Sorat HotelsDE

Data protection

Book Best Price

Data protection information

This privacy policy clarifies users about the nature, scope and purpose of the collection and use of personal data by the responsible provider, the SORAT Hotel Verwaltungs GmbH. Current status of this privacy policy is May 2018.


I. Name and address of the responsible body

The responsible within the meaning of the general data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:


II. Name and contact details of the data protection supervisor

The designated privacy officer is:


III. General information about data processing

1. Scope of processing of personal data

In principle, we process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal basis for processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, article 6 (1) (a) EU general data protection regulation [GDPR] constitutes the legal basis. In the processing of personal data necessary for the performance of a contract of which the data subject is a party, article 6 (1) (b) GDPR constitutes the legal basis. This also applies to processing operations required to carry out pre-contractual actions. Insofar as the processing of personal data is required to fulfill a legal obligation that is subject to our company, article 6 (1) (c) GDPR constitutes the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, article 6 (1) (d) GDPR constitutes the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, article 6 (1) (f) GDPR constitutes the legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

IV. Website providing and creating log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:

  • Information about the browser type and version
  • Operating system of the user
  • Internet service provider of the user
  • IP address of the user
  • Date and time of access
  • Websites from which the system of the user reaches our website
  • Website accessed by the user's system through our website
  • Volume of data transferred when calling up our website

The log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user is switching contains personal data. The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

Legal basis for the temporary storage of data and log files is article 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this Kontext. The purposes mentioned also include our legitimate interests in data processing within the meaning of article 6 (1) (f) GDPR.

4. Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed. In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Opposition and disposal possibility

Data capture for providing the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

V. Use of cookies

1. Description and scope of data processing

We use cookies on our website. Cookies are text files that are stored in the internet browser or in the internet browser on the computer system of the user. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break. The following data is stored and transmitted in the cookies:

  • Information cookie note
  • Screen resolution
  • Log-in information
2. Legal basis for data processing

Article 6 (1) (f) GDPR provides the legal basis for the processing of personal data by deploying cookies. The legal basis for the processing of personal data by using technically necessary cookies is article 6 (1) (f) GDPR. The legal basis for the processing of personal data by using cookies for analysis purposes is the consent of the user article 6 (1) (f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. We require cookies for the following applications:

  • Information cookie note
  • Screen resolution
  • Log-in information

The user data collected through technically necessary cookies will not be used to create user profiles. For these purposes, our legitimate interest in the processing of personal data pursuant to article 6 (1) (f) GDPR.

4. Duration of data storage, opposition and disposal possibility

Cookies are stored on the computer of the user and transmitted by the computer of the user to our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may lead to impaired functionality of the website, either fully or in part.

VI. Interest-based ads

1. Description and scope of data processing

We work with Sojern, Inc., 255 California St Suite 1000, San Francisco, CA 94111, USA. Specializing in traveler path-to-purchase data for over a decade, Sojern is travel's direct demand engine for hotel, airline, cruise, transportation, tourism industries and more. Analyzing the world's travel intent signals with its proprietary data science methods, the company delivers direct bookings for us as one of its clients by activating multi-channel branding and performance solutions on the Sojern traveler platform. Sojern products do not intentionally collect any information that would personally identify you in the real-world, such as name, address, email address, or phone number. However, as various global laws define personal information differently, Sojern will comply with the respective laws of the location in which the data is collected. Like most advertising services, Sojern uses a combination of pixel tags and cookies to recognize your preferences and effectively administer the service. A pixel tag is a small image placed on a website to track visitor activity including when advertisements are delivered or clicked-on. Pixel tags are often used in combination with cookies. A cookie is a small text file containing a string of characters that is placed on your browser or device by a host when you visit a website. When you visit the website again, the cookie allows that host to recognize your browser. Sojern assigns a unique randomized Sojern profile cookie ID to each user – called Sojern Profile. The Sojern Profile ID is a unique technical ID that Sojern assigns to users that Sojern sees across the web — in essence a unique cookie sighting. Any time Sojern sees the same Sojern Profile ID, Sojern appends any data collected on that visitor to their Sojern Profile for future reference. For example, if you search for a hotel in a certain city through a travel search data Partner, and then visit a specific hotel website that is also a Sojern Client, Sojern will recognize that you visited both websites and combine these two visits together in your Sojern profile. When you see an ad for the same hotel you visited on another website, it may be because the advertising service used the Sojern platform to help identify the ad as relevant to your interests. Sojern collects and processes only pseudonymous data to deliver its advertising services. These data are, for example, flight search, destination, travel data. In the case of a direct booking on our website, which was caused by a click on one of our delivered Sojern hotel ads, we do not pass personal data on to Sojern. In the course of the campaign billing, which requires the arrival and departure and payment of the stay with us, we also do not share personal information with Sojern. Sojern only receives the date of arrival and departure, hotel, city, number of rooms and person, rate type, booking reference, booking amount, currency and the pseudonymised SORAT Soyern reservation reference and while Sojern collects IP addresses, they are hashed using SHA1 such that the original IP is removed.

