We are pleased that you are visiting our website. Protecting your privacy and personal data when using our website is an important concern for us.
This privacy policy applies to the online presence of Flemings Hotels GmbH & Co. KG at www.flemings-hotels. For our other online services and websites, as well as websites of other providers to which we refer via a link, the privacy policies published there apply.
Here you will find information about how we handle your personal data when you visit our website. To provide the functions and services of our website, it is necessary for us to collect personal data about you. Below, we explain what data we collect about you, why this is necessary, and what rights you have in relation to your data.
Responsible for the processing of personal data under the General Data Protection Regulation (GDPR) and other data protection laws is (cf. legal notice):
Flemings Hotels GmbH & Co. KG
Bleichstraße 52
60313 Frankfurt am Main
Phone: +49 069 37003-180
You can also contact our Data Protection Officer at any time with questions regarding data protection, either at the address above or by email at info@schiedermair-datenschutz.com.
Each time our website is accessed, the following technically necessary data is automatically collected by the system of the requesting device:
The collection and temporary storage of this data is technically necessary to display our website to you. We also use the data to ensure the security and stability of our website. This data is not evaluated for marketing purposes, compared with other datasets, or passed on to third parties. The legal basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the purposes described above.
The data is deleted as soon as the respective browser session ends.
We use technically necessary cookies to facilitate and improve the use of our website. Cookies are text files stored on a device via the web browser during a website visit. These serve user guidance and session recognition, e.g., for permanent login or room booking. These cookies are not used for analytics or advertising purposes.
Most browsers accept cookies automatically. You can delete stored cookies at any time via your browser settings or configure your browser to notify you before cookies are set or to reject cookies entirely. If technically necessary cookies are disabled, the website may not display properly, and some functions may be unavailable. Disabling these cookies via our consent tool is not possible.
If technically necessary cookies involve personal data processing, the legal basis is Art. 6(1)(f) GDPR, § 25(2) TDDDG.
This website uses Google Tag Manager, a tool provided by Google that manages JavaScript and HTML tags used to implement the services described below. The system controls, based on the consent you provide, which tags should be triggered and when. Google Tag Manager itself does not set cookies or collect any personal data or other information from you or your device. The services managed through it may set the necessary cookies.
Google Analytics: With your consent, we use Google Analytics, a web analytics service provided for Europe by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”). This allows us to assign data, sessions, and interactions across devices to a pseudonymous user ID and analyze user activities across devices.
Google Analytics uses cookies—text files stored on your computer that enable analysis of your website use. Information generated by the cookie (e.g., time, location, frequency of visits, including your IP address) is transmitted to and stored by Google. As this site uses the “_gat._anonymizeIp” extension, your IP address will be truncated by Google within EU or EEA member states. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there.
According to Google, the IP address transmitted by your browser will not be merged with other Google data. Google will use the collected information on behalf of the website operator to evaluate your use of the website, compile reports on website activity, and provide other related services. Google may also transfer this information to third parties where required by law or if such third parties process the data on Google's behalf.
Google LLC, Mountain View, California, USA, is certified under the EU-U.S. Data Privacy Framework.
You can prevent the storage of cookies by setting your browser accordingly; however, please note that you may not be able to use all functions of this website to their full extent.
Google offers a browser deactivation add-on that gives you control over the data collected by Google Analytics. The add-on instructs the Google Analytics JavaScript (ga.js) not to transmit any data to Google. Note: this does not prevent data transmission to other analysis tools we may use. You can find the add-on here: https://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent future data collection when visiting this website. To apply across devices, opt out must be done on each one.
Legal basis: your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).
Purpose: to analyze user behavior anonymously and improve our website based on the findings.
Data tied to cookies, user IDs, or advertising IDs is automatically deleted after 14 months. Deletion of expired data occurs once a month. More information:
- https://www.google.com/analytics/terms/de.html
- https://policies.google.com/privacy?hl=de&gl=de
The Hotels Network (THN):
To optimize the user experience on our site, we use software from THE HOTELS NETWORK S.L. (Muntaner 262, 3º, 08021 Barcelona, Spain, “THN”). This tool helps us analyze anonymized user behavior to understand how users interact with our website and enhance usability. THN generates a backend hash from website user data (browser info, page views, scroll behavior). All data processing is anonymous and does not allow personal identification.
