Skip to content
Best Rate Guaranteed Book your room

Privacy Policy

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data when using our website is an important concern for us.

This privacy policy applies to the internet presence of Flemings Hotels GmbH & Co. KG under www.flemings-hotels.com. For our other Internet offers and websites as well as websites of other providers to which we refer by a link, the data protection information published there applies.

Here you will find information on how we handle your personal data when you visit our website. In order to provide the functions and services of our website, it is necessary for us to collect personal data about you. In the following, we explain what data we collect about you, what this is required for and what rights you have in relation to your data.

Responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is (see Privacy Policy):

Flemings Hotels GmbH & Co. KG
Bleichstraße 52
60313 Frankfurt am Main
Phone: +49 069 37003-180
Fax: +49 069 37003-444

If you have any questions regarding data protection, you can also contact our data protection officer at any time at the address given above or by e-mail to info@schiedermair-datenschutz.com.

1. Provision of the Website

1.1 Collection of System Data

Each time our website is opened, the following technically-necessary data is automatically collected from the system of the end device being used:

  • IP address
  • Date and time of the request
  • Content of the request
  • Access status/HTTP status code
  • Browser type
  • Language and version of browser software
  • Operating system

The collection and temporary storage of the data is technically necessary to be able to provide our website to you. We use the data also to ensure the security and stability of our website. An evaluation of the data for marketing purposes, a comparison with other databases, or an onward transfer to third parties does not take place in this context. The legal basis for processing the data is Article 6(1)(f) GDPR. Our legitimate interest lies in the purposes described.

The data are deleted as soon as the respective browser session is ended.

1.2 Use of Cookies

1.2.1.   Technically Necessary Cookies

We use technically necessary cookies to facilitate and improve the use of our website. Cookies are text information that are stored on a terminal when a website is visited via the web browser. They are used for user guidance and recognition of a session, for example when logging in permanently or when booking a room. The technically necessary cookies are not used for analysis or for advertising purposes.

Most web browsers accept cookies automatically. You can delete stored cookies at any time using your web browser settings. You can also adjust your web browser settings to notify you when cookies are placed, or to not store cookies. If you prohibit the setting of technically necessary cookies, our website cannot be displayed properly and not all functions of our website are available. It is not possible to deactivate the technically necessary cookies via our cookie content management. 

The legal basis for the use of technically necessary cookies is Art. 6(1)(f) GDPR.

1.2.2. Use of the Google Tag Manager

The Google Tag Manager is used on this website. The Google Tag Manager is a system from Google that manages Java-Script tags and HTML tags used to implement the following services. In particular, the system controls which tags are to be used and when, based on the consent you have provided. The Tag Manager does not set any cookies itself and does not collect any data or other information from you and your device. The services it controls set the cookies required for the services.

1.2.3. Cookies for Usage Analysis

Google Analytics: To the extent you have given us your consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google"), on our website. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and, thus, analyze the activities of a user across several devices. Google Analytics uses so-called cookies, that is, text files that are stored on your computer and that enable an analysis of your use of the website.

The information generated by the cookies, for example, time, place, and frequency of your website visits, including your IP address, is transferred to Google and stored there. Since this website uses Google Analytics with the extension "_gat._anonymizeIp", your IP address will be truncated by Google within European Union member states or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be truncated there. The IP address transmitted by your browser within the scope of Google Analytics will, according to its own information, not be merged with other data from Google. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, preparing reports on website activity and providing other services relating to website activity and internet usage to the website operator. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

You may refuse the use of cookies by selecting the appropriate setting on your browser, however please note that if you do this, you may not be able to use the full functionality of this website.

Furthermore, Google offers a deactivation add-on for the most common browsers, which gives you more control over what data is collected by Google about the websites you visit. The add-on informs the JavaScript (ga.js) of Google Analytics that no information about the website visit is to be transmitted to Google Analytics. The Google Analytics browser deactivation add-on, however, does not prevent information from being transmitted to us or to other web analytics services we may use. For more information on how to install the browser add-on, please click on the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must select the opt-out on all systems used.

The legal basis for the use of Google Analytics is your consent (Art. 6(1)(a) GDPR).

The purpose of the data processing is to analyze the behavior of our users anonymously and to improve our website offerings based on these findings.

The data sent by us, and linked to cookies, user recognition (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html and https://policies.google.com/privacy?hl=de&gl=de.

