Privacy Policy

Last updated: June, 2025

This Privacy Policy sets out how Lindenberg Hospitality GmbH, Friedrich-Ebert-Anlage 3 in 60327 Frankfurt am Main, (“Lindenberg,” “we,” “us,” or “our”) may collect, use, retain or disclose your personal information in connection with your use of our website or services that reference or otherwise incorporate this Privacy Policy as well as your attendance at, or participation in, Lindenberg events.

Please note that this Privacy Policy does not apply in the following circumstances:

• Third-Party Sites. The Services may include links, integrations or references to websites, services or materials that are controlled by third parties and which maintain different data practices than we do. If you provide personal information to any of those third parties, or direct us to share personal information with them, that personal information is governed by their privacy statements. For a list of third-party sites and services, please see Schedule 1.

From time to time, we may update this Privacy Policy as we adopt new privacy practices or as applicable laws and regulations change. Each time this Privacy Policy is updated, we will update the “Last Updated” date at the top of the page.

1. Information we collect about you.
   Depending on how we interact with you, we may collect information about you and/or the persons accompanying you, including the following:

• Contact details (for example, last name, first name, telephone number, email).
• Personal information (for example, date of birth, nationality).
• Information relating to your children (for example, first name, date of birth, age). The information collected in relation to persons under 16 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult.
• Your credit card number (for transaction and reservation purposes).
• Information contained on a form of identification (such as ID card, passport or driver licence).
• Your arrival and departure dates.
• Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, etc.).
• Your questions/comments, during or following a stay in one of our venues.
• Location data you generate as a result of using our websites and applications.

Collection

In general, we collect personal data directly from you and provision is voluntary, unless we inform you that provision is  mandatory, e.g. because it is required to book your hotel room. In these instances, if you do not provide the information we may not able to comply with  your request, e.g. the booking request.

Personal data may be collected on a variety of occasions, including:

• Hotel activities:
  • Booking a room.
  • Checking-in and paying.
  • Hotel stays and services provided during a stay.
  • Requests, complaints and/or disputes.

• Attending events or partaking in other services at a venue (eg spa or fitness services).
• Eating/drinking at a venue (including) bar or restaurant.
• Participation in marketing programs or events:
  • Participation in customer surveys (for example, the Guest Satisfaction Survey).
  • Subscription to newsletters, in order to receive offers and promotions via email.
• Transmission of information from third parties – tour operators, travel agencies (online or not), OTA reservation systems and others (for example transmission of information from third parties required for processing your booking request, e.g. tour operators or booking platforms).
• Internet activities:
  • IP address and cookies,
  • Online forms (online reservations or contact form).

2. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?The table at Schedule 2 sets out why we process your data, the lawful basis for the processing and the associated retention period.
3. ACCESS AND DISCLOSURE OF YOUR PERSONAL DATA

• We share your data with a number of authorised people and departments within the Lindenberg staff in order to offer you the best experience in our venues. The following teams may have access to your data:
  • hotel staff;
  • reservation staff using Lindenberg  reservation tools;
  • IT departments;.
  • marketing services;
  • medical services if applicable;
  • legal services if applicable; and
• We may share your data with service providers and partners.  Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:
  • external service providers: IT sub-contractors, international call centres, banks, credit card issuers, external lawyers, dispatchers, printers; and
  • commercial partners: We  may, unless you specify otherwise to us, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyse and combine your data. This data processing will allow us  and its privileged contractual partners to determine your interests and customer profile to allow us, subject to applicable laws, to send you personalized offers.
• In the EEA appropriate measures include the use of the EU Commission’s Standard Contractual Clauses acc. to Art. 46(2)(c) GDPR, unless the country is subject to an EU Commission adequacy decision.
• We may share your data with local authorities.  We may be obliged to send your information to local authorities if this is required by law or as part of an inquiry. We will ensure that any such transfer is carried out in accordance with local regulations.

International transfers

• As set out, we may transfer your personal data to internal or external recipients who may be in countries or regions offering different levels of personal data protection.
• Consequently, in addition to implementation of this Policy, we implement appropriate measures to ensure secure transfer of your personal data to a recipient located in a country or region offering a different level of privacy from that in the country or region where the personal data was collected.
• Your data may be sent, in particular as part of the reservation process, to locations outside of the United Kingdom or European Union, in particular in the United States of America.

When we do this, we ensure it receives additional protection as required by law.

• If you need more information on the appropriate measures applied in the individual case or want to obtain a copy/link to the mechanism used you can contact us at communication@thelindenberg.com .

4. DATA SECURITY

• We  take appropriate and reasonabe technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure.
• To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, 2FA.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
• In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing (need-to-know principle).

Cookies

• We use cookies and other tracking technologies on its websites.

Your rights

• You have the right to obtain information about and access your personal data collected by us, subject to applicable legal provisions.
• You have the right to have your personal data rectified, erased or have the processing of it restricted.
• You have the right to data portability and to issue instructions on how your data is to be treated after your death.
• For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document is sufficient.
• You may also exercise your rights in respect of your personal data that is stored and processed by us as a data controller.
• In the event that you wish to exercise any of your above rights, please contact us by writing to communication@thelindenberg.com.  All requests will receive a response as swiftly as possible.

Updates

• We may modify this Policy from time to time.
• Consequently, we recommend that you consult it regularly, particularly when making a reservation at one of our venues.

Contact

For any questions concerning our personal data protection policy, please write to communication@thelindenberg.com.

• We comply with both the UK and European General Data Protection Regulations when providing our services in the UK and EU markets.
• There are other laws and regulations which, depending on your specific situation, may also govern the use of your personal data.

Schedule 1

Third-party services

Schedule 2

Purposes and retention of data collection

The table set out in why we process your data, the lawful basis for the processing and the associated retention period.