EU General Data Protection Regulation (GDPR) 25. maí 2018
EU General Data Protection Regulation (GDPR) 25. maí 2018.
The protection of personal data is important to us. Your personal data will be processed by us when visiting our websites, when using our services and when contacting us as a supplier, service provider or comparable contractual partner. In the following, we would like to inform you about the nature, extent and purpose of the processing of your personal data. The terms we use, such as "Processing" or "Responsible" follow the content of the definitions of the General Data Protection Regulation (Article 4 GDPR).
Bemar/Beds24 (hereinafter also: we) provides its customers with Software as a Service. Our customers can use this service to generate and manage their guests’ bookings which they receive directly, via their own websites or third parties and link these with other processing operations.
Insofar as Bemar/Beds24 processes customers’ booking data, Bemar/Beds24 acts as a data processor. Rights and obligations arising from data processing ensue in this respect from a separate agreement.
I. What types of data are processed for what purpose?
We process personal data only to the extent necessary to provide a functional website, content and services or with the consent of the user. An exception applies in cases where prior consent is not possible or where the processing of the data is permitted by other applicable legal provisions.
1. Provision of the website and creation of log files
Our website can be visited without registration. However, in such cases we also collect data on access to our pages and save them as "server log files". The following data is logged: Information about the browser type and version used The user’s operating system The user’s IP address Date and time of access Websites from which the user’s system reaches our website Websites accessed by the user’s system via our website The data is collected for statistical purposes and in order to improve our website. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. The server log files are regularly checked to maintain the performance of the server, especially when there are concrete indications of unlawful use. The legal basis for the temporary storage of data and log files is Art. 6 paragraph 1 letter f GDPR.
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) letter f GDPR.
Google will use the information we collect on our behalf to evaluate the use of our online offering, to compile reports on the activities within this online offering and to provide us with other services related to the use of the online offering and internet usage. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that Google’s IP address will be truncated within member states of the European Union and in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there.
The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users may also prevent the collection by Google of the data generated by the cookie related to their use of the online offering and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com. Google is certified under the Privacy Shield Agreement and therefore guarantees compliance with European data protection law https://www.privacyshield.gov
For more information about data usage by Google, settings and contradictory options, please visit the websites of Google: "Google Uses Your Data When You Use Our Partners Sites or Apps", " Advertising ", " Managing information that Google uses to show you advertising ".
Using Facebook Social Plugins
We use features from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA as part of our online offering. When you visit our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers, and data is already transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish to assign this data to your Facebook account, please log out of Facebook before visiting our page. Interactions, in particular the use of a comment function or the clicking on a "like" or "share" button, are also passed on to Facebook. Find out more at www.facebook.com.
As part of our online offer, you can subscribe to a free newsletter.
The data from the sign-up form on our website will be sent to us during the registration. To subscribe to the newsletter, it is sufficient to enter your e-mail address. Supplying a name is optional.
Registration for our newsletter on our website involves a so-called double-opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to ensure that nobody can register with external e-mail addresses. Registration for the newsletter is logged as proof of the registration process in accordance with legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.
Providing your e-mail address enables us to deliver our newsletter to you. Should you choose to provide your name, this is used solely to address you personally in the context of our newsletter. The collection of other personal data in the context of the registration process on our website serves to prevent misuse of the services or the email address used. The legal basis for the processing of user data in the scope described is Art. 6 paragraph 1 letter a GDPR.
The legal basis for the transmission of user data is Art. 6 paragraph 1 letter f GDPR.
Our newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the server when opening the newsletter from our server, or if we use a newsletter service provider. This call will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval.
About the browser IP address Time of retrieval Followed Links This information is used for the technical improvement of our newsletter service. Statistical surveys also include determining if the newsletters are opened, when they are opened, and which links are clicked. The legal basis for the statistical evaluation of the usage data is Art. 6 paragraph 1 letter f GDPR.
3. Contact form and e-mail contact A contact form is available on our website that can be used for electronic contact. If a user uses this option, the data entered in the input form will be transmitted to us and saved. These data are:
First name Last Name Email address Website Message content At the time the message is sent, the following data is also stored:
The user’s IP address Date and time of sending Alternatively it is possible to contact the provided e-mail address. In this case, the user’s personal data transmitted by e-mail will be stored. There is no transfer of the data to third parties. The data is used exclusively for processing the message.
