1. General remarks

The following remarks explain in simple terms what happens to your personal data when you visit our website. Personal data are any data that allow you to be identified personally. You will find more information on data protection in the privacy statement below.

Data collection on our website

Who is responsible for collecting data on this website?

The data processing on this website is carried out by the website operator, whose contact details can be found in the legal notice of the website.

How do we collect your data?

Some data is collected as a result of your communication of this data, for example by entering it in a contact form to subscribe to our newsletters.

Others are automatically collected by our computer systems when you visit the website. This is essentially technical data (e.g. web browser, operating system or time of day a page is viewed). This data is collected automatically as soon as you access our website.

How do we use your data?

Some of the data is collected to ensure that our website is made available without errors. Others can be used to analyze your user behavior.

What are your rights with regard to your data?

You have the right at any time to receive information free of charge on the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification, blocking or erasure of these data and have a right of appeal to the competent supervisory authority.

Analysis tools and tools from third party providers

Your browsing behaviour can be statistically analysed when you visit our website, mainly by means of cookies and analysis programs. The analysis of your browsing behaviour is generally done anonymously, i.e. the browsing behaviour cannot be traced back to you. You can oppose or prevent this analysis by not using certain tools.

2. Required information

Data protection and privacy

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with Luxembourg and European legal provisions relating to data protection, including the General Data Protection Regulation (No 679/2016/EU) (hereinafter referred to as “GDPR”), as well as this privacy statement.

Various personal data are collected when you use this website. Personal data is data that can be used to identify you personally. This privacy statement explains the data we collect and the purposes for which we use it. It also explains how and for what purpose.

We would like to draw your attention to the fact that the transfer of data over the Internet (e. g. during e-mail communications) may have security breaches. It is impossible to fully protect data against access by third parties.

Information on the responsible body

The body responsible for processing the data on this website is:

City Hotel Luxembourg / Coprom s.a.
14, rue de la Gare
L-7535 Mersch
Luxmebourg

Tel. +352 29 11 22

Mail address: mail@cityhotel.lu

The responsible body is the natural or legal person who, alone or with others, decides on the purpose and means of processing personal data (e. g. names, e-mail addresses, etc.).

Revocation of your consent to data processing

Many data processing processes are only possible with your express consent. You can revoke your consent at any time by sending us an informal e-mail. Revocation shall not affect the legality of data processing processes carried out before the revocation.

Right of appeal to the competent supervisory authority

In the event of a data protection breach, the data subject has a right of appeal to the competent supervisory authority. The supervisory authority responsible for data protection issues is the CNPD (National Data Protection Commission): https://cnpd.public.lu/fr.html

Right to data portability

You have the right to retrieve or give to a third party the data that we automatically process on the basis of your consent or in the context of the performance of a contract, in a format commonly used and machine-readable. Any request on your part for the direct transfer of data to another controller will only be executed if this transfer is technically possible.

Information, locking, deletion

In accordance with the legal provisions in force, you have the right at any time to obtain information free of charge on the personal data concerning you that have been recorded, on their origin and recipient and on the purpose of the data processing, and, where applicable, a right to rectify, block or delete such data. If you have any questions about this or any other aspect of personal data, you can contact us at any time at the address given in the legal notices.

Opposition to advertising e-mails

It is hereby prohibited to use the contact details published in the legal notices to send advertising and information material not expressly requested. The operators of this website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information such as spam.

3. Data collection on our website

Cookies

Web pages sometimes use what are called “cookies”. Cookies do not damage your computer in any way and do not contain any viruses. Cookies are used to make our offer more user-friendly, efficient and secure. Cookies are small text files that are stored on your device and stored in your browser.

Most of the cookies we use are called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain on your device until you delete them. These cookies allow us to recognize your browser the next time you visit our website.

You can set your browser to notify you when cookies are created, to allow them only in special cases, to exclude the acceptance of cookies in certain cases or in general and to enable automatic cookie deletion when you close your browser. Disabling cookies may restrict the functionality of this website.

Cookies, which are necessary for the execution of the electronic communication process or for the provision of certain functions that you wish to use (e. g. the “Shopping Cart” function), are stored in accordance with Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the recording of cookies to ensure that the provision of its services is technically error-free and optimised. If other cookies (e. g. cookies used to analyse your browsing behaviour) are stored, they will be treated separately in this privacy statement.

