Privacy Policy
Monopol Hotel und Gastronomie GmbH
Klütturm 1
31785 Hameln
Phone Number
+49 5151 620300
Email Address
info@monopol-hameln.de
Managing Directors
Fabian Simon, Michael Klingner
Commercial Register Court
Hanover District Court
Commercial Register Number
212323
VAT ID
DE300149906
You can reach our data protection officer at
info@monopol-hameln.de
Last updated: 6/5/2025
Cookies are set on this site. You can revise or view your consent here:
Legal Basis for Our Services and General Information on the Use and Disclosure of Data.
The information in this privacy policy is intended to inform you about the purpose, scope, and nature of the processing of your personal data within our entire online offering and all associated websites, including their features and content (hereinafter collectively referred to as "website" or "online offering"). This statement applies to all platforms and devices (e.g., mobile or desktop) on which our online offering is used or executed, regardless of the domains or systems used. This information is provided pursuant to Art. 13 GDPR.
Terms such as "personal data" or its "processing" are defined in Article 4 of the General Data Protection Regulation (GDPR).
Personal user data processed within this online offering includes, for example, personal data (such as customer names and addresses), contract data (contract numbers, responsible agents, services used, payment information), as well as usage data and customer inputs within our online offering (e.g., interest in specific products or content, or entries in the contact form).
The individuals affected by the data processing include all visitors to our online offering, including business partners, interested parties, and customers, hereinafter referred to as "users."
The terminology used, such as "user," "customer," or "service provider," is to be understood as gender-neutral.
All personal user data is processed in compliance with applicable data protection regulations. The basis for this is the existence of a legal permission or the user's consent. If data processing is necessary for the performance of our contractual services (e.g., order processing) or the online service (e.g., to ensure and comply with legal regulations), or also due to our legitimate interests (e.g., for the security of our online offering under Art. 6 para. 1 lit. f GDPR, analysis to optimize the security and efficiency of our operations, including profiling for advertising and marketing purposes, collection of reach and access data, and third-party services), we will use the data within the scope of the legal permissions.
Disclosure of Data to Third Parties and Third-Party Providers
Data will only be disclosed to third parties within the scope of legal requirements. Disclosure occurs only if necessary for contractual purposes/fulfillment (pursuant to Art. 6 para. 1 lit. b GDPR) or due to legitimate interests in our efficient and economical business operations (pursuant to Art. 6 para. 1 lit. f GDPR).
To comply with legal regulations and ensure the protection of personal data, we take appropriate legal, technical, and organizational measures when using subcontractors.
If third-party services, tools, or other means are used and the mentioned provider is based in a third country, data will be transferred to that country only if the user has previously given consent. The GDPR is an EU regulation and applies to all member states. Data transfers to countries outside the EU or the European Economic Area only occur with legal permission, user consent, or an adequate level of data protection in the respective third country. We specify such third-party providers in the following sections.
We use Google Tag Manager Server, which allows us to consolidate external data communications. This service is operated on European servers, primarily in Germany, via Google Cloud.
The use of this cloud server provider is based on the fulfillment of our contractual obligations to our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hosting provider will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data. More information on data processing can be found at: https://cloud.google.com/terms/data-processing-terms?hl=de
Our websites are hosted by Amazon Web Services EMEA SARL, German branch (Marcel-Breuer-Str. 12, 80807 Munich, hereinafter AWS). Personal data collected on our websites is stored on the servers of our hosting provider. This may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website visits, and other data generated via a website. Information about AWS’s privacy policy can be found at: https://d1.awsstatic.com/legal/privacypolicy/13677832_1_DEMATTERS(AWS_Privacy_Notice_Update-GERMAN).pdf
The use of the hosting provider is based on the fulfillment of our contractual obligations (Art. 6 para. 1 lit. b GDPR) and our interest in a secure, fast, and efficient provision of our website (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data as necessary to fulfill its service obligations and in accordance with our instructions. We have entered into a data processing agreement with our hosting provider to ensure GDPR-compliant processing.
