Book now L:Close

Hotels

View all hotels

Campus

Discover Bold Campus

Stories

Gallery

Stories

Gallery

Data Protection & Disclaimer


Contact details of the responsible person at Bold Hotels

Morten GmbH
Aidenbachstraße 54
81379 Munich
Germany
Tel: +49 89 2000159-2000
Fax: +49 89 2000159-2900
Email: info@morten-group.com

Contact details of the responsible person at Bold Campus 

KTC Kommunikations- und Trainings-Center Königstein GmbH
Ölmühlweg 65
61462 Königstein
Germany
Tel:+49 6174 295-0
Fax: +49 6174 295-160
Email: info@bold-campus.com

Contact details of the data protection officer

David Brandauer Lawyer (in-house lawyer)
Group Data Protection Officer
Morten Group GmbH
Aidenbachstraße 54
81379 Munich
Germany
Tel: +49 89 2441929-2151
Email: david.brandauer@morten-group.com 



Privacy Statement and Cookie Policy

The protection of your data is very important to us. Therefore, we will show you below how we are processing your personal data.

  • Data Categories; Data Sources

    • In principle, we process the personal data that you provide to us in the context of an enquiry, a pre-contractual legal relationship or a contractual relationship. In individual cases and insofar as this is necessary for the performance of the contract, we also process personal data that has been permissibly taken from publicly accessible sources (e.g. commercial register, debtors' registers, Internet) or permissibly transmitted to us by third parties (e.g. credit agencies).
      This may include personal data (name, birthday, legal representative), address data (address, e-mail address, contact person), financial data (name of account holder, IBAN, BIC), contract data (contract term, purchased services, cancellations), communication data (correspondence, e-mail correspondence), advertising data (advertising letters) as well as other, comparable categories of personal data.

  • General Processing of Visitor Data

    • The use of our website is generally possible without providing personal data.
      However, we would like to point out that access data is also collected in this case and stored in the server log files. In particular, this involves the following data:

      • Browser type / your browser version,
      • operating system,
      • the website from which you visit us,
      • date and time of your visit,
      • your IP address..

      As a matter of principle, we evaluate this information in anonymised form to defend against attacks and to improve our offer (processing of personal data within the framework of a balancing of interests pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO) and subsequently delete it. As a rule, the data cannot be traced back to your person and is not merged with other data. However, in the event of concrete indications of unlawful use, we reserve the right to subsequently evaluating the data.

  • Processing of Personal Data after Consent
    (Art. 6 para. 1 p. 1 lit. a) DSGVO)

    • We obtain consent from you in individual cases for certain purposes expressly designated in connection with the collection of data (e.g. newsletter dispatch).

      Data processing only takes place if you give us your consent. It may be that the processing of your request is not possible without your consent and must therefore be made dependent on it. The data will be processed exclusively for the purpose(s) expressly stated.

      You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation.

  • Cross-border Data Transfer
    (Art. 49 para. 1 p. 1 lit. a) DSGVO)

    • Insofar as personal data is transferred to a third country, we comply with the data protection requirements in that the data transfer is based on standard contractual clauses or we obtain your consent to this in accordance with Art. 49 (1) sentence 1 lit. a) DSGVO.
      Data is transferred in connection with the use of Google, Facebook, Instagram, Pinterest and YouTube services. Due to the use of these services, data is transferred to the United States of America.
      The data transfer only takes place if you give us your consent.
      The specific details of the recipient, the personal data transferred and the purpose of the data transfer can be found in the notes on the respective processing below.
      There is a risk to your personal data as a result of the data transfer. In the United States of America, there is no level of data protection comparable to EU law (DS-GVO) and / or national regulations (e.g. BDSG) or sufficient guarantees to ensure an adequate level of data protection. Any deficits cannot be compensated by other specific guarantees due to the US legal situation. Nevertheless, depending on the service, standard contractual clauses are sometimes used in order to achieve the greatest possible protection for your data. You can find out whether standard contractual clauses are used in the information on the respective services.
      You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation.

