General Privacy Policy
Last Updated: 21 March 2024
Introduction
This general privacy policy (“General Policy”), is provided to inform you of Capella Hotels & Resorts’ and its direct and indirect subsidiaries which provide services to the various locations operating under or in connection with the Capella and Patina brands (collectively, “Capella,” “Us,” or “We”) responsibilities and management of your Personal Information, including how Capella collects, uses, saves, shares, and transfers your Personal Information when you use its Online Service and the related websites, features and contents, products and/or services, as well as the ways Capella provides you with access to update, correct, delete, and protect your Personal Information.
Capella respects your right to privacy and places the utmost importance in safeguarding your Personal Information. Please read this General Policy carefully. By providing your Personal Information and other information through our services, you acknowledge that your Personal Information will be processed pursuant to the terms of this privacy policy. If any term in this General Policy is unacceptable to you, please do not use the services or provide any Personal Information.
The Policy contains general information and technical details about the steps we take to respect your privacy concerns. We have organized and composed the General Policy by major processes within the scope of information processing so that you may easily browse the information of greatest interest to you:
- Data Law Policies, Purposes, and Practices
- Responsibility and Management of Personal Information
- Personal Information Collection
- Purposes and Legal Basis for Processing Personal Information
- Data Subject Rights, Objection, and Denial of Access
- Data Storage and Erasure
- Security of Processing
- Disclosure of your Personal Information
- Processing Activities and Third Parties
- Collection of Information on the Use of the Online Service
- Contact Form and Contacting via E-Mail
- Newsletter subscription
- Google Analytics
- Google Tag Manager
- Youtube Videos
- LinkedIn Analytics
- New Relic
- Google Ads Conversion
- Google Ads Remarketing
- Facebook Custom Audiences (“Facebook Pixel“)
- Triptease.io
- Links to other websites
- Cookie Policy
- General Information
- Cookie Overview
- Cookie Management Options
- Changes to the General Privacy Policy
1. Data Law Policies, Purposes, and Practices
1.1 Responsibility and Management of Personal Information
- We will manage a User’s Personal Information for reasonable purposes and only if the individual has given consent where collection or disclosure is required or authorized under law.
- The Online Service is provided by Capella Hotel Group Pte Ltd, (3 Temasek Avenue #23-02, Singapore 039190), its affiliates, and all of the properties within our portfolio brands – Capella and Patina – that are also legally responsible under the relevant data protection law(s) which may apply where Capella processes Personal Information in conjunction with its hotel operation (“Data Laws”).
- We define the term ‘User’ as encompassing all customers, interested people, employees and visitors of our Online Service (“User”).
- We define Personal Information as personal data, whether such data is true or not, directly or indirectly relating to an individual, living or deceased, who is identified or can be identified from the data, or other data which the organization has or is likely to have access to, but does not include data which has been in existence for at least 100 years, which concerns an individual who has been deceased for more than 10 years, or business contact information for business purposes (“Personal Information”).
- In our management of your Personal Information, We take all reasonable measures to ensure that your Personal Information remains accurate and current. For any correction or update requests, We have the right to charge a reasonable processing fee.
- In managing your Personal Information, We use our best efforts to always implement the following principles:
- Lawfulness, fairness, transparency;
- Purpose limitation;
- Data minimisation;
- Accuracy;
- Storage limitation;
- Integrity and confidentiality; and
- Accountability.