The following data are used and collected by sojern:

  • Specific website visits
  • Search queries for travel with specified search input variables*
  • Booking results of the travel search

*These variables and results include many of the fields that you fill in the search: travel type, travel date, travel period, destination, type of accommodation, number of guests, number of rooms. On the following page you will find details about Sojern technology: Sojern RevDirect and Sojern FAQ.

2. Legal basis for data processing

Article 6 (1) (f) GDPR provides the legal basis for the processing.

3. Purpose of data processing

It allows the Sojern platform to display targeted and relevant advertising on selected websites. This is done based on your gaze behavior on selected travel-related websites. If you receive an ad that is relevant to us on another website, it will be referred to you as an interest-based ad and has a blue ad choices icon in the upper right corner. When the icon is clicked, you are able to identify the companies involved in serving such interest-based advertising services to you, and you will see a ability to opt-out of these interest-based ads.

4. Duration of data storage

Sojern profile cookie IDs have an expiration date, and Sojern has set them to expire in two years. No sensitive personal information is stored. Sojern is GDPR compliant. For more information, please see Sojern’s perspective on GDPR.

5. Opposition and disposal possibility

There are many ways to block, delete, or reject Sojern. In any modern browser, you can refuse third-party cookies such as Sojern or delete cookies completely. By adjusting your browser settings you can block or delete third-party cookies, such as Sojern, following you will continue to receive online ads, but they won’t be tailored to your interests. If you want to disable the web-based ads for desktop devices through the Sojern platform, you can do so here at TrustArc. When you opt out, a browser cookie will be set on the device you use to instruct Sojern not to deliver ads for targeted advertising purposes. Please note that there may be delays in updating the information. As a user of a mobile device, you also have numerous controls in your operating system that allow you to choose whether to allow cookies or share your advertising ID with companies such as Sojern. Please see here for more information on how to opt-out on mobile. Through self-regulatory measures in the digital industry you can opt out yourself of interest-based ads by Sojern and other companies in addition to the browser or mobile controls. Your privacy is important to us so we encourage you to review the Sojern privacy policy.

VII. Newsletter and press mailing list

1. Description and scope of data processing

On our website you can subscribe to a free newsletter as well as weekly lunchnews of Parduin restaurant in Brandenburg or to register for our press mailing list. For these applications, we use the so-called double-opt-in procedure. This means that after your regastration we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. When registering for the newsletter, the data from the input mask will be sent to us. The data from the input mask are transmitted to us when registering for the newsletter. We collect the user's e-mail address as a mandatory entry. Other information: salutation, first name, name, address, travel region, favorite hotel, interests, age are optional. This information will only be transmitted when the fields are completed. In addition, the following data is collected when registering for the newsletter or press distribution list:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access
  • Language setting

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. We generally do not transmit your data to third parties in connection with the processing of data for the sending of newsletters or press releases. The data will be used exclusively for sending the newsletter or the press release.

2. Legal basis for processing of personal data

In the presence of a consent of the user article 6 (1) (a) GDPR provides the legal basis for the processing of personal data by registration for our newsletter or press mailing list.

3. Purpose of data processing

The collection of the e-mail address of the user serves to deliver the newsletter or the press release. The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the used email address.

4. Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter or the press distribution list is active. The other personal data collected during the registration process will normally be deleted after a period of seven days.

5. Opposition and disposal possibility

The subscription to the newsletter or press mailing list may be terminated at any time by the concerned user. For this purpose, a corresponding link can be found in every newsletter or in every press release. This also allows a revocation of the consent to the storage of the personal data collected during the registration process.

VIII. Newsletter tracking

1. Description and scope of data processing

The term tracking is understood in the network as the collection and evaluation of user behavior. We point out that we evaluate your user behavior when sending the newsletter. We send our newsletters via phpList and can determine if a newsletter message has been opened and which links have been clicked. With the phpList the dispatch of newsletters can be organized and analyzed. For this evaluation, the e-mails sent include so-called web beacons or tracking pixels that represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned in VI point three and the web beacons with your e-mail address and an individual ID. The data are collected exclusively pseudonymised, so the IDs are not linked to your other personal data, a direct personal reference is not excluded. In addition, the following data is collected when opening the newsletter:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access
  • Language setting
  • Email address
  • Clicks on links inside the e-mail

We generally do not transmit your data to third parties in connection with the data processing for the tracking. The data will be used exclusively for tracking.

