection of data for the provision of the website and its storage in log files is technically mandatory for the operation of our website. Consequently, you have no right to object.

6.2. Contact Form on the Website

If you send us inquiries via the contact form on the website, we collect the data requested in the contact form (e.g., name, email address) as well as information about your request. Mandatory fields are marked accordingly. We process your personal data to answer your inquiry and process your request. In case of follow-up questions, we store your data.

If your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures (e.g., an offer), the processing takes place on the basis of Art. 6 para. 1 lit. b GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).

The data will be used exclusively for processing the conversation and handling your request. The data entered by you in the contact form will remain with us until you request us to delete it or the purpose for data storage ceases to apply (e.g., after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected. Your personal data will be deleted at the latest three years after the completion of your request at the end of the calendar year.

6.3. Inquiries by Email or Phone

If you contact us via the email addresses provided on the website or by phone, we store and process your inquiry including all resulting personal data (name, address, contact details, inquiry) for the purpose of processing your request.

If your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures (e.g., an offer), the processing takes place on the basis of Art. 6 para. 1 lit. b GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).

The data will be used exclusively for processing the conversation and handling your request.

The data you transmit via contact inquiries will remain with us until you request us to delete them or the purpose for data storage ceases to apply (e.g., after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected. Your personal data will be deleted at the latest three years after the completion of your request at the end of the calendar year.

6.4. Newsletter

You can subscribe to a newsletter on our website. We only send newsletters with the consent of the recipients. For this purpose, we use a double opt-in procedure. After registering for the newsletter, you will receive an email in which you must confirm your registration. We use this procedure so that no one can register with a foreign email address. We log newsletter registrations to be able to prove the registration process in accordance with legal requirements. This includes the date, time, and IP address at the time of registration. For newsletter registration, we collect the name and email address.

We send newsletters for advertising purposes to inform about offers, promotions, and other news about B&B HOTELS.

The processing of the data entered into the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 7 para. 2 no. 2 Act Against Unfair Competition (UWG)). By sending the email as part of the double opt-in procedure, we comply with our legal obligation to verify your email address, Art. 6 para. 1 lit. c GDPR. Your data in connection with newsletter registration and dispatch are processed by the marketing department of B&B Hotels Germany GmbH. The B&B Hotels Group companies, whose overview is available above, are jointly responsible for the management and implementation of the direct marketing measure. The joint controllers have commissioned B&B HOTELS DIGITAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, and MOVE ON B&B HOTELS, 271, rue du Général Paulet, 29200 Brest, France, with the management and dispatch of the newsletters. The contractors act on the basis of data processing agreements at the instruction of the joint controllers.

Consent to receive our newsletter can be revoked at any time without giving reasons with effect for the future, for example, via the unsubscribe function in every newsletter. In case of revocation, your email address will be marked with a block to document that you no longer wish to receive newsletters in the future. Data no longer required will be deleted immediately. The block mark and your email address will be deleted three years after the end of the calendar year in which the block mark was set. If you do not confirm your consent to receive our newsletter as part of the double opt-in procedure, we will block your email address and delete it after six months, unless we need to retain it for other reasons and in another context.

6.5. Online Booking of Hotel Stays and Check-in

When you book a room via the online booking system on the Website or the App, we process the personal data requested via the booking form (e.g., personal master data, contact data, reservation/booking details, conditions, payment and invoice data) to carry out the booking and establish an accommodation contract. Your email address will be processed to send you reservation/booking confirmations, changes, cancellations, and other communications related to the reservation/booking and the accommodation contract. In addition, you will receive an automatically generated invitation to online check-in by email before the planned arrival day. For online check-in, you must register via the link in the email and provide your credit card details (card number, expiration date, security code) for payment purposes.

For data processing via the online booking system on the Website and the App, the companies of the B&B Hotels Group, whose overview is available above, are jointly responsible. The joint controllers have commissioned B&B HOTELS DIGITAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, and MOVE ON B&B HOTELS, 271, rue du Général Paulet, 29200 Brest, France, with the operation and management of the online reservation system. The contractors act on the basis of data processing agreements at the instruction of the joint controllers.

For the purpose of establishing and performing the accommodation contract, the data from the online booking system may be transmitted to the operator of the hotel for which you have booked your stay.

To comply with legal reporting obligations, it may be necessary for some personal data to be transmitted to the registration authority responsible for the hotel where you are staying, after you have checked in at the hotel. When checking in, you are obliged to provide this data.