The processing of the personal data from clients’ input is used only to deal with the communication. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the processing of the data, given the provision of consent by the user, is Art. 6 paragraph 1 letter a GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) letter f GDPR. If the purpose of the e-mail is to conclude a contract, then the additional legal basis for processing is Art. 6 paragraph 1 letter b GDPR.
4. Forum use As part of our online offering, our customers have the opportunity to leave comments about our services and about contributions by other users. We store the following information:
The user’s IP address Date and time of login Content of the article This processing provides us with protection in the event that an author’s comment infringes the rights of third parties and/or illegal content is sold. No information is passed on to third parties. There is also no comparison between data collected in this process with data that may be collected via other components of our site. The legal basis is Art. 6 paragraph 1 letter f GDPR.
5. Data collection for contract execution with customers If you make use of our SaaS as a paid service or in the context of a free trial, we will process the data entered in order to provide our services. The basic information we process includes:
Inventory data (e.g., names, addresses). Contact information (e.g., e-mail, phone numbers). Contract data (e.g., contract, term, customer category). Payment details (e.g., bank details, payment history). Usage data (e.g., data that includes both the temporal criteria of your use of our service and the extent of its use.). Meta / communication data (e.g., device information, IP addresses). The processing of this data serves the purpose of enabling the provision of the contractually agreed services; in particular to get in touch with you and to bill for services rendered to you. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) letter b GDPR.
6. Data collection for contract execution with supplier, service provider or comparable contractual partner Insofar as you conclude contracts with us for the delivery of goods and services or submit preparatory offers to us or we request such, we will process your personal data insofar as this is necessary for the execution of the contract. The basic information we process includes:
Inventory data (e.g., names, addresses). Contact information (e.g., e-mail, phone numbers). Contract data (e.g., contract, term, duration). Payment details (e.g., bank details, payment history). The processing of this data serves the purpose of enabling the provision of the contractually agreed services; in particular to get in touch with you and to bill for services rendered to you. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) letter b GDPR.
II. Data deletion and storage duration
III. Your rights
If your personal data are processed by us, you are a concerned person within the meaning of the GDPR. You then have the following rights in relation to us or the "controller" within the meaning of the GDPR:
Who is responsible for processing personal information?
Responsibility for the processing of personal data lies with MPK Systems Ltd., Davoser Str. 1g, D-14199 Berlin, firstname.lastname@example.org, Managing Director: Mark Kinchin.
Right of access to personal data
You may request confirmation from us as to whether personal information concerning you is processed by us. You can then request information from the controller regarding the following:
The purposes for which the personal data are processed; The categories of personal data being processed; The recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed; The planned period of storage of personal data concerning you or, if specific information is not available, criteria for determining the duration of storage; The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; The existence of a right of appeal to a supervisory authority; All available information on the source of the data if the personal data are not collected from the data subject; The existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject. You have the right to request information about whether the personal data relating to you are transferred to a third country or to an international organization. You can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with such transfers.
Right to Correction
You have a right to the correction and/or completion of your personal data by the controller, insofar as the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
You may request the restriction of the processing of your personal data under the following conditions:
If you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information; The processing is unlawful and you reject the deletion of personal data and instead demand the restriction of the use of personal data; The controller no longer needs personal information for the purposes of processing, but you need it for the purposes of enforcing, exercising or defending legal claims; If you have objected to the processing in accordance with Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons. If the processing of your personal data has been restricted, your personal data may be processed only with your consent, or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons concerning the important public interest of the Union or of a Member State.
If processing is restricted according to the conditions referred to above, you will be informed by the controller before the restriction is lifted.
You may request that your personal information be deleted immediately if one of the following applies:
Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed. You revoke your consent to the processing in accordance with Art. 6 paragraph 1 letter a or Art. 9 paragraph 2 letter a GDPR and there is no other legal basis for processing. You register an objection in accordance with Art. 21 paragraph 1 GDPR to the processing and there are no overriding justifiable reasons for the processing, or you register an objection to the processing in accordance with Art. 21 paragraph 2 GDPR. Your personal data has been processed unlawfully. The deletion of the personal data concerning you is required to fulfil a legal obligation under European Union law or the law of the Member States to which the controller is subject. The personal data relating to you were collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
Right to information disclosed to third parties
If the controller has made the personal data concerning you public and is obligated to delete this data in accordance with Article 17 (1) of the GDPR, the controller, taking into account the available technology and implementation costs, shall take appropriate measures, including of a technical nature, to inform data controllers who process the personal data that you as an affected person have demanded that such data controllers delete all links to this personal data or to copies or replications of this personal data.
The right to deletion does not exist if the processing is necessary to exercise the right to freedom of expression and information; to fulfil a legal obligation which requires the processing under the law of the European Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferred on the controller; for reasons of public interest in the field of public health pursuant to Art. 9 (2) letter h and i and Art. 9 (3) GDPR; for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing; to assert, exercise or defend legal claims.
Right to Information
If you have made known to the controller your assertion of your right to the correction, deletion or restriction of the processing of your personal data, the controller is obliged to notify all recipients of your personal data of the correction or deletion of the data concerned or of the restriction of its processing unless this proves impossible or involves disproportionate effort. You have a right to demand that the controller inform you about these recipients.
You have the right to receive data relating to your person that you have passed on to the controller in a structured, current and machine-readable format. In addition, you have the right to transfer this information to another person without hindrance by the controller who has provided you with the data relating to your person, provided that
the processing is based on an agreement pursuant to Art. 6 paragraph 1 letter a GDPR or Art. 9 paragraph 2 letter a GDPR or on a contract pursuant to Art. 6 paragraph 1 letter b GDPR and processing is done by automated methods. In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another party, insofar as this is technically feasible. The freedoms and rights of others may not hereby be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
Right to object
You have the right at any time, for reasons arising from your particular situation, to register your objection to the processing of personal data concerning you that takes place pursuant to Art. 6 paragraph 1 letter e or f; this also applies to profiling based on these provisions.
The controller will no longer process the personal data relating to you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If the personal data relating to you are processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the revocation.
Right to complain to a regulator
Irrespective of any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
WITH YOUR REGISTRATION THROUGH OUR WEBSITES "BEMARBOOKING.EU - BEMAR.IS - BEDS24" A CONTRACT IS ESTABLISHED FOR THE USE OF OUR SOFTWARE AS A SERVICE "BEMAR/BEDS24" TO WHICH THE FOLLOWING PROVISIONS RELATE.
1. Subject of the contract 1.1 The subject of this contract is the provision of the software as a service application Bemar/Beds24 (hereinafter: "Beds24") for use exclusively via Internet access. The customer may use Beds24 for a limited period of time for their own purposes, in particular to process their own data and store this data in the system area provided.
1.2 The customer does not receive any further rights, in particular to Beds24, associated software applications or the operating software. The customer’s access to the Internet is not part of the contractual relationship. The customer is solely responsible for the functioning of their computer systems and Internet access.
1.3 The services offered by Beds24 are aimed exclusively at commercial customers. The use of Beds24 by consumers for private purposes is not permitted.
2. Contracting parties and their representatives Contracting parties are MPK Systems LTD (hereinafter referred to as "MPK Systems", "our "or "we") Davoser Str. 1g, D-14199 Berlin, Managing Director: Mark Kinchin and the Customer (hereinafter referred to as "Customer", "you" or "your").
2.2 MPK Systems transmits to the customer the access data required for the software use for identification and authentication. Any user who logs on to the "Beds24" website using his or her credentials is deemed to have the authority to provide and accept contractually related statements to and from MPK Systems unless expressly limited in this respect by the Control Panel.
3. Rights of use 3.1 Beds24 is a booking system for tourist accommodation. Bookings enterd into Beds24, bookings received via the customer’s website or via third-party booking portals can be administrated and related data processing processes can be handled. The use of Beds24 is carried out by the customer exclusively via an internet browser or API interface.
3.2 MPK Systems guarantees the availability of 99% of the annual average of services provided under this agreement. Availability in this sense is the contractually agreed use of the contractual services excluding agreed maintenance periods. If the availability is lower than the annual average, MPK Systems reimburses the customer for the pro rata usage fee for the period in which the service offer was not accessible to the customer. Further reimbursement, e.g. for additional services does not take place.
3.3 The contractual services to be provided by MPK Systems, in particular the functional scope of the software provided for use, are set out in the service description deposited on the website "www.Beds24.com" or "www.Beds24.de". MPK Systems is entitled to change and adapt the content of its services, including the software provided, in particular for technological development. MPK Systems will notify the customer, no later than one month prior to the change, of intended restriction of essential functions of Beds24 if the functional limitations are caused by MPK Systems. In this case, the customer is entitled to a special right of termination with a notice period of two weeks to the change date.
3.4 The customer is not entitled to use Beds24 beyond the permitted use in accordance with this contract. In particular, the customer is not permitted to reproduce, lease or lend Beds24 or parts of it without the permission of MPK Systems, or to use the software for competitive analysis or benchmarking purposes.
3.5 In case of misuse of the system, suspicion of illegal activities or use that leads to overloading of the server, MPK Systems has the right to immediately exclude the person responsible from using the service and/or to terminate the contractual relationship after providing warning.
4. Obligations of the customer 4.1 The customer is obliged to promptly monitor the bookings processed by Beds24 and to inform MPK Systems immediately of possible malfunctions.
4.2 The customer is obliged to keep access data such as passwords and user names securely and not accessible to unauthorized persons. He is also required to use secure passwords and to maintain up to date anti-virus protection against spam, phishing, and other unauthorized access to the customer’s account.
4.3 When describing, limiting, ascertaining and reporting faults, the customer must follow the instructions given by MPK Systems and where necessary, use the communication format specified by MPK Systems. The customer must communicate fault messages and questions to their best endeavours and using competent staff.
5. Prices, payment and refund 5.1 Time-based fees for the use of Beds24 are payable monthly before the first day of the following month. The amount to be paid is calculated from the monthly fee for rooms and properties created in Beds24 plus activated extras and channel manager links. Insofar as monthly fees are shown in our price list, these are calculated on a daily basis for each actual chargable item divided by the number of days in the billing month. On the first day of the following month, the sum of the daily charges are deducted from the customers account.
5.2 The prices quoted by us are net excluding the applicable VAT rate, as far as value added tax is incurred.
5.3 Usage related fees, for example for SMS Booking notifications or fees for online payment transactions and related expenses are due for payment immediately and debited to the customer’s account on the same day they occur.
5.4 All costs incurred and the current balance of the customer account can be viewed in the Beds24 Control Panel. Customer accounts must always have a positive balance. If the Customer account has a negative balance, MPK Systems will block all functions until the balance due is paid.
5.5. If the customer requests reimbursement of a credit from their customer account, the fee for each associated payment transaction is €25.00 plus any bank or other transaction costs charged from third parties to MPK-Systems. This does not apply if MPK Systems has entered into the contractual relationship according to Item 7.4 or the customer terminates the contract according to Item 7.5 terminated or there was a reason that would have entitled the customer thereafter to the termination.
6. Free trial Every customer can use Beds24 free of charge for fourteen days before starting the paid service. So that services which are charged per use, such as booking confirmations via SMS can be tested, the user account has a credit amount at the beginning of the trial period that can not be paid out in cash. If the credit balance is used up, such services can not be used without making a deposit into the customer account. The free trial ends after 14 days without a separate message.
7. Contract Duration and Termination 7.1 The contractual relationship begins with the customer’s registration via the websites "beds24.de" or "beds24.com".
7.2 The contract will run for a limited period of time. The first contract period is at least two weeks (trial period) and ends on the first day of the following calendar month, without any need for notice of cancellation. If the customer has made a deposit into their customer account and the customer account shows a positive balance on the last day of the contract period, the contract is extended by one month at a time.
7.3 The customer can terminate the contract at any time to the end of the month. The customer can solely terminate the contract via the "Cancel Account" function in the Beds24 scontrol panel.
7.4 MPK Systems may object to the renewal of the contract with a notice period of three months, so that the contract ends on the date stated in the announcement.
7.5 The right of the contracting parties to terminate the contract for good cause remains unaffected. An important reason is when a contractor grossly violates the obligations set out in this contract, and in particular when insolvency proceedings are opened against the assets of the other contracting party or the other contracting party becomes insolvent.