2. Legal basis for processing of personal data

Legal basis for the tracking of data is article 6 (1) (f) GDPR in the protection of legitimste interests. Furthermore, the legal basis for the processing of this data, which is necessary for the fulfilment of newsletter sending, is article 6 (1) (a) GDPR. The fulfillment of newsletter sending is given when registering.

3. Purpose of data processing

With the purpose of data processing we aim at the statistical evaluation possibility. For this purpose, we record both the openings of the e-mail as well as the internal clicks in order to track users' click paths and to minimize abandonment rates. This information is used to measure the success of our newsletter marketing and to make the content of future newsletters more exciting and relevant. In addition, the analysis gives us hints for the programming, search engine optimization and design of the booking processes on our website.

4. Duration of data storage

We store your data only during the subscription to the newsletter as well as to avoid contradictions in the receipt of the newsletter. In case of cancellation from our newsletter service, we store the data purely statistically and anonymously.

5. Opposition and disposal possibility

As a recipient, you have the option to object to this form of data collection at any time. If you do not want an analysis by phpList, you have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter message. Furthermore, you can unsubscribe from the newsletter directly on the website.

IX. Registration

1. Description and scope of data processing

Our website offers users the option to register by entering personal data. As part of this process, the data is entered into an input screen, transmitted to us, and saved. We do not share data with third parties.

a] Registration for My SORAT account for online bookings

In the event of registration for a My SORAT account, the personal data you provide for the purpose of processing reservations and statistical evaluation purposes will be stored and used. Personal data from your registration will also be stored and used for quality management and in case of registration for our newsletter or bonus program. All other data requested, such as the billing address and information about the means of payment, are voluntary and must not be left. The use and processing of the data takes place exclusively in the specified manner. The following personal data is collected as part of this registration process:

  • Username or Email
  • Password
  • Prefix, first name and family name
  • Post address
  • Country
  • Phone

Furthermore, following personal data is stored at the time of the registration process:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access
  • Language setting

b] Registration for My SORAT travel agent account for online bookings

If you are travel agent and if you want to use our travel agent service on our Linoweb online reservation system, you need to register for a My SORAT travel agent account. In the event of registration for a My SORAT travel agent account, the personal data you provide for the purpose of processing reservations and statistical evaluation purposes will be stored and used. Personal data from your registration will also be stored and used for quality management and in case of registration for our newsletter or bonus program. All other data requested, such as the billing address and information about the means of payment, are voluntary and must not be left. The use and processing of the data takes place exclusively in the specified manner. The following personal data is collected as part of this registration process:

  • Username or Email
  • Password
  • Travel agency
  • IATA number
  • Prefix, first name and family name
  • Function
  • Post address
  • Country
  • Phone

Furthermore, following personal data is stored at the time of the registration process:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access
  • Language setting

c] Registration for a membership in the SORAT loyalty program

In the event of registration for a membership in our SORAT loyalty program, the personal data you provide for the purpose of processing reservations and statistical evaluation purposes will be stored and used. Personal data from your registration will also be stored and used for quality management, for sending the bonus point statement of account via e-mail, for our bonus program e-mail newsletter as greeting cards by letter post [for example birthday]. All other data requested, such as the billing address and information about the means of payment, are voluntary and must not be left. The use and processing of the data takes place exclusively in the specified manner. The following personal data is collected as part of this registration process:

  • Email
  • Prefix, first name and family name
  • Post address

Furthermore, following personal data is stored at the time of the registration process:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access
  • Language setting

For the processing of the data, your consent is obtained during all above-mentioned registration processes and reference is made to this privacy policy.

2. Legal basis for processing of personal data

Legal basis for the storage of data is article 6 (1) (a) GDPR in the presence of the consent of the user. Furthermore, the legal basis for the processing of this data, which is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, is article 6 (1) (b) GDPR. The fulfillment of a contract is given for example when making a reservation.

