a hotel of the Nana GmbH

Privacy Policy

[As of December 1, 2024]

With this information, the responsible body named in section 1 (“we”) informs the user of the website (‘you’ or “user”) about the collection and processing of personal data in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR). At the same time, we inform you when we store information in the terminal equipment you use when accessing our websites or when we access information already stored in your terminal equipment.

The use of websites of other providers, which are referred to via links, for example, is subject to the data protection information provided there.

A General information

1 Responsible party and data protection officer

1.1 The responsible data processor for this website is:

Nana GmbH
represented by Sakura Wienand
Am Gottesacker 70
44143 Dortmund
ds(at)nana-do.de

1.2 You can contact the data protection officer by email at ds{at}nana-do.de or via the address in section 1.1, adding “For the attention of the data protection officer” to the address.

1.3 Our website is hosted by ALL-INKL.COM (www.all-inkl.com), i.e., it is technically provided on the web servers of this web host. The web host is a processor commissioned by us in accordance with Art. 28 GDPR.

2 Rights of data subjects

If we collect personal data from you, you have the following rights as a “data subject”:

2.1 Right to information

You can request information in accordance with Art. 15 GDPR about your personal data that we process.

2.2 Right to object

You have the right to object on the specific grounds set out in Art. 21 (1) GDPR. We will inform you about this separately from this information under “B.”

2.3 Right to rectification

If the information concerning you is no longer accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

2.4 Right to erasure

You may request the erasure of your personal data under the conditions set out in Art. 17 GDPR.

2.5 Right to restriction of processing

In the cases set out in Art. 18 GDPR, you have the right to request a restriction on the processing of your personal data (“blocking”).

2.6 Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right under Art. 77 (1) GDPR to lodge a complaint with a data protection supervisory authority of your choice.

2.7 Right to data portability

If you have provided us with personal data in accordance with Art. 20 (1) GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a structured, commonly used, and machine-readable format. The collection of data for the provision of the website and the storage of log files (see section 3.1 below) are essential for the operation of the website. They are therefore not based on consent pursuant to Art. 6 (1) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, but are justified pursuant to Art. 6 (1) (f) GDPR. The requirements of Art. 20 (1) GDPR are therefore not met in this respect.

3 Procedure: Provision of the website and creation of log files

3.1 What data is processed and for what purpose?

Each time the website content is accessed, the web server of our web host, where our website is stored, temporarily collects and stores information (data) from the Internet browser of the accessing computer or end device of the user. This data may enable the user to be identified and is therefore personal data.

3.1.1 The following data is collected and stored by our web host:

The user's IP address,

The date and time the website was accessed,

The protocol, e.g., HTTP,

The request method “Get” or “Post,”

Content of the request or specification of the file accessed that was transmitted to the user,

Access status (successful transmission, error, etc.),

The amount of data transferred in bytes,

Incoming and outgoing data traffic (“traffic”),

A process identification number (“process ID”),

the time it took for the web server to respond to the user's request,

the website from which the user accessed the site,

the browser used by the user, the operating system, the interface, the browser language, and the browser software version.

3.1.2 The temporary storage of this user data is necessary for the duration of a website visit in order to enable the website to be delivered. For this purpose, the user's IP address must necessarily remain stored for the duration of the session (i.e., the website visit).

3.1.3 The IP address and the data listed above are stored in log files beyond this purpose. This is done so that our web host can ensure the functionality of the website and the security of the information technology systems.

3.2 On what legal basis is this data processed? The data from section 3.1 is collected and processed by our web host for the aforementioned temporary storage purpose and also for the further storage purpose in accordance with Art. 6 (1) (f) GDPR. This purpose also constitutes the legitimate interest in data processing. This legitimate interest is the interest of our web host, but also our legitimate interest in a functional website.

3.3 Are there other recipients of the aforementioned data besides the controller? As our processor, our web host has technical access to the data mentioned in 3.1.

3.4 How long is the data stored? The data from 3.1.1 will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for a maximum of 7 days, unless a security incident requires longer storage. [Design note: Here you must describe a different individual handling on your part, deviating from the standard text.

3.5 Is there an obligation to provide data? You must provide the data from 3.1 to our web host. Otherwise, you will not be able to use our website technically and our web host cannot guarantee secure technical operation.

4 Data processing procedures

4.1 Data and information processing requiring consent

Insofar as we may only collect and process personal data with your consent, we will inform you of this in our consent banner in the context of the consent dialogue.

4.2 Use of email address and contact form data based on legitimate interests

4.2.1 What data is processed for what purpose?

If we provide you with an email address and a contact form with input fields, this is for the purpose of enabling you to contact us. If you send us personal data, we will store it and process it for the purpose of contacting you. [Design note: If you design your contact form for other purposes, you must modify the standard text and also provide information about these purposes. For example, if you also forward the personal data entered and transmitted to you for third-party advertising purposes.

4.2.2 On what legal basis is this data processed?

The data from section 4.2.1 is processed on the basis of Art. 6 (1) (f) GDPR (legitimate interest on our part as the responsible body). If your request is aimed at concluding a contract, then Art. 6 (1) (b) GDPR is an additional legal basis (initiation, conclusion, and performance of a contract).

4.2.3 Are there other recipients of the aforementioned data besides the controller?

As our processor, our web host has technical access to the data specified in 4.2.1.


4.2.4 How long is the data stored?

The data referred to in 4.2.1 will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent to us by email or via the contact form, this is the case when the respective correspondence with the user has ended and storage is not necessary for other reasons. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5 Processing of information from your end devices

5.1 If we wish to store information on the end device you use when visiting our websites and/or access information already stored on your end device, we will ask for your consent on the basis of clear and comprehensive information. This is done via a consent banner used by us. We will obtain the necessary consent before accessing your information. You can revoke your consent at any time. However, your consent is not required for certain purposes specified by law, in which case we will not ask for it. On the one hand, consent is not required if the sole purpose of storing information in the end user's terminal equipment or the sole purpose of accessing information already stored in the end user's terminal equipment is to carry out the transmission of a message via a public telecommunications network. On the other hand, consent to the use of your terminal equipment is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for us, as a provider of a telemedia service, to be able to provide a telemedia service expressly requested by the user.

5.2 Such access to terminal equipment is possible via certain technologies. The best-known technology involves cookies. Cookies are objects that can be stored in the Internet browser or by the Internet browser on the user's terminal equipment. When a user visits a website, the server of the website operator or a third party can read the cookie stored there via the user's operating system and thus access the information stored therein. A cookie may or may not contain a characteristic string of characters that enables the user's browser to be uniquely identified when the website is visited again.

5.3 Removal option: The user can prevent or restrict the installation of cookies by adjusting their browser settings accordingly. Cookies that have already been stored can also be deleted by the user at any time via their browser. The settings for this depend on the respective browser. However, if the user prevents or restricts the installation of cookies, this may mean that not all functions of the website can be used to their full extent. What applies to cookies also applies to other technologies that use the user's device.

5.4 Cookies and similar technologies requiring consent: Our consent banner on the website provides information about cookies and similar technologies that require consent.

5.5 Cookies and similar technologies that do not require consent: We have documented internally that consent is not required for cookies and similar technologies that do not require consent in accordance with Section 25 (2) TTDSG.

6 Consent banner

6.1 In order to obtain your legally required consent for certain services or functions, or to comply with your revocation of consent, a consent banner will be displayed to you. Your consent or non-consent relates to our use of your device (computer, laptop, smartphone, tablet) through cookies or similar technologies, which allow information to be stored on or read from your device. Your consent may also be required for the processing of personal data by us or third parties in accordance with Art. 6 (1) sentence 1 letter a GDPR, which is associated with your use of our websites. In certain cases, the law allows us to use your device without your consent and/or to subsequently process your personal data without your consent.

6.2 The consent banner informs you about all services or functions that require your consent before we use the service or function. The consent banner consists of an overview of all processing operations requiring consent and describes the details in each case so that you, as a user, can assess the meaning and scope of your consent. You can consent to each process by activating a button/click area or reject it by deactivating it. There are three options for making a decision:

- Selecting “Make selection and save” means that the user's decision is saved as they have made it by selecting the buttons/click areas. All services and functions requiring consent that the user agrees to are active and can be used. Services and functions that cannot be used without consent are not integrated into the website.

- Selecting “Reject all and save” means that this decision is not saved. The user's decision is therefore that they do not consent to anything that requires their consent, with the result that all services and functions requiring consent do not work for this user. The banner is hidden.

- Selecting “Accept all and save” means that all services and functions requiring consent are “active.” This means that you have given your consent in accordance with the GDPR and also agree to the use of end devices. The banner is then hidden.

In the course of their further use of the websites, users can actively cause the consent banner to be displayed by revoking their consent or by providing consent that was not initially required. To do this, they click on the “Consent settings” link. The consent banner reappears.

Your consent can therefore be revoked at any time with effect for the future. A subsequent revocation no longer affects the legality of the access or storage of information that took place up to the point of revocation.

6.3 All three of the user's decisions mentioned above (“Make selection and save,” “Reject all and save,” or “Accept all and save”) are stored in the so-called “local storage” on the user's device via the browser of the user's device. The storage there is permanent. The information is stored in the “wbkConsent” object. This technology is not a cookie in the true sense of the word. The information in “wbkConsent” is also not personally identifiable, i.e., the user is not recognized when they visit the WBK user's website again. The consent selection decision is not stored on our server. This use of the user's device is consent-free in accordance with Section 25 (2) No. 2 TTDSG (user request).

7 Technical measures

7.1 SSL/TSL

For security reasons and to protect the transmission of confidential content, for example, via requests that you send to us as the site operator, our web pages are equipped with active SSL or TLS encryption. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and a lock symbol is visible in the browser line. As a result of this encryption, data that you transmit to us cannot be read by third parties.

7.2 End-to-end communication

If you contact us using one of the email addresses provided on our websites, the content of the email is not end-to-end encrypted when it is sent to us. This means that although the emails are usually encrypted during transmission via the email providers involved, they are stored unencrypted on their servers. Contacting us via the contact form provided is therefore technically secure communication.

7.3 Video integration

If you can view videos on our websites that are marked as external links to third-party websites, this is done exclusively via the technology of linking to the respective referenced website or to a third-party video portal. These videos are stored there under the data protection responsibility of the respective third-party provider. The respective linked website or video portal is therefore not directly embedded in our websites. This ensures that user information is not transmitted to the portal when the website on which the video is integrated is loaded. It also ensures that cookies or similar technologies for tracking user activities on the portals or the advertising partners of these portals cannot be set on your device via the mere link. Only after you consciously click on the video preview image is a connection to the third-party provider's portal established and the associated data processing triggered. However, this and the possible processing of your user data on the linked portal is then done exclusively at your request to view the video there. The data processing triggered by this is beyond our control and is the responsibility of these third-party providers, who provide more or less detailed information about their data processing. If you do not agree to the data processing by the third-party provider, please do not click on the video preview image.

B Special information

Special right to object pursuant to Art. 21 (1) GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(f) GDPR (processing to safeguard our legitimate interests or those of a third party) in accordance with Art. 21(1) GDPR. You can send your objection to the address in section 1.1.

We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

In the event of your objection, you must explain your possible interests (your “special situation”) to us in detail so that we can reassess the balance of interests. If our interests in further storage do not prevail, the personal data stored in the course of establishing contact will be deleted. If they still prevail, we will continue to process the data.