In the case of accommodation of an unaccompanied minor, the hotel where the overnight stay takes place collects a declaration from a legal representative stating their name, contact details, and a copy of an identification document. Details on data processing can be found in the corresponding form.

The legal basis is Art. 6 para. 1 lit. b GDPR, as the processing of data is necessary for the establishment and performance of an accommodation contract in a B&B Hotel. By reporting guest data to the respective responsible registration authority, the B&B Hotel fulfills its legal obligation as a hotel business according to Art. 6 para. 1 lit. c in conjunction with §§ 29, 30 Federal Registration Act (BMG).

The data stored with us will be deleted as soon as they are no longer required for their intended purpose and no legal retention obligations prevent deletion. The commercial and tax retention periods in connection with the accommodation contract are six years (§ 257 para. 1 HGB) and ten years (§ 147 para. 1 AO), respectively. The registration forms required by the Federal Registration Act are kept for one year after registration in accordance with the provisions of § 30 BMG and destroyed within three months after the expiration of the retention period.

If you have made a booking with us, we use your email address to send you advertisements for similar goods and services related to your booking. You can object to this use at any time by either clicking the unsubscribe link in the footer of such an advertising email or alternatively sending us a message via the contact form on our website with the subject "Feedback on your stay" stating your email address.

The legal basis for this data processing is Art. 6 para. 1 f) GDPR in compliance with the requirements of § 7 para. 3 UWG. Our legitimate interest lies in promoting customer loyalty.

By reporting guest data to the respective responsible registration authority, the B&B Hotel in Austria fulfills its legal obligation as a hotel business according to Art. 6 para. 1 lit. c GDPR in conjunction with §§ 5 et seq. Registration Act 1991 (MeldeG).

6.6. User Account and Participation in the B&me Loyalty Program

On the Website and the App, it is possible to create a personalized user account ("B&me Account") to view bookings, make future reservations faster, and take advantage of the benefits of the B&me loyalty program.

For the creation and maintenance of the B&me Account, the data requested in the registration form (personal master data, contact data, language and country settings, password, communication settings) are processed. Details on bookings and hotel stays as well as benefits claimed from the B&me loyalty program are stored in the B&me Account and can be retrieved at any time. Registration for the user account and participation in the B&me loyalty program is verified via a double opt-in procedure. Here you will receive a confirmation email with the link you must click to activate the B&me Account. For this purpose and for further communication in connection with your B&me Account, your email address will be stored.

The legal basis for data processing is Art. 1 lit. b GDPR. The processing of the data is necessary for registration for the user account as well as the establishment and performance of participation in the B&me loyalty program.

For data processing in connection with the implementation of the B&me loyalty program, the companies of the B&B Hotels Group, whose overview is available above, are jointly responsible. The joint controllers have commissioned B&B HOTELS DIGITAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, with services in connection with the administration of the B&me loyalty program. B&B HOTELS DIGITAL SERVICES processes the personal data on the basis of a data processing agreement at the instruction of the joint controllers.

The personal data will be stored for the duration of the existence of the user account and participation in the B&me loyalty program. You can terminate your B&me Account and your participation in the B&me loyalty program at any time via the user account itself. The data will then be deleted at the latest after the expiry of the commercial retention period of six years according to § 257 HGB.

6.7. B&me Club Loyalty Program

Through the B&me Account on the Website and the App, it is possible to register for paid participation in the B&me Club loyalty program.

For the establishment and performance of participation in the B&me Club loyalty program, the data requested in the registration form for the B&me Account (personal master data, contact data, language and country settings, password, communication settings) are processed. Details on bookings and hotel stays as well as benefits claimed from the B&me loyalty program and the B&me Club loyalty program are stored in the B&me Account and can be retrieved at any time. An identification number is also stored for each member. Participation in the B&me Club loyalty program is confirmed with a message to the email address provided during registration. The email address is used for further communication regarding the B&me Club loyalty program. The legal basis for data processing is Art. 1 lit. b GDPR. The processing of the data is necessary for registration for the user account as well as the establishment and performance of participation in the B&me Club loyalty program.

For data processing in connection with the implementation of the B&me Club loyalty program, the companies of the B&B Hotels Group, whose overview is available above, are jointly responsible. The joint controllers have commissioned B&B HOTELS DIGITAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, with services in connection with the administration of the B&me Club loyalty program. B&B HOTELS DIGITAL SERVICES processes the personal data on the basis of a data processing agreement at the instruction of the joint controllers.