  • Processing of Personal Data for the Purpose of Concluding or Initiating a Contract
    (Art. 6 para. 1 p. 1 lit. b) DSGVO)

    • If a contract is concluded with us, we use personal data insofar as this is necessary for the performance of the contract or for the implementation of pre-contractual measures. The purposes of the data processing depend on the concrete contents of the contract, which you can find in the contract documents.
      If a contract already exists with us, we process your data in order to check that you are our contractual partner and in order to properly provide the contractual service owed.

  • Processing of Personal Data in the Context of a Balancing of Interests
    (Art. 6 para. 1 p. 1 lit. f) DSGVO)

    • We process personal data after balancing interests insofar as this is necessary to protect our interests or the interests of third parties. Examples of such purposes are:

      • ensuring IT security and integrity of our systems,
      • Prevention or investigation of criminal offences,
      • asserting or defending legal claims.
  • Contact Form

    • If you send us an enquiry via our contact form, we process the data you provide in connection with the initiation of a contractual relationship, thus based on Art. 6 para. 1 p. 1 lit. b) DSGVO. In principle, your data will be deleted after the request has been processed, unless there is a contractual or legal obligation to retain it. If you provide us with contractually relevant information, we will transfer this to our inventory system.

  • Contact

    • If you contact us by e-mail, telephone or fax, we process the personal data you provide in order to respond to your enquiry. We delete the data once we have completed processing your enquiry, unless there is a contractual or legal obligation to retain the data.

  • Data Transfer to a Third Country

    • Data transfer to a third country is intended or at least possible. This transfer takes place on the basis of your consent. The recipients of the data provided by you are the following companies:

      • MailChimp: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, USA
      • Google services (Analytics, Remarketing (Ads), Tag Manager, YouTube) : Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA
      • Cloudflare: Cloudflare Inc, 101 Townsend St San Francisco, CA 94107
      • SendGrid: SendGrid Inc, 1801 California St Ste 500 Denver, CO, 80202-2618 United States

      If data is transferred to a third country based on consent without an adequacy decision or other suitable guarantees being in place at the same time, reference must be made to the associated increased risk of data processing in the context of the transfer based on Art. 49 (1) sentence 1 a) DSGVO. However, we would like to assure you that thanks to careful selection and constant review of the standards of our contractual partners, potential risks are successfully minimised.

  • Booking

    • When you make a booking via our website, we require the personal data necessary to process the booking in order to conclude and execute the contract. In particular, we process the following data about you:

      • Name, first name
      • Company details
      • Account or credit card details
      • Period of stay
      • Room type
      • Address details
      • Telephone Number
      • Email address
      • Date of birth/age
      • Other information that you provide voluntarily

      The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b) DSGVO, as it concerns pre-contractual measures. If a contract is concluded with us, further data processing is based on Art. 6 Para. 1 S. 1 lit. b) DSGVO.

      You can find our General Terms and Conditions at https://bold-hotels.com/en/terms-conditions/

      Insofar as you contact us within the framework of an existing contractual relationship for a purpose that is necessary for the performance of the contract, we also process this data on the basis of Art. 6 para. 1 p. 1 lit. b) DSGVO.

      We use the service OnePageBooking of HotelNetSolutions GmbH, Genthiner Str. 8, 10785 Berlin, to register your booking and in the course of contract processing. If you would like to book a room with us, you will be redirected to our hotel page under the domain "onepagebooking.com", where you can enter the information required for booking and rent the room you want. We have concluded an order processing agreement with the provider. The data transfer is based on Art. 6 para. 1 p. 1 lit. f) DSGVO. The legitimate interest in this respect is the provision of an efficient, modern, cost-optimised and reliable booking service

      For the purpose of managing the processes in our company, we use the SIHOT software of the provider GUBSE AG, Bahnhofstraße 26-28, 66578 Schiffweiler. The processing of your data is based on Art. 6 para. 1 p. 1 lit. f) DSGVO, whereby the legitimate interest lies in the proper management of operations as well as the performance of contracts.

