Thank you for visiting our website and for your interest in our company. Contact with customers and stakeholders is a confidential matter for us. We attach great importance to the trust you place in us, and this obligates us to handle your data with care and protect it from misuse.
We want you to feel safe and comfortable when visiting our website, so we take the protection and confidentiality of your personal data very seriously. Therefore, we work in accordance with applicable legislation for the protection of personal data and data security. In this privacy policy, we would therefore like to make you aware of when we store data, what data we store, and how we use it - this, of course, is always done in accordance with current legislation.
In particular, THE MANDALA's privacy policy is based on the European Union General Data Protection Regulation (GDPR). In the following sections, we will explain which information we collect when you visit our website, and how we use it.
The Data Controller under the GDPR and other national data protection laws of Member States, as well as other data protection regulations, is:
The Mandala Hotel GmbH, Potsdamer Str. 3, D-10785 Berlin, Germany
The Data Controller's Data Protection Officer is:
Andreas Thurmann, DataSolution Thurmann GbR, Isarstrasse 13, D-14974 Ludwigsfelde, Germany
1. Scope of processing of personal data
We collect and utilise our users' personal data only as far as this is necessary for provision of an operational website and of our content and services. Collection and utilisation of users' personal data is undertaken on a regular basis and only with the user's consent. An exception applies in those cases where prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.
2. Legal basis for processing personal data
Where we obtain the consent of the Data Subject to processing their personal data, article 6, section 1, subsection A of the GDPR forms the legal basis. For processing of personal data required to fulfil a contract to which the Data Subject is a party, article 6, section 1, subsection B of the GDPR forms the legal basis. This also applies to processing which is necessary for carrying out pre-contractual tasks. Where processing of personal data is necessary to fulfil a legal obligation (statutory provision) to which our company is subject (e.g. Bundesmeldegesetz/German Federal Act on Registration), article 6, section 1, subsection C of the GDPR forms the legal basis. If processing is necessary to safeguard a legitimate interest of our company or of a third party, and the interests, fundamental rights and freedoms of the Data Subject do not outweigh the aforementioned interest, article 6, section 1, subsection F of the GDPR forms the legal basis.
3. Data deletion and duration of storage
The Data Subject's personal data will be deleted or made inaccessible as soon as the purpose of storage ceases to apply. Data may be stored beyond this point if this has been provided for by European or national lawmakers in EU regulations, laws or other rules to which the Data Controller is subject. Data will still be made inaccessible or deleted when a storage period prescribed by the aforementioned rules expires, unless continued data storage is necessary for concluding or performing a contract.
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the system of the computer accessing the site. The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be created from this data. This data is used solely for statistical purposes.
2. Legal basis for data processing
The legal basis for temporary storage of data and log files is processing to safeguard our (THE MANDALA's) legitimate interest.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable the website to be provided on the user's computer. This requires the user's IP address to be stored for the duration of the session.
The data is stored in log files to ensure the website's functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interest in data processing is also a purpose of data processing.
4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for providing our website, this is the case once the user has ended their session.
In the case of data stored in log files, this is the case after no more than seven days. Data may be stored beyond this point, but the users' IP addresses will be deleted in this case, or disguised such that they can no longer be linked to the user in question.
5. Right to objection and removal
Collection of data to provide the website and storage of data in log files to run the website are absolutely necessary. The user therefore has no right to objection.
1. Description and scope of data processing
A contact form is provided on our website, which can be used to contact us electronically. If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored. The data in question are: first name and surname, email address and concerns.
Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.
Data is not passed on to third parties in this context. The data is used exclusively for the conversation in question.
2. Legal basis for data processing
Our justified interest in data processing in the course of making contact with the user is the initial legal basis for data processing in this case. If this establishment of contact has the aim of concluding a contract, then the initiation of a business transaction or forming of a contractual relationship provides additional legal basis for data processing.
3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purpose of establishing contact. In the case of email contact, this also constitutes the necessary legitimate interest in the processing of the data.
The remaining personal data processed during the sending process is to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of personal data sent by email, this is the case once the conversation with the user has ended. The conversation will be deemed to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.
In the case of correspondence concerning a pre-contractual relationship (enquiry regarding an offer or reservation), the data transmitted will additionally be stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.
5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.
We would like to point out that, if you object, the conversation cannot be continued and we cannot make any offers, etc.
All personal data stored in the course of establishing contact with us will be deleted in such a case.
1. Description and scope of data processing
Our website includes an online booking facility for rooms and arrangements at THE MANDALA HOTEL. If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored. The data in question are: first name, surname, email address, arrival details, requests, payment data, address (if necessary), telephone, date, time.