1.2.4. Cookies to Display Advertising

Facebook Custom Audience: To the extent you have given us your consent, we use Facebook Custom Audience of the social network, Facebook, on our website. This service is offered by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). We cannot exclude, however, the possibility that collected data may also be transferred to Facebook Inc. (1601 Willow Road, Menlo Park, California 94025, USA) (hereinafter collectively "Facebook").

The Facebook Custom Audience feature allows us to measure, optimize, and create target groups for our advertising campaigns. By capturing actions across devices, we can make advertising campaigns even more efficient. In addition, we can create ads that are relevant to the target group.

If you have created a Facebook profile, this is recognizable to Facebook by means of a set Facebook Pixel by which the collected usage data is transmitted to Facebook. The Facebook Pixel is a Javascript code that transfers the following data to Facebook: HTTP header information (including IP address, web browser information, page location, document, web page URL and web browser user agent, as well as date and time of use); Pixel-specific data, including the Pixel ID and Facebook cookie data, including your user ID (this data is used to link events to a specific Facebook advertising account and to associate them with a Facebook user); additional information about the visit to our websites, as well as about standard and custom data events.

The above-mentioned data processing applies only to users who have an account with Facebook or who have accessed a partner page of Facebook (through which a cookie has been set).

If an association of the user ID contained in the Facebook cookie can be made to a Facebook user, Facebook assigns this user to a target group on the basis of the regulations set by us, provided that the regulations are relevant. We use the information obtained in this way to present advertising on Facebook (partner) pages. The display of advertising on Facebook (partner) pages based on the target group function does not affect users who are not members of Facebook.

For more information about advertising on Facebook, and how to set which ads are displayed to you, please visit the link https://www.facebook.com/about/basics/advertising. Instructions on how to make settings for advertisements, and how to avoid unwanted advertising, can be found here https://www.facebook.com/about/basics/advertising/ad-preferences. Additional information on data protection at Facebook can be found at https://www.facebook.com/policy.php.

1.2.5.   Single Sign-On Procedure

Facebook Connect: To the extent you have given us your consent, we use the social plugin "Facebook Connect" on our website, an offer from Meta Platforms Ireland Limited. If you have a Facebook account, you can log in or register for your user account with us using the social plugin with this account.

When you use our website, your browser establishes a direct connection to Facebook servers. The content of the plugin is transferred by Facebook directly to your browser and integrated into the website. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you have not created a Facebook profile or are not logged in to Facebook. This information also includes your IP address and is transferred directly to Facebook's server in the USA and stored there.

If you log in or register with us using Facebook Connect, we receive - yes, according to your personal privacy settings on Facebook - the general and publicly-accessible information stored in your Facebook profile, such as your user ID, name, profile picture, age and gender. This data is stored and processed by us. Conversely, data about your user behavior on our website may be transmitted to your Facebook profile based on your consent.

If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. For more information on data protection at Facebook, please visit: https://www.facebook.com/policy.php.

1.2.6 Cookie consent management

To the extent that we require consent from you for the services described, we obtain it through our cookie consent management tool, which is automatically displayed to you on the home page and which you can access again at any time by clicking the button labeled "Privacy". The management tool is provided to us by Secure Privacy, Fruebjergvej 3, Copenhagen, Capital Region 2100, DK. Through the tool, you will receive more detailed information about the cookies used and you can change your settings regarding the use of cookies at any time.

By using the tool from Secure Privacy, we comply with our legal obligation to obtain and document your consent to the use of non-functional cookies, Art. 6 para. 1 p. 1 lit. c of the GDPR.  

2. Hotel Bookings

You have the possibility to book a stay in one of our hotels through our booking platform. The booking is possible as a registered user or as a guest. For a room booking, we process the data requested via the booking form (e.g. name, contact data (e-mail address, address), credit card payment data (card number, validity period, name of the cardholder), reservation details (period of stay, number of guests, choice of room, other booking conditions), flight data, details in the free text field, creation of a user account and password if applicable, booking of coupons). We use your e-mail address to send you booking confirmations, changes, cancellations and other communications related to your booking.

The data entered in the input mask will be transmitted and stored to us and to our partner TravelClick,Inc, 55 W 46th St 27th floor, New York 10036, USA ("TravelClick"). TravelClick will act on our instructions based on the EU standard contractual clauses.

Alternatively, you can also book a stay via our telephone reservation hotlines. In this case, we collect and store the above data.

In order to comply with our legal registration obligations, some of your data (name, address, date of birth, nationality, period of stay, number of fellow travelers and their nationality, in the case of foreign guests their passport number) will be transmitted to the respective registration office responsible for the hotel in which you are staying after you have checked in at the hotel. You are obliged to provide this data when checking in. Otherwise, accommodation is not possible due to legal requirements and must be refused by us.