  • Newsletter

    • If you have registered for our newsletter, we will process the data you have provided based on your consent pursuant to Art. 6 (1) sentence 1 lit. a) DSGVO in order to send you our newsletter on a regular basis. To register, it is sufficient to provide an email address and first name. The other information is provided voluntarily. For legal reasons, we also store the IP address and the date of registration.
      Our newsletter is sent using the MailChimp service, a service provided by The Rocket Science Group, LLC, 512 Means St., Suite 404 Atlanta, GA 30318 ("MailChimp"). We have concluded an order processing agreement with the provider. The transfer of data to the USA is legitimised on the basis of your consent pursuant to Art. 49 (1) p. 1 lit. a) DSGVO. We use the so-called double opt-in procedure for registration, in which you must explicitly confirm your e-mail address again in a second step after you have consented to receive the newsletter. Only then will the service be activated.
      The data you provide during registration is transferred to MailChimp and stored there and processed for the purpose of sending newsletters and for unsubscribing. The data is also processed for the purpose of analysing whether the newsletter was opened and how it was specifically used. We do this to increase the attractiveness of our newsletter and to check our marketing measures. However, we do not process the data for an individual evaluation of user behaviour. This data processing is based on your consent.
      You can find more detailed information on data protection at MailChimp at https://mailchimp.com/legal/privacy/

      You can also revoke your consent at any time with effect for the future. A link for revocation can be found at the end of every newsletter email. Of course, you can also revoke your consent via the other contact options offered.

  • Use of Cookies

    • During your visit to our website, cookies may be used on various pages. These are text files that are placed on your computer and, among other things, enable a smooth visit to our website.
      We generally use cookies on the basis of Art. 6 para. 1 p. 1 lit. f) DSGVO, i.e. on the basis of a legitimate interest. The cookies are those that are technically necessary.
      The use of cookies takes place within the framework of so-called usage profiles. You will be assigned a pseudonym under which the usage data will be stored.
      The cookies we use are deleted from your computer after you close your browser (session cookies). Other types of cookies may remain on your computer and enable us to recognise your computer the next time you visit our site by means of the user profile created (permanent cookies).
      Cookies are only used on our site by ourselves and not by third parties. You can set your browser in such a way that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

      Exceptionally, we also use technically unnecessary cookies, which we explain below.

      Overview of the Cookies in Use

       

      This cookie policy was created and updated by CookieFirst.com.
  • Web Analytics and Marketing

    • We use the following services for the purpose of web analysis as well as retargeting.
      Within the scope of web analysis, cookies may be used on various pages. These are text files that are placed on your computer and, among other things, enable a smooth visit to our website.
      Cookies are used in the context of so-called user profiles. You will be assigned a pseudonym under which the usage data will be stored.

  • Google Analytics

    • This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies.

      We rely on your consent to the collection of data when using cookies. If you do not consent to the use of data when you first visit our website, we will not collect your usage behaviour and other personal data that may be collected during your visit to the website and will therefore not use it for usage analysis and subsequent remarketing campaigns. This also applies to third-party cookies such as the Google Analytics plugin.
      If you consent to the processing of your data within the scope of the opt-in procedure (confirmation of the cookie banner), the lawfulness of the processing of your data is based on consent in accordance with Art. 6 para. 1 p. 1 lit. a) DSGVO, so that we use your data to the extent of the consent you have given for the purposes of marketing and the evaluation of your usage behaviour.
      The information generated by the cookie about your use of this website is usually transmitted to a Google LLC server in the USA and stored there. If applicable, information about the use of this website and your IP address will be transmitted to a Google server in the USA and also stored on this server. The transfer of data is permissible based on your consent in accordance with Art. 49 (1) p. 1 lit. a) DSGVO. However, in the event that IP anonymisation is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
      On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data unless you have configured the web and app activity settings in a Google account to allow Google to merge it.

      For more information on terms of use and data protection, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://policies.google.com/privacy?hl=en.
      On our website, Google Analytics has been extended by the code "anonymizeIp" in order to be able to anonymously record IP addresses (so-called IP masking).
      You can also prevent the collection of data by Google Analytics by clicking on the following link and downloading and installing the corresponding browser add-on by Google. This will set an opt-out cookie that will prevent your data from being collected when you visit this website in the future: Disable Google Analytics.

      Please note that if you delete your cookies, the opt-out cookie will also be deleted and may need to be reactivated by you.

