Privacy Policy | RB Dortmund

1. Introduction

At Radisson Blu Dortmund, we care about your privacy. It is of the utmost importance for us that all processing of personal data take place in consideration of the privacy of the individual. This is why we always do our best to ensure that all processing of personal data takes place in accordance with the German and European Data Protection Regulation (e.g. GDPR) and other applicable legislation. This privacy policy applies to personal data about guests, visitors, employees, customers and suppliers as well as other individuals who may be registered in IT systems (such as booking systems), website, apps, loyalty programs or the equivalent or personal data that is transferred from travel agencies, other booking sites or similar.

2. Who is the controller?

Radisson Blu Dortmund (Pandox Dortmund GmbH)

An der Buschmühle 1

44139 Dortmund

Telephone: +49 (0)231 10860

E-Mail: info.dortmund@radissonblu.com

This policy only relates to the activities of Radisson Blu Dortmund (hereinafter “we”, “us”, “our”, “Radisson Blu Dortmund” or “controller”).

3. How we collect personal data

Depending on the situation, we collect information from you or from other sources.

From you

If you are in contact with us regarding a reservation or making a hotel and / or restaurant reservation, have special requirements regarding your visit or use a social media that we provide, we will collect and process the information that you provide us with. These could also include sensitive personal data, such as information about allergies.

From other sources

Under certain circumstances we process personal data about you that originates from publicly available sources, such as social media. This is for example the case when you make a review about our hotel on a website.

Also, sometimes we receive personal data from third parties (including other companies within our group) with whom we do business with or that are suppliers to us.

In those cases, we process personal data about you that we receive from other sources than yourself, we will provide you with information in accordance with the GDPR (if possible).

4. Different types of processing activities

Information regarding hotel guests / visitors

Type of personal data

The personal data we process may contain the following or parts thereof:

contact information (e.g. your name, e-mail address, telephone number and address)
guest stay information (which could include special categories of personal data, such as information about allergies)
if you are not a German citizen: passport details (which can include your name and address, your place of birth and birthdate and your national identification number, the number of your passport or identity card and your nationality)
loyalty program number
payment information (such as credit card number)
business information
information relating to the reservation
guest assistance comments
personal information collected in the context of fitness center booking
conference room reservation and other additional services and facilities of the Hotel
your feedback about our hotel and services that you submit to us (e.g. through customer satisfaction surveys) or that you post online
other personal data that you provide to us voluntarily (e.g. when making inquiries or complaints).

Lawful basis for the processing

Consent (if we have asked for your consent and you have consented) or
that processing is necessary for the performance of a contract to which you are party or
in order to take steps at your request to entering into a contract (for example in relation to a reservation) or
for a legal obligation (e.g. a legal obligation for accommodation providers to register hotel guests) or
legitimate interests (when processing based on legitimate interest, we shall make balance between our legitimate interests and your rights and interests).

Purpose

We process the abovementioned data

to provide you with the services and products that you have asked for (for example in relation to a reservation) or
in order to evaluate and improve our services or
in order to fulfil our legal obligations (for example to register hotel guests).

Information regarding contact persons

Type of personal data

Contact details such as name, e-mail address and telephone number.

Lawful basis for the processing

We process your personal data based on our contractual relationship or our legitimate interests. When processing based on legitimate interest, we shall make a balance between our legitimate interest and your rights and interests.

Purpose

We process personal data

for the purpose of managing the supplier relationship
for contacts in various questions, billing and marketing (if applicable) or
to communicate in other ways with you and your company.

Social media

Type of personal data

The personal data that you submit to us on our social media sites on platforms like Instagram, Facebook and LinkedIn (e.g. name, e-mail address and telephone number).

Lawful basis for the processing

Consent (if we have asked for your consent and you have consented) or
that processing is necessary for the performance of a contract to which you are party or
in order to take steps at your request to entering into a contract (for example in relation to a reservation)
legitimate interests (when processing based on legitimate interest, we shall make balance between our legitimate interests and your rights and interests).

Purpose

To provide you with the services and products that you want, to manage and market our services and products and to communicate with you.

Camera surveillance

We use camera surveillance at Radisson Blu Dortmund. Camera surveillance is deemed to be particularly sensitive from a privacy perspective and it is of great importance that all camera surveillance takes place in accordance with the relevant legislation in effect from time to time. The camera images are processed on the basis of our legitimate interest to secure and protect our hotel, our guests, visitors and employees.

Radisson Blu Dortmund has indicated the camera surveillance by means of a pictogram, which includes specific information.

Jobs

Type of personal data

The information you provide us with, such as

your name
telephone number
e-mail address
CV
and your cover letter.

In some cases, Radisson Blu Dortmund may also receives data from third parties, such as

social networks through which you apply, e.g. LinkedIn
selection and recruitment agencies, which carry out tests in the context of the application
your previous employer, but only if you have given your consent to do so.

Legal basis for processing

Depending on the individual case, the processing of your personal data for recruitment and selection purposes is based on

your consent (e.g. to contact your former employer or to share your data)
your request to take steps prior to entering into an agreement, for example if you send us your (spontaneous) application or
our legitimate interest, including identifying, screening and evaluating applicants for potential employment.