For bookings at our hotels in Vienna, we transmit the data to Flemings Hotels GmbH, Neubaugürtel 26-28, 1070 Vienna, Austria. When checking in at one of our hotels in Austria, you will be required to sign a guest sheet in accordance with the registration regulations in force there, stating your name, date and place of birth, nationality and, as a guest from abroad, the type of ID you have, the issuing authority, number and date of issue, and to sign the guest sheet. The guest sheet collection must be kept for three years and presented to the registration authorities upon request.

The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, as your data is required for the establishment and execution of a contract for the stay in one of our hotels. With the notification of our guests to the respective competent registration authority, we comply with a legal obligation, Art. 6 para. 1 p. 1 lit. c in conjunction with. §§ 29, 30 Federal Registration Act (BMG). The credit assessment is in our legitimate interest to secure our claim and is thus based on Art. 6 para. 1 p. 1 lit. f GDPR.

We process your data only as long as it is necessary for processing or fulfillment of legal obligations. The retention periods under commercial and tax law are six or ten years. The registration certificates required by the Bundesmeldegesetz (Federal Registration Act) are stored for one year after registration in accordance with the requirements under Section 30 BMG and destroyed within three months of the expiry of the retention period.

3. Registration and Access to User Account

As part of our booking process, we offer you the opportunity to register a user account. The user account allows you to process your room bookings more conveniently and to view your data stored with us as well as your active bookings and booking history. Via the registration mask, you provide us with your first and last name, your e-mail address, a password and, optionally, your telephone number. We store this data for the purpose of managing your user account and your access to it. With the exception of the password, which is displayed only in truncated form, the data can be viewed via your user account. 

Upon completion of the registration process, your IP address and the date and time of registration are also automatically collected and stored.

The legal basis for the data processing is your consent, Art. 6(1)(a) GDPR. The registration also serves to facilitate your room bookings, i.e. the establishment and processing of a contract with you, so that an additional legal basis for the processing of the data is Art. 6(1)(b) GDPR.

The registration enables the faster processing of room bookings, because we can access your stored data in the booking process. In addition, the user account gives you the opportunity to view your prospective and past bookings online.

Your data will be deleted as soon as they are no longer required to achieve the purpose of their processing. You can delete your user account yourself or have it deleted by us at any time or change your personal data in the user account. If you delete your user account, your data will be deleted immediately, unless it is still used to process a booking or there are legal requirements to retain data, for example, under the Tax Code that prohibits deletion. For the storage of your data for the processing of your room bookings, the above explanations under point 2 apply.

4. Digital Guest Folder

We use a solution from CODE2ORDER GmbH, Schelmenwasenstraße 34, 70567 Stuttgart, through which we provide our guests with information and services of the hotel by way of a digital guest folder. The use of the guest folder is also generally possible without user registration. For the use of various services, however, the provision of personal data is necessary to determine whether you are authorized to request/use a certain service. This includes, in particular, the following data categories: Cookie ID, geodata, room number, transaction data (e.g. modules used and duration of visit to the guest portfolio), booking data (e.g. booking number, arrival and departure dates).

For the use of various functions and services, a system-side transmission of data is necessary. A transmission is made to Mailgun Technologies Inc, 112 E Pecan St. #1135 San Antonio, TX 78205, USA.

Cookies are set on the guest folder pages by CODE2ORDER GmbH, for the use of which your consent is obtained. Information about these cookies is available on the guest portfolio pages.

The guest folder pages are subject to TLS encryption to protect the confidentiality of data.

The data protection information of CODE2ORDER GmbH for its guest service system is available at https://www.code2order.com/privacy-policy/gss.

5. Digital check-in/-out

You can check in and out of our hotels digitally via the "Hotelbird" app. To do this, you must install the app on your end device and register there. Hotelbird is provided by hotelbird GmbH, Plinganserstrasse 150, 81369 Munich. When you use the app, we receive the data required for check-in/check-out from hotelbird GmbH. This is personal information (first and last name, date of birth, gender, address, language, nationality), optional business information (company, business address, invoice assignment information), payment information. The privacy policy of hotelbird GmbH can be accessed via the app.

6. Voucher Shop

You may purchase vouchers for the use of services with us online via our voucher shop. For this purpose, the data requested from you in the shop (title, name, address, email address, payment method, optional: telephone number) as well as the data about the purchased voucher (monetary value, optional: voucher recipient, text), collectively "Order Data", are transmitted to us in encrypted form and processed. In addition, access to the individual order pages, including your IP address, are collected and processed. There is no consolidation of the usage data with the Order Data and no further usage analysis with personal reference.