The personal data will be stored for the duration of participation in the B&me Club loyalty program. After termination of participation in the B&me Club loyalty program, the data will be deleted at the latest after the expiry of the commercial retention period of six years according to § 257 HGB.

6.8. Voucher Shop

On the Website, it is possible to purchase gift vouchers for stays at a B&B Hotel. Information on the processing of personal data in connection with this voucher shop is directly available in the shop section under "Privacy Policy".

6.9. Payment Service Provider
If you use third-party payment services (e.g., PayPal, Visa, Mastercard, Maestro, American Express), the B&B HOTELS Group companies cooperate with the payment service provider Adyen N.V. (hereinafter "Adyen"), Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, Netherlands.

Adyen is a full payment service provider that, among other things, handles payment processing. The data necessary for the respective payment method are transmitted to Adyen, unless they are collected directly by the respective payment service (e.g., PayPal) itself.

The bank card number, expiration date, and cryptogram are processed exclusively by Adyen, who only provides us with a token for the guarantee and payment of bookings.

The purpose of the transmission is identity verification, the desired payment processing, the implementation of any credit checks, and fraud prevention. To the extent necessary to fulfill contractual obligations, Adyen also passes on personal data to service providers or subcontractors.

The legal basis for the processing is Art. 6 para. 1 lit. b, lit. c, lit. f GDPR. By transmitting for identity verification, we fulfill legal obligations for customer authentication according to Art. 6 para. 1 lit. c GDPR in conjunction with the Payment Services Directive and the Payment Services Supervision Act. The legitimate interest in data transmission results from the purposes described above.

The terms and conditions and privacy policy of our partner for electronic payment processing apply. Further information on data protection can be found at https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-….

6.10. Guest Reviews

To get feedback from our guests about their stay, we use a review service offered by TrustYou GmbH, Schmellerstraße 9, 80337 Munich, www.trustyou.com. If you have consented to receive the newsletter, after a stay at a B&B Hotel in Germany, you will receive an email from B&B Hotels Germany GmbH with a link through which you can submit a review of your last stay. If you make use of the option to submit a review, your name, email address and/or phone number, IP address, your review result and details of the review, other entered data, as well as system data (browser type and version, device used, date and time of review submission, referring URL) will be transmitted to TrustYou GmbH and evaluated by TrustYou and B&B Hotels Germany GmbH. The review result, details of your review, your first name, the first letter of your last name, and the date of the review may be made publicly available on the Website and the App.

Collecting and analyzing reviews helps us to improve our quality.

The legal basis for data processing is your consent to receive the newsletter (Art. 6 para. 1 lit. a GDPR) as well as the legitimate interest of B&B Hotels Germany GmbH in operating a review system and evaluating reviews after guests voluntarily use the review system (Art. 6 para. 1 lit. f GDPR).

Submitting a review is voluntary. You can object to the further receipt of invitations to hotel reviews by email at any time via the corresponding link in each email.

TrustYou GmbH acts on the basis of a data processing agreement at the instruction of B&B Hotels Germany GmbH. More information on data handling at TrustYou can be found in TrustYou's privacy policy at: https://www.trustyou.com/downloads/privacy-policy.pdf.

Reviews will be made publicly available on the Website and the App for a maximum period of 24 months from submission. The data collected in connection with a review will be stored and evaluated for a maximum period of five years from the submission of the review. TrustYou GmbH is authorized to anonymize the data thereafter and then store and use it for analysis purposes without temporal and spatial restrictions.

6.11. Conducting Lotteries and Competitions

We occasionally organize lotteries or other competitions in which guests and other interested parties can participate, e.g., in connection with submitting a guest review. For this purpose, we process the data required for participation, such as names, email addresses, and answers to lottery and competition questions. Subsequently, in case of a win, address data may be requested to send a prize.

The processing takes place solely for the purpose of conducting the lottery or competition, i.e., for determining and notifying winners and for sending prizes.

For lotteries and other competitions in connection with submitting a guest review, we use the support of TrustYou GmbH, Schmellerstraße 9, 80337 Munich, which acts on our instructions based on a data processing agreement.

To the extent that we obtain your consent as part of a lottery or competition, this is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Otherwise, Art. 6 para. 1 lit. b GDPR is the legal basis, as data processing is necessary for participation in the lottery or competition.

