Boutique Hotel Hamburg
misc image

Privacy Policy & Data Protection

Privacy Policy & Data Protection

With the following information we would like to give you an overview of the processing of your personal data in connection with the use of our website as well as during a stay in our hotel and inform you about your rights according to data protection law.

I. Information on the processing of personal data

By way of introduction, we would like to refer to our far-reaching information on transparency formation in accordance with Art. 13 and 14 DSGVO.

1. Responsible Party

The responsible party for data processing on this website pursuant to Art. 4 No. 7 DSGVO and provider of the website (service provider) within the meaning of the German Telemedia Act (TMG) is.

Hotel Rosengarten GmbH
Poppenbüttler Landstraße 10b
22391 Hamburg

Phone: +49 40 608 714-0
Fax: +49 40 608 714-37
E-mail: [email protected]

Complete information according to § 5 TMG (imprint)

2. Purposes and legal basis for the processing of personal data

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (DSGVO), the new German Federal Data Protection Act (BDSG-neu) and all other applicable laws for the following purposes and based on the following legal grounds:

(a) To process and manage reservation requests and reservations as well as to provide our services under the accommodation contract, including the processing of your hotel stay, payment processing and to track your use of our services, e.g. telephone, to carry out check-in and manage access to rooms - the legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO.

(b) For the fulfilment of a legal obligation to which our company is subject as the responsible party (e.g. due to registration laws, tax laws, accounting obligations, etc.) - the legal basis for this is Art. 6 para. 1 p. 1 lit. c) DSGVO.

(c) Sending of our e-mail newsletter including the management of your subscription to the newsletter - the legal basis for this is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO.

(d) To implement and manage your participation in our planned loyalty program - the legal basis for this is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO.

(e) To maintain, guarantee and improve the quality of our products and services, in particular by conducting and analyzing satisfaction surveys and guest comments, by processing your personal data in our guest database, which enables us to recognize you as a returning guest, to better assess your requirements and wishes, to improve the quality and individuality of our communication with you and to create customized offers for you - the legal basis for this is Art. 6 (1) S. 1 lit. f) DSGVO. Our interests arise from the existing accommodation contract with you, which constitutes a relevant and appropriate relationship within the meaning of Recital 47 to the GDPR, as well as from the fact that this type of data processing is customary in the hotel industry and corresponds to the reasonable expectations of the vast majority of guests.

(f) For the purpose of advertising our offers and services to existing customers - the legal basis for this is Art. 6 (1) sentence 1 lit. f) DSGVO. You can find more details on advertising to existing customers under Part II No. 2 of this data protection notice.

(g) To safeguard house rights, to prevent and investigate criminal offences (in particular also by means of video surveillance), to assert and defend legal claims and to safeguard interests in the event of legal disputes, to ensure IT security and IT operations, to identify creditworthiness risks - the legal basis for this is Art. 6 (1) sentence 1 lit. f) DSGVO. Our overriding legitimate interests follow from our obligation to ensure a safe stay of our guests in the hotel as well as from our interest in the enforcement of our material and immaterial claims and the exercise of our rights as well as in the defense against unjustified claims. Furthermore, the processing of personal data to the extent strictly necessary for the prevention of fraud also constitutes a legitimate interest of our company pursuant to Recital 47 of the GDPR.

(h) To process the purchase of a voucher - the legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO.


Minors may not transmit personal data to us without the consent of their legal guardians. We do not process any knowingly obtained personal data of minors within the scope of the website.

3. Categories of recipients of the personal data

If and insofar as necessary for the purposes stated in section 3 above, we also disclose your personal data to the following recipients or categories of recipients pursuant to Art. 4 No. 9 DSGVO:

Within our company, only those offices will receive an inspection of or access to your data (to the extent necessary in each case) that need it to fulfil our contractual and legal obligations.

To the extent that your personal data is processed in our central guest database. When carrying out existing customer advertising measures, your personal data will only be disclosed to those employees of our company who have access to our central guest database.

Service providers used by us (e.g. as part of commissioned processing pursuant to Art. 28 DSGVO) and vicarious agents may also receive personal data for these purposes. These are companies in the categories of credit services and payment processing, IT services, cleaning services, logistics, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing.

Furthermore, data may be passed on to public bodies and institutions if there is a legal obligation to do so (e.g. tax authorities, and law enforcement agencies).

Further data recipients may be those bodies for which you have given us your consent to the transfer of data.