No personal data is processed. Legal basis: your consent under § 25(1) TDDDG.
More info: https://www.thehotelsnetwork.com/de
Facebook Custom Audience: With your consent, we use Facebook Custom Audience on our website. This service is provided for the European region by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). We cannot rule out that collected data is also transmitted to Meta Platforms Inc. (1601 Willow Road, Menlo Park, California 94025, USA) (collectively referred to as “Facebook”). Meta Platforms Inc. is certified under the EU-U.S. Data Privacy Framework.
Facebook Custom Audience enables us to measure, optimize, and build target audiences for our ad campaigns. By tracking cross-device actions, we can run more efficient campaigns and tailor ads to relevant target groups.
If you have a Facebook profile, Facebook can recognize this using a set Facebook Pixel, which transmits collected usage data. The Facebook Pixel is a JavaScript code that sends the following data to Facebook:
• HTTP header information (e.g., IP address, browser info, page location, document URL, user agent, date/time of use)
• Pixel-specific data (Pixel ID and Facebook cookie data, including your user ID)
• Additional information about your website visit and custom events
These data processes only affect users who have a Facebook account or have visited a Facebook partner site that set a cookie.
If the user ID in the Facebook cookie can be linked to a Facebook account, Facebook adds that user to a target audience based on rules we define. We use this information to show ads on Facebook (and partner sites). Users who are not Facebook members are not affected.
Legal basis: your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).
More information:
Facebook Connect: With your consent, we use the “Facebook Connect” social plugin on our website, offered in Europe by Meta Platforms Ireland Limited. If you have a Facebook account, you can log in or register with your Flemings user account using this plugin.
When visiting our website, your browser establishes a direct connection to Facebook’s servers. Facebook directly transmits the plugin content to your browser, integrating it into the website. This gives Facebook the information that your browser accessed our site—even if you don’t have a Facebook account or aren’t logged in. This includes your IP address and is transmitted to Facebook’s U.S. servers and stored there.
If you log in or register using Facebook Connect, we receive—based on your privacy settings—public profile info such as your user ID, name, profile picture, age, and gender. We store and process this data. Conversely, information about your usage of our website may also be shared with your Facebook profile with your consent.
If you do not want Facebook to associate your data with your profile, log out of Facebook before visiting our website.
Meta Platforms Inc., Menlo Park, CA, USA, is certified under the EU-U.S. Data Privacy Framework.
More information: https://www.facebook.com/policy.php.
When consent is required for the services mentioned above, we collect it using our cookie consent management tool, which appears on the homepage and can be reopened anytime by clicking the “Privacy” button. This tool is provided by:
Secure Privacy
Fruebjergvej 3
Copenhagen, Capital Region 2100 DK
The tool provides detailed information about the cookies in use and allows you to adjust your settings at any time.
By using the Secure Privacy tool, we fulfill our legal obligation to obtain and document your consent to the use of non-functional cookies (Art. 6(1)(c) GDPR).
You can book a stay at one of our hotels via our booking platform. Booking is possible either as a registered user or as a guest. For a room booking, we process the data requested in the booking form, including:
• Name
• Contact details (email address, postal address)
• Payment data (credit card number, expiry date, cardholder name)
• Reservation details (period of stay, number of guests, room selection, other booking conditions)
• Flight data
• Data entered in the free text field
• Optional creation of a user account and password
• Coupon bookings
We use your email address to send you confirmations, modifications, or cancellations related to your booking and other communications relevant to your reservation.
The data you enter into the booking form is transmitted to and stored by us and our partner:
TravelClick, Inc.
55 W 46th St, 27th floor
New York, NY 10036
USA
TravelClick acts on our behalf based on EU standard contractual clauses.
Alternatively, you may book a stay via our telephone reservation hotlines. In that case, we collect and store the same categories of data as above.
To fulfill our legal reporting obligations for international guests, we transmit certain data (name, address, date of birth, nationality, length of stay, number of accompanying guests and their nationalities, passport number for non-German residents) to the local registration authority after check-in. This is a legal requirement—check-in without providing this information is not permitted.