Data processing (customers and contracts)

We collect, process and use personal data only to the extent that they are necessary for the establishment, adjustment of content or modification of the legal relationship (permanent data). We rely on Article 6(1)(b) of the GDPR, which allows data processing where it is necessary for the performance of a contract or pre-contractual measures. We collect, process and use personal data relating to the use of our Internet pages (usage data) only to the extent necessary to offer or charge the user for the service.

The customer data collected is deleted after the end of the mandate or the end of the business relationship. The legal retention periods are not affected.

4. Analysis tools and advertising

Matomo Analytics

This website uses the web analytics service Matomo.

Matomo allows us to collect and analyse data about how visitors use our website. This allows us to determine, among other things, when which page was accessed and from which region the visitors come. We also collect various log data (e.g. IP address, referrer, browser used and operating system) and can measure whether visitors to our website perform certain actions (e.g. clicks etc.).

The use of this analysis tool is based on Article 6 (1) point f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its web offering and its advertising. Insofar as a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 point a GDPR, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting)). Consent can be revoked at any time.

IP anonymisation
When analysing with Matomo, we use IP anonymisation. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

5. Newsletter

Newsletter data

If you wish to receive the newsletter offered on the website, we need your e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and agree to receive the newsletter. No other data will be collected, or only on a voluntary basis. This data will only be used to send the requested information and will not be transferred to third parties.

The data entered in the newsletter registration form are processed exclusively on the basis of your consent (Article 6(1)(a) of the GDPR). You can revoke your consent to the storage of data and e-mail address and their use for sending the newsletter at any time by using, for example, the unsubscribe link from the newsletter. Revocation shall not affect the legality of data processing processes carried out before the revocation.

We keep the data collected for the purpose of sending the newsletter until you unsubscribe from the newsletter and delete them after you unsubscribe. Data stored for other purposes (e. g. e-mail addresses for the member area) are not affected.

Double opt-in process: Subscribing to our newsletter is normally done through a procedure called Double-Opt-In-Procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external email addresses. Subscriptions to the newsletter are recorded in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time as well as the IP address. Similarly, changes to your data recorded with the shipping service provider are noted.

Deletion and limitation of processing: We may retain deleted e-mail addresses for a maximum of three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the previous existence of a consent is confirmed at the same time. In the event of an obligation to observe contradictions at all times, we reserve the right to store the e-mail address only for this purpose in a black list.

The registration procedure is safeguarded on the basis of our legitimate interests in order to prove that it is working properly. If we engage a service provider to send e-mails, we do so on the basis of our legitimate interests in an efficient and secure distribution system.

Information on legal bases: The newsletter is sent on the basis of the recipient’s consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, provided and to the extent permitted by law, for example in the case of existing customer advertising. If we engage a service provider to send e-mails, we do so on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it has been carried out in accordance with the law.

Content: Information about us, our services, promotions and offers.

Performance measurement: The newsletters contain a “web beacon”, i.e. a file the size of a pixel, which is retrieved from our server or, if we use a shipping service provider, from its server when the newsletter is opened. During this recovery, technical information, such as information about the browser and your system, as well as your IP address and the time of recovery, is first collected.

This information is used for the technical improvement of our newsletter based on technical data or target groups and their reading behaviour according to their viewing locations (which can be determined using the IP address) or access times. This analysis also includes determining whether newsletters are open, when they are opened and which links are clicked. For technical reasons, this information may be attributed to the individual recipients of the newsletter. However, we make no effort, if any, or the dispatching service provider to observe individual users. Rather, evaluations are used to identify the reading habits of our users and to adapt our content to them or to send different content based on the interests of our users.

The evaluation of the newsletter and the measurement of performance are carried out, subject to the express consent of the users, on the basis of our legitimate interests in order to use a user-friendly and secure newsletter system, which serves both our commercial interests and the expectations of the users.

Unfortunately, a separate revocation of the performance measurement is not possible, in which case the complete newsletter subscription must be cancelled or contradicted.

Types of data processed: inventory data (e. g. names, addresses), contact data (e. g. e-mail, telephone numbers), meta/communication data (e. g. device information, IP addresses), usage data (e. g. websites visited, content interest, access time).

Persons concerned: Clients and contacts.

Purpose of the processing: Direct marketing (e.g. by e-mail or post).

Legal basis: Consent (Art. 6, §1 GDPR), legitimate interests (Art. 6, §1 GDPR).

Possibility of contestation (Opt-Out): Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to subsequent receipt. You will find a link to cancel the newsletter at the end of each newsletter or you can use one of the contact options listed above, preferably by e-mail.

Services and service providers used:

– Mailchimp: Email marketing platform; service provider: \”Mailchimp\” – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Website: https://mailchimp.com; Privacy Statement: https://mailchimp.com/legal/privacy/; Privacy Shield (Guaranteeing the level of data protection when processing data in the United States): https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

6. Plug-ins and tools

Google Web policies

To ensure the uniform display of fonts, this website uses so-called web fonts, made available by Google. Each time a page is called, your browser loads the required web fonts into your browser’s cache to correctly display texts and fonts.

To do this, the browser you are using must connect to Google’s servers. Google will thus be informed that your IP address has been used to visit our website. The use of Google’s web fonts is in the interest of a uniform and attractive presentation of our online offers. This is a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

If your browser does not support web fonts, your computer will use a default font.

More information about Google’s web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy. https://www.google.fr/policies/privacy/

Google Maps

This site uses the Google Maps service via an API. The supplier is Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Your IP address must be registered in order to use Google Maps features. This information is generally transmitted to a Google server in the United States, where it is stored. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and the ease of searching for the places indicated on our website. This is a legitimate interest within the meaning of Article 6(1)(f) of the DGPS.

You can find more information about managing user data in Google’s privacy policy: https://www.google.fr/intl/fr/policies/privacy/

7. Social networks

Each access to one of our profiles on social networks (Facebook, Instagram, LinkedIn, YouT) generates various data, such as the amount of data transmitted, the IP address used or the time at which this access took place. Technical access and subsequent use of data generated when accessing one of our profiles on social networks is basically managed by the operators of these social networks. We do not have access to the usage data collected and cannot determine how this data is used by the different operators. We cannot therefore be held responsible for the way in which this data is managed from a data protection point of view either. However, we draw your attention to the fact that data processing carried out by Facebook, Instagram, LinkedIn may take place outside the European Union or the European Economic Area. Please contact operators directly for more details on how they manage the data collected.

Social network operators only provide us with statistical and anonymous analyses of the access to the profile we have opened on their networks. We also see, like any other user, the messages posted by individuals on these profiles. We do not carry out any further analysis of this data.

We would like to draw your attention to the fact that the messages you post about the profiles we have on these social networks are basically available worldwide.

You can find more information on how Facebook processes your data here:
https://www.facebook.com/full_data_use_policy

You can find more information on how Instagram processes your data here: https://help.instagram.com/519522125107875?helpref=page_content

You can find more information on how LinkedIn processes your data here: https://www.linkedin.com/legal/privacy-policy

We would like to draw your attention to the fact that user data may be processed outside the European Union. This could lead to risks for users, for example because it may be more difficult to enforce users’ rights. For US suppliers who are certified under the privacy shield or who offer comparable guarantees of a secure level of data protection, we would like to stress that they are thus committed to complying with EU data protection standards.

In addition, user data are generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behaviour and resulting interests. Usage profiles can also be used, for example, to place ads inside and outside networks that are presumed to correspond to users’ interests. For this purpose, cookies are generally stored on the user’s computer where the user’s usage behaviour and interests are stored. In addition, data can also be stored in user profiles independently of the devices used by users (especially if users are members of and connected to the respective platforms).

For a detailed description of the different forms of processing and the possibilities of waiver, please refer to the data protection declarations and information provided by the operators of the respective networks.

We also point out that in the case of requests for information and the assertion of the rights of the persons concerned, they can be invoked most effectively with suppliers. Only suppliers have access to user data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

– Types of data processed: inventory data (e. g. names, addresses), contact data (e. g. e-mail, telephone numbers), content data (e. g. text entry, photos, videos), usage data (e. g. websites visited, content interest, access time), meta / communication data (e. g. device information, IP addresses).

– Persons concerned: Users (e. g. website visitors, online service users).

– Purposes of the processing: contact and communication requests, follow-up (e. g. interest/behaviour profiling, use of cookies), remarketing, scope measurement (e. g. access statistics, recognition of recurring visitors).

– Legal basis: Legitimate interests (Art. 6 §1 RGPD).

Services and service providers used:

– Instagram: Social Network; Service Provider: Instagram Inc. 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Statement: http://instagram.com/about/legal/privacy.

– Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy statement: https://www.facebook.com/about/privacy; Privacy Shield (Guaranteeing the level of data protection when processing data in the United States): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Challengeable (Opt-Out): Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional data protection information: Agreement on the joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

– LinkedIn: Social Network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irlandr; Website: https://www.linkedin.com; Privacy Statement: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (Guaranteeing the level of data protection when processing data in the United States): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Possibility of challenge (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out