3. Purpose of data processing

User registration is required to make available certain content and services on our website. In addition, a registration of the user is necessary to fulfilling a contract, this also applies to processing which is required to carry out pre-contractual measures. In the case of an travel agent account for room reservations at travel agent rates. In the case of registration of the loyalty program managing member registration, for room reservations at bonus rates for members, premium redemptions as well as sending the bonus newsletter with information on the status of the bonus point account by email, sending greeting cards by letter post. In the case of a registration for a My SORAT account for faster processing of the booking process.

4. Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

5. Opposition and disposal possibility

As a user, you have the option of canceling the registration at any time. You can change the data stored about you at any time. You can delete your My SORAT account at any time, unsubscribe from service offers and revoke your consent at any time. To delete, log in to our Linoweb reservation page with your user data. If you do not use your account for more than two years, the account will be deactivated. To activate, send an e-mail to our support. The bonus membership in the SORAT loyalty program can be terminated at any time in accordance with the conditions of participation. The cancellation of the bonus membership requires the written form. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible, unless contractual or legal obligations preclude deletion.

X. Contact forms and email contact

1. Description and scope of data processing

On our website, there are various contact forms which can be used to contact us electronically. If a user uses this option, the data entered in the input screen shall be transferred to us and stored. This data includes:

a] Contact form for table reservations

  • Email
  • First name and family name
  • Phone
  • Date of the restaurant visit
  • Alternative date
  • Time of the restaurant visit
  • Number of guests
  • Wishes and notes
  • Declaration of consent

b] Contact form for applications

  • Hotel name
  • Job opportunity
  • First name and family name
  • Email
  • Phone
  • Post address
  • Country
  • Application letter
  • Digital attachments like references, report cards
  • Salary expectations
  • Starting date
  • Declaration of consent

c] Contact form for travel offers

  • Prefix
  • First name and family name
  • Email
  • Phone
  • Post address
  • Country
  • Special selection
  • Travel date
  • Way of confirmation
  • Hotel prospekt
  • Declaration of consent

d] Contact form for convention requests and specials

  • Conference package
  • Company
  • Department
  • Prefix
  • First name and family name
  • Email
  • Phone
  • Post address
  • Country
  • Type of event
  • Number of persons
  • Date and time
  • Alternative date
  • Number of rooms
  • Seating style
  • Conference technology
  • Special requirements
  • Food service
  • Overnight stay number of rooms
  • Arrival day and departure day
  • Offer requested until
  • Option date requested until
  • Social programme
  • Wishes
  • Declaration of consent

e] Contact form for Christmas parties

  • Company
  • Prefix
  • First name and family name
  • Email
  • Phone
  • Post address
  • Country
  • Number of persons
  • Date and time
  • Alternative date
  • Offer requested until
  • Christmas party special
  • Culinary informationen
  • Social programme
  • Wishes
  • Declaration of consent

f] Contact form for hotel review

  • Travel date
  • Room details
  • Review details
  • Description of experience
  • Booking information
  • Sort of trip
  • Age
  • Name
  • Email
  • Recommendation
  • Publication on homepage
  • Declaration of consent

g] Contact form for hotel brochure ordering

  • Prefix
  • First name and family name
  • Company
  • Department
  • Post address
  • Country
  • Email
  • Phone
  • Hotel brochure selection
  • Remarks
  • Declaration of consent

h] Contact form for suite or apartment booking requests

  • Travel date
  • Number of persons
  • Alternative date
  • Prefix
  • First name and family name
  • Post address
  • Country
  • Email
  • Phone
  • Preferred contact type
  • Declaration of consent

i] Contact form for ordering award vouchers

  • Bonus membership number
  • Prefix
  • First name and family name
  • Email
  • Hotel
  • Declaration of consent

j] Contact form for events

  • Hotel name
  • Type of event
  • Prefix
  • First name and family name
  • Email
  • Phone
  • Post address
  • Country
  • Number of persons
  • Date and time
  • Alternative date
  • Number of rooms
  • Arrival day and departure day
  • Offer requested until
  • Option date requested until
  • Wishes
  • Declaration of consent

k] Contact form for event or catering request

  • Type of event
  • Number of persons
  • Date and time
  • Alternative date
  • Wishes
  • Prefix
  • First name and family name
  • Email
  • Phone
  • Post address
  • Country
  • Declaration of consent

Furthermore, following personal data is stored at the time by sending a contact form:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. Alternatively, you can also contact us on the email addresses provided. In this case, the user’s personal data which is transferred with the email is stored. Data is not disclosed to third parties in this regard insofar as it is unnecessary for direct processing of the request. The data is only used for processing the conversation.

