Book now

Privacy Notice

The protection of your personal data is an important concern to us. We process your data on the basis of the statutory provisions (GDPR, BDSG).

I. Scope of Application

This privacy notice provides information about the processing of your personal data by i Live Hospitality GmbH (hereinafter referred to as “Rioca”) and its affiliated companies in accordance with the EU General Data Protection Regulation (hereinafter referred to as “GDPR”), in particular when you visit and use this website, when initiating and concluding a contract with us, when using our services, when booking a table, and in the context of marketing activities.

II. Controller and Contact Details of the Data Protection Officer

Controller within the meaning of the GDPR:
I Live Hospitality Services GmbH
Julius-Bausch-Straße 50
73430 Aalen
Email: ola@rioca.eu

Contact details of the Data Protection Officer:
You can contact our Data Protection Officer at:
Julius-Bausch-Straße 50
73430 Aalen
Email: datenschutz@rioca.eu

III. General Information on Data Processing

1. Types of Data We Process

Data provided by you:
We process personal data that you voluntarily provide to us, for example via contact forms, by email, in the course of telephone inquiries, or as part of room bookings. This includes in particular contact, communication and payment information.

Automatically collected data:
When you visit our website, data is automatically collected through the use of cookies and similar technologies. This includes information about the type of device, the operating system and its version, the IP address, the approximate geographic location derived from the IP address, the browser type, and information about how you interact with our content.

Data from other sources:
Where applicable, we may receive data about you from external sources, especially if you interact with us via social media platforms (e.g. Facebook, Instagram). This privacy notice also applies to such data, supplemented by the specific requirements of the respective platform.

2. Purpose and Legal Bases

We only process your data if this is necessary to provide our website, content and services. Processing is carried out on the basis of the GDPR:

  • Art. 6 para. 1 lit. a: If you have given us your express consent.
  • Art. 6 para. 1 lit. b: For the performance of a contract or for carrying out pre-contractual measures.
  • Art. 6 para. 1 lit. c: For compliance with legal obligations.
  • Art. 6 para. 1 lit. f: For the protection of our legitimate interests (e.g. IT security, optimisation of the website).

3. Security

To protect your data, we use security measures in line with the current state of the art, in particular SSL/TLS encryption (HTTPS) for secure data transmission on our website.

IV. Data Processing

The individual data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are listed below:

1. Hosting

We host our website with Internetagentur Kreativdenker GmbH, Mittelkämmerstraße 6, 67346 Speyer, Germany.

When you visit our website, Kreativdenker automatically collects information in so-called server log files, which your browser automatically transmits to the server. This includes:

  • IP address of the accessing computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used, your computer’s operating system, and the name of your access provider

This data is technically necessary in order to deliver the website in a stable and secure manner. This data is not merged with other data sources.

Kreativdenker is used for the purpose of secure, fast and efficient provision of our online offering by a professional provider.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically flawless and secure provision of our website.

We have concluded a data processing agreement (DPA) with Kreativdenker GmbH.

2. Content Management System

Our website is operated using the WordPress content management system. WordPress is open-source software for the creation and administration of websites. Personal data is processed solely in the context of the technical provision of the website via our hosting service provider.

3. Use of Cookies

Our website uses so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Technically necessary cookies: Many cookies are technically necessary because certain website functions would not work without them (e.g. shopping cart function, login status, or storage of your privacy settings). These cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If access to the cookie or its storage is strictly necessary in order to provide the service expressly requested by you, this is carried out on the basis of Section 25 para. 2 TDDDG.

Cookies requiring consent (analytics & advertising): Cookies used to analyse user behaviour or for advertising purposes, or cookies set by third parties (third-party cookies), are only used if you have given your express consent. In this case, processing is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG). This consent may be revoked at any time with effect for the future.

Where such cookies are used by third parties (e.g. for processing payment services or embedding videos), we inform you separately in the following sections of this privacy notice about the details and scope of the data processing.

You can configure your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

4. Consent Management with Cookiebot

Our website uses the consent management platform “Cookiebot” to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this in a data protection compliant manner. The provider of this service is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection is established to Cookiebot’s servers in order to request your consent settings. Cookiebot stores a cookie in your browser in order to be able to assign the consents you have given or their withdrawal.

Processed data:

  • Your consent(s) or the status of consent
  • Your anonymised IP address
  • Information about your browser and your device
  • Date and time of your visit
  • The URL from which the consent was sent

Purpose and legal basis: Cookiebot is used in order to obtain the legally required consents for the use of cookies. The legal basis is Art. 6 para. 1 lit. c GDPR (compliance with a legal obligation).

Storage period: The data is stored until you request deletion, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. The collected consent is generally stored for a period of 12 months.

Data processing agreement: We have concluded a data processing agreement (DPA) with Usercentrics A/S. This ensures that the provider processes the data of our website visitors only on our instructions and in compliance with the GDPR.

5. Contact Form, Event Inquiry Form and Email Contact

If you contact us via contact form or by email, the information you provide, including the contact details you submit, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass this data on without your consent.

Legal basis: This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract (e.g. a booking inquiry) or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).

Storage period: The data sent by you will remain with us until the purpose for data storage no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions, in particular retention periods under tax law, remain unaffected.

6. Handling Applicant Data (Application Process / Talent Pool)

We offer you the opportunity to apply to us (e.g. by email or via online application forms). Below we inform you about the scope, purpose and use of your personal data collected as part of the application process.

a) Purpose and legal basis of data collection

If you send us an application, we process your related personal data (e.g. contact and communication data, CVs, certificates, notes taken during job interviews, etc.) insofar as this is necessary for the decision on establishing an employment relationship.

The legal basis for this is Section 26 BDSG (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given consent – Art. 6 para. 1 lit. a GDPR. Consent may be revoked at any time. Within our company, your personal data will only be passed on to persons involved in processing your application.

b) Retention period of the data

If we are unable to make you a job offer, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months after completion of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The purpose is to provide evidence in the event of a legal dispute (e.g. assertion or defence of claims under the German General Equal Treatment Act – AGG). After this period, the data