Below we would like to provide you with information about how we use your personal data. We, Eventureline GmbH & Co. KG, Kistlerhofstr. 70 / Building 60/160, upper floor 5, 81379 Munich, collect our customers’ and business partners’ data for the purpose of executing contracts and fulfilling our contractual and pre-contractual obligations. Data collection and data processing is required for execution of the contract and is based on Art. 6 (1) point (b) EU GDPR. In the context of our business relationship, those personal data must be provided that are required to record and execute a business transaction and fulfil the associated contractual obligations or that we are legally obliged to collect. Without these data, we are not in a position to conclude a contract or to execute it properly. If it is possible to provide information voluntarily, such information is marked accordingly on the collection form.

Other reasons for processing include consultation of and data exchange with credit agencies to determine creditworthiness and default risks, pursuit of legal claims and mounting of a defence in legal disputes, and guaranteeing the IT security and IT operations of our company. Data processing of this sort is based on our legitimate interest as the data controller pursuant to Art. 6 (1) point f.

Other legal bases for data processing include statutory obligations and consent to do so.

The processed data are provided to the following recipients exclusively for a specific purpose in accordance with the principle of minimisation of disclosure:

-Internal units that are involved in the execution and fulfilment of the relevant business processes (e.g. HR management/control, bookkeeping, marketing, sales, IT organisation)

-Banks, financial institutions for processing payment transactions

-Legal practices and the relevant court of jurisdiction for pursuit of claims

-IT service providers for software maintenance in the context of commissioned processing

-Public bodies (authorities) in relation to statutory information and notification obligations Insurance companies to deal with claims

-Credit agencies for the purposes of credit checks in the case of a credit risk and for debt collection

-External contractors (service providers) pursuant to Art. 28 EU GDPR

- Partner companies in connection with the work
   contracted by the client

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third party services or if data is disclosed or transmitted to third parties, this happens only to fulfil our (pre-) contractual obligations, on the basis of consent, on the basis of a legal obligation or on the basis or our legitimate interests. Subject to statutory or contractual permission, we process or arrange for the processing

of data in a third country only if the particular requirements of Art. 44 et seqq. EU GDPR are in place.

In other words, processing takes place, for example, on the basis of specific guarantees, such as the officially recognised confirmation of a data protection level corresponding to that of the EU (e.g. the “Privacy Shield” in the USA) or compliance with officially recognised, special contractual obligations (so-called “standard contractual clauses”).

You have the right to object to the processing of personal data relating to you at any time, with effect from that point forward.

You also have the right to apply for information about the data about you stored by us and, if the data are incorrect, to demand rectification or, if the data have been stored unlawfully, to demand erasure, provided that no other statutory retention periods prevent this or retention of the data is not required for legal prosecution. In these cases, your data will be blocked. In addition, you have the option to apply for the data to be transferred at the end of the business relationship (data portability). If your personal data are stored on the basis of your personal consent, you may withdraw that consent. Your withdrawal then applies from the point in time at which it is made.

Various retention obligations and periods are specified by law. When these periods have elapsed, the corresponding data and records are routinely erased if they are no longer required to fulfil contracts. For example, financial data and data required under commercial law for a completed financial year are erased after a further ten years in accordance with statutory requirements, provided that no longer retention periods are prescribed or are required for legitimate reasons. In the area of HR management and control, shorter erasure periods are used in certain areas. This applies, in particular, to rejected applications and warnings. Where data are not covered by this, they are erased without request when the specified purposes no longer apply.

Registrations forms are kept for the statutory minimum period in accordance with the applicable registration legislation in the individual hotels and accommodation and are then carefully destroyed using a process that ensures data protection.

As a matter of principle, we do not use any exclusively automatic decision-making within the meaning of Art. 22 EU GDPR to establish and implement the business relationship.

You can contact our data protection officer at You also have the right to lodge an objection with a data supervisory authority.

Eventureline GmbH & Co.KG uses technical and organisational security measures in accordance with Art. 32 EU GDPR to protect the data controlled by it from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security measures used are improved continuously in accordance with technological developments. This means that Eventureline GmbH & Co. KG stores the information about you covered by data protection exclusively on secure systems in Germany. Only a small number of authorised people who are specifically obliged to protect the data and are involved in technical, administrative or editorial support have access to them.