Our email service is hosted by our sister company Synatix GmbH (Deisterstraße 20, 31785 Hameln, Germany) and the co-location provider Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). Personal data collected on our websites is stored on the servers of our hosting provider. This may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website visits, and other website-generated data.
The use of the hosting provider is based on the fulfillment of our contractual obligations (Art. 6 para. 1 lit. b GDPR) and our interest in a secure, fast, and efficient provision of our website (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data to the extent necessary to fulfill its service obligations and in accordance with our instructions. We have signed a data processing agreement with our hosting service provider to ensure GDPR-compliant processing.
To process user inquiries (via email or contact form), we process user data pursuant to Art. 6 para. 1 lit. b GDPR.
Online Presence on Social Media
In accordance with Art. 6 para. 1 lit. a GDPR, we maintain online presences on social networks and platforms to communicate with customers, prospects, and users, and to provide information about our services. When accessing those networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
Unless otherwise stated in this privacy policy, we only process the data of users who communicate with us or interact with our content.
Collection of Access Data and Log Files
Each time our servers are accessed, we collect data (so-called server log files) pursuant to our legitimate interests under Art. 6 para. 1 lit. f GDPR, including date and time, data volume, name of the accessed website, access status, operating system including browser type and version, previously visited website, IP address, and provider.
Log file information is stored for a maximum of seven days for security reasons and deleted afterward. Data required for evidence purposes is excluded from deletion until the incident is resolved.
Reach Measurement and Use of Cookies
Cookies are small files stored on users’ devices.
We mainly use session cookies, which are deleted from the respective storage medium after the browser session ends. Session cookies are required to enable features such as shopping carts or input storage across multiple pages. Additionally, we use cookies that remain on the user's hard drive. These allow automatic recognition of the user during a return visit and their preferred inputs and settings. These cookies are stored for one month to 10 years and delete themselves after the preset time. These cookies mainly make the online offering more user-friendly, secure, and efficient.
We also inform users in this privacy policy about the use of cookies for pseudonymous reach measurement.
Users can disable cookie storage in their browser settings. Stored cookies can also be deleted there. However, disabling cookies may result in limitations to our online offering’s functionality.
Objections to the use of cookies for reach measurement and advertising can be made via the Network Advertising Initiative’s opt-out page https://optout.networkadvertising.org/, the European website https://www.youronlinechoices.com/uk/your-ad-choices/, and the US website https://www.aboutads.info/choices.
Third-Party Providers
To offer our services, continuously improve them, and personalize content and advertisements on our website, social media, and partner sites, we use cookies, pixels, and similar technologies, including those from third-party providers. Therefore, we inform you below about the collection of personal data by us or third parties when using our websites and services.
For the purpose of website usage analysis, we store certain data, particularly accessed pages, time and date, user agent, cookie data, and referrer. At the beginning of this privacy policy, you can adjust consent settings by opening the Consent Manager and configuring them accordingly.
Google Analytics (Limited Use)
To a limited extent, Google Analytics collects anonymized visitor statistics that do not allow cross-device tracking or advertising measures.
Users can prevent the collection and processing of their data by downloading and installing the browser plugin available at this link: https://tools.google.com/dlpage/gaoptout?hl=de. Cookie storage can also be avoided via browser settings.
For more information about data collection and settings or opt-out options by Google, please visit: https://www.google.com/intl/de/policies/privacy/partners, https://www.google.com/policies/technologies/ads. You can also manage your ad settings here: https://adssettings.google.com/authenticated.
| Description | Google Analytics is a web analytics service. |
| Purpose of the Data | Web analysis |
| Processing Location | Ireland |
| Processing Company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data Recipient | Google Ireland Limited |
| Legal Basis | Article 6 para. 1 lit. f GDPR |
| Privacy Policy Link | https://policies.google.com/privacy?hl=de |
synTRK
| Description | synTRK is a service that processes pseudonymized visitor statistics to a limited extent. |
| Purpose of Data | Pseudonymized visitor statistics collected to a limited extent that do not allow cross-device tracking or advertising measures. |
| Place of Processing | Germany |
| Processing Company | Synatix GmbH |
| Data Recipient | Monopol Hotel und Gastronomie GmbH |
| Legal Basis | Article 6(1)(f) GDPR |
Google Ads Conversion Measurement
| Description | Google Ads Conversion Measurement improves the number of observable conversions in your campaigns while protecting users’ personal data. |
| Purpose of Data | Ad click & conversion tracking |
| Technologies Used | Cookies, pixels |
| Collected Data | Information about the ad click (ad click, campaign, ad group, time of click) |
| Retention Period | Up to 90 days |
| Place of Processing | Ireland |
| Processing Company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data Recipient | Google Ireland Limited |
| Legal Basis | Article 6(1)(a) GDPR |
| Link to Privacy Policy | https://policies.google.com/privacy?hl=de |
Google Ads Remarketing
With the user's consent in accordance with Article 6(1)(a) GDPR, we use the marketing and remarketing services (referred to as “Google Marketing Services”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
We use Google Marketing Services to display ads for our website and on our website in a more targeted manner in order to present users primarily with ads that are potentially of interest to them.
| Description | Google Ads Remarketing is a feature that allows ads to be personalized for users who have previously visited our website. Ads can also be tailored to these users when they use a browser or apps. |
| Purpose of Data | Personalizes and tracks ads for remarketing. |
| Technologies Used | Cookies, pixels |
| Collected Data | Data on ad interaction (clicks, timestamps, settings), conversion data (time of conversion, related ad data) |
| Retention Period | Up to 13 months |
| Place of Processing | Ireland |
| Processing Company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data Recipient | Google Ireland Limited |
| Legal Basis | Article 6(1)(a) GDPR |
| Link to Privacy Policy | https://policies.google.com/privacy?hl=de |
Google Analytics
Comprehensive collection of visitor statistics. Users can prevent the collection and processing of their data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Cookie storage can also be avoided by adjusting browser settings or by withdrawing consent via our consent manager. At the beginning of this privacy policy, you can adjust your preferences by opening the consent manager and making the appropriate selections.
For more information on settings and opt-out options as well as on data collection by Google, visit: https://www.google.com/intl/de/policies/privacy/partners, https://www.google.com/policies/technologies/ads. You can also view and manage your ad settings here: https://adssettings.google.com/authenticated.
| Description | Google, on our behalf, creates reports on the usage of our online offering. For this and other services performed on our behalf, information about user activity within our offering is collected. This information may also be used to create pseudonymous usage profiles. |
| Purpose of Data | Analytics |
| Technologies Used | Cookies |
| Collected Data | Client ID, user location, usage data |
| Retention Period | 14 months |
| Place of Processing | Ireland |
| Processing Company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data Recipient | Google Ireland Limited |
| Legal Basis | Article 6(1)(a) GDPR |
| Link to Privacy Policy | https://policies.google.com/privacy?hl=de |
Google Signals
| Description | Cross-device marketing |
| Place of Processing | Ireland |
| Processing Company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data Recipient | Google Ireland Limited |
| Legal Basis | Article 6(1)(a) GDPR |
| Link to Privacy Policy | https://policies.google.com/privacy?hl=de |
Mouseflow
With consent according to Article 6(1)(a) GDPR, we work with the service Mouseflow ApS (Flaesketorvet 68, 1711 Copenhagen V, Denmark). This allows the creation of so-called heatmaps and session recordings. Mouseflow enables us to track mouse movements on our websites. In addition to information about which windows or buttons are clicked by users and how far they scroll within text, technical data such as operating system or browser information may also be collected and processed. Temporary user profiles are created for this purpose. Additionally, this tool allows us to gather direct feedback from website visitors. This direct interaction can be used to improve customer friendliness and usability.
Mouseflow's privacy policy: https://mouseflow.com/privacy/. You can view and change your consent via our Consent Manager.
| Description | Tool for website analysis & optimization |
| Purpose of Data | Tracks user interactions for session replays and analytics. |
| Technologies Used | Cookies, JavaScript |
| Collected Data | Session ID, Unique User ID |
| Retention Period | Up to 13 months |
| Place of Processing | Denmark |
| Processing Company | Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen V, Denmark |
| Data Recipient | Mouseflow ApS |
| Legal Basis | Article 6(1)(a) GDPR |
| Link to Privacy Policy | https://mouseflow.com/legal/company/privacy-policy/ |
Consent Manager
| Description | Storage of user consents |
| Place of Processing | Germany |
| Processing Company | Monopol Hotel und Gastronomie GmbH, Klütturm 1, 31785 Hameln |
| Data Recipient | Monopol Hotel und Gastronomie GmbH |
| Legal Basis | Article 6(1)(a) GDPR |
Google Tag Manager
| Description | Tool for implementing events, customizations, and tracking on the website |
| Place of Processing | Ireland |
| Processing Company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data Recipient | Google Ireland Limited |
| Legal Basis | Article 6 (1) (a) GDPR |
| Privacy Policy Link | https://policies.google.com/privacy?hl=de |
Session Cookies
| Description | This cookie marks a session and is deleted when the browser is closed |
| Purpose of Data | Management of user sessions and linkage with the server |
| Technologies Used | Cookies |
| Data Collected | Session ID |
| Retention Period | Session |
| Place of Processing | Germany |
| Processing Company | Monopol Hotel und Gastronomie GmbH, Klütturm 1, 31785 Hameln |
| Data Recipient | Monopol Hotel und Gastronomie GmbH |
| Legal Basis | Article 6 (1) (a) GDPR |
Measures for Protection and Security
To protect the data processed by us from accidental or intentional manipulation, destruction, loss, or access by unauthorized persons, and to comply with data protection regulations, we implement technical, organizational, and contractual security measures in accordance with the state of the art. One such measure includes encrypted transmission of data between our server and your browser.
Users’ Personal Rights
Upon request, every user may obtain information about the personal data stored about them.
Furthermore, users have the right to have incorrect data corrected, to restrict or delete the processing of their personal data, and to assert the right to data portability. A complaint can be submitted to the relevant supervisory authority at any time.
Any consent granted by the user can be withdrawn at any time, with effect only for the future.
Data Deletion
Data not subject to statutory retention periods will be deleted as soon as it is no longer required for its intended purpose. If deletion is not possible due to legal or other permitted reasons, processing will be restricted. Blocking the data thus prevents its processing for other purposes.
Retention is carried out in accordance with § 257 (1) HGB (e.g., for commercial books, inventories, opening balances, annual financial statements, business letters, accounting records, etc.) for six years, and according to § 147 (1) AO (e.g., for books, records, reports, accounting records, commercial and business letters, tax-relevant documents, etc.) for ten years.
Data collected via Google Analytics will be fully anonymized after 50 months.
Data collected via Meta Marketing Services and Adcell will be stored indefinitely.
Data collected via Mouseflow will be deleted after six months.
Right to Object and Other Rights
If the user has given consent to the processing of personal data for one or more specific purposes, the user has the right to withdraw consent with effect for the future.
In particular, the user generally has the right to object, free of charge and with effect for the future, to the processing of their personal data within the scope of legitimate interests. To do so, simply send an email to kontakt@firmendomain.de or to the postal address mentioned above.
Every data subject has the right—regardless of any other administrative or judicial remedy—to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject believes that the processing of personal data concerning them violates this Regulation.
An appropriate authority, for example, is the State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hanover. However, the user may choose a different authority.
Obligation to Provide Data
The following data is mandatory:
Use of the contact form or other contact:
The following data is required for processing a request via the contact form:
Name & email address
All other information is optional and not required to process a contact request. If the required information is not provided, the request cannot be processed. The omission of optional information has no impact on the processing of the request. There is no obligation to provide any data for general inquiries.
Automated Decision-Making
There is no automated decision-making, including profiling.
Privacy Policy Updates
We reserve the right to change this privacy policy in the event of legal changes or modifications to our services or data processing. This applies exclusively to declarations concerning data processing. If user consent is required or if components of the privacy policy contain contractual provisions with the user, changes may only be made with the user’s consent.
We kindly ask users to regularly check the content of this privacy policy on their own initiative.