  • Facebook Pixel

    • The website uses the remarketing function "Facebook Pixel" of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Users of the website can thus be shown interest-based advertisements when visiting the social network Facebook as well as websites that also use the procedure (including Instagram). In this way, we pursue the interest of showing you advertising that is relevant to you in order to make your visit to our website more interesting.
      Due to the use of the function, your browser establishes a direct connection to the Facebook server. We have no influence on the processing of the data that is collected by Facebook due to the use of the function. As far as we are aware, Facebook receives the information that you have accessed the sub-page of our website or clicked on the advertisement. Facebook can assign this information to your account if you are registered with Facebook. If you are not registered or logged in, it is still possible that Facebook processes the IP address and other identifying features.
      Logged-in users can deactivate this function at https://www.facebook.com/settings/?tab=ads#. We process the data on the basis of your consent declared when you call up our website in accordance with Art. 6 para. 1 p. 1 lit. a) DSGVO. The transfer of data is permissible on the basis of your consent according to Art. 49 para. 1 p. 1 lit. a) DSGVO. Furthermore, we have a legitimate interest according to Art. 6 para. 1 p. 1 lit. f) DSGVO in an appealing presentation of our online offers and the data for marketing and targeting purposes. For more information on data processing by Facebook, please visit https://www.facebook.com/about/privacy.

  • Google Remarketing

    • Google Remarketing, a retargeting function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") is used on our website.
      Google Remarketing enables advertisements for and on our website to be displayed on an individualised basis according to the interests of visitors, in order to only show you ads that might be of interest to you.
      For these purposes, a code is executed by Google when our website is called up and so-called (re)marketing tags are integrated into the website. As a result, an individual cookie file is stored on your device, in which information about the websites you have visited, the content you have accessed and your browser and operating system is saved. Your IP address is also recorded. The IP address will not be merged with data about you within other Google offerings. However, the aforementioned information may be combined by Google with such information from other sources. If the user subsequently visits other websites, he or she can be shown ads tailored to his or her interests.
      As a matter of principle, your data will be processed pseudonymously within the scope of Google Remarketing. This does not apply if you have expressly allowed Google to process your data without pseudonymisation. The information collected about users by Google Remarketing will be transmitted to Google and stored on Google's servers.
      For more information about Google's use of data for marketing purposes, please visit Google's overview page or privacy policy: Overview page: https://policies.google.com/technologies/ads?hl=en
      Privacy policy: https://policies.google.com/privacy
      If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google.
      https://adssettings.google.com/anonymous?hl=en
      The legal basis for the use of Google Remarketing is the consent you declare when calling up our website in accordance with Art. 6 Para. 1 S.1 lit. a) DS-GVO. The transfer of data to the USA is permissible based on your consent in accordance with Art. 49 Para. 1 S. 1 lit. a) DSGVO.

  • Google Tag Manager

    • We use the Google Tag Manager on our website. The service enables us to manage tags (e.g. from Google Analytics or Facebook Pixel) on our website in one interface. No cookies are used, nor are any personal data collected. The Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

  • Use of Google Fonts

    • For the display of external fonts, we use Google Fonts in the so-called "online" mode. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context, a server call is made, during which data (including your IP address) and the page from which the call is made are transmitted to a Google server in the USA. We do not know the details of the processing by Google.
      The transfer of data to the USA is permissible based on your consent in accordance with Art. 49 Para. 1 S. 1 lit. a) DSGVO. The processing is necessary for the proper presentation of our website and is therefore in our interest as well as yours. The legal basis of the processing is therefore Art. 6 para. 1 sentence 1 lit. f) DSGVO relating to the external appearance of the company through a functional website.
      You can find more information on Google's websites visiting the following links:
      https://developers.google.com/fonts/faq
      https://www.google.com/policies/privacy/

  • Transfer of Data

    • We pass data on to other third parties if and to the extent that we have delegated the fulfilment of tasks to them. The data is only passed on insofar as this is necessary for the fulfilment of the assigned tasks.
      In particular, we work together with the following companies:

      • Morten Group GmbH, Aidenbachstr. 54, 81379 München, Germany
      • KTC Kommunikations- und Trainings-Center Königstein GmbH, Ölmühlweg 65, 61462 Königstein i.Ts., Germany
      • GUBSE AG, Bahnhofstraße 26-28, 66578 Schiffweiler, Germany
      • HotelNetSolutions GmbH, Genthiner Str. 8, 10785 Berlin, Germany
      • The Rocket Science Group, LLC, 512 Means St., Suite 404 Atlanta, GA 30318, USA
      • Positioner SA, Lugano, Via Stazione 32, 6592 S. Antonino, Switzerland
      • webwg GmbH, Tschengls Nr. 131, I-39023 Laas (BZ), Italy
      • Paperturn ApS, Lumbyvej 11D, 5000 Odense C, Denmark
      • GetWebCraft Limited, Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus
      • myhotelshop GmbH, Floßplatz 6, D-04107 Leipzig, Germany
      • Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 314, Malta
      • Cloudflare Inc, 101 Townsend St San Francisco, CA 94107, United States
      • SendGrid Inc, 1801 California St Ste 500 Denver, CO, 80202-2618 United States
      • Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, United States

      Other third parties who receive your data are listed above (in particular for tracking/remarketing and social media).

      Furthermore, service providers may be entrusted with tasks in the following areas, for example:

      • IT maintenance
      • IT development
      • IT provision
      • Lawyers
      • Accounting service providers
      • Auditors

      As far as necessary, we pass on your personal payment data to a credit institution commissioned with the payment processing (SEPA direct debit or receipt). In particular, we work with Concardis Payengine, a service of Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.

      The data transfer always takes place on the basis of a legal standard or a suitable contract in accordance with Art. 26 or 28 DS-GVO, which ensures compliance with all data protection requirements.

      Apart from that, data is only passed on in the cases provided for by law, for example in the case of a legal obligation to provide information to law enforcement authorities. In these cases, the transfer of data is legitimised in accordance with Art. 6 Para. 1 Sentence 1 lit. c) DSGVO.

  • Duration of Data Storage

    • Your personal data will be deleted by us immediately as soon as the data is no longer required for the fulfilment of contractual and legal obligations.
      Personal data will be stored at least as long as necessary for the fulfilment of contractual obligations and the exercise of contractual rights. This period may extend beyond the actual contractual period, as the data may still be relevant after the end of the contract within the framework of the limitation periods. In addition, deletion can only take place once any retention periods under tax and commercial law have expired.
      The criteria for the duration of the storage of cookies can be found in the corresponding section.

  • Rights of the Data Subject

    • As a data subject of personal data processing, you have the following rights:

      You have the right to request confirmation as to whether personal data is being processed. If this is the case, you have the right to be informed about the personal data and to receive the information listed in detail in Article 15 of the GDPR.

      You have the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

      You have the right to request from the controller that personal data concerning you be deleted without undue delay if one of the reasons listed in detail in paragraph 17 of the GDPR applies, e.g. if the data are no longer needed for the purposes pursued (right to erasure).

      You have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you have objected to the processing, for the duration of the controller's review.

      You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing of this data is based on your consent or on a contract and the processing is carried out with the help of automated procedures (Art. 20 DSGVO). When exercising the right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, where this is technically feasible (right to data portability).

      You have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (Art. 21 DSGVO).

      With regard to exercising your rights, you can contact us at any time via the contact options provided on our website.

  • Right of Appeal

    • Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR (Art. 77 GDPR). You can assert this right before a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement. In Bavaria, the competent supervisory authority is the Bavarian State Office for Data Protection Supervision.
      You can find more information at the following link: https://www.lda.bayern.de/de/index.html
      Of course, you can also contact us directly if you are dissatisfied or have questions about data protection. The quickest way to reach our internal contact person on the subject of data protection is to use the following contact details:

      David Brandauer
      Lawyer (in-house lawyer)
      Group Data Protection Officer
      Morten Group GmbH
      Tel: +49 89 2441929-2151
      E-Mail: david.brandauer@morten-group.com

  • Obligation to Provide Data

    • In principle, there is no obligation to provide data. However, the provision of data may be necessary for the use of certain functions or for the conclusion of a contract. If you do not provide the required data, you will not be able to use certain functions or services or a contract cannot be concluded.

Munich, February 2021