2. Legal basis for data processing

Legal basis for data processing, provided that the user has given their consent to this effect, is article 6 (1) (a) GDPR. The legal basis for processing data transferred in the course of sending an email is article 6 (1) (f) GDPR. If you have contacted us by email with the aim of concluding a contract, article 6 (1) (b) GDPR forms an additional legal basis.

3. Purpose of data processing

We process personal data from the input screen for the purpose of processing contact and – provided that the visitor has given their express consent to this effect. If the user makes contact by e-mail, there is also a required legitimate interest in data processing. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of data storage

The data shall be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form’s input screen and the data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified and the user has no further interest. Furthermore, following personal data is stored at the time by sending a contact form:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access

The data will be deleted after a period of seven days.

5. Opposition and disposal possibility

You have the opportunity to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. In such a case, the conversation can not continue. If you would like to revoke your consent to data processing either in whole or in part, please send this revocation to the SORAT Hotel Verwaltungs GmbH, contact data provided above. The use of your above rights is free of charge for you. All personal data stored during the course of contact is deleted in this case.

XI. Contact management sales department and other business partners

1. Description and scope of data processing

On our website, there is a contact form for contact confirmation which can be used for the electronic approval of other business partners and their data processing after transferring a business card to our sales department or responsible hotel staff. If a user realizes this possibility, the indicated data on the business card and voluntarily transferred data will be transferred to us and stored in our sales database. This data includes [if available]:

a] Business card

  • Title
  • Präfix
  • First name and family name
  • Company
  • Department
  • Position
  • Post address
  • Email
  • Phone
  • Fax
  • Website

b] Additional data requested to the business card

  • Date of birthday
  • Interesses
  • Wishes
  • Notes

c] Consent form to a] and b]

  • Title
  • Prefix
  • First name and family name
  • Email
  • Declaration of consent

Furthermore, following personal data is stored at the time by sending a contact form:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access
2. Legal basis for data processing

Legal basis for data processing, provided that the user has given their consent to this effect, is article 6 (1) (c) GDPR and is article 6 (f) (a) GDPR. Furthermore, the legal basis for the processing of this data, which is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, is article 6 (1) (b) GDPR. The fulfillment of a contract is given for example when making a reservation or contract for meetings.

3. Purpose of data processing

The purpose and interest in processing lies in administration, tendering and contracting, financial accounting, office organization, data archiving, updating of contract data, which is necessary for the maintenance of the continuing business, performing our duties and providing our services, and contacting by phone, email, letter post or fax, for customer care and service such as sending greetings cards to birthdays, holidays and other festive occasions, for marketing as for invitation cards by letter or electronically to hotel events [such as roadshows, openings] and to send mailings by email and for market research.

4. Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

5. Opposition and disposal possibility

You have the opportunity to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. In such a case, the conversation can not continue. If you would like to revoke your consent to data processing either in whole or in part, please send this revocation to the SORAT Hotel Verwaltungs GmbH, contact data provided above. The use of your above rights is free of charge for you. All personal data stored during the course of contact is deleted in this case.

XII. Transferring personal data to third parties

1. Online booking on this website

In order to be able to make your reservations and orders and to offer you, as a guest and visitor of SORAT Hotels and Partners of SORAT Hotels, high service standards and quality of service, we will pass on your data to the respective SORAT Hotel and Partner of SORAT Hotels. If you use our offer through our website and make a booking, this is done through our own online reservation system – the SORAT Hotels Linoweb system. The transmission of your personal data between your computer or mobile device and our server is always encrypted by using Secure Sockets Layer [SSL]. We have taken technical and organisational measures to protect your personal data, in particular against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. These security measures are continually updated in line with technological developments. By entering your personal data, you give us permission to save it and use it for settlement processes within the booking process. For this purpose, we refer you to this privacy policy by means of a checkbox and via another checkbox you agree that we will pass on your data to the respective booked SORAT Hotel or Partner of SORAT Hotels.