4. Transfer of personal data to a third country

A transfer of personal data to bodies in states outside the European Union (so-called third countries) will take place if it is required by law or you have given us your consent.

5. Duration of storage of personal data and criteria for determining this duration

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual obligations, they are regularly deleted, unless their temporary further processing is required due to commercial and tax retention periods (including the German Commercial Code (HGB), the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.

6. Your rights as a data subject

Every data subject whose personal data is processed has the right to information from the controller about the personal data concerned in accordance with Article 15 of the GDPR, the right to rectification in accordance with Article 16 of the GDPR, the right to erasure in accordance with Article 17 of the GDPR, the right to restriction of processing in accordance with Article 18 of the GDPR, the right to object to processing in accordance with Article 21 of the GDPR and the right to data portability in accordance with Article 20 of the GDPR. With regard to the right to information and the right to deletion, the restrictions pursuant to Sections 34 and 35 BDSG-neu also apply.

More information on your right to object to processing pursuant to Art. 21 DSGVO.

If the processing of your personal data is based on consent given to us, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Art. 77 DSGVO in conjunction with Section 19 BDSG-neu.

7. Obligation to provide data

Within the framework of our contractual relationship, you must provide the personal data that are necessary for the establishment and execution of the accommodation contract or that we are legally obliged to collect. Without this data, we will generally not be able to conclude the contract with you or execute it. 

In particular, we are required by Section 30 (2) of the Federal Registration Act to collect certain personal data about you as part of the registration form. If you do not provide us with the necessary information, we may not be able to provide the services you requested or not completely.

8. Automated decision-making and profiling

When establishing and implementing our contractual relationship, you will not be exposed to any decision based exclusively on automated processing - including profiling - pursuant to Art. 22 DSGVO, which produces legal effects vis-à-vis you or similarly significantly affects you.

9. Supplementary information about your right of objection pursuant to Art. 21 DSGVO.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1) sentence 1 lit. e) DSGVO (data processing in the public interest) or Art. 6(1) sentence 1 lit. f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision in accordance with Art. 4(4) DSGVO.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If your personal data is processed by us in order to advertise for existing customers, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such advertising for existing customers.The objection is possible without any formalities and should be addressed directly to us.

10. Video Surveillance

For video surveillance in some public areas, the following applies to the associated processing of personal data:

(a) Purposes of data processing:

Exercise of domiciliary rights, prevention of criminal offences (e.g. damage to property or theft), ensuring criminal prosecution.

(b) Legal basis for data processing:

Art. 6 para. 1 p. 1 lit. f) DSGVO.

The overriding legitimate interests of our company follow from our obligation to ensure a safe stay of our guests at the hotel as well as from our interest in enforcing our material and immaterial claims and exercising our rights as well as defending against unjustified claims.

(c) Categories of recipients of the personal data:

Potential recipients of the data are law enforcement authorities and persons or companies we engage to exercise our rights (such as lawyers).

We do not intend to transfer the data to any third country or international organization.

(d) Duration of storage of personal data:

If a recording of surveillance footage takes place, the relevant recordings will be deleted after 72 hours at the latest; after this storage period has expired, only data that is required for the clarification of specific incidents or for the enforcement of claims based on a specific event (e.g. a criminal offense) will be stored. This data is also deleted after the purpose for continued storage has ceased to exist.


1. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this websiteIf, after the conclusion of a contract with costs, there is an obligation to transmit your payment data to us (e.g. account number in the case of direct debit authorization), this data is required for payment processing.

Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

ContactingWhen contacting us (for example, by contact form or e-mail), the user's details are stored for the purpose of processing the request and in the event that follow-up questions arise.

2. E-mail newsletter and existing customer advertising

E-mail newsletter

With the e-mail newsletter, we will inform you regularly about offers and information about special offers, services, promotions and services of the Hotel Rosengarten GmbH, especially about your stay, best price offers and on the occasion of your birthday, as well as invitations to events.

If you would like to receive the e-mail newsletter, we require a valid e-mail address from you. For the registration to our newsletter, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within two weeks, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

You can revoke your consent at any time. The lawfulness of the processing until the exercise of your revocation remains unaffected. To exercise your right of revocation, you can click on the unsubscribe link in the respective message or send us a message to [email protected].

Existing customer advertising

We reserve the right to send our guests offers from our range of services as an existing customer advertisement by e-mail. Our legitimate interest in advertising to existing customers is to be able to offer our guests individual offers tailored to their target groups, which are based on a previous booking (transaction) or the existing customer relationship.