DATA PROTECTION OFFICER |
For any management or responsibility comments, questions, correction/update requests, or other data protection-related concerns, you can reach out to our Data Protection Officer, or Personal Information processor via the following channels: BY EMAIL: [email protected] BY MAIL: Capella Hotel Group, 3 Temasek Avenue, #23 02 Centennial Tower, Singapore 039190 BY PHONE: + 65 6887 9388 Please allow up to fifteen (15) business days for us to process any data access requests. Where the request involves complex information gathering, we will advise you of the additional time needed to process your request. |
1.2 Personal Information Collection
- In its management of your Personal Information, Capella will collect and process the following types of Personal Information in conjunction with its services:
- Contact information: e.g., your name, address, telephone number, e-mail address, and credit card information in order to facilitate hotel bookings and guest services;
- Photo identification to facilitate video surveillance, guest verification, and property protection;
- Web data such as location, movements, site visits, IP address, cookie data, and RFID tags in relation to a guest’s browsing history and interaction with Capella’s website, social media channels, in order to analyse and improve Capella’s services, advertising, marketing, and overall reach;
- Health information, as necessary under permanent or temporary local or global laws and regulations in order to ensure the health and safety of guests on the property, as well as provide suitable accommodations for guests with any disability or other ailments; and
- Information about your stay e.g., comments, satisfaction surveys, preferences, ratings, and other communications to provide valuable feedback and facilitate improvement of our services.
- We collect, either directly or indirectly, the above Personal Information from various sources, including but not limited to:
- Automatically from the browser of the user to us when using our Online Service, e.g., the name of the accessed website, file, date and time of the access, amount of data transferred, notification about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider;
- From meetings or during your stay at our properties;
- Through communications on the website, social media, via email, or other communication platforms; or
- From other sources, such as public databases, joint marketing partners, and other third parties such as travel booking platforms, travel agencies, credit card providers, and other third parties specified within this General Policy.
- User uploaded images, such as your identification card, and passport used when checking-in via our App or Online services.
- If you provide us with Personal Information about other individuals (e.g., family members or travel companions), regardless of whether you are travelling together, you must obtain such individuals’ authorization or consent to provide us with their details and let them know where they can find a copy of this Privacy Policy.
1.3 Purposes and Legal Basis for Processing Personal Information
- In its management of your Personal Information, Capella is obligated to inform you of the purpose, nature, and scope and of the processing, collection, use, and disclosure of Personal Information related to Capella’s online service and the related websites, features and contents (‘Online Service’ or ‘Website’), as well as at a Capella or Patina-branded property.
- We process the personal information you supply to Us via our Website or at our hotels for the following purposes where such purpose(s) is reasonable in order to provide you our products or services:
- To process and facilitate bookings, including verifying your identity, taking payments and communicating with you (legal basis: performance of the contract and legitimate interests);
- To provide you with services at our hotels under the accommodation agreement, including execution of your stay at our hotels and payment processing (legal basis: performance of a contract and legitimate interests);
- To make contact or interact with you and to handle your requests, remarks or complaints, which you have submitted via our website, during your stay or after your departure (legal basis: legitimate interests);
- To send you our e-mail newsletter including managing your subscription to the newsletter (legal basis: consent or legitimate interests);
- To execute and manage your participation in our loyalty program (legitimate interests);
- To maintain, safeguard and improve the quality of our products and services, in particular by performing and analysing satisfaction surveys and guest comments, by processing your Personal Information in our centralised guest database enabling Us to recognise you as a returning guest, to better appreciate your expectations and preferences, to improve the quality and individual character of our communication with you and to create offerings tailored to you (legal basis: legitimate interests);
- To ensure compliance with house rules, to prevent and investigate criminal activities (in particular also by video monitoring), to establish, exercise and defend against legal claims and to safeguard our interests in legal disputes, to ensure IT security and IT operation and to identify credit risks, in accordance with applicable law (legal basis: legitimate interests);
- To provide you with information relating to Capella or promotional information about products and services that may be of interest to you, as well as personalized mailings (electronic or otherwise) or other communications (legal basis: consent or legitimate interests);
- To place cookies and to use similar technologies as further set out below to analyze and track Online Service performance and activity, as well as view the information provided to us when those technologies are used (legal basis: legitimate interests);
- To comply with obligations imposed by local laws or regulations such as the police and tax authorities (legal basis: legal obligation); and
- Data you provided through our services, where it is in your vital interest or in the interest of others, for example in the event of a medical emergency (legal basis: vital interest or in response to an emergency).
