Data protection declaration for the SUITEe app 

Privacy Policy Information

Preamble

This service (hereinafter “app”) is provided by the

SUITEe Spectrum GmbH

Karlsplatz 3
80333 Munich

Germany

Email: dataprivacy@suite-e.com

(hereinafter referred to as “we” or “us”) as the person responsible within the meaning of the applicable data protection law.

As part of the app, we enable you to call up and display the following information: You can choose from our hotel offer and book overnight stays. You can view rooms freely. For the locations, we give a description and recommendations for the area. You can register for your stay before arrival and go straight to your room and open the door via your app. You can also control the ambiance in your room via the app. Our chat will answer your questions at any time. After the end of your stay, you will see an overview of your past bookings. When you use the app, we process personal data about you. Personal data is understood to mean all information that relates to an identified or identifiable natural person. Because the protection of your privacy when using the app is important to us, we would like to inform you with the following information about which personal data we process when you use the app and how we handle this data. In addition, we will inform you about the legal basis for the processing of your data and, insofar as the processing is necessary to safeguard our legitimate interests, also about our legitimate interests.

You can call up this data protection declaration at any time under the menu item “Data protection guidelines” within the app.

1. Information on the processing of your data

Certain information is processed automatically as soon as you use the app. We have listed which personal data are processed for you below:

1.1   Information that is collected during the download

When downloading the app, certain required information is transmitted to the app store selected by you (Google Play or Apple App Store), in particular the username, the email address, the customer number of your account, the time of the download, payment information as well as the individual device identification number may be processed. The processing of this data is carried out exclusively by the Google Play or Apple App Store and is beyond our control.

1.2   Information that is collected automatically

As part of your use of the App, we automatically collect certain data that is required to use the App. These include: [internal device ID, version of your operating system, time of access].

This data is automatically transmitted to us, but not stored, (1) to provide you with the Service and related features; (2) to improve the functions and performance features of the App; and (3) to prevent and remedy misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 (1) lit. b) DSGVO for the use of the App, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service that is in line with the market and interests, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f) DSGVO

1.3   Creation of a user account (registration) and registration

When you create a user account or register, we use your access data ([email address, telephone number and password]) to grant you access to and manage your user account (“mandatory data”). Mandatory data within the scope of registration are marked with an asterisk and are required for the conclusion of the user contract. If you do not provide this data, you will not be able to create a user account.

We use the mandatory data to authenticate you when you log in and to follow up on requests to reset your password. We process and use the data you provide during registration or a login to (1) verify your eligibility to manage the User Account; (2) enforce the App’s Terms of Use and any related rights and obligations; and (3) contact you to send you technical or legal notices, updates, security messages, or other communications, such as those related to managing the User Account.

This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you as a data subject and us pursuant to Art. 6 (1) lit. b) DSGVO for the use of the App, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f) DSGVO.

1.4     Use of the app

Within the app you can enter, manage and edit various information, tasks and activities. This information includes, in particular, data about searching for accommodation, booking rooms, electronically filling out the registration form, unlocking the room, setting the room ambience, communicating with a chatbot as a concierge, leaving comments.

The completion of a booking cannot be done without additional data – in order to use our service, we ask you for certain basic information such as your name, contact details and payment information. This information is used to manage and service your travel bookings online.

Our goal is to make your stay as stress-free and digital as possible. For this reason, filling out the registration form and checking ID at the hotel reception is no longer necessary and is conveniently done in the app. In order to comply with the legal requirements, you must upload the photo from your ID and a self-photo. These will be processed and stored by us in compliance with DSGVO, taking into account the legal deadlines.

The app also requires the following authorizations:

–        Internet access: This is needed to save your entries on our servers and to connect to the devices in the room.

–        Camera access: This is needed so that you can take photos of your documents and store them in the app and on our servers.

–        Files and Media: This is required as an alternative to the camera so that you can upload photos of your documents in the app and store them on our servers.

–        Location: You can voluntarily enter your location so that you are shown the suitable offers in your area.     

The processing and use of usage data is carried out for the provision of the service. This data processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 (1) lit. b) DSGVO for the use of the app.

2. Disclosure and transfer of data

In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, among other things, if the processing is necessary to protect the vital interests of the user or another natural person.