2. Online reviews for quality management

For the purposes of hotel evaluation by hotel guests and quality management, we have integrated on the hotel websites of the SORAT Hotels in Berlin, Brandenburg, Cottbus and Regensburg, the hotel rating software of the company Customer Alliance. We have a contract with Customer Alliance for data processing. We and Customer Alliance fully implement the strict requirements of the German data protection authorities when providing and using the Customer Alliance hotel software. Former guests can leave an anonymous review after check-out at our hotel. For this we will send you an e-mail after departure to ask you for a hotel review. You have the right to object to the use or not to carry out the hotel evaluation at any time. Customer Alliance has committed itself to the privacy-oriented handling of your transmitted data. It takes all technical and organizational measures to protect your data. For this purpose, we refer you to this privacy policy by means of a checkbox and via another checkbox you agree that we also pass on your data to Customer Alliance. All checkboxes must be activated for sending. Otherwise, a reservation and order is not possible. We provide the following data to Customer Alliance: title, first name, surname, arrival and departure dates as well as your e-mail address. From the SORAT Hotels and Partners of SORAT Hotels in Nuremberg, Duesseldorf, Duisburg, Hof you will receive an e-mail from us directly via our own online reservation system Linoweb after departure for a hotel review. Your data will not be sold, rented or otherwise made available to third parties. Transfers of personal data to state institutions and authorities are only possible within the framework of mandatory national legislation.

3. Further transferring personal data to third parties

Any further disclosure of your personal data to third parties will not take place, unless you have expressly consented to a transfer of personal data separately or we have reasonable grounds that oblige us to do so by court order or by law. Your data will not be sold, rented or otherwise made available to third parties. Transfers of personal data to state institutions and authorities are only possible within the framework of mandatory national legislation.

XIII. External payment service providers

1. Paypal and credit cards

We use external payment service providers through whose platforms users and we can make payment transactions. For example Visa, Mastercard, American Express, Maestro, PayPal. As part of the fulfillment of contracts, we set the payment service providers on the basis of article 6 (1) (b) GDPR. Incidentally, we use external payment service providers on the basis of our legitimate interests. Article 6 (1) (b) GDPR in order to offer our users effective and secure payment options. Data processed by payment service providers includes inventory data such as name and address, bank details such as bank account numbers or credit card numbers, passwords, TANs and check number, as well as contract amount and recipient-related information. The information is required to complete the transactions. The entered data will be processed and stored by the payment service providers. The data may be transmitted by the payment service providers to credit reporting agencies. This transmission aims at the identity and credit check. For this we refer to the terms and privacy policy of payment service providers Visa, Mastercard, American Express, Maestro, PayPal. For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transaction applications apply. We also refer to these for further information and assertion of rights of withdrawal, information and other data subjects.

XIV. Comment function

1. Use of the comment function

On the website you will find a commentary function on our culinary world pages for the star rating of the recipes published there. In addition to your star rating of a recipe the following data will be saved when using this function: time oft he star rating and your IP address. The data collected and stored are used to prevent multiple assessments and thus violate rights. The data is then used to track and possibly block the IP address of the author, but not the author's identification. Before using the function, we will get your consent.

XV. Secure data transfer

1. SSL encryption

We use SSL encryption, Secure Sockets LayerFor on our website and our online reservation system Linoweb security reasons. This protects transmitted data and can not be read by third parties. You can see that the protocol label in the status bar of the browser changes from http: // to https: // and that a symbol in the form of a closed lock is visible there.

XVI. Web analysis services

1. Google Analytics privacy statement

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called cookies. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website. Following data is being transmitted:

  • Information about the browser type and version
  • Operating system of the user
  • Referrer URL - previously visited page
  • IP address of the user
  • Date and time of access

IP anonymization: We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website [incl. your IP address] from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: Google tool. You can prevent the collection of your data by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set to prevent your data from being collected on future visits to this site. For more information about how Google Analytics handles user data, see Google's privacy policy: Google support or Google settings or Google developers. We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

XVII. Social media plugin and button

1. Shariff solution

Some content on our pages may be shared in privacy-friendly ways on social networks like Facebook, Twitter or Google+. On these pages, we use the so-called Shariff solution and avoid the use of so-called social media plugins. The Shariff solution is an approach that establishes direct contact between the networks and users only when the user actively clicks on one of these buttons with links to one of the social networks. An automatic transfer of user data to the operators of these platforms does not take place through this link. If the user is logged in to one of the social networks, when using the social media button of Facebook, Google+ and Twitter, an information window appears in which the user can confirm the text before submitting. By using the Shariff solution, the contents of this site can be shared on social networks without complete surfing profiles being created by the network operators.

2. Twitter

By clicking on the Twitter button, after logging into your account, this website will be linked to your Twitter account and made known to other users. This data is also transmitted to Twitter. Please note that as the provider of this website, we are not aware of the content of the transmitted data and their use by Twitter. For more information, please refer to the Twitter privacy policy, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Your privacy settings are changeable to your Twitter account under settings.

3. Facebook

By clicking on the Facebook button, after logging in with your Facebook account, a connection is established between your browser and the Facebook server. Then you can link contents of our website with your profile on Facebook. We point out that we as the provider of this website are not aware of the content of the data transmitted and their use by Facebook. For more information, see the Facebook privacy statement, Facebook Inc. Privacy Statement, 1 Hacker Way, Menlo Park, California 94025, USA.