- On other occasions where We ask you for consent, We will use the Personal Information for the purpose explained at the individual time. In certain circumstances when it is not possible to obtain your consent, it may be necessary for Us to process your Personal Information, including sensitive Personal Information, as permitted under the relevant Data Laws.
- Wherever We rely on your consent, you can withdraw your consent at any time. However, We may have independent legal grounds for processing your Personal Information for other permitted purposes under the relevant Data Laws.
1.4 Data Subject Rights, Objection, and Denial of Access
- Depending on the applicable Data Laws, you may have some or all of the following rights with regard to Capella’s processing of your Personal Information:
- Right to notification of collection, use, or disclosure;
- Right to lodge a complaint with a supervisory authority;
- Right of access;
- Right to rectification;
- Right to erasure (‘right to be forgotten’);
- Right to restriction of processing;
- Right to data portability;
- Right to object and withdraw of consent via reasonable notice; and
- Right to correct/rectify information.
- Users may object to the processing of their Personal Information in accordance with legal allowances at any time with effect for the future. In particular, the objection may be made against processing for the purposes of direct marketing.
- Despite the above-mentioned rights, the Data Laws include various exceptions. Depending on the relevant Data Law, Capella may potentially deny access if access:
- Adversely affects the rights or freedoms of others, such as in relation to trade secrets;
- Is manifestly unfounded, excessive, or has repetitive character;
- Would threaten the safety or physical or mental health of an individual;
- Would cause immediate or grave harm;
- Would reveal Personal Information of another who has not consented;
- Would be contrary to national interest; or
- Would be unreasonable or disproportionate to the individual’s interest or is otherwise frivolous or vexatious.
- Capella may also, under an applicable Data law:
- Request information in accordance with any existing data controller mechanisms for identity verification or otherwise in relation to necessary due diligence; or
- Alter the scope of the data subject rights, so long as such alteration respects the essence of the fundamental rights and freedoms and is a proportionate measure.
Data Storage and Erasure
- The Personal Information of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of Personal Information beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject.
- Blocking or erasure of Personal Information also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of Personal Information is required for the conclusion of a contract or the fulfilment of contractual obligations.
1.6 Security of Processing
- We have implemented reasonable, feasible, and state-of-the-art technical and organisational security measures (TOMs) and practices which comply with national and industry standards and have established reasonable institutional norms to prevent unauthorized access, public disclosure, use, modification, damage or loss of your personal information, including, but not limited to:
- The utilization of virus and malware protection;
- The incorporation of data encryption across platforms;
- The application of the principle of least-privilege access;
- Ensuring secure settings for hardware and software;
- Maintaining systems up to date with the latest protection tools;
- Conducting regular testing to safeguard the security of systems and networks;
- Organizing various back-up procedures for essential data;
- Implementing multifactor authentication processes; and
- Equipping employees with the know-how to be the first line of defense against any potential security or technological threats.
1.7 Disclosure of your Personal Information
- If you have given your consent for the purposes set out above or if We are otherwise authorised to do so under the applicable Data Law, We may share your Personal Information with other parties in order to provide you with and to maintain the best possible service. The specific kind of information we share will depend on the context of your interactions with Capella, and the services you use. Accordingly, your personal information may be shared with the following parties insofar as reasonably necessary for the purposes and their corresponding legal bases set out in this policy:
- To other affiliated companies of the Capella Hotel Group for purposes of keeping our guests updated on the products and services and evaluating and improving our products and services;
- To service providers, agents, contractors, data intermediaries, professional advisors, or third-party service providers for the purposes of providing products and services, improving products or services, or performing functions on our behalf (e.g. such as online reservation providers, payment providers, tour operators, email communication providers, market research analysts, IT service providers, postal mailing providers, accountants, auditors, lawyers, or other third parties assisting with storage, archival, payroll, or information technology needs);
- To relevant government regulators, statutory boards, authorities, law enforcement, public bodies, or institutions if a statutory obligation or other rule, guideline, or regulation to do so exists (e.g. financial authorities, criminal prosecution authorities); or
- To any third parties to the extent necessary with respect to a sale of all or part of our business operations or assets.