After the recruitment and selection procedure, Radisson Blu Dortmund in certain cases and with your prior consent may retain your data in its recruitment database for future vacancies.

We will automatically delete your data three months after the decision on the job award, unless you assert a claim under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz) based on the decision (in this case, deletion will take place after completion of the procedure regarding your claim).

Purpose

Radisson Blu Dortmund collects and uses your personal data exclusively for recruitment and selection purposes as set out above.

Cookies and similar technologies

We use different types of cookies and similar technologies on our website. For further details please see our Cookie Policy.

6. Who are the recipients or the categories of recipients which will receive the personal data?

We may share your personal and anonymous data with:

Other companies (including companies within the Pandox Group), such as vendors, contractors and co-operation companies. Their use of information is strictly limited to these purposes and subject to agreements that require them to keep the information confidential. Our vendors provide assurance that they take reasonable steps to safeguard the data they hold on our behalf, although data security cannot be guaranteed
third parties that are data processors that perform services to us (e.g. companies that operate our hotels, assist us in marketing activities or IT operations)
other group companies (e.g. to facilitate reservations)
lawyers and advisors of the Pandox group
relevant authorities (e.g. in the context of our obligation to register guests)
analytics companies may access anonymous data (such as your IP address or device ID) to help us understand how our services are used. They use this data solely on our behalf. They do not share it except in aggregate form; no data is shared as to any individual user.

7. Will transfer be made to any third country?

As a main rule, we will not transfer any personal data outside the EEA. It is possible that service providers of Radisson Blu Dortmund process your data outside the EEA. In this respect, Radisson Blu Dortmund is committed to ensuring an adequate and sufficient level of protection for your data (e.g. by concluding an international data transfer agreement).

Radisson Blu Dortmund shall meet its obligations under the applicable data protection law with respect to data transfers, including carrying out a due diligence on the level of protection of the laws of all third countries to which personal data are transferred and conducting a data transfer impact assessment to determine whether additional measures should be taken to ensure a level of data processing as required by German law.

8. How long is the personal data saved?

We will not save personal data longer than necessary taking into consideration the purpose of the relevant processing. We will ensure that any routines applicable to deletion of personal data are complied with, which means that certain laws require that certain types of information must be saved for specified periods of time.

9. What rights do you have as a data subject?

Right of access: You are entitled to obtain access to your personal data we process about you. If you wish to exercise this right, send us a request as explained below.
Right to rectification: As a data subject, you have the right to require that we correct any incorrect personal data about.
Right to erasure (“right to be forgotten”): You are entitled to contact us and request for your personal data to be erased. In certain cases, we are entitled to deny erasure in certain cases, among others in order to fulfil a legal obligation.
Right to restriction of processing: In certain cases, you have the right to require that we restrict the processing of your personal data.
Right to data portability: In certain cases, you have the right to receive personal data regarding you as a data subject and which you have provided to us and the right to transfer this data to another controller.
Right to object: You are entitled, at any time, to object to our processing of your personal data where it involves personal data which is being processed based on a legitimate interest. In such case, we may no longer process the personal data unless we can demonstrate a compelling legitimate reason for the processing which overrides the interests, rights and freedoms of the data subject, or where the processing takes place in order to establish, exercise or defend against a legal claim. Where the personal data is processed for direct marketing, you as a data subject are entitled at any time to object to the processing of personal data involving you for such marketing, including profiling to the extent this is connected to such direct marketing.
Right not to be subject to a decision based solely on automated processing, including profiling: You have the right not to be subject to decisions being made about you solely by ‘automated processing’ if the processing produces a legal effect, or similarly significantly affects you.

You also have the right to withdraw your consent where the processing is based on consent. Where this is the case, this will be stated as the legal basis in the relevant sections.

Please note, however, that certain personal data is necessary in order to be able to fulfill certain duties, such as payment information, and may therefore not be restricted or erased for the purpose of your request.

In order to exercise your rights under the GDPR, please send in your request to dpo-extern@mediaan.com. Please note that exercising your rights may be subject to exceptions or conditions.

You are always entitled to lodge a complaint with a supervisory authority. For example, you can contact the „Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen“ by using the contact form or any other data protection authority in the Member State of your habitual residence, place of work or place of alleged infringement.

However, in case of any question or objection, we request that you contact us first to enable us to resolve the issue.

10. Security measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk with relevant processing activity (including reasonable steps to secure your personally identifiable information against unauthorized access or disclosure). We encrypt transmission of data on pages where you provide payment information. However, no security or encryption method can be guaranteed to protect information from hackers or human error. Please always use the internet with caution.

11. Miscellaneous

You are not obligated to provide us with any information and personal data about you. However, in some cases, we will not be able to provide you with some of our services or products if we are not allowed to process your personal data.

12. Contact details

If you have any questions or concerns about our privacy policies or our processing of your personal data, please contact us:

Pandox Dortmund GmbH

An der Buschmühle 1

44139 Dortmund

Telephone: +49 (0)231 10860

Email: dpo-extern@mediaan.com

13. Updates of this policy

This policy was last changed on 28.01.2025. We may update this policy from time to time. We will always post an updated copy on our relevant websites. Therefore please check our website for updates.