Privacy Policy

Introduction

We process your personal data confidentially and in accordance with the Luxembourg and European legal provisions on data protection, including the General Regulation on the Protection of Personal Data (No. 679/2016/EU) (hereinafter “GDPR”), as well as with this Privacy Statement.

The following notes explain in simple terms what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Further information on data protection can be found in the Privacy Statement below.

1) Who is responsible for collecting data on this website?

Data processing on this website is carried out by:

City Hotel Luxembourg / City Properties sàrl
14, rue de la Gare
L-7535 Mersch
Tel. +352 32 75 76
B.P. 71, L-7501 Mersch
E-mail: mail@cityhotel.lu

The responsible body is the natural or legal person who, alone or with others, decides on the purpose and means of processing personal data (e.g. names, e-mail addresses, etc.).

Data Protection Officer:
LuxGap s.à r.l.
24a, rue des Trois Cantons
L-8354 Garnich
Tél. +352 621 58 35 46
E-mail: dpo@na-cf.lu

Opposition to advertising e-mails

It is hereby forbidden to use the contact details published as part of the legal notice to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information such as spam.

2) What data do we collect?

Various personal data is collected when you use this website.

Some data is automatically collected by our IT systems when you visit the website. This is mainly technical data and browsing data (e.g. Internet browser, operating system or time at which a page is viewed). This data is collected automatically as soon as you access our website.

Your browsing behaviour may be analysed statistically when you visit our website, mainly by means of cookies and analysis programmes. The analysis of your browsing behaviour is generally carried out anonymously, i.e. the browsing behaviour cannot be traced back to you. You may object to this analysis or prevent it by refraining from using certain tools.

Cookies

Internet pages sometimes use what are known as “cookies”. Cookies do not damage your computer in any way and do not contain any viruses. Cookies are used to make our website more user-friendly, efficient and secure. Cookies are small text files that are stored on your device and saved in your browser.

Most of the cookies we use are so-called “session cookies”. They are deleted automatically at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser on your next visit.

Cookies, which are necessary for the execution of the electronic communication process or for the provision of certain functions that you wish to use (e.g. the “Shopping Cart” function), are stored in accordance with Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in storing cookies so that the provision of its services is technically error-free and optimised. So-called optional cookies are only stored with your consent.

To find out more about the cookies we use on our website, please consult our Cookie Management Policy.

3) What do we use your data for?

Some data is collected to ensure that our website is available without error. Other data may be used to analyse your user behaviour. In addition, we process your data to provide you with the information or services you have requested (for example, to respond to a contact request).

Web analysis

This website uses the Matomo web analysis service. Thanks to Matomo, we are able to collect and analyse data on how visitors use our website. This enables us, among other things, to know when a particular page has been consulted and from which region they come. We also collect various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether visitors to our site carry out certain actions (e.g. clicks, etc.).

The use of this analysis tool is based on Article 6, paragraph 1, point f of the RGPD. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its web offering and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR, insofar as the consent includes the storage of cookies or access to information in the user’s terminal (e.g. Device-Fingerprinting). Consent may be revoked at any time.

IP anonymisation
During analysis with Matomo, we use IP anonymisation. In this case, your IP address is shortened before the analysis, so that it can no longer be clearly attributed to you.

Hosting
We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not transmitted.

Plug-ins and tools

YouTube

Our website uses plug-ins from the YouTube website, which is operated by Google. The website operator is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit one of our pages with a YouTube plug-in, a connection is established with YouTube’s servers. The history of the pages of our site that you have visited will thus be transmitted to the YouTube server.

If you are logged in to your YouTube account, you allow YouTube to attribute your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is subject to your consent within the meaning of Article 6(1)(a) of the GDPR.

You will find further information on the management of user data in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en&gl=en

Google Maps

This site uses the Google Maps service via an API. The supplier is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Your IP address must be recorded in order to use the Google Maps functions. This information is generally transmitted to a Google server in the USA, where it is stored. The provider of this website has no influence on this data transfer.

Google Maps is used in the interests of an attractive presentation of our online offerings and to make it easier to find the locations shown on our website. This is a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

Further information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=en

Social Networks

Each access to one of our social network profiles (Facebook, Instagram, LinkedIn, YouTube) generates various types of data, such as the amount of data transmitted, the IP address used or the time at which the access took place. The technical access and subsequent use of the data generated when accessing one of our social network profiles is basically managed by the operators of these social networks. We do not have access to the usage data collected and cannot determine how this data is used by the various operators. We cannot therefore be held responsible for the way in which this data is managed from a data protection point of view. We would nevertheless draw your attention to the fact that data processing carried out by Facebook, Instagram, LinkedIn or YouTube may take place outside the European Union or the European Economic Area. Please contact the operators directly for further details on how they manage the data collected.