- In some cases, the recipients are based in countries that do not have an adequate level of data protection. We have taken measures to ensure suitable and adequate safeguards to make sure your Personal Information remains adequately protected, e.g., by means of agreements such as the Standard Contractual Clauses approved by the European Commission (a copy of which is available upon request).
2. Processing Activities And Third Parties
2.1 Collection of Information on the Use of the Online Service
- When using our Online Service, information may be transferred automatically from the browser of the User to us; this information includes the name of the accessed website, file, date and time of the access, amount of Personal Information transferred, notification about successful access, browser type and version, the User's operating system, referrer URL (the previously visited page), IP address and the requesting provider. This information will be automatically deleted or properly anonymized one year after the termination of the connection, unless any other retention periods require otherwise.
- The collection of the Personal Information and the storage of the Personal Information in log files is essential for the provision of the Online Service. Therefore Users are not entitled to the options of erasure, objection or correction.
- Legal basis: The processing takes place based on legitimate interests (e.g. to optimize the Online Service) as well as to ensure the security of processing (e.g. for the defence and clarification purposes of cyberattacks).
2.2 Contact Form and Contacting via E-Mail
- When contacting Us (via online form or e-mail), the Personal Information provided by the User will be processed exclusively for processing the inquiry and its handling. Any other use of the Personal Information will only take place based on the given consent from the User.
- The Users' Personal Information will be stored in our Customer Relationship Management System (‘CRM System’) or a comparable software/database. The legal retention periods for business letters apply.
- Legal basis: consent and legitimate interest.
2.3 Newsletter Subscription
- Description and scope of Personal Information processing
On our website you can subscribe to a newsletter free of cost. If a User realizes this option, the data entered in the input mask will be transmitted to Us and processed by us. We use your Personal Information exclusively to send the requested newsletter. We also store the IP addresses you use, as well as the times of subscription and confirmation. The purpose of this procedure is to enable verification of your registration and, where necessary, to clarify any misuse of your Personal Information. For the subscription to our newsletter, We use the single opt in procedure. This means that following your subscription We will send an email to the email address you have specified, requesting you to confirm if the subscription was done erroneously and if you wish to opt out. If We do not receive your request to opt out, We will continue to send you newsletters. For the processing of the Personal Information, your consent is obtained during the registration process and reference is made to this data protection policy. - The newsletter is sent by Cendyn.
Cendyn is a cloud-based technology platform (CRM and distribution platform) operated by Central Dynamics, LLC, a Delaware limited liability company, 980 N Federal Hwy, 2nd Floor Boca Raton, FL 33432 USA. The Cendyn General Policy can be found at: https://www.cendyn.com/privacy-policy/ .
The Personal Information of the newsletter recipients are stored on the servers of Cendyn in the USA. We have a contract processing agreement with Cendyn. Furthermore, Cendyn claims to use the Personal Information to optimize or improve its own services, e.g. for the technical optimization of shipping and the presentation of newsletters or for economic purposes, to determine from which countries the recipients come. However, Cendyn does not use the data of our newsletter recipients to address them themselves or to pass the data on to third parties. - Legal basis for data processing
The legal basis for processing the Personal Information is the consent given by the User. - Purpose of the data processing
The collection of the e-mail address of the User serves to deliver the newsletter. The collection of other Personal Information as part of the registration process is intended to prevent misuse of the services or the e-mail address used. - Duration of storage
The Personal Information will be deleted as soon as it is no longer necessary for the purpose mentioned above. The User's e-mail address will be saved as long as the subscription to the newsletter is active. - Opposition and removal option
Subscription to the newsletter may be terminated by the User at any time. For this purpose, there is a corresponding unsubscribe link in each newsletter. This also allows a revocation of the consent of the storage of the Personal Information collected during the registration process. Note: Even though you opt-out of newsletters, We will still send you transaction emails including responses to your enquiry and reservation confirmation emails. - Legal basis: consent and legitimate interest.