We can process your personal data, which you provide to us when making a booking, within 12 months of a previous transaction for the purpose of sending out advertising to existing customers. If you do not make a new booking or do not make another transaction within this period, your personal data will no longer be processed for the purpose of existing customer advertising and will be deleted accordingly, unless you have subscribed to a newsletter or your personal data must continue to be stored due to other regulations.

You can object to the use of your e-mail address for the purpose of sending advertising to existing customers at any time without incurring any costs other than the transmission costs according to the basic rates. For more information on how to exercise your right to object to the use of your e-mail address for direct marketing purposes, please refer to Part I No. 10 of this Privacy Policy.

3. Cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you; on the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

For this purpose, we use cookies for the purposes mentioned below:

Necessary functions: These cookies contribute significantly to improving your movement and booking experience on our website. Basic functionalities and applications such as shopping carts or electronic billing procedures are thereby optimized and their handling facilitated. These cookies do not collect information about you that can be used for marketing campaigns or statistical analysis. These cookies are necessary for the use of the website, the legal basis for these cookies is Art 6 (1) lit. b) DSGVO.

Statistical analysis: Statistical analysis is the processing and presentation of data about user actions and interactions on websites and apps (e.g. number of page visits, number of unique visitors, number of returning visitors, entry and exit pages, dwell time, bounce rate, actuation of buttons) and, where applicable, the classification of users into groups based on technical data about the software settings used (e.g. browser type, operating system, language setting, screen resolution). The legal basis for these cookies is consent in accordance with Art 6 (1) a) DSGVO.

Reach measurement: Reach measurement is the visit action evaluation by analyzing user behavior in terms of determining specific user actions and measuring the effectiveness of online advertising. The number of visitors who have reached websites or apps, for example, by clicking on advertisements, is measured. In addition, the rate of users who perform a certain action (e.g. registering for the newsletter, ordering goods) can be measured. The legal basis for these cookies is consent pursuant to Art 6 (1) a) DSGVO.

Personalized advertising: Certain functions of websites and apps are used to display personalized advertising materials (ads or commercials) to users in other contexts, for example on other websites, platforms or apps. For this purpose, conclusions about the interests of users are drawn from demographic information, search terms used, contextual content, user behavior on websites and in apps, or from the location of users. Based on these interests, advertising materials will be selected in the future and displayed at other online content providers. The legal basis for these cookies is consent in accordance with Art 6 (1) a) DSGVO.

Setting cookies via the browser

In your browser, you can set that cookies are only stored if you agree to this. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely disabling cookies may prevent you from using all the features of our website. If you only want to accept our cookies, but not cookies from partners, please select the "Block third-party cookies" in your browser. In the menu bar of your web browser, the help function will show you how to reject new cookies and disable those you have already received. We recommend that for shared computers that accept cookies and so-called Flash cookies, you always log out completely when finished.

4. Cookies provider

Google Analytics

This website also uses Google Analytics, a web analytics service provided by Google Inc. based in Mountain View, USA ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

Recipient: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001).

5. Integration of services and content from third-party providers (collection of IP address by third-party services).

Third-party content (hereinafter referred to as "third-party providers") is integrated within the website. For the use of such content, the transmission of the user's IP address to the respective third-party provider is technically necessary. This is because without the IP address, the third-party providers would not be able to send the content embedded in the website to the browser of the respective user. Example: videos from YouTube, map material from Google Maps, RSS feeds or graphics from others. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. Insofar as this is known to us, we inform the users about it.

6. Integration of payment service providers for online payments

For the processing of online payments, we also use the external payment service provider, through whose platforms you can, based on your free decision, initiate payment transactions. If you wish to make an online payment, this can be done both integrated with the booking process and via an e-mail address provided by you by sending a corresponding link. In the event that you use such a link, you will be redirected to the pages of the payment platform. 

Status and updating of the data protection information

This data protection notice is valid as of 15.09.2022.We will update this data protection notice from time to time in the event of relevant changes to our website, the processing of personal data or changes to legal requirements. The revised version will apply from the published effective date. In the event of significant changes to this privacy notice, we will inform you in good time before the changes come into force by posting a notice on our website. We may also notify our guests of the changes by email or other means.

From: To:
Check Availability

Poppenbüttler Landstr. 10b
Hamburg 22391
Phone: +49 40 6087140