Privacy Policy
in accordance with the GDPR
I. Name and Address of the Data Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection regulations, is:
Haus der Jugend Frankfurt e.V.
Deutschherrnufer 12
60594 Frankfurt am Main,
Germany
Phone: 069-610015-0
Email: info@hellofrankfurt.de
Website: www.jugendherberge-frankfurt.de
II. General Information on Data Processing
1. Scope of Personal Data Processing
We generally process our users’ personal data only to the extent necessary to provide a fully functional website and our content and services, or with the user’s consent.
2. Legal Basis for the Processing of Personal Data
To the extent that we obtain the data subject’s consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures. To the extent that the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.If the processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the aforementioned interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
3. Data Deletion and Retention Period
The data subject’s personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Data may also be stored if this is provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a retention period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
III. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is collected in this process:
- 1. Information about the browser type and version used
- 2. The user’s operating system
- 3. The user’s Internet service provider
- 4. The user’s IP address
- 5. Date and time of access
- 6. Websites from which the user’s system accesses our website
- 7. Websites accessed by the user’s system via our website
The data is also stored in our system's log files. This data is not stored together with any other personal data belonging to the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the website functions properly.
In addition, the data helps us optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR. The collection of data for the provision of the website and the storage of data in log files is strictly necessary for the operation of the website.
4. Duration of Storage
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collected for the purpose of providing the website, this occurs when the respective session ends.
In the case of data stored in log files, this occurs after no more than seven days.
Further storage is possible. In this case, the users’ IP addresses are deleted or anonymized so that the client making the request can no longer be identified.
IV. Contact Form and Email Contact
Description and Scope of Data Processing
Our website features a contact form that can be used to contact us electronically. If a user utilizes this option, the data entered in the form is transmitted to us and stored.
This data includes:
- 1. Name
- 2. Email address
- 3. Phone number
- 4. Message
The following data is also stored when the message is sent:
- 1. The user's IP address
- 2. Date and time of registration
This Privacy Policy is referenced during the submission process for the processing of data.
Alternatively, you may contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.
In this context, the data will not be disclosed to third parties. The data will be used exclusively for the purpose of processing the correspondence.
Legal basis for data processing
The legal basis for data processing is Article 6(1)(f) of the GDPR. The legitimate interest here arises from the interest in responding to inquiries from guests and visitors to this website and thereby maintaining and promoting customer satisfaction. If the contact is aimed at concluding a contract, the legal basis for the processing is Article 6(1)(b) of the GDPR.
Purpose of Data Processing
We process personal data to handle your inquiry.
The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
Retention Period
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data entered in the contact form and data sent via email, this occurs once the respective conversation with the user has ended. The conversation is considered concluded when it is clear from the circumstances that the matter in question has been definitively resolved.
The personal data additionally collected during the submission process is deleted no later than seven days after collection.
Right to Object and Right to Erasure
Under the conditions set forth in Article 21 of the GDPR, the user has the right to object to the processing of personal data at any time.
In such a case, the conversation cannot be continued. All personal data stored in the course of establishing contact will be deleted in this case.
V. Booking Request
Description and Scope of Data Processing
Our website features an inquiry form that allows you to make a reservation for the youth hostel. The data entered in the form is transmitted to us and stored.
This data is:
- 1. Name2. Address3. Email address4. Phone number5. Message6. Number of guests and rooms7. Additional services booked
The following data is also stored at the time of submission:
- 1. The user's IP address2. Date and time of registration
This privacy policy is referenced during the submission process for the processing of data.
Nature, Purposes, and Legal Basis of Data Processing
We process the data collected via the booking form in accordance with Article 6(1)(b) of the GDPR for the purpose of fulfilling a contract or taking steps prior to entering into a contract. The other personal data processed during the submission process serves to prevent misuse of the inquiry form and to ensure the security of our information technology systems (Art. 6(1)(f) GDPR).
If the contract has been or is to be concluded with a legal entity or organization (e.g., association, school, daycare center, government agency, company), the data of the contact persons of the legal entity or organization will be processed on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest lies in the performance of the contract with the legal entity or institution to which you belong.
In addition, we process special categories of personal data (for example, information regarding a disability—to provide a suitable room; regarding allergies—to be taken into account when preparing meals). The legal basis for the processing of this data is Article 9(2)(a) of the GDPR (consent). Consent may be revoked at any time with future effect. Data processing carried out prior to the revocation of consent remains lawful.
We process your name and address in accordance with Article 6(1)(f) of the GDPR to inform you by mail about our offers (based on the legitimate interest in promoting our services). You may object to the use of your data for promotional purposes at any time.
If we received your email address as part of a contractual relationship, we use it to inform you about the same or similar products and offers. This marketing is carried out in the legitimate interest of increasing occupancy at our youth hostel. You may object to the use of your email address for marketing purposes at any time (please insert relevant contact details here!), without incurring any costs other than the transmission costs according to standard rates.
Retention Period
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
If statutory retention periods apply, the relevant data will be archived for the duration of these periods and restricted from general access once it is no longer required for the fulfillment of the contract.
The personal data additionally collected during the submission process will be deleted no later than seven days after collection.
VI. Rights of the Data Subject
Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and to receive the information specified in detail in Art. 15 GDPR.
Right to Rectification and Erasure (Articles 16 and 17 of the GDPR)
You have the right to request the immediate rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data. You also have the right to request that personal data concerning you be erased without undue delay if one of the grounds listed in detail in Art. 17 of the GDPR applies, e.g., if the data is no longer necessary for the purposes for which it was collected.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request restriction of processing if any of the conditions listed in Art. 18 GDPR are met, e.g., if you have objected to the processing pursuant to Art. 21 GDPR or for the duration of any assessment of whether our legitimate interests outweigh your interests as a data subject.
Right to Data Portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, or to request that this data be transmitted to a third party.
Right to Object (Art. 21 GDPR)
If data is collected on the basis of Art. 6(1)(f) GDPR (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to lodge a complaint with a supervisory authority
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations. In particular, you may exercise this right to lodge a complaint with a supervisory authority in the Member State of your residence, your workplace, or the location of the alleged infringement.
VII. Explanation of Safety Measures
We take technical and organizational measures to protect your data from unauthorized access as thoroughly as possible. We use an encryption method on our website. Your data is transmitted from your computer to our server and vice versa over the Internet using TLS encryption. You can recognize this by the closed padlock icon in your browser’s status bar and the address bar beginning with https://.
VIII. Contact Information for the Data Protection Officer
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
office@datenschutz-sued.de
IX. Membership
The regional association in whose geographical jurisdiction the data subject resides is responsible for data processing:
Regional Association of Baden-Württemberg, Inc., Fritz-Walter-Weg 19, 70372 Stuttgart - Bad Cannstatt
Bavaria Regional Association, Inc., Mauerkircherstraße 5, 81679 Munich
Regional Association of Berlin-Brandenburg e.V., Babelsberger Str. 28, 14473 Potsdam
Regional Association of Hanover, e. V., Ferdinand-Wilhelm-Fricke-Weg 1, 30169 Hanover
Hesse Regional Association, Inc., Mühlweg 18, 61348 Bad Homburg
Inclusive Youth Hostels Hesse gGmbH, Mühlweg 18, 61348 Bad Homburg
State Association of Mecklenburg-Western Pomerania, Inc., Konrad-Zuse-Straße 2, 18057 Rostock
State Association of Nordmark e.V., Rennbahnstraße 100, 22111 Hamburg
Rhineland Regional Association, Inc., Düsseldorfer Straße 1a, 40545 Düsseldorf
Youth Hostels in Rhineland-Palatinate and Saarland, In der Meielache 1, 55122 Mainz
State Association of Saxony, Inc., Zschopauer Straße 216, 09126 Chemnitz
Saxony-Anhalt Regional Association, Leiterstraße 10, 39104 Magdeburg
Thuringia Regional Association, e.V., Zum Wilden Graben 12, 99425 Weimar
Die JugendHerbergen gemeinnützige GmbH, Woltmershauser Allee 8, 28199 Bremen
DJH Regional Association of Westphalia-Lippe Non-Profit GmbH, Eppenhauser Straße 65, 58093 Hagen
General Information
We generally collect only the data necessary
to fulfill a contract to which the data subject is a party,
to carry out pre-contractual measures taken at the request of the data subject,
to safeguard legitimate interests.
Data processing for the performance of a contract or for the implementation of pre-contractual measures
We process the data collected with the membership application in accordance with Art. 6(1)(b) GDPR for the purpose of fulfilling a contract or taking pre-contractual measures. This includes, in particular, the following data: gender, name, address, date of birth, email address, IBAN, information on partners and children (gender, name, date of birth)
The data is stored for 10 years, in particular in accordance with Sections 14, 14b of the German Value Added Tax Act (UstG), Section 256 of the German Commercial Code (HGB), and Section 147 of the German Fiscal Code (AO). In the event that statutory retention periods apply, the relevant data will be archived for the duration of these periods and restricted from general access once it is no longer required for the performance of the contract.