4. Google+

By clicking on the Google+ button a connection between your browser and Google will be established after connecting to your Google account. You can now share the information. In order to share content through Google+, you need a globally visble public Google profile that has at least the name chosen for the profile. This name will be used in all Google services. Please note that Google stores both: the information that you have shared content of this website and information about the website you have viewed. Your activity may appear as an indication along with your profile name and photo in all Google services, such as search results, in your Google profile, or elsewhere on websites and advertisements on the internet. Google may publish summarized statistics about users' +1 activity and share it with users and partners, such as publishers, advertisers, or affiliate websites. For more information on Google Inc. Privacy and Terms of Use, 1600 Amphitheater Parkway Mountain View, CA 94043, United States, visit Google policies and terms.

5. Google Maps

Our website uses Google Maps API to visually present geographical information. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When using Google Maps, Google also collects, processes and uses data about the use of the maps functions by visitors on that website. For more information about processing of data by Google read Google privacy policy. There you can also change your settings in the privacy center, so that you can manage and protect your data. Here are more ways to manage your own data related to Google products: Google support. It is possible to deactivate the Google Maps service and thus prevent the transfer of your data to Google by deactivating JavaScript in your browser. However, in this case you will be unable to use the map view.

6. YouTube

We have integrated YouTube videos in our online offer, YouTube is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA – represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Usually, when you visit a page with an embedded video, your IP address will be sent to YouTube and cookies will be installed on your computer. However, our videos are all integrated in an extended data-protection mode. In this case, YouTube will still contact the Google double click service, according to Google's privacy policy, personal information is not evaluated. As a result, YouTube does not store any information about visitors unless they watch the video. If you clicked on the video, your IP address will be sent to YouTube and YouTube will know that you have watched the video. If you are logged in to YouTube, this information will also be assigned to your user account. You can prevent this by logging out of your YouTube account. We are not aware of the possible collection and use of your data by YouTube. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to article 6 (1) (f) GDPR. Further information about handling user data, can be found in the data protection declaration of YouTube. In addition, we refer you to the general handling and deactivation of cookies in this privacy policy.

XVIII. Products, services, content and links of third parties

1. Embedding of web fonts

For uniform representation of fonts, we use web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our website was accessed via your IP address. The use of Google web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to article 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font is used by your computer. Further information about handling user data, can be found at Google fonts and in the Google privacy policy.

2. Integration of third party services and content

It can happen that content from other websites is embedded within this online offer, such as Instagram images. This always assumes that the provider of such content - hereinafter referred to as third-party - perceive the IP address of the user. Without the IP address, they could not send the content to the browser of the respective user. The IP address is necessary for the presentation of that content. For more information about handling user information, see the third-party privacy policies. We strive to only use content of such providers that are using the IP address for the purpose of the delivery of content. However, please note that we as the provider are not notified if third-party stores the IP address for example for statistical purposes and if you are signed in to for example Instagram with your account, you are giving the third-party vendors the ability to associate your user behavior directly with your personal profile on those third-party sites. If we find out that a service provider is abusing this data, we will immediately remove that service from our site. If you want to prevent the third-party integrated services from assigning the visit to our website to your account, you can avoid it by logging out of your account.

3. Integration of third parties links

Our website contains links to third party websites on which contents we have no influence. If you follow a link to any of these websites, you browse outside our website. Due to this fact we cannot take guarantee for the foreign contents. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites. Upon notification of violations, we will immediately remove such links.

XIX. Images

1. Copyrights

Image on the internet start page: 3D character with 10% discount sign [c] istockphoto LP, provider apcuk, images Lazy Sunday Berlin - young woman wake up in the morning and sitting on bed at window door side relaxing in holiday with sunlight, back side view [c] Kiattisak, Lazy Sunday Brandenburg - cheerful couple having breakfast together [c] goodluz, Lazy Sunday Nuremberg - couples feet on bed [c] kickimages on Lazy Sunday travel special website and all other images on our website are copyrighted. The SORAT Hotels have unlimited or simple rights of use for the published images. When using non-SORAT image material, a unique source information is provided, with the exception of the partner hotels of the SORAT hotel group. The SORAT Hotels are exempted from any claims of third parties in the context of the use of external images. SORAT Hotels assumes no liability for external images. By posting external images, the source statement guarantees that the SORAT Hotels can freely dispose of the images and that it is free of third-party rights and that imitated persons consent to the publication without any compensation being payable. The source statement exempts the SORAT Hotels in this respect from all claims of third parties, which make this in terms of the images set to the SORAT Hotels. Images and 360 ° hotel tours with the copyright Google may only be used on the SORAT Hotels websites or by Google itself in accordance with the Google terms of use. External use on other sites or in print products is prohibited. Unless otherwise indicated, all image rights of the images displayed on this website are owned by the SORAT Hotels and the SORAT partner hotels. SORAT's own images may only be used for editorial purposes by journalists and SORAT contractors. Graphical changes are not allowed except to crop the main subject.