We have commissioned Hot-Tec GmbH, Lankwitzer Straße 19, 12107 Berlin, to operate the voucher shop. The privacy policy of Hot-Tec GmbH is available at https://www.hot-tec.com/datenschutz/. Payment is processed via Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland, to which site you will be redirected for the payment process. We do not receive any payment data from Datatrans AG. Additonal information on data protection at Datatrans AG can be found at https://www.datatrans.ch/de/datenschutzbestimmungen/.

Processing of the Order Data takes place exclusively, and is necessary, to allow you to purchase the desired online voucher and to send you the voucher by email. The legal basis is the establishment and execution of this purchase contract, Art. 6(1)(b) GDPR. The access data is processed to prevent misuse of the system; this is our legitimate interest, Art. 6(1)(f) GDPR.

We store your data for the validity period of the purchased voucher. Thereafter, the data will be deleted unless the deletion conflicts with legal retention obligations.

7. Contact Form

You can use a contact form on our website to ask us questions or to send us other requests. If you use the contact form, we collect and store the data that you enter in the input mask (title, name, email address, specification of the Fleming’s Hotel that is to process your contact request, content of your contact request, optional: company and telephone). When you send your contact request, your IP address and the date and time of sending are also automatically recorded and stored.

The legal basis for the processing is our legitimate interest resulting from the processing of your contact request to us, Art. 6(1)(f) GDPR. The processing of your IP address and date/time of your request serve is for maintaining the functionality of our website. If your request is to prepare for the conclusion of a contract, then Art. 6(1)(b) GDPR is an additional legal basis.

We use the data from the contact form exclusively to process your request. The automatically collected transaction data is processed to prevent misuse of our services and to ensure the security of our IT system.

We delete your data when your request has been conclusively resolved and an appropriate retention period has expired. Automatic deletion takes place after three years. The period begins at the end of the year in which we last processed your request. The data automatically collected during the sending process will be deleted after a period of seven days at the latest.

8. Chat

You have the option on our website to contact us in real time via a chat function. To start the chat, your name and e-mail will be collected. The chat function is provided to us by 3CX GmbH, Walter-Gieseking-Straße 22, 30159 Hannover (a company of 3CX Ltd., Cyprus) via our telephone system. 3CX GmbH is acting on our behalf on the basis of a contract processing agreement. Once you have started the chat, your input will be stored.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to provide you with a quick and efficient way to contact us via our website and to process your request. This is also the purpose of the data processing.

The data is kept for 30 days and then deleted.

9. Contact Regarding Advertising

We may use your e-mail address and postal address, which we receive in connection with the sale of a good or service, for advertising our own similar goods and/or services. You may object to this use at any time without incurring any costs other than transmission costs according to the prime rates. We will also point this out to you each time your e-mail address is used for this purpose. We will obtain your separate consent for the sending of additional information and advertising by e-mail.

For the sending of advertising by e-mail, we use the services of our partner TravelClick, Inc. TravelClick processes opening and click rates to find out whether the e-mails are received, can be opened and what actions are carried out after opening the e-mails.

The legal basis for this data processing is our legitimate interest to conduct direct marketing, Art. 6 para. 1 p. 1 lit. f GDPR in conjunction with. § Section 7 (3) of the Unfair Competition Act. If we obtain your consent to receive advertising measures, Art. 6 para. 1 p. 1 lit. a GDPR is the legal basis for the associated data processing.

We will delete your data for the purpose of advertising without delay if you have objected to this or, if applicable, revoked your consent. Please note that even after an objection or revocation, you may still receive advertising from us during an implementation period of about one week. Outside of the storage of your data for the purpose of advertising, your data is subject to the legal retention periods outlined above, for example in connection with a room booking or registration for a user account. If you object to receiving advertising from us or if you have revoked your consent, we will block your data accordingly.

10. Our social media profiles

We maintain a company profile on several social media platforms. When you visit our profile on one of the social media platforms, the respective social media platform provider processes data from you in order to create usage profiles and to operate and improve its own services. Furthermore, some providers of the social media platforms provide us with reports on the use of our company profile in anonymised form. Some of the data processing takes place regardless of whether you yourself are registered on the social media platform or not. The evaluations usually contain the following information:

  • Reach measurements regarding profile, posts and other functions, i.e. total number of people who have visited/used profile, posts and other functions;
  • Aggregate data on age, gender and place of residence (country, region/city) of people visiting profile;
  • Time of use for videos and other features;
  • Time and location of uses;
  • Devices, operating systems and software used;
  • Interactions related to posts, e.g. click-through rates, shares, comments.