The data will be deleted after the lottery or competition has been conducted, unless you have given your consent to further processing of your data or a longer retention period must be taken into account in connection with the redemption or use of a prize.

6.12. Video Surveillance in Hotels

In certain areas of hotels and associated premises, especially parking lots, video surveillance may be used. In this context, images of guests may be recorded and evaluated on a case-by-case basis.

Video surveillance generally takes place within legal limits. The legal basis is the legitimate interest in the safety of our guests and hotel property according to Art. 6 para. 1 lit. f GDPR.

Detailed information on the use of video cameras and data processing in this context can be found on-site at the hotels.

6.13. Guest Wi-Fi in Hotels

In the hotels operated by B&B Hotels Austria GmbH in Austria, guests are provided with Wi-Fi access.

The following data may be processed when using the guest Wi-Fi:

  • MAC or IP address of the terminal device used,
  • Email address,
  • User name,
  • Name,
  • Room number,
  • Login date and time.


Some of this data is stored through the use of cookies. In addition, data optionally provided by you may be processed (e.g., for personalized access).

Purpose of processing:

The data is processed to provide access to the guest Wi-Fi, enable user authentication, and ensure the flawless operation of the guest Wi-Fi. The processing also serves to detect and prevent misuse (e.g., unauthorized content or attacks on the network).

Legal basis:

The processing takes place on the basis of Art. 6 para. 1 lit. b GDPR (necessary for the fulfillment of the contract for the provision of guest Wi-Fi).
Insofar as information is stored in cookies, we also base the processing on our legitimate interest according to Art. 6 para. 1 lit. f GDPR in conjunction with § 96 para. 3 Telecommunications Act 2003 (TKG). The legitimate interest lies in ensuring the functionality of the Wi-Fi system.

Order processing:

For the provision and operation of the guest Wi-Fi, B&B Hotels Austria GmbH has commissioned m3connect GmbH, Friedlandstraße 18, 52064 Aachen, Germany, as a service provider. m3connect GmbH processes your data on the basis of a data processing agreement according to Art. 28 GDPR and exclusively on the instructions of B&B Hotels Austria GmbH.

Storage duration:

The data is stored for the duration of the provision of the guest Wi-Fi and deleted after the end of the session or after 10 weeks at the latest, unless legal retention obligations prevent deletion. Technically necessary cookies are so-called session cookies, which are automatically deleted at the end of your session.

Note:

Further details can be found in the notices during registration for guest Wi-Fi on-site.

6.14. Central Telephone Reservation Center

As part of our services, the B&B HOTELS Group operates a central telephone reservation center, which is also available to the hotels of B&B HOTELS GmbH in Germany. Through this reservation center, you can make telephone bookings and receive information about your stay. The purpose of the processing is the handling and management of reservations received by phone via the central reservation center; the central consolidation and management of reservation data as well as quality assurance and improvement of our booking service.

The legal basis for this is Art. 6 para. 1 lit. b GDPR (processing for the fulfillment of a contract or for the implementation of pre-contractual measures at the request of the data subject) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient processing of reservations and optimization of our service offering).

For this purpose, the following categories of personal data are processed: Name, title; address, email address, phone number; booking and travel data (hotel, length of stay, booked services, special requests); payment data (if required for booking security) as well as communication content (e.g., content of telephone inquiries).

Recipients of the data are B&B HOTELS Germany GmbH and the hotels of the B&B HOTELS Group in Germany where a reservation is made, as well as agents and IT and service providers (within the scope of order processing).

The personal data will be stored for the duration of the processing of the reservation and the stay. After full processing and expiry of legal retention periods, the data will be deleted.

7. Cookies

Our website uses so-called "cookies" and other tracking tools. Details on this and your setting options are presented in our Information on Cookies and Other Trackers.

8. Our Presences on Social Media Channels

B&B Hotels Germany GmbH maintains its own channel on several social media platforms. When you visit our profile on one of the social media platforms, the respective provider of the social media platform processes data from you to create usage profiles and to operate and improve its own services. Furthermore, some providers of social media platforms provide us with evaluations of the use of our profile in anonymized form. Data processing takes place partly regardless of whether you are registered on the social media platform yourself or not. The evaluations generally include the following information:

  • Reach measurements regarding profile, posts, and other functions, i.e., total number of people who have visited/used the profile, posts, and other functions;
  • Aggregated data on age, gender, and place of residence (country, region/city) of the people visiting the profile;
  • Usage duration for videos and other functions;
  • Time and location of uses;
  • Devices, operating systems, and software used;
  • Interactions related to posts, e.g., click-through rates, shares, comments.