For bookings at our Vienna hotels, data is transmitted to:
Flemings Hotels GmbH, Neubaugürtel 26–28, 1070 Vienna, Austria.
Upon check-in in Austria, guests must complete a registration form, providing name, date and place of birth, nationality, and—if from abroad—type of ID, issuing authority, number, and date of issue. The guest form must be signed and retained for three years and made available to local authorities upon request.
Legal basis:
• Art. 6(1)(b) GDPR – necessary for the conclusion and fulfillment of the lodging contract
• Art. 6(1)(c) GDPR in conjunction with §§ 29, 30 of the German Federal Registration Act (BMG) – for legal reporting duties
• Art. 6(1)(f) GDPR – our legitimate interest in conducting credit checks to secure receivables
We process your data only as long as necessary to meet contractual or legal obligations.
Commercial and tax-related retention periods are six or ten years.
Guest registration forms, as required by the German Federal Registration Act, are stored for one year and destroyed within three months after the retention period ends.
As part of our loyalty program, we offer you the option to register for a user account. Through the registration form, you provide us with:
• Your first and last name
• Your email address
• A password
• Optionally: your phone number
We store this data to maintain and manage your user account and enable access. These details—except for the password, which is only shown in masked form—are visible in your user account.
When you complete the registration process, your IP address and the date and time of registration are also automatically recorded and stored.
Legal basis:
• Art. 6(1)(a) GDPR – your consent
• Art. 6(1)(b) GDPR – required for facilitating room bookings and thus the fulfillment of a contract
Your data will be deleted once it is no longer required for its original purpose. You can request the deletion of your account or modify your personal details at any time. If you delete your user account, the associated data will be deleted immediately—unless it is still required to process a booking or legal retention requirements (e.g., under the German Tax Code) prevent deletion.
For data storage related to bookings, see Section 2.
We use a solution from:
CODE2ORDER GmbH
Schelmenwasenstraße 34
70567 Stuttgart
Through this digital guest directory, we provide hotel guests with information and services. Use of the directory is generally possible without user registration. However, to access some services, personal data must be provided to verify your eligibility (e.g., to request certain services).
This may include the following categories:
• Cookie ID
• Geolocation data
• Room number
• Activity data (e.g., used modules, time spent)
• Booking data (e.g., reservation number, arrival and departure dates)
For specific services, system-level data transfers are necessary. Data is also transmitted to:
Mailgun Technologies Inc.
112 E Pecan St. #1135
San Antonio, TX 78205
USA
Mailgun is certified under the EU-U.S. Data Privacy Framework.
Cookies are set on guest directory pages by CODE2ORDER GmbH, for which your consent is obtained. Information about these cookies is available on the guest directory pages.
All pages of the guest directory are secured with TLS encryption to protect data confidentiality.
For more information, see CODE2ORDER GmbH’s guest services privacy policy: https://www.code2order.com/privacy-policy/gss.
Our voucher shop allows you to purchase gift certificates for services offered by us online. To do so, we collect and process the data you provide in the form:
• Salutation
• Name
• Address
• Email address
• Payment method
• Optional: phone number
• Voucher details (value, optional: recipient, message)
All this “order data” is transmitted to us in encrypted form and processed. Additionally, we collect and process access data from the ordering pages, including your IP address. Usage data is not combined with order data, and no user profiling takes place.
The operation of the voucher shop is carried out by:
Hot-Tec GmbH
Lankwitzer Straße 19,
12107 Berlin
https://www.hot-tec.com/datenschutz/.
Payment is processed by:
Datatrans AG
Kreuzbühlstraße 26
8008 Zurich
Switzerland
You are redirected to their website for payment. We do not receive any payment data.
https://www.datatrans.ch/de/datenschutzbestimmungen/
Purpose and legal basis:
Processing your order data is necessary to fulfill the purchase contract (Art. 6(1)(b) GDPR).
Access data is processed to prevent system abuse, which constitutes a legitimate interest (Art. 6(1)(f) GDPR).
We store your data for the validity period of the voucher. After that, the data is deleted unless legal retention obligations apply.