Online bookings undertaken on our website are made through the synxis online reservation system from Design Hotels AG, Stralauer Allee 2c, D-10245 Berlin, Germany. All booking data you enter will be encrypted. Design Hotels AG, in contract with us, has committed itself to handling the data you send in accordance with data protection legislation and has adopted all organisational and technical measures to protect your data.
Data is not passed on to other third parties in this context. The data is used exclusively for processing the booking and for communication.
2. Legal basis for data processing
The legal basis for data processing is the conclusion of an accommodation contract with the user.
The data transmitted are stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.
For purposes of improving our services, we manage all data received in our central hotel software at THE MANDALA. The Data Controller is the hotel for which the booking is made. The relevant booking data are accessible only to the Data Controller; this data may be used together with a guest's data for purposes such as making a reservation at another hotel at a later date, rebooking or undertaking centralised marketing activities. To this end, central departments such as Reservations and Marketing may access this data. The legal basis for data processing is our justified interest in data processing as part of centralised administration and utilisation of customers' and business partners' data within the hotel group.
3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purposes of processing booking requests and transactions.
4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where a contractual relationship is formed, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations are fulfilled.
5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.
We would like to point out that, if you object, bookings cannot be completed and any conversation cannot be continued.
1. Description and scope of data processing
THE MANDALA also enables rooms and arrangements to be booked via hotel booking sites (third-party providers). If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored to the extent that this is permitted by the relevant hotel booking site's privacy policy. This may include: first name, surname, email address, telephone, postal address, number of fellow travellers, expected arrival time, requests, payment details (credit card).
Data is not passed on to other third parties in this context. The data is used exclusively for processing the booking and, if necessary, for communication.
2. Legal basis for data processing
The legal basis for data processing is the conclusion of an accommodation contract with the user.
The data transmitted are stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.
For purposes of improving our services, we manage all data received in our central hotel software at THE MANDALA. The Data Controller is the hotel for which the booking is made. The relevant booking data are accessible only to the Data Controller; this data may be used together with a guest's data for purposes such as making a reservation at another hotel at a later date, rebooking or undertaking centralised marketing activities. To this end, central departments such as Reservations and Marketing may access this data. The legal basis for data processing is our justified interest in data processing as part of centralised administration and utilisation of customers' and business partners' data within the hotel group.
3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purposes of processing booking requests and transactions.
4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where a contractual relationship is formed, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations are fulfilled.
THE MANDALA has no control over the storage periods of any external hotel booking sites.
5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.
We would like to point out that, if you object, bookings cannot be completed and any conversation cannot be continued.
1. Description and scope of data processing
Our website includes an online purchase facility for vouchers. If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored. The data in question are: title/company, first name, surname, date of birth, email address, postal address, telephone/fax, value of voucher, requests, payment details, password for individual user account.
Voucher purchases on our website are made through an online ordering system provided by INCERT eTourismus GmbH & Co KG, Leonfeldner Strasse 328, A-4040 Linz, Austria. All order data you enter will be encrypted. INCERT has committed itself to handling the data you send in accordance with data protection legislation and has adopted all organisational and technical measures to protect your data.
Data is not passed on to other third parties in this context. The data is used exclusively for processing the booking and for communication.
2. Legal basis for data processing
The legal basis for data processing is the conclusion of a sales contract with the user.
3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purposes of processing voucher sales and transactions.
4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where a contractual relationship is formed, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations are fulfilled.
5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.
1. Description and scope of data processing
To support, consult and advertise corporate customers, we, as well as current or potential business partners, collect and use data on contacts, telephone numbers and postal addresses. We receive this information from various sources, either by making a request (email or telephone), or through meetings, fairs, business cards received by our sales staff, etc.
Data is not passed on to third parties in this context. It is used exclusively for the purposes stated.
2. Legal basis for data processing
Processing of data is otherwise undertaken on the legal basis of our legitimate interest in data processing. If this establishment of contact has the aim of concluding a contract, then the initiation of a business transaction or forming of a contractual relationship provides additional legal basis for data processing.
For purposes of improving our services, we manage all data received in the CRM module of our central hotel software at THE MANDALA. The Data Controller is the hotel with which business contact has been made. Central departments such as Sales, Events, Reservations and Marketing may access this data. The legal basis for data processing is our justified interest in data processing as part of centralised administration and utilisation of customers' and business partners' data within the hotel group.
3. Purpose of data processing
We use this contact data exclusively for our own purposes and for needs-based planning of our own sales activities.
4. Duration of storage
There is no general deadline for deletion. Should, however, our sales department have no contact with a company for 3 years, our sales department will decide whether the details of the contact in the company in question should be deleted.