2.4 Google Analytics
- This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. (“Google”). Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website. The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there.
- We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp(); to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.
- Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. Google may also transfer this information to third parties as required by law or if said third parties process this Personal Information on behalf of Google. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
- You can prevent the storage of cookies by making the proper setting using your browser software. In addition, you can prevent Google from recording the data related to your use of the website generated by the cookie (including your IP address) and from processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
Google Analytics Terms of Service:
https://www.google.com/analytics/terms/gb.html
General overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en Google’s privacy policy:
https://policies.google.com/privacy?hl=en. - This website also uses Google Analytics for a device-independent analysis of visitor flows, which is carried out via a User ID. You can disable cross-device tracking of your usage in your Google Account under “My information”, “Personal information”.
- Legal Basis: Legitimate Interest and business improvement purposes.
2.5 Google Tag Manager
- Our Online Service uses the Google Tag Manager. This tool allows website tags to be managed through an interface. The Google Tool Manager only implements tags, does not set cookies and does not collect any Personal Information. The Google Tag Manager triggers other tags that may collect personal information. However, the Google Tag Manager does not access this Personal Information.
- If deactivated at domain or cookie level, it will remain valid for all tracking tags implemented with Google Tag Manager.
- Legal basis: legitimate interest.
2.6 YouTube Videos
- Our site uses YouTube plugins from the Google-owned video portal service. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as: "Youtube").
- We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode ”, i.e. no Personal Information about you as a User will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.
- By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the Personal Information specified in Section 2.1 of this General Policy will be transmitted. This is independent of whether YouTube provides a User account through which you are logged in or whether no User account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your Personal Information as User profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in Users) to provide demand-oriented advertising and to inform other Users of the social network about your activities on our website. You have the right to object to the creation of these User profiles, whereby you must contact YouTube to exercise this right.
- For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:
https://www.google.de/intl/de/policies/privacy - Legal Basis: consent.
2.7 LinkedIn Analytics
- We use "LinkedIn Analytics" on our website, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: "LinkedIn"). LinkedIn Analytics stores and processes information about your User behavior on our website. LinkedIn Analytics uses cookies for this purpose, among other things, which enable an analysis of your use of our website.
- We use LinkedIn Analytics for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the User experience. By statistically evaluating User behavior, We can improve our offer and make it more interesting for you as a User.
- Further information from the third-party Provider on data protection can be found at:
https://www.linkedin.com/legal/privacy-policy and
https://www.linkedin.com/psettings/guest-controls. - Legal basis: consent.
2.8 New Relic
- We use the web analysis service “New Relic“ on our website, a service of New Relic Inc, 101 Second Street, 15th Floor, San Francisco, CA 94105, USA (hereinafter referred to as: "NewRelic").
- This service allows statistical analysis of the speed of access to our website. Through the plugin, New Relic receives the information that you have accessed the corresponding page of our website. If you are logged in as a User at New Relic, New Relic can assign the visit to your account. If you are not a member of New Relic, there is still the possibility that New Relic will find out and save your IP address.
- Further information can be found here: https://newrelic.com/privacy.
- Legal basis: consent.
2.9 Google Ads Conversion
- We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to the Personal Information of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
- The advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, We use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by Users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the User no longer wishes to be addressed) are usually stored as analysis values.
- These cookies enable Google to recognize your Internet browser. If a User visits certain pages of an Ads customer's website and the cookie stored on their device has not expired, Google and the customer can recognize that the User has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any Personal Information in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations We can recognize which of the used advertising measures are particularly effective. We do not receive any further Personal Information from the use of advertising material; in particular, We cannot identify Users on the basis of this information.
- Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the Personal Information which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.
- Legal basis: consent.
2.10 Google Ads Remarketing
- We use the remarketing function within the Google Ads service. The remarketing function allows Us to present to Users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites). For this purpose, the interaction of Users on our website is analyzed, e.g. which offers the User was interested in, in order to be able to display targeted advertising to Users even after visiting our website on other pages. To do this, Google stores cookies in the browsers of Users who visit certain Google services or websites in the Google Display Network. This cookie is used to record the visits of these Users. The number is used to uniquely identify a web browser on a particular device. Used Cookies: Type C. For further information, see Section „Cookie Overview“.
- For more information on the purpose and scope of Personal Information collection and processing by Google, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: https://www.google.com/intl/en/policies/privacy.
- Legal basis: consent.
2.11 Facebook Custom Audiences (Facebook Pixel)
- This website uses the so-called "Facebook Pixel" of the social network "Facebook" for the following purposes:
- Facebook (website) Custom Audiences
We use the Facebook pixel for remarketing purposes to be able to contact you again within 180 days. This allows Us to display interest-based advertisements ("Facebook Ads") to Users of the website when they visit the social network "Facebook" or other websites also using this tool. In this way, We pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you. - Facebook conversion
We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of Users and are not annoying. With the help of the Facebook Pixel, We can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether Users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
- Facebook (website) Custom Audiences
- Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies requiring your consent. Through the integration of the Facebook pixel, Facebook receives the information that you have called up the corresponding website of our internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.
- The processing of this Personal Information by Facebook takes place within the framework of Facebook's data policy. Special information and details about the Facebook pixel and its functionality can also be found in the Facebook help area.
For further information, see Section “Cookie Overview“. - We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for the collection and transfer of Personal Information in this process. This applies to the following purposes:
- The creation of individualized or suitable ads, as well as for their optimization.
- Delivery of commercial and transaction-related messages (e.g. via Messenger).
The following processes are therefore not covered by joint controllership:
- The process that takes place after the collection and transmission is within the sole responsibility of Facebook.
- The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility.
- The contact details of the Controller and the data protection officer of Facebook can be found here: https://www.facebook.com/about/privacy.
- We have agreed with Facebook that Facebook can be used as a contact point for the exercise of data subject rights. Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited.
- Further information on how Facebook processes Personal Information, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy.
- Information on the data security conditions can be found here: https://www.facebook.com/legal/terms/data_security_terms.
- Legal basis: consent.
2.12 Triptease.io
- We use the Triptease service to analyse User behaviour. The operating company in Europe is Triptease Ltd, WeWork Bishopsgate, 15 Bishopsgate, London.
- We may share a limited amount of your information (such as room search, email address and name if you provide it) with the Triptease Group (“Triptease”) and use Triptease to collect Personal Information for analysis purposes when you visit our website to book a stay with us.
- As our shared data controller, Triptease analyses your use of our website and tracks it through cookies and similar technologies so that We can improve our service.
- Further information on Triptease’s data protection declaration can be found at https://www.triptease.com/privacy-policy/. Further information on the use of cookies by Triptease can be found at https://www.triptease.com/cookie-policy/.
- Legal basis: consent.
2.13 SynXis Booking Engine
- We use the SynXis booking engine to facilitate individual room bookings. The operating company is Sabre GLBL Inc, 3150 Sabre Drive, Southlake, TX 76092 USA.
- Upon booking, you will be automatically redirected to Sabre’s URL at be.synxis.com.
- Sabre may process your information according to its own privacy policy and as necessary to complete your booking.
- Further information on Sabre’s processing of your information can be found at https://www.sabre.com/about/privacy/.
- Legal basis: consent and performance of a contract.