With regard to the data processing operations for the purposes of the above mentioned analyses, we are jointly responsible with the respective providers of the social media platforms within the meaning of the GDPR and have concluded corresponding agreements on joint responsibility.

We have no influence on whether and to what extent the providers collect personal data on their social media platforms. We are also not aware of the scope, purpose and storage period of the data collection. It must be assumed that at least the IP address and device-related information are collected and used. It is also possible that the providers use cookies and comparable technologies on their platforms, with which the usage behaviour on the platforms and other services of the providers can be tracked and evaluated.  

Some of the providers of the social media platforms are based outside the territory of the EU and the European Economic Area (EEA) (so-called "third countries"), in particular in the USA, and that these third countries sometimes do not have an adequate level of data protection. In some third countries, for example in the USA, government agencies have far-reaching access rights to data of companies with headquarters in these third countries. We cannot exclude the possibility that even if the providers have their headquarters in the EU, data may also be stored to the group companies in the USA or in another third country.

Further information on the individual providers of the social media platforms on which we operate a profile:

11. Recipients of Data

For processing, we use persons to assist us, in particular in the area of IT. They process your data for us as so-called order processors and are required to handle the data with care. Such commissioned processing exists, for example, when we store data in an external data center. We use such service providers in the areas of:

  • IT
  • logistics
  • telecommunications
  • sales and distribution
  • marketing

When transferring data to external persons in third countries, i.e. outside the EU or the EEA, we ensure that these persons handle your personal data with the same care as within the EU or EEA. We transfer personal data to third countries only where the EU Commission has confirmed an adequate level of protection or if we ensure the proper handling of personal data through contractual agreements or other suitable guarantees.

12. Your Rights

You have the following legal rights vis-à-vis us regarding the personal data concerning you:

12.1. Right of Access to Information: In accordance with Article 15 GDPR, you have the right to request confirmation as to whether we are processing personal data relating to you. If this is the case, you have the right to obtain information about this personal data as well as additional information, e.g. the purposes of processing, the recipients and the planned duration of storage or the criteria for determining the duration.

12.2. Right to Rectification: In accordance with Art. 16 GDPR, you have the right to request the rectification or completion of your data stored by us without delay.

12.3. Right to Erasure: Pursuant to Art. 17 GDPR, you have the right to request the erasure of the data stored by us, insofar as the processing is not (no longer) necessary. This is the case, for example, if your data is no longer necessary for its original purposes, you have revoked your declaration of consent under the data protection law, or the data was processed unlawfully. Further processing may be necessary to comply with a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims or to exercise the right to freedom of expression.

12.4. Right to Restrict Processing: Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, the processing is unlawful but you object to its erasure, or we no longer need the data but you need it to assert, exercise, or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

12.5. Right to Data Portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common, and machine-readable format or to request that it be transferred to another controller.

12.6. Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you that is performed on the basis of Art. 6(1)(e) or (f) GDPR.
In the event of direct marketing, you, as the data subject, have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

12.7. Right to Revoke Your Consent under Data Protection Law: You may revoke your consent to the processing of your personal data at any time with effect for the future. However, the lawfulness of the processing performed until the revocation is not affected by this.

12.8. Right to Complain: You can also lodge a complaint with a data protection supervisory authority at any time, for example, if you believe that the data processing is not in compliance with data protection regulations. For this purpose, you may contact the supervisory authority of your usual place of residence, or workplace, or our registered office. The supervisory authority responsible for us is: Hessische Datenschutzbeauftragter, Postfach 3163, 65021 Wiesbaden, email: Poststelle@datenschutz.hessen.de.

13. Data Security

Our website complies with the typical encryption requirements. We use the disseminated SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support this encryption, we use 128 bit v3 technology. You can recognize the encryption of our website by the lock or key symbol in the address line or in the lower status bar.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. All our employees who may have access to personal data are required, in writing, to comply with data protection regulations and have been trained on the legal requirements.

14. Amendment to this Data Privacy Policy

We reserve the right to amend this data privacy policy from time to time so that it always complies with the current legal requirements or to correctly and completely reflect changes to our services and offers in the data privacy policy. For your renewed visit to our website, the current data privacy policy will apply in each case.

Status: August 2022