XX. Rights of the data subject

1. General provisions

If personal data is processed by you, you are a victim within the meaning of the GDPR and you have the following rights to the person responsible:

2. Right of access by the data subject

You may ask the person responsible to confirm if personal data concerning you is processed by us. If such processing is available, you can request information from the person responsible about the following information:

[1] the purposes for which the personal data are processed;

[2] the categories of personal data that are processed;

[3] the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

[4] the planned duration of storage of your personal data or, if specific information is not possible, the criteria used to determine that period;

[5] the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;

[6] the right to lodge a complaint with a supervisory authority;

[7] all available information on the source of the data if the personal data are not collected from the data subject;

[8] the existence of automated decision-making, including profiling, referred to in article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information whether your personal data be transferred to a third country or an international organization. In this case of transfers, you may request to be informed of the appropriate guarantees referred to article 46 GDPR.

3. Right to rectification

As data subject you shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you; or or where interested therein, integration of the data. The correction shall be carried out without delay by the person responsible.

4. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

[1] the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

[2] the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

[3] the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

[4] the data subject has objected to processing pursuant to article 21 (1) GDPR peding the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under the conditions above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you a data subject who has obtained restriction of processing pursuant under the conditions above you will be informed by the controller before the restriction of processing is lifted.

5. Right to erasure

a) Erase obligation

As data subject you shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

[1] your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

[2] you withdraw consent on which the processing is based according to point (a) of article 6 (1) GDPR, or point (a) of article 9 (2) GDPR, and where there is no other legal ground for the processing.

[3] you object to the processing pursuant to article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21 (2) GDPR.

[4] the personal data have been unlawfully processed.

[5] the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

[6] the personal data have been collected in relation to the offer of information society services referred to article 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged pursuant to article 17 paragraph 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The obligation of erase shall not apply to the extent that processing is necessary:

1] for exercising the right of freedom of expression and information;

[2] for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

[3] for reasons of public interest in the area of public health in accordance with points (h) and (i) of article 9 (2) as well as article 9 (3) GDPR;

[4] for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 (1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

[5] for the establishment, exercise or defence of legal claims.

6. Notification obligation

Have you obtained the right of rectification, deletion or limitation of the processing to the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with article 16 GDPR, article 17 (1) GDPR and article 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

7. Right to data portability

You have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

[1] the processing is based on consent pursuant to point (a) of article 6 (1) GDPR or point (a) of article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR; and

[2] the processing is carried out by automated means.

In exercising the right to data portability you have the right that your personal data is transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons may not be affected. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

8. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of article 6 (1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

9. Right of withdraw the data protection declaration of consent

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

10. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. That not apply if the decision:

[1] is necessary for entering into, or performance of, a contract between the data subject and a data controller;

[2] is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

[3] is based on the data subject’s explicit consent.

However, decisions shall not be based on special categories of personal data referred to in article 9 (1) GDPR, unless point (a) or (g) of article 9 (2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place. In the cases referred to in points [1] and [3], the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

XXI. Complaints and settlement of disputes

1. Right of appeal to the supervisory authority

Irrespective of the rights above and the possibility of asserting another administrative or legal redress, you also have the possibility at any time of asserting your right to complain to a supervisory authority, in particular, in the member state of your place of domicile, of your place of work or of the location of the alleged infringement if you are of the view that the processing of personal data affecting you infringes legal data protection regulations, within the meaning of article 77 GDPR.

2. Online dispute resolution

The European Commission established an internet platform for the online settlement of disputes, the so-called OS platform. The OS platform is intended as a point of departure for the out-of-court settlement of disputes concerning contractual obligations arising from online purchase contracts. The OS platform is available under the following link: ec.europa.eu.

Cookies make everything better. Also websites. That's why we use cookies. By continuing to use our website, you agree to its use. Details are available in our privacy policy.We use cookies. Details are available in our privacy policy. Agree to use: