Data protection agreement
Privacy Policy for Accommodation Providers
This data protection declaration applies to Mundillo Hotels GmbH, Attilastraße 16, 12529 Schönefeld, Germany (hereinafter Mundillo Hotels). Section I describes how Mundillo Hotels collects and processes personal data from (potential, existing or former) accommodation providers in order to fulfil its contractual obligations, taking into account and in compliance with the GDPR. This privacy policy therefore applies to personal data of owners, tenants, employees, agents or other persons acting on behalf of an accommodation provider.
The following data protection guidelines supplement the general terms and conditions of the agreement on the basis of which Mundillo Hotels provides its services to the accommodation provider.
Furthermore, this data protection statement in section II regulates the handling and obligations of the accommodation provider with personal data received from Mundillo Hotels, in accordance with the data protection guideline GDPR, in order to ensure compliance with the data protection requirements of each contracting party.
By using the services of Mundillo Hotels, the accommodation provider agrees and accepts the following guidelines.
Section I
1. data collection by Mundillo Hotels
The personal information Mundillo Hotels may collect about accommodation providers depends on the context of the business relationship and interaction with Mundillo Hotels, the choices made by an accommodation provider and the products, services and features used. The personal information Mundillo Hotels may collect through an accommodation provider may include the following: Depending on the situation, not all of the following data can be considered personal data, as it may relate to a company and not to a person:
2. Types of personal data
2.1 Identity data
This includes personal data such as first name, maiden name, surname, gender and Image data that can show the accommodation provider, business partners, employees or family members.
2.2 Contact information
This includes billing address, accommodation address, e-mail address, postal address and telephone number.
2.3 Financial data
We collect the data necessary for possible payments such as IBAN + BIC, as well as the EU VAT identification number required for invoicing.
2.4 Other species
In written communication with Mundillo Hotels, Mundillo Hotels collects and processes the communication. E-mail content is stored for documentation purposes.
3. Other information that Mundillo Hotels automatically collects
3.1 When using the fincahotels.com extranet, Mundillo automatically collects information from hotels or contracted service providers, some of which may be personal data. This may include information such as language settings, IP address, location, device settings, device operating system, usage log, usage date, usage time, requested URL, status report, user name, browser history and type of data displayed on the extranet.
3.2 By submitting to Mundillo Hotels, as the case may be, the personal data of other persons relating to your company in the hotel registration questionnaire, you confirm that these persons have been informed about the use of their personal data by Mundillo Hotels in accordance with this Privacy Policy and have given all necessary consents.
4. Purposes of the processing
4.1 Mundillo Hotels will only process personal data which it receives from the accommodation provider within the framework of the accommodation registration (hotel questionnaire) and the general terms and conditions of the main contract to the extent and in compliance with the data protection provisions of the GDPR as necessary to fulfil its obligations of the contract. This includes arranging accommodation contracts, making reservations via the plattform fincahotels.com and via e-mail, making payments to the accommodation provider on behalf of books (forwarding of third-party funds), processing booking enquiries, advertising accommodation on its websites and social media channels.
5. Legal and Observance
5.1 In certain cases Mundillo Hotels must use the information provided, including personal data, to process and resolve disputes, for regulatory investigations and compliance or to enforce the agreement with the Accommodation Provider or to resolve a complaint with a booker.
5.2 Please note that the accommodation details, including the name and address of the accommodation and telephone number, will be used in accordance with the General Conditions of Sale as part of the separate Accommodation Agreement.
5.3 If we use automated means to process personal data that has legal consequences or significantly affects you, we will take appropriate measures to protect your rights.
Legal basis: Mundillo Hotels relies on the legal basis that the processing of personal data is necessary for the fulfilment of the agreement between the accommodation provider and Mundillo Hotels. If the required information is not provided, Mundillo Hotels cannot register an accommodation provider or otherwise cooperate with an accommodation provider.
6. Duration of processing
6.1 Personal data may be stored by Mundillo Hotels in a form that allows the identification of the data subjects only for as long as is necessary for the purposes for which they are processed.
6.2 Mundillo Hotels processes personal data on behalf of the accommodation provider until termination of the contract.
7. Data Sharing
7.1 Sharing with partners
In order to support the use of the services of Mundillo Hotels, your data, which may contain personal data, may be passed on to service providers, in particular with regard to online booking procedures and technical customer support services.
7.2 Passing on to third parties
We pass on the information of business partners, which may also include personal data, to third parties, insofar as this is legally permissible and described below. We do not sell or rent personal data to third parties.
7.3 Service providers (incl. suppliers)
We pass on personal data to third parties in order to provide our products and services or to store data. These service providers only process personal data on behalf of and to provide the service to Mundillo Hotels.
7.4 Payment providers and other financial institutions
In order to process payments between an accommodation provider and Mundillo Hotels or a booker and an accommodation provider, personal data will be disclosed to payment providers and other financial institutions or bookers where relevant.
7.5 Forced Disclosure
If necessary for the provision of our services, in court proceedings or to protect our rights or the user, we pass on personal data to law enforcement authorities or investigative organisations.
8. Security
In accordance with European data protection laws, Mundillo Hotels maintains appropriate procedures to prevent unauthorized access to and misuse of information, including personal data.
Mundillo Hotels uses appropriate business systems and procedures to protect and secure information, including personal data. We also use security procedures and technical and physical restrictions on the access and use of personal data on our servers. Access to personal data is only permitted to authorized persons within the scope of their activities.
9. Duration of processing
9.1 Personal data may be stored by Mundillo Hotels in a form that allows the identification of the data subjects only for as long as is necessary for the purposes for which they are processed. All personal data that we store is subject to this data protection declaration and the legal retention guidelines. Mundillo Hotels processes personal data on behalf of the accommodation provider until the end of the contract.
10. Your decisions and rights
10.1 The Accommodation Provider has control over the use of his personal data by Mundillo Hotels at all times. You have the following options:
- You may request a copy of the personal data stored on our systems.
- You may notify us of changes to your personal information, and ask us to collect the personal data we hold about you rectify
- in certain cases you can request us to delete the personal data stored about you or to object to a certain type of use of your personal data.
- in certain situations, you may ask us to disclose the personal data you have provided to third parties.
10.2 If we use your personal data on the basis of your consent, you have the right to revoke this consent at any time within the scope of applicable law. If we process your personal data on the basis of a legitimate interest or public interest, you have the right to object to this use of your personal data at any time within the scope of applicable law.
10.3 We depend on your personal data being complete, correct and up-to-date. Please inform us immediately about changes or inaccuracies of your personal data.
11. Questions or complaints
If you have any questions regarding the processing of your personal data or wish to exercise your rights under this data protection declaration, please contact our data protection officer at privacy(@)fincahotels.com. All questions and complaints regarding data protection addressed to Mundillo Hotels are taken very seriously.
Section II Handling and obligations of the accommodation provider according to GDPR
12. Data protection
12.1 Each party shall take reasonable measures (organizational and technical) to protect personal data (i.e. information relating to identified or identifiable natural persons) processed under this Agreement by the respective parties against loss and unauthorized access, use, erasure and disclosure, and shall process personal data in a manner that requires appropriate confidentiality and security of personal data in accordance with applicable laws under the GDPR.
12.2 The parties acknowledge that Mundillo Hotels is the owner and accommodation provider of the data processors for the purposes of data protection legislation (the owner and the data processor having the meanings defined in the data protection legislation). Mundillo Hotels assumes the role of Data Controller (Mundillo Hotels determines the purposes and means of data processing) of any personal data that Mundillo Hotels processes. In this case, the accommodation provider becomes a data controller if he either directly or indirectly receives personal data via an affiliated partner such as a channel management system provider or hotel reservation system. Such so-called "connective partners" process the personal data exclusively in the name and on behalf of the accommodation provider. Point 14 lists the scope, type and purpose of processing by the Accommodation Provider, the duration of processing and the type of personal data (as defined in the Data Protection Act) and categories of data subjects (as defined in the Data Protection Act).