2.14 SevenRooms Restaurant Reservation System
- We use the Sevenrooms restaurant reservation system to facilitate individual restaurant bookings. The operating company is Sevenrooms Inc, 228 Park Avenue South PMB 33706 New York NY 10003, USA.
- Upon booking, you will be automatically redirected to Sevenrooms’s URL at sevenrooms.com.
- Sevenrooms may process your information according to its own privacy policy and as necessary to complete your booking.
- Further information on Sevenrooms’s processing of your information can be found at https://sevenrooms.com/en/privacy-policy/.
- Legal basis: consent and performance of a contract.
2.15 Book4Time Spa Management Software
- We use the Book4Time spa management software to facilitate individual spa bookings. The operating company is Book4Time Inc, 306 Town Centre Blvd. Suite 400, Markham, ON L3R 0Y6 Canada.
- Upon booking, you will be automatically redirected to Book4Time’s URL at ap.spatime.com.
- >Book4Time may process your information according to its own privacy policy and as necessary to complete your booking.
- >Further information on Book4Time’s processing of your information can be found at https://book4time.com/privacy-policy/.
- Legal basis: consent and performance of a contract.
2.16 Links to other websites
- While using some of our services (e.g. in section ‘Discovery’ / ‘Sign up for Capella DISCOVERY loyalty programme‘ or in section ‘Book your Stay‘) you will be automatically redirected to other websites.
- Please note that this General Policy is not valid there. The privacy policy of the linked website may differ significantly from this one.
- This General Policy applies only to any information We collect and does not apply to any of your Personal Information that any third party collects during the process of providing a service to you. We do not take any responsibility for the use of Personal Information by any third party to whom you provide the information directly.
3. Cookie Policy
3.1 General Information
- When you interact with Us on our websites, We automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique User including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
- Cookies are small text files stored in your computer or other electronic devices which allow Us to remember you. The cookies placed by our server are readable only by us. Cookies are not programs and therefore cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then We do not gather any information on that visitor.
3.2 Cookie Overview
- We use the following categories of cookies for the following purposes:
- Necessary cookies: To ensure our websites function properly, We use these cookies to enable you to move around the website and to use its features. You do not need to consent for the use of strictly necessary cookies. These cookies usually expire when you end your browsing session or shortly afterwards.
- Functionality cookies: These cookies allow Us to remember choices you make (such as your language or your log in details when you return on restricted areas of our Website) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. The information these cookies collect cannot track your browsing activity on other websites.
- Performance cookies: To analyse and improve your browsing experience, We use these cookies, such as Google Analytics cookies, to analyse usage of the website and interaction with our content and communication, as well as enable Us to measure and improve performance.
- Advertising cookies: To show adverts that are relevant to your interests, third parties serve ads on our behalf through cookies to assist with selecting the ads that are displayed to you and ensuring that you do not see the same ads repeatedly. These cookies are used only with your consent.
3.3 Cookie Management Options
- You may accept or reject cookies (apart from necessary cookies, which are always required and are not subject to your consent). You can manage your cookie preferences and provide or withdraw your consent at any time through our Cookie Consent Management Platform, available at our webpage.
- Please bear in mind that if you restrict or disable cookies, this can limit functionality and prevent our websites from working properly.
- You may object to the use of cookies that are used for measuring the range of coverage and promotional purposes via:
- Deactivation page of the Network Advertising Initiative: http://optout.networkadvertising.org/;
- The US-American website: http://www.aboutads.info/choices; or
- The European website http://www.youronlinechoices.com/uk/your-ad-choices/.
4. Changes To The General Privacy Policy
- We reserve the right to change this Data General Policy with regards to data processing, in order to adapt it to changed legal situations, to changes of the Online Service, or of the data processing procedure.
- If a User’s consent is required or if elements of the Data General Policy contain provisions regarding the contractual relationship with the User, the changes will only be made with the consent of the User.
- Users are requested to keep themselves informed about the content of this General Policy on a regular basis.