Skip to main content

Data security

Introduction

Welcome to the MUZE Hotels privacy policy.
MUZE Hotels (as further explained below) respects your privacy and is committed to protecting your personal data. This Privacy Policy informs you about how we collect and process your personal data. This includes when you or someone on your behalf makes a booking, requests information from us, contacts us (or we contact you), uses our website(s)/app(s), uses links from our website(s)/app(s), contacts us via social media, our contact center or hotels, or when we otherwise contact you (regardless of your location). You will also learn about your data protection rights and how the law protects you.
This privacy policy is provided in a multi-layered format so that you can click through to the sections listed below.

1. IMPORTANT INFORMATION AND WHO WE ARE

PURPOSE OF THIS PRIVACY POLICY
This privacy policy is intended to inform you about how MUZE Hotels collects and processes your personal data in the context of our business relationship with you, including the provision of accommodation and other services to you, including data that you may provide through our website.
This privacy policy supplements our other special notices and is not intended to override them.

DATA PROTECTION RESPONSIBLE PARTY

MUZE Hotels consists of various hotels and legal entities managed by BrownHouse Management GmbH, Ellerstraße 138, 40227 Düsseldorf, Germany; email address: This email address is being protected from spambots. You need JavaScript enabled to view it.; ("MUZE Management"), as well as hotels operated by its subsidiaries and other companies within Europe (together "MUZE Hotels" or "MUZE Hotels Group").
MUZE Hotels operates this website and is responsible for the processing of personal data.
When you book a hotel (via this website or otherwise) within the MUZE Hotels Group or use other services, the MUZE Hotels Group company that operates that hotel and provides the services processes your data jointly with MUZE Management. Appendix 1 to this Privacy Policy lists all MUZE Hotels and all companies within the MUZE Hotels Group to clarify which company processes the data relating to your booking and other services you receive from that company. When we refer to "MUZE Hotels," "we," "us," or "our" in this Privacy Policy, we are referring to the relevant MUZE Hotels Group company together with MUZE Management. Section 9 below (Your Legal Rights) explains our joint data control in more detail and how you can exercise your rights with respect to the MUZE Hotels Group.
MUZE Management has appointed a Data Protection Officer (DPO) who is responsible for overseeing matters relating to this Privacy Policy and the processing of your data by Muze Hotels. If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact the DPO using the contact details provided below.

CONTACT INFORMATION

You can reach our Data Protection Officer (DPO) at:
This email address is being protected from spambots. You need JavaScript enabled to view it.
Postal address: BrownHouse Management GmbH, Ellerstraße 138, 40227 Düsseldorf, Germany
You have the right to lodge a complaint with the data protection authority responsible for us at any time. However, we would appreciate the opportunity to address your concerns before you contact the authority – so please contact us or our Data Protection Officer first.

2. THE DATA WE COLLECT ABOUT YOU

Personal data or personal information is any information about a person that can be used to identify that person.
Wir können verschiedene Arten von personenbezogenen Daten über Sie erheben, verwenden, speichern und übermitteln, die wir wie folgt zusammengefasst haben:
  • Contact details
    Contact details include billing address, private address, email address, as well as fax and telephone numbers.
  • Data on special needs
    This refers to data about health, disabilities, and religious or dietary requirements when you inform us of your special needs and thus provide us with relevant information.
  • Booking and transaction data
    This includes bank account or payment card details, payment information, the purpose of your stay, and other information related to your bookings, stays, and other services you have purchased from us. It also includes comments and survey responses you have provided regarding our services.
  • Technical data of your visit to this website
    These include your Internet Protocol (IP) address, login details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access this website.
  • Usage data
    This includes information about how you use our services or connect with us via social media and our website.
  • Special travel dates
    Specific travel data includes information about your recent stays/trips, Covid tests, and Covid symptoms, which may be required under federal or state laws related to the Corona pandemic.
We will not collect all of the above-mentioned data in every case, but only the data that is necessary for the respective purpose.
We generally process special categories of personal data (such as data revealing your religious beliefs, health needs, or disabilities) only if you have given your explicit consent and the processing is necessary to meet your needs during your stay with us or your other use of our facilities or services, or if required by law. However, we may need to process such information in the event of an accident, medical emergency, or other emergency during your stay or other use of our facilities.
We also process, to a limited extent, data about children for whom a stay in our hotels is booked (number, age and, where legally required, further data such as name, date of birth, place of birth).

IF YOU DO NOT PROVIDE PERSONAL DATA

If we are required to collect personal data due to legal regulations or a contract with you, and you do not provide this data upon request, we may not be able to fulfill the contract we have entered into or are attempting to enter into with you (e.g., to offer you accommodation or other services). In this case, we may have to cancel a booking or other service you have used with us, but we will inform you of this in due course.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We collect your data in various ways, but in particular through:

Direct interactions

You can provide us with your identity, contact, special travel details, and booking and transaction data by filling out forms (on paper, at the check-in kiosk, or in the web/mobile application) or by corresponding with us by mail, telephone, email, via our website, chatbot, social media, or otherwise. This includes personal data you provide when you:
  • Make a booking for one of our hotels, whether for overnight stays, day rooms, events or conferences;
  • check in at one of our hotels;
  • to attend an event or conference or otherwise use the facilities of one of our hotels;
  • to subscribe to our newsletter and/or other publications;
  • Request a brochure or other advertising or marketing materials to be sent to you;
  • to participate in a competition or respond to a promotional campaign
  • to participate in a survey; or
  • give us feedback; or
  • Book a service offered by one of our hotels (e.g., car rental).

Automated technologies or interactions

When you visit our website, interact with our chatbot, our online check-in applications, or via social media, we may automatically collect technical data about your devices, browsing activities, and patterns. We collect this personal data using cookies, emails, server logs, and similar technologies. Further details can be found here.

Travel agencies or other third parties acting on your behalf or on behalf of your employer

We may receive personal data about you if a booking is made for you by a travel agency, online portal, or other third party, which may be a family member or travel companion, a broker, or another intermediary acting on your behalf or, if you are traveling for business, on behalf of your employer or another third party. This includes, but is not limited to, tour operators, online travel agencies, global distribution systems, and reservation systems that process contact, booking, and transaction data.

HTML email web beacons

Our emails may contain a single, campaign-specific web beacon pixel to tell us whether the email has been opened and to track any clicks on links within the email. We may use this information, among other things, to determine which of our emails are more relevant to you and to ask users who don't open our emails if they still wish to receive them. The pixel is deleted when you delete the email. If you want to prevent the pixel from being downloaded to your device, select the option to receive emails from us in plain text format rather than HTML.

Other third parties and publicly accessible sources

We may obtain personal data about you from third parties and public sources, as detailed below:
  • Providers of web and social media analytics
  • Advertising networks
  • Providers of web interaction technology
  • Identity and contact data from publicly accessible sources such as commercial registers of EU member states
  • Feedback on various online portals and review sites

Monitoring

We may monitor and/or record the following: (a) transactions and activities at all points of contact and (b) web, social media and app traffic and activity.
This monitoring primarily serves to ensure that we carry out your instructions accurately. It is also used for training purposes, to improve our services, and to guarantee security and prevent fraud. To enhance the safety of our guests and customers and to prevent and detect crime, we use video surveillance in and around our premises. If you would like more information about the use of video surveillance, please contact us.

Business contacts

If you are a business contact of Muze Hotels, we receive your data when you interact with our website, from trade fair visits/workshops, personal meetings, correspondence with you by email and telephone, through contract negotiations and agreements.

4. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data if the law allows us to do so. We typically use your personal data under the following circumstances (each a "legal basis"):
  • Contract fulfillment
    If we need to provide the booked accommodation and services or otherwise fulfill the contract we have (or will have) concluded with you.
  • Consent
    If you give us your explicit consent.
  • Legitimate interests
    If it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Fulfillment of obligations
    If we have to comply with a legal or official obligation.
  • Vital interests
    In the event of an accident or a medical or other emergency, to protect your vital interests or those of another person, if you or the person are unable to give your consent.
For processing activities based on your consent (especially online advertising for you), you have the right to withdraw this consent at any time by contacting us.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We collect and process your personal data for, among other things, the following purposes:
  • To make a booking, including reserving accessible accommodation, to offer you accommodation and/or other services, to ensure the fulfillment of your specific health, disability-related, dietary, and religious needs, to manage your stay at the hotel and monitor your use of our services, to collect and/or reclaim payments, to offer you additional services related to your hotel booking (e.g., upgrades, online check-in), and to ask you for feedback about your stay at the hotel.
    Legal bases: Contractual performance, consent (to fulfill your specific health, disability-related, dietary, and religious needs), legitimate interest (to improve our services).
  • To handle problems, complaints, or disputes arising from our relationship with you, to prevent or detect crime, and to maintain our relationship with you. This includes, in particular:
    Notifying you of changes to our Terms and Conditions or Privacy Policy and requesting you to provide a review, participate in a survey, or enter a prize draw or competition to improve our service for you.
    Legal basis: Legitimate interest (to monitor and improve our services, to prevent crime and fraud, and to update our records).
  • For the administration and protection of our business, including our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting), to provide you with relevant website content and advertising, to measure or understand the effectiveness of the advertising we offer, and to make suggestions and recommendations about our services that may be of interest to you. Use of data analytics to improve our website, our services, our marketing, our customer relationships, and our customer experience.
    Legal basis: Consent (for the use of cookies and analytics); legitimate interest (for the development of our business and for marketing purposes).
  • In case of accidents, medical or other emergencies
    Legal basis: Vital interest.
  • To comply with legal regulations (e.g., retention of accounting records or registration cards, collection of special traveler data).
    Legal basis: Compliance with legal obligations.
  • To offer you additional services from the hotel or third parties in connection with your stay at the hotel (e.g., car rental, tickets for attractions, etc.)
    Legal basis: Legitimate interest (for the development of our business and for marketing purposes); consent.
No automated decision-making takes place using your personal data.

MARKETING/ADVERTISING OFFERS

We want to give you the opportunity to decide on the use of certain personal data, especially regarding our marketing and advertising activities.
If you have given us your consent, we may use your identity, contact, technical, usage, or other profile data to understand what we believe you want or need, or what might be of interest to you. This allows us to decide which services and offers might be relevant to you.
You can withdraw your consent and unsubscribe from our promotional communications at any time by following the unsubscribe links in each promotional message sent to you or by contacting us at any time.

Survey emails, offers for related services, informational emails

You can object to receiving emails asking you to participate in a survey, informing you about related services such as room upgrades or the possibility of checking in online, at any time by following the opt-out links in such a message or by contacting us at any time, without incurring any costs beyond the transmission costs according to the basic rates.

COOKIES

You can configure your browser to reject all or some browser cookies, or to warn you when websites use cookies. You can disable specific cookies in the cookie settings. If you disable or reject cookies, please note that some areas of this website may no longer be accessible or may not function correctly. For more information about the cookies we use, please see our Cookie Policy.

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we believe we need to use it for another purpose and this reason is compatible with the original purpose. If you would like an explanation from us as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for another purpose, we will inform you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent in accordance with the above rules if required or permitted by law.

5. SHARING OF YOUR PERSONAL DATA

We may need to share your personal data with the categories of people listed below for the purposes mentioned above:
  • Other companies in the MUZE Hotels Group
    based in the European Economic Area, who are involved in providing services to you, whether directly or by providing the underlying infrastructure services on our behalf and at our direction.
  • External third parties
    including:
  • Business partners, suppliers and subcontractors for the performance of contracts we conclude with them or you; this includes contractors who provide services to you in their own name, such as the third-party provider that offers Wi-Fi services, as well as our other business partners who act as data processors on our behalf and under our instructions (e.g. the providers of our IT and video surveillance infrastructure);
  • Companies that manage your booking at one of our hotels, e.g., the travel agency or tour operator that made the booking for you;
  • Analytics and search engine providers who help us improve and optimize our services and our website (as data processors acting on our behalf and at our direction);
  • Consultants, including lawyers, banks, auditors and insurers;
  • Tax and customs authorities, police authorities, registry offices, regulatory authorities and other authorities;
  • Bodies involved in credit assessment, fraud prevention, crime prevention/detection, risk assessment and management, and dispute resolution.
If these third parties are our data processors, we require them to maintain the security of your personal data and to process it in accordance with legal regulations. We do not allow our data processors to use your personal data for their own purposes, but only permit them to process your personal data for specific purposes and in accordance with our instructions. Some of the third parties mentioned above, such as the designated consultants, travel agencies, event organizers, and authorities, are data controllers who, like us, are subject to specific data protection obligations and explain in their own privacy policies how they handle personal data.

6. INTERNATIONAL DATA TRANSFER

We may share your personal data within the MUZE Hotels Group and, if your booking relates to a hotel listed in Appendix 1, with the respective hotel operator. All companies are currently based in the European Economic Area (EEA), (which the EU Commission has determined to provide an adequate level of data protection).
Although we do not actively seek to transfer personal data to countries outside the EEA, we work with some third-party providers who are based outside the EEA or process personal data outside the EEA. If these providers process your personal data, this constitutes a data transfer to countries outside the EEA. Whenever we transfer your data to countries outside the EEA, we ensure that an adequate level of protection for the personal data is guaranteed and, where appropriate, use the EU Standard Contractual Clauses to ensure this.

7. DATA SECURITY

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed without authorization, altered, or disclosed. Furthermore, we restrict access to your personal data to those employees, agents, contractors, and other third parties who need this data for business purposes. The data processors we engage will process your personal data only on our instructions and are bound by confidentiality agreements.
We have procedures in place to handle any suspected personal data breach and will notify you and the relevant supervisory authorities of any such breach if we are legally required to do so.

8. STORAGE OF YOUR DATA

HOW LONG WILL YOU RETAIN AND USE MY PERSONAL DATA?
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it. This includes, in particular, compliance with legal, accounting, or accountability obligations.
Under certain circumstances, you can ask us to delete your data.
Furthermore, under certain conditions, we may anonymize your personal data for research or statistical purposes (so that it can no longer be associated with you); we may use this anonymized data indefinitely without informing you separately.

9. YOUR RIGHTS

Under certain circumstances, you have rights regarding your personal data under data protection regulations. Please click on the links below to learn more about these rights:
  • Request access to your personal data.
  • Request correction of your personal data.
  • Request the deletion of your personal data.
  • Objection to the processing of your personal data.
  • Request restriction of the processing of your personal data.
  • Request the transfer of your personal data.
  • Right to withdraw consent.
If you wish to exercise any of the above rights, please contact us.
We may need to request certain information from you to confirm your identity and ensure your right to access your personal data (or exercise your other rights). This is a security measure to ensure that personal data is not disclosed to unauthorized third parties. We may contact you to request further information regarding your request in order to process it or expedite its processing.
We strive to respond to all inquiries within one month. Occasionally, processing your request may take longer than one month if it is particularly complex or if we have received a large number of requests. In this case, we will notify you and keep you updated.

YOUR RIGHTS IN DETAIL

You have the right:
  • You can submit a request to access your personal data (commonly known as a "data subject access request"). This will allow you to obtain a copy of the personal data we hold about you and to check that we are processing it lawfully.
  • You have the right to request the correction of the personal data we hold about you. This allows you to have incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide.
  • You have the right to request the deletion of your personal data. This allows you to ask us to delete or remove your personal data if there is no longer a valid reason for us to process it. This right also applies if you have successfully exercised your right to object to processing (see below), if we may have processed your data unlawfully, or if we need to delete your personal data to comply with legal requirements. Please note that for certain legal reasons, we may not always be able to comply with your deletion request. We will inform you of these reasons, if applicable, at the time of your request.
  • You have the right to object to the processing of your personal data if we are relying on our legitimate interest (or that of a third party) and there are specific circumstances that lead you to object to the processing because you believe that your fundamental rights and freedoms are being infringed. You also have the right to object if we process your personal data for direct marketing purposes. In some cases, we may be able to demonstrate that we have a compelling legitimate interest that overrides your rights.
  • You can submit a request to restrict the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following situations:
  1. if you would like us to verify the accuracy of the data;
  2. if our use of the data is unlawful, but you do not want us to delete it;
  3. if we are to retain the data even when we no longer need it, because you require it for the establishment, exercise or defense of legal claims; or
  4. if you have objected to the use of your data, but we need to verify whether we have a compelling legitimate interest in using your data.
  • You have the right to request the transfer of your personal data to you or to a third party. We will provide you or a third party you have chosen with your personal data in a structured, commonly used, and machine-readable format. Please note that this right only applies to automated data for which you initially consented to processing or where we have used the data to fulfill a contract with you.
  • You have the right to withdraw your consent at any time if we rely on your consent to process your personal data. However, this does not affect the lawfulness of processing carried out before you withdrew your consent. If you withdraw your consent, we may no longer be able to offer you certain products or services. If this is the case, we will inform you at the time you withdraw your consent.

DEALING WITH JOINTLY RESPONSIBLE PERSONS

As described at the beginning of this privacy policy, MUZE Management and the MUZE Hotels Group company that operates the hotel you have booked and from which you receive services jointly determine the purposes and means of processing your data. As joint controllers, MUZE Management and the companies of the MUZE Hotels Group have entered into an agreement that governs how you can effectively exercise your rights as a data subject. MUZE Management has agreed to be your central point of contact for this purpose. Therefore, if you wish to exercise any of your rights mentioned above, please contact MUZE Management, which will then contact the other companies of the MUZE Hotels Group to process your request.