In the case of correspondence concerning a pre-contractual relationship (enquiry regarding an offer, booking or reservation), the data transmitted will additionally be stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.
5. Right to objection and removal
Corporate contacts have the right to revoke their consent to the processing of their personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.
In this case, all personal data of the contact associated with the company in question will be deleted.
1. Description and scope of data processing
Guests may submit a review of our hotel after check-out. For this purpose, we will send an email within 14 days of departure to request a review. Any review may be anonymised for publication, on request. If you were not satisfied with your stay at our hotel, we would like to take the opportunity to contact you.
If you submit an online review on our website, the data will be saved in the review tool provided by CA Customer Alliance GmbH, Ullsteinstrasse 118, Turm B, D-12109 Berlin, Germany. CA Customer Alliance GmbH has committed itself to handling the data you send in accordance with data protection legislation and has adopted all organisational and technical measures to protect your data.
If a guest submits an online review, his/her data will be stored in the review system. The data in question are: email address, as well as voluntary information such as first name, surname, language, and any other information given in the review.
Data is not passed on to other third parties in this context. The data is used exclusively for publishing the review and for settlement in case of negative reviews.
2. Legal basis for data processing
Processing of data is otherwise undertaken on the legal basis of our legitimate interest in data processing.
3. Purpose of data processing
The purpose of the reviews is to collate and communicate guest opinions through our website, so that potential guests can picture our services for themselves. The results are also used for internal quality management.
4. Duration of storage
This data will not be deleted.
5. Right to objection and removal
You have the right to have your published review deleted at any time (right to be forgotten). For this purpose, we have set up the email address widerruf@themandala.de. Please tell us which review is yours when doing this.
This service is aimed primarily at adults. We do not currently market any services for children. Therefore, we neither knowingly collect information to determine user age, nor do we knowingly collect personal data from children under 16 years of age. We would, however, like to advise all visitors to our website under 16 years of age not to disclose or make available any personal data. If we discover that a child under 16 years of age has provided us with personal data, we will delete the personal data of the child from our files, as far as this is technologically possible.
If your personal data are processed, you are a Data Subject under the GDPR and you have the following rights with regard to the Data Controller:
You have the right to information on the data stored about you, the purposes for which your data are being processed, any transferring of this data to other bodies that may occur, and the length of time for which your data will be stored.
Should data be incorrect or no longer required for the purposes for which they were collected, you have the right to demand their correction or deletion, or restriction of data processing. Where provided for by the data processing methods used, you can view and, if necessary, correct the data yourself.
If special personal circumstances provide reasons against processing of your personal data, you have the right to object to such data processing, provided that the processing is based on a legitimate interest. The Data Controller will then no longer process your personal data, unless the Data Controller can provide evidence of compelling legitimate reasons for processing which outweigh your interests, rights and freedoms; or if processing serves to assert, exercise or defend legal claims. If your personal data are processed for direct marketing purposes, you have the right, at any time, to object to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to data processing for purposes of direct advertising or profiling, your personal data will no longer be processed for these purposes.
You have the right to revoke your declaration of consent for data protection at any time. Withdrawal of consent shall not affect the legality of processing undertaken on the basis of this consent before its withdrawal.
If you have questions on your rights and exercising them, please contact:
The Mandala Hotel
The Mandala Hotel GmbH
Potsdamer Str. 3
D-10785 Berlin
Deutschland
Tel.: +49 (0) 30 590 05 00 00
Mail: welcome@themandala.de
Data Protections Officer
DataSolution Thurmann GbR
Herr Andreas Thurmann
Isarstr. 13
D-14974 Ludwigsfelde
Deutschland
Tel.: +49 (0) 3378 202513
Fax: (0) 3378 202514
Mail: mail@hoteldatenschutz.de
As a Data Subject, irrespective of any other administrative or judicial remedy, you have the right of appeal to a supervisory authority for data protection, more specifically in the member state where you reside or where the alleged offence was committed, if you believe that the processing of your personal data violates data protection law.
The supervisory authority to which the complaint is submitted will inform you of the status and the findings of your complaint, including whether or not a judicial remedy is possible.
More information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information. Please click this link.
THE MANDALA uses technological and organisational security precautions, in accordance with article 32 of the GDPR, in order to protect your data administered by us from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security precautions are continually improved as technology develops. Access is only granted to a small number of authorised persons, and persons committed specifically to data protection who are concerned with technical, administrative or editorial management of data.
By using our websites and the services contained therein, you agree that the personal data you have voluntarily provided may be stored by us, and processed and used in accordance with this privacy policy.
We reserve the right to change, update or supplement this privacy policy at any time. All revised privacy policies apply only to personal data which were collected or changed after the entry into force of the revised policy.