 

Regarding the data processing operations for the purposes of the aforementioned evaluations, B&B Hotel Germany GmbH and the respective providers of the social media platforms are jointly responsible within the meaning of the GDPR and have concluded corresponding agreements on joint responsibility.

We have no influence on whether and to what extent the providers collect personal data on their social media platforms. We are also not aware of the scope, purpose, and storage period of the data collection. It must be assumed that at least the IP address and device-related information are collected and used. It is also possible that the providers use cookies and similar technologies on their platforms to track and evaluate user behavior on the platforms and other services of the providers.

The providers of the social media platforms are partly based outside the territory of the European Union (EU) and the European Economic Area (EEA) (so-called "third countries"), especially in the USA. Some of these third countries do not have a data protection level comparable to that of the EU, or the recognition of an adequate data protection level depends on further conditions, such as certification under the EU-U.S. Data Privacy Framework Agreement for US companies. In some third countries, for example in the USA, government agencies have far-reaching access rights to data of companies with headquarters in these third countries. We cannot rule out that even if the providers are based in the EU, data may also be transmitted to group companies in the USA or in another third country.

Further information on the individual providers of the social media platforms where we operate a profile:

  • Facebook and Instagram: The provider for the European area is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, "Meta"). Further information on data protection can be found at https://facebook.com/policy.php and regarding Instagram at https://help.instagram.com/519522125107875. Information on the cookies used by Meta when you visit our Facebook page or our Instagram channel can be found at https://www.facebook.com/policies/cookies. For processing operations for which we are jointly responsible with Meta, the following agreement on joint responsibility applies: https://www.facebook.com/legal/controller_addendum. The group headquarters Meta Platforms Inc, Menlo Park, California, USA, is certified under the EU-U.S. Data Privacy Framework.
  • LinkedIn: The provider for the European area is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). Further information on data protection can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy and in the cookie policy at https://www.linkedin.com/legal/cookie-policy. For processing operations for which we are jointly responsible with LinkedIn, the following agreement on joint responsibility applies: https://legal.linkedin.com/pages-joint-controller-addendum. The group headquarters LinkedIn Corporation, Sunnyvale, California, USA, is certified under the EU-U.S. Data Privacy Framework.
  • YouTube: The provider for the European area is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Further information on data protection can be found in Google's privacy policy at https://policies.google.com/privacy?hl=de. The group headquarters Google LLC, Mountain View, California, USA is certified under the EU-U.S. Data Privacy Framework.
  • TikTok: The provider for the European area is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Further information on data protection can be found in the privacy policy at https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

 

9. Automated Decision-Making, Profiling

No automated decision-making is carried out for the establishment and performance of business relationships, and no profiling takes place. Should these procedures be used in individual cases, you will be informed separately, if legally required.

 

10. Obligation to Provide Data

For the establishment, performance, and termination of a business relationship (e.g., booking, accommodation contract, participation in a loyalty program, receipt of a newsletter), it is necessary or partly legally required that you provide us with personal data. Without this data, a business relationship generally cannot be established or may have to be terminated. In forms, these data are regularly marked as mandatory.

 

11. Data Security

We attach particular importance to the security of personal data. We implement technical and organizational measures appropriate to the level of sensitivity of the personal data to ensure the integrity and confidentiality of the data and to protect them from malicious intrusion, loss, alteration, or disclosure to unauthorized third parties. These security measures include, for example, the encrypted transmission of data between your browser and our servers. Please note that SSL encryption for transmissions carried out over the Internet is only activated when the key symbol appears in your browser window and the address begins with https://. TLS (Transport Socket Layer) protects data transmission with encryption technology from illegal third-party data access. If this option is not available, you can also choose not to send certain data over the Internet.

 

12. Your Rights

In accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG), you have the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.

In addition, you have the right to lodge a complaint with the Austrian Data Protection Authority if you believe that the processing of your personal data is not lawful.

Competent supervisory authority in Austria:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien
Web: https://www.dsb.gv.at

 

13. Changes to the Privacy Policy

We reserve the right to amend the Privacy Policy to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. Insofar as user consents are required or parts of the Privacy Policy contain regulations of the contractual relationship with the users, changes will only be made with the consent of the users.

Please inform yourself regularly about the content of the Privacy Policy.