You can contact us using the contact form on our website. When doing so, we collect and store the data you enter in the form:
• Salutation
• Name
• Email address
• The Flemings Hotel responsible for handling your request
• Content of your message
• Optional: company name, phone number
Upon submission, we also automatically collect and store your IP address, as well as the date and time of submission.
Legal basis:
• Art. 6(1)(f) GDPR – our legitimate interest in processing your inquiry
• Art. 6(1)(b) GDPR – if your inquiry is related to contract initiation
We use your data exclusively to process your inquiry. Automatically collected submission data is used to prevent abuse and ensure the security of our IT systems.
Your data will be deleted once your request is fully resolved and a reasonable retention period has expired. Automatic deletion occurs after three years, calculated from the end of the year in which we last processed your inquiry. Submission metadata (IP, timestamp) is deleted after seven days.
We may use your email address and postal address, obtained during the sale of a product or service, to promote our own similar products or services. This also includes invitations to submit guest reviews of your stay at one of our hotels.
For operating and analyzing the review system, we use the services of:
TrustYou GmbH
Schmellerstraße 9
80337 Munich
TrustYou acts on our behalf and under our instructions.
More information:
You may object to this use of your data at any time, free of charge (except for basic transmission costs). We will inform you again about this right whenever we use your data for such marketing purposes.
For email marketing beyond this scope, we will obtain your explicit consent. You may withdraw your consent at any time with future effect and without giving reasons.
If you register for our newsletter, we will verify your email address using a double opt-in procedure. You will receive a confirmation email to validate your email address and consent.
For sending marketing emails, we use:
TravelClick, Inc.
TravelClick processes email open and click rates to track deliverability, engagement, and actions taken (clicks, unsubscriptions). We only receive aggregated statistics without personal references.
Legal basis:
• Art. 6(1)(f) GDPR in conjunction with § 7(3) of the German Unfair Competition Act – legitimate interest in direct marketing
• Art. 6(1)(a) GDPR – if we obtain your consent
• Art. 6(1)(f) GDPR – for open/click rate tracking, based on legitimate interest in ensuring deliverability
It is not possible to deactivate open/click rate tracking separately. However, you may opt out of marketing communications entirely at any time. We fulfill our obligation to verify your email address by sending the verification email as part of the double opt-in procedure.
If you object to this or revoke your consent, we will delete your data for advertising purposes immediately. Please note that you may still receive advertising from us during an implementation period of approximately one week after an objection or revocation. Apart from storing your data for advertising purposes, it is subject to the statutory retention periods described above, for example, when you book a room or register for a user account. If you have opted out of receiving advertising from us or revoked your consent, we will block your data accordingly.
Our website includes a chat function for direct communication. This feature is provided by:
Freshworks Inc.
2950 S. Delaware Street
San Mateo, CA 94403
USA
Freshworks operates on our behalf under EU Standard Contractual Clauses: https://www.freshworks.com/data-processing-addendum/).
Freshworks is certified under the EU-U.S. Data Privacy Framework.
If your inquiry cannot be resolved during the chat, we may ask you to provide your name and email address so we can follow up with you. Any data you enter in the chat will be stored.
Legal basis:
Art. 6(1)(f) GDPR – our legitimate interest in providing a fast and efficient contact option and addressing your concerns
Data is deleted once your inquiry is resolved and a reasonable retention period has expired. Automatic deletion occurs after 10 years.
At some of our hotels, you have the option to rent a luggage locker.
The Privacy Policy and Terms and Conditions for using this service can be found via the following links:
Notice of processing of personal data for luggage locker
Terms and conditions for luggage locker
In certain areas of our hotels and associated premises—especially in parking lots and parking garages—we use video surveillance to ensure the safety of our guests and staff.
As part of this process, images of you may be captured and reviewed when necessary.
Detailed information about video camera use and data processing in this context is provided on-site in the monitored areas.
If you submit a review of your stay at one of our hotels via TrustYou, we store your input and use it to improve our services and offerings.
TrustYou GmbH is authorized under our contract to anonymize, store, evaluate, and publish reviews in anonymized form.
