Privacy policy

Privacy policy

Effective date: April 2018

These data protection provisions apply to, and, owned and managed by Hotel Galleria. These data protection provisions determine how we collect and use personal data that you provide on our website (, and It also explains the options available to you regarding the use of your personal data and how you can access and update this information.

Data collection

The personal information we collect includes:

Your first name, last name, email address, telephone number and address;
Credit card details (type of credit card, credit card number, cardholder name, expiration date and security code);
Information about the guest’s stay, including arrival and departure dates, special requests, service requests (including room requirements, amenities or other services used);
Information you provide about your marketing preferences or when you participate in surveys, contests and promotional offers;
You can always choose which and whether you want to share personal data with us. If you do not want to share certain data with us, then certain transactions with us could be affected.

Data We Collect Automatically

When you use our website, we also automatically collect information and some of it is personal data. This includes data such as the language settings, IP address, location, device settings, device operating system, access times, queried URLs, status, information on the browser, operating system, result of the visit (visitor or booker), browser history, previous bookings, user number of the booker, type of data viewed. We can also automatically collect data via cookies. Information on how we use cookies can be found here.

Purposes of processing

We use your data for the following purposes:

A. Bookings: We use your personal data to complete and manage your online bookings.
B. Customer Service: We use your personal information to provide customer service.
C. Guest Reviews: We could use your contact details to invite you via email to write a review after your stay. This will help other travelers choose the accommodation that suits them best. If you send a guest review, then these reviews could be published on our website.
D. Marketing activities: We also use your data for marketing activities, insofar as this is permitted by law. We use your personal data for direct marketing purposes, such as sending you commercial newsletters and marketing communications about new products and services or other offers that we think will be of interest to you. We are including a link in this newsletter by means of which you can unsubscribe from receiving these news.
E. Other communications: On certain occasions, we may contact you by email, post, telephone or text message, depending on the contact details you share with us. There can be a number of reasons for this:
a. When we respond to or process an inquiry you have sent us.
b. If you have not yet completed your booking online, we could send you a reminder. We believe this additional service will be useful for you as it allows you to complete a booking without having to search for the accommodation again or re-enter the booking details.
c. If you use our service, we could send you a survey or invite you to leave a review about your experience with our website. We believe that you will find this additional service useful and that we can improve our website based on your feedback.
F. Analysis, Improvements and Research: We use personal data for research and analysis purposes. We can involve third parties who carry out these activities for us. We can share or disclose the results of this research in an anonymous and summarized form, including to third parties. We use personal data for analysis purposes, to improve our services and to improve the functionality and quality of our travel service.
G. Security, Fraud Detection and Prevention: We use information, which may include personal data, to prevent fraud and other illegal or other infringing activities. We use this information to investigate and determine cases of fraud. We can use personal data for risk assessment and security purposes, including user authentication. For these purposes, personal data may be shared with third parties, such as, to the extent permitted by law, with law enforcement authorities and with external consultants.
H. Legal regulations and compliance: In certain cases, we must use the data provided, which may also include personal data, to process and resolve legal complaints or legal disputes, as well as for regulatory investigations and compliance purposes in order to enforce contractual claims and to answer inquiries from law enforcement authorities to comply with, as far as this is required by law.
If we do automated processing of personal data that has a legal or generally serious influence on you, then we apply appropriate security measures to protect your rights and freedoms, including the right of human intervention.

Legal basis

With regard to points A and B, we assume the effect of a contract: The use of your personal data may be necessary in order to fulfill the contract that you have concluded with us. For example, if you use our services to make an online booking, we will use your data to fulfill our obligation to complete and manage your booking in accordance with the contract between us.
With regard to the purposes of the points CH, we assume legitimate interests: We use your data to pursue our legitimate interests, for example to show you the most suitable content on our website, our e-mails and newsletters to to advertise our products, services and the offer on our website as well as for administrative purposes, for fraud prevention and for legal purposes. When we use personal data for our legitimate interests, we always weigh your interests and your rights to the protection of your data against our rights and interests.
With regard to the purpose of H, we assume our obligation to comply with applicable laws, where applicable.
• To the extent required by applicable law, we will obtain consent before we use your personal data for direct marketing purposes.
If we are obliged to do so under the applicable law, we will ask for your consent. You can revoke your consent at any time by contacting us at any of the addresses under this privacy policy.

If you want to object to the processing described under points C – F and there is no method available to log out directly (for example in the account settings), please contact

Third-party providers: We use service providers to process your personal data exclusively for us. This processing pursues the purposes described in these data protection regulations, for example to enable booking payments, to send marketing materials or to provide analytical support services. These service providers are bound by confidentiality clauses and have no permission to use your personal data for their own or any other purposes.
Responsible Authorities: We disclose personal information to law enforcement or government agencies to the extent required by law or strictly necessary to prevent, detect or prosecute criminal activity and fraud.

International data transfers

The transfer of personal data as described in these data protection regulations can include the transfer of the data to countries in which the data protection laws are not as comprehensive as in the countries of the European Union. European legislation obliges us to only send personal data to recipients who can offer adequate data protection. In these situations, we contractually oblige the recipients to ensure that your personal data is still protected in accordance with European standards. You can request a copy of the relevant contractual clauses from us using the contact details below.


We use appropriate operational systems and procedures to secure and protect this information. We also use security procedures and technical and physical access restrictions and store personal data on our servers. Only authorized employees have access to personal data in the course of their work.

Data storage

We store your information, which may include personal data, for as long as we believe it is necessary to provide our service to you, to comply with applicable laws, to resolve legal disputes with any party and for as long as necessary to maintain our business operations. Also for as long as necessary to detect and prevent fraud and other illegal activities. All personal data stored by us are the subject of these data protection provisions. If you have any questions about specific retention periods or the types of data we process about you, please contact us using the contact details below.

Your options and rights

We want you to have control over how we use your personal data. You can exercise this control in the following ways:

You can ask us for a copy of the personal data we hold about you;
You can notify us of any change to your personal information or you can ask us to correct any personal information we hold about you;
In certain cases you can ask us to delete the personal data we have stored about you or to block their processing or to object to certain ways in which we use your personal data;
In certain cases you can ask us to send your personal data to a third party.
Where we use your personal data on the basis of your consent, you can revoke this consent at any time in accordance with the applicable laws. In addition, you can object to the processing of your personal data at all points in accordance with the applicable laws at any time where this processing takes place on the basis of a legitimate interest or on the basis of the public interest.

We rely on your personal information to be complete, accurate and correct. Please inform us immediately about changes or inaccuracies in your personal data by contacting us using the following contact details: We process your request in accordance with applicable laws.

Questions or complaints

If you have any questions about the processing of your personal data or if you would like to invoke one of the rights of this notification, please contact us at You can also contact your local data protection officer with any questions or complaints.

Changes to the notice

Just as business processes are constantly changing, so will this privacy policy change from time to time. If you would like to track these changes, we invite you to check this data protection statement from time to time to see whether anything has changed. If we make changes that have a fundamental impact on you (e.g. if we start using personal information for purposes other than those stated above), we will contact you before we start this processing.