12.3 Without prejudice to the generality of Clause 12.1, the Accommodation Provider shall be liable for all personal data processed in connection with the performance of its obligations under this Agreement and by the Accommodation Provider:
12.3.1 ensure that all Accommodation Provider employees who have access to and/or process personal data are required to keep the personal data confidential; and
12.3.2 not to transmit personal data outside the European Economic Area.
12.3.3 To inform Mundillo Hotels immediately if a violation of personal data (e.g. due to data breaches) becomes known;
12.3.4 The Accommodation Provider assures that Mundillo Hotels has the right to voluntarily inform its users about such a data breach. The Accommodation Provider undertakes not to inform guests or other parties about a data breach concerning personal data that Mundillo Hotels manages on the Extranet (defined in No. 13) without the prior written consent of Mundillo Hotels.
12.3.5 To assist Mundillo Hotels in responding to inquiries from stakeholders and in ensuring compliance with data protection obligations in relation to security, reporting violations, impact assessment and consultations with regulatory authorities or authorities.
12.3.6 to delete or return to Mundillo Hotels personal data and copies thereof upon termination of the contract on written instruction from Mundillo Hotels, unless required by applicable law to store the personal data; and
12.3.7 maintain complete and accurate records and information to demonstrate compliance with this clause and to enable audits by Mundillo Hotels or the auditors appointed by Mundillo Hotels.
12.3.8 Mundillo Hotels does not agree that the Accommodation Provider may engage a third party to process personal data without the prior written consent of Mundillo Hotels (contractors). Consent may not be refused without good reason.
13. Use of online services of Mundillo Hotels
13.1 Mundillo Hotels shall provide the Accommodation Provider with an extranet in accordance with the "Accommodation Provider Terms and Conditions", point 7. the Accommodation Provider undertakes to change the initial password immediately and regularly and to keep the user name and password confidential and secure and not to make the user name and password accessible to anyone other than those who must have access to the extranet in the course of their work. The Accommodation Provider will notify Mundillo Hotels within 24 hours of any actual or suspected breakdown of the Mundillo Hotels extranet username and password.
14. Processing, personal data and data subjects
Processing by the accommodation provider
14.1 Scope and purpose of processing
The Accommodation Provider will only process personal data received from Mundillo Hotels under the Accommodation Provider Terms and Conditions and this Agreement to the extent necessary to provide accommodation to customers in accordance with this Agreement and the accommodation bookings made by Mundillo Hotels, and in compliance with the data protection provisions of the GDPR.
14.1.2 Duration of processing
Personal data may be stored by the accommodation provider in a form that allows identification of the data subjects only for as long as is necessary for the purposes for which they are processed. The accommodation provider processes personal data on behalf of Mundillo Hotels until the end of the contract.
14.1.3 Types of personal data
The accommodation provider processes the following types of personal data on behalf of Mundillo Hotels:
- Identity data
This can include customer-specific data such as first name, maiden name, surname, booking number, marital status, title, date of birth and gender.
- Contact details
This may include contact information such as billing address, email address and telephone numbers.
- Financial data
This can include data on payment means and methods, such as the customer's bank account and payment card data.
15. Categories of persons concerned
The accommodation provider processes personal data on behalf of Mundillo Hotels in relation to the following categories of data subjects:
- Customers who book accommodation through Mundillo Hotels.
16. Changes to the data protection declaration
Mundillo Hotel reserves the right to change this data protection agreement if this is necessary due to changes in data protection legislation. Should future changes affect the processing of personal data, we will inform the accommodation provider.
17. Contact
Mundillo Hotels GmbH
Knut Sievers
Attilastraße 16
12529 Schönefeld
Germany
Tel.: +49 (0)3379 / 34 196 34
E-Mail: privacy[at]fincahotels.com
These "Privacy Policy for Accommodation Providers" together with the "General Terms and Conditions for Accommodation Providers" are mandatory fixed elements of the cooperation agreement between Mundillo Hotels and the accommodation provider.
Date: 01.03.2023