2.1     The data provided by you during registration will be passed on within our group of companies E. M. Group Holding AG for internal administrative purposes, including joint customer support, to the extent necessary.

          Any disclosure of personal data is justified by the fact that we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) DSGVO do not override.

2.2     If it is necessary to clarify illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.

          Any disclosure of personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) DSGVO in conjunction with. national legal requirements to disclose data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) DSGVO do not override.

2.3.    We rely on contractually affiliated companies of E. M. Group Holding AG, Hettlinger Straße 9, 86637 Wertingen, Germany, as well as the following third-party companies and external service providers to provide our service (corresponding contracts have been concluded with the providers pursuant to Art. 28 DSGVO):

          Any disclosure of personal data is justified by the fact that (1) we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) DSGVO do not override and (2) we have carefully selected our third-party companies and external service providers as processors within the scope of Art. 28 (1) DSGVO, regularly reviewed them and contractually obligated them to process all personal data exclusively in accordance with our instructions.

2.4     As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

          Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) DSGVO do not override.

2.5     We have involved the following service providers – with all of whom we have concluded a contract for commissioned processing pursuant to Art. 28 DSGVO – for the processing of data:

Hosting

DigitalOcean provides the hosting service for the app backend and app admin panel. The servers used are located in Frankfurt. For this purpose, the following data is processed according to Art. 6 para. 1 lit.f DSGVO:

App user registration data
Booking information – name, face photo, ID photo, address, email, phone number

IoT Platform

For this purpose, we use the technology of Tuya GmbH. This platform ensures interactions with and between all smart devices in the rooms. We only read out when which devices were used. A direct personal reference through the devices is not possible.

3. Data transfers to third countries

We also process data in countries outside the European Economic Area (“EEA”). This concerns in detail:

Hyperlink Infosystem Pvt. Ltd, India.

In order to ensure the protection of the personal rights of users also in the context of these data transfers, we make use of the standard contractual clauses of the EU Commission pursuant to Art. 46 (2) c) DSGVO when structuring the contractual relationships with the recipients Hyperlink Infosystem Pvt. Ltd. in third countries. You can also request these documents from us using the contact options below.

4. Changes in purpose

Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes before further processing and provide you with all other relevant information.

5. Period of data storage

We delete or anonymize your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app plus a period of 3 months, during which we keep backup copies after deletion, unless this data is needed longer for criminal prosecution or to secure, assert or enforce legal claims.

Specific statements in this privacy policy or legal requirements for the retention and deletion of personal data, in particular those that we must retain for tax law reasons, remain unaffected

.

6. Your rights as an affected party

6.1     Right to information

You have the right to request information from us at any time about the personal data relating to you processed by us within the scope of Art. 15 GDPR. To do this, you can submit an application by post or email to the address given below.

6.2     Right to correct incorrect data

You have the right to request us to correct your personal data without delay if it is incorrect. To do this, please use the contact addresses given below..

6.3     Right to deletion

You have the right to request that we delete the personal data concerning you under the conditions described in Art. 17 DSGVO. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see Section 5 of this Privacy Policy. To exercise your right to erasure, please contact us at the contact addresses below.

6.4     Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the correctness of the personal data is disputed between the user and us, for the period that requires checking the correctness, as well as in the event that the user requests restricted processing instead of deletion with an existing right to deletion; also in the event that the data is no longer required for the purposes we are pursuing, but the user needs it to assert, exercise or defend legal claims and if the successful exercise of an objection between us and the user is still controversial. In order to exercise your right to restriction of processing, please use the contact addresses given below.

6.5     Right to data portability

You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 DSGVO. To exercise your right to data portability, please contact us at the contact addresses below.

7. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) DSGVO, in accordance with Article 21 DSGVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

8. Contact

If you have any questions or comments about how we handle your personal data, or if you would like to exercise the rights listed under items 6 and 7 as a data subject, please contact us at: dataprivacy@suite-e.com.

10. Changes to this data protection declaration

We always keep this data protection declaration up to date. We, therefore, reserve the right to change it from time to time and to update changes in the collection, processing or use of your data. The current version of the data protection declaration can always be accessed under “Profile / ABOUT US / Data protection guidelines” within the app.

Stand: 16.02.2022