Further details:
• Guest Terms of Use (DE)
• Guest Privacy Policy (DE)
The legal basis for processing your data is your desire to participate in the evaluation process (Art. 6(1)(b) GDPR, as well as our legitimate interest in improving our products and services, as outlined in Art. 6(1)(f) GDPR.
We will store your information in connection with a guest review for up to five years from the date the review is submitted.
We operate corporate profiles on several social media platforms. When you visit one of these profiles, the respective platform provider processes your data to generate user profiles and to operate and improve its services. In some cases, these providers also supply us with anonymized usage statistics regarding our profiles.
These data processing activities may occur regardless of whether you are registered on the platform. The anonymized analytics typically include:
For these analytics, we are jointly responsible with the platform providers under GDPR and have entered into corresponding joint controller agreements.
We have no control over the type and extent of personal data collected by the platforms. We also do not know the full scope or purposes of their processing or how long data is stored. At a minimum, IP addresses and device-specific information are likely collected. The platforms may also use cookies or similar technologies to track user behavior across platforms and services.
Some providers are located outside the EU/EEA in so-called third countries, especially the USA. While the U.S. is certified under the EU-U.S. Data Privacy Framework, government agencies there may still have extensive access rights. Even if a provider has an EU office, data may be stored with affiliated companies in the U.S. or elsewhere.
Platform-specific details:
In the processing of your personal data, we use external service providers (so-called "processors"), particularly in IT services. These providers act strictly on our instructions and are contractually bound to protect your data.
Processors may be used in areas such as:
• IT
• Logistics
• Telecommunications
• Sales
• Marketing
When transferring data to external recipients in third countries (outside the EU/EEA), we ensure your data is treated with the same care as it would be within the EU. We only transfer personal data to such countries if:
• The EU Commission has confirmed an adequate level of protection, or
• Appropriate safeguards (e.g., contractual clauses) are in place.
With respect to your personal data, you have the following legal rights:
14.1 Right of Access (Art. 15 GDPR)
You may request confirmation of whether we process your personal data and obtain information about the data we hold, including purposes, recipients, and storage duration.
14.2 Right to Rectification (Art. 16 GDPR)
You may request that we correct or complete inaccurate or incomplete data stored about you.
14.3 Right to Erasure (Art. 17 GDPR)
You may request deletion of your data if it is no longer necessary, your consent is withdrawn, or the data was unlawfully processed. Exceptions apply for legal obligations or public interest reasons.
14.4 Right to Restriction of Processing (Art. 18 GDPR)
You may request that we limit processing if you contest the data's accuracy, the processing is unlawful but you oppose erasure, or we no longer need the data, but you require it for legal claims. You can also request restriction if you have objected to processing under Art. 21 GDPR.
14.5 Right to Data Portability (Art. 20 GDPR)
You may request your personal data in a structured, commonly used, machine-readable format or request its transfer to another controller.
14.6 Right to Object (Art. 21 GDPR)
You may object at any time to data processing based on public interest or legitimate interest. If your data is processed for direct marketing, you have the right to object at any time, including related profiling.
14.7 Right to Withdraw Consent (Art. 7(3) GDPR)
You may withdraw your consent at any time with future effect. This does not affect the lawfulness of prior processing.
14.8 Right to Lodge a Complaint (Art. 77 GDPR)
You may file a complaint with a supervisory authority, especially in your place of residence, employment, or where the alleged violation occurred.
Supervisory Authority for Flemings Hotels:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden
Email: Poststelle@datenschutz.hessen.de
Poststelle@datenschutz.hessen.de.
Our website complies with standard encryption protocols. We use the widely adopted SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser—typically 256-bit encryption. If your browser does not support this level, we fall back on 128-bit v3 technology.
You can recognize the encryption by the lock icon or key symbol in your browser’s address bar or status line.
In addition, we implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties. These security measures are continuously improved in line with technological developments.
All employees who may come into contact with personal data are contractually obligated to observe data protection regulations and are trained accordingly on the applicable legal requirements.
We reserve the right to amend this privacy policy occasionally to reflect the latest legal requirements or changes in our services and offerings.
The version of the privacy policy valid at the time of your visit applies.
Effective date: April 2025