7.5.1 For the customer, one important reason may be a significant underperformance of the agreed availability of the software; However, this is usually only a permanent fall below the agreed availability by more than 10%.
Defects and liability 8.1 The customer must notify MPK Systems of any defects in the software provided, including its documentation and other documents. MPK Systems will repair reported defects in the short term. The same applies to other disruptions that hinder the possibility of using software.
8.2 The customer may not enforce a reduction in the agreed fee. Other claims remain unaffected.
8.3 MPK Systems is also liable for damages incurred by the customer in the context of their use of Beds24, unlimited for intentional and gross negligence.
8.4 For simple negligence, MPK Systems shall only be liable, except in the case of injury to life, body or health, if essential contractual obligations (cardinal obligations) are violated. The liability is limited to the contractually typical and foreseeable damage, however, up to a maximum of 12 times the average monthly fee that the customer paid to MPK Systems until the damage occurred or should have paid for undisturbed software use.
8.5 The liability for indirect and unpredictable damages, loss of production and use, lost profits, missed savings and financial losses due to third-party claims, is excluded in the case of at most simple negligence, except in case of injury to life, limb or health.
8.6 Further liability is excluded, regardless of the legal nature of the asserted claim. However, the above limitations or exclusions of liability do not apply to legally binding no-fault liability (eg in accordance with the German Product Liability Act) or liability arising from a no-fault guarantee.
8.7 Liability for loss of data is limited to the typical recovery effort that would have been incurred in the case of regular and risk-adequate backup copies.
8.8 As far as the liability according to Items 8.2 and 8.3 is excluded or limited, this also applies to the personal liability of the employees, representatives, organs and vicarious agents of MPK Systems.
Data deletion, data protection and data security 9.1 MPK Systems guarantees the data protection security of the data transmitted to it by the customer and observes the legal regulations for data protection.
9.3 Insofar as MPK Systems processes personal data on behalf of the Customer as part of the provision of Beds24, the Contract for commissioned processing of personal data, which forms part of this Agreement, shall apply.
9.4. If the contract concluded between MPK Systems and the customer over the use of Beds24 ends after the free trial period without the customer having made any payments, MPK Systems will delete the data transmitted for processing by the customer 2 Months after the end of the contract (section 7.2). In all other cases of contract termination is the deletion 3 Months after the termination of the contract. A prior notification of the customer does not occur.
10. Subject to change MPK Systems shall be entitled to amend or supplement the terms of this agreement if changed legal, regulatory or technical conditions have led to a more than insignificant disruption of the relationship between performance and consideration or to a gap in the contract or if a supplement is due to the introduction new features of Beds24 is required and the change taking into account the interests of the customer is reasonable. MPK Systems will announce the intended changes to the terms of the contract at the latest three weeks before the planned entry into force by notifying the contents of the amended regulations by e-mail to the e-mail address stored in the system. The consent to the announced change shall be deemed given if the customer does not object within 3 weeks after receipt of the notice of change in writing. MPK Systems will again point this out separately in the change notification. If the customer objects to a change in the terms of the contract, the contractual relationship with the previous conditions will continue. However, MPK Systems reserves the right to terminate the contract at the earliest opportunity in this case. Irrespective of this, changes and / or additions to the terms and conditions of the contract also become part of the contract if the customer continues to use offers after the announcement and entry into force of the change, e.g. commissioned further services and / or logs on our website, or the customer otherwise agrees to the change.
11. Conflict with other terms and conditions Insofar as the customer uses their own general terms and conditions, the contract is also concluded without explicit agreement on the inclusion of general terms and conditions. As far as the different general terms and conditions agree, they are considered to be agreed. The contradictory individual regulations are replaced by the provisions of dispositive law. The same applies in the event that the terms and conditions of the customer include provisions that are not included in these terms and conditions.
12. Severability clause If any provision of this Agreement should be ineffective or unenforceable, or in the future ineffective or unenforceable, the remaining provisions of this contract shall not be affected. Instead of the ineffective or unenforceable provision, the parties undertake to agree on an effective provision that comes as close as possible to the meaning and purpose of the invalid or unenforceable provision, both legally and economically. The same applies to the completion of gaps in this contract.
13. Jurisdication Only the laws of the Federal Republic of Germany apply. Jurisdiction is Berlin / Germany.