Social network operators only send us anonymous statistical analyses of accesses to the profile we have opened on their networks. Like any other user, we also see the messages posted by individuals on these profiles. We do not carry out any other analysis of this data.

We would like to draw your attention to the fact that the messages you publish on the profiles we have on these social networks can basically be consulted anywhere in the world.

You can find out more about how Facebook processes your data here: https://www.facebook.com/privacy/policy/
You can find out more about how Instagram processes your data here: https://privacycenter.instagram.com/policy/
You can find out more about how Linkedin processes your data here: https://www.linkedin.com/legal/privacy-policy
You can find out more about how YouTube processes your data here: https://www.youtube.com/static?template=terms

We draw your attention to the fact that user data may be processed outside the European Union. This could entail risks for users, for example because it could be more difficult to enforce users’ rights. With regard to US suppliers who are certified under the Privacy Shield or who offer comparable guarantees of a secure level of data protection, we would like to emphasise that they are thereby undertaking to comply with EU data protection standards.

In addition, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles may be created on the basis of user behaviour and interests. User profiles may also be used, for example, to place advertisements inside and outside the networks that are presumed to correspond to users’ interests. To this end, cookies are generally stored on the user’s computer in which the user’s usage behaviour and interests are stored. In addition, data may also be stored in user profiles independently of the devices used by users (in particular if users are members of the respective platforms and are connected to them).

For a detailed description of the various forms of processing and opt-out options, please refer to the data protection statements and information provided by the operators of the respective networks.

We would also point out that in the case of requests for information and the assertion of the rights of data subjects, these can most effectively be invoked with the providers. Only providers have access to user data and can directly take appropriate action and provide information. Should you nevertheless require assistance, please contact us.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photos, videos), usage data (e.g. websites visited, interest in content, access time), meta / communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: contact and communication requests, tracking (e.g. interest/behaviour profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of repeat visitors).

Legal basis: Legitimate interests (Art. 6 §1 RGPD).

Services and service providers used:

Instagram: Social Network; Service Provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Statement: http://instagram.com/about/legal/privacy.

Facebook: Social Network; Service Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent Company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Statement: https://www.facebook.com/privacy/policy/; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-Out: Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

LinkedIn: Social Network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irelandr; Website: https://www.linkedin.com; Privacy Statement: https://www.linkedin.com/legal/privacy-policy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

YouTube: Social Network; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Statement: https://policies.google.com/privacy; Privacy Shield (Guaranteeing the level of data protection when processing data in the United States): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: https://adssettings.google.com/authenticated.

4) How do we protect your data?

We undertake to put in place technical and organisational measures to ensure the security of data and to protect it against disclosure to unauthorised persons, destruction or loss.

We would like to draw your attention to the fact that the transfer of data over the Internet (for example during e-mail communications) may present security gaps. It is impossible to protect data completely against access by third parties.

5) What rights do you have in relation to your data?

You have a number of rights as an individual which you can exercise in certain circumstances.

  • Right of access: You may at any time request access to the data concerning you and a copy of that data;
  • Right of rectification: You may at any time request that inaccurate or incomplete data be rectified or completed;
  • Right to erasure: You may request the erasure of your data if, for example, the data is no longer necessary for the purposes for which it was collected or processed;
  • Right to restriction of processing: You may request that the data controller restrict the processing of data if, for example, you contest the accuracy of the data concerning you or if you object to the processing of data concerning you;
  • Right to portability: You have the right to have your data transferred to another controller in a structured, commonly used and machine-readable format, if the processing is carried out by automated means or if it is based on prior consent;
  • Right to object to processing: You may object to the processing of your data and may withdraw your consent if the processing is based on consent (in particular if your data is used for commercial prospecting purposes).

To exercise your rights, please contact us at the following e-mail address: dpo@na-cf.lu

Your request will be processed within one month of confirmation of your identity. This period may be extended by a further two months in the event of a complex request or due to a large number of requests.

You will not be charged for accessing your personal data (or exercising any of your other rights). However, we may charge you a reasonable fee if your request for access is manifestly unfounded or inappropriate. We may also refuse to process your request for the same reason.

If you are dissatisfied, you can lodge a complaint with the National Data Protection Commission (CNPD): https://cnpd.public.lu/

6) Updating this declaration

We may change, modify, add or remove portions of this Privacy Statement at any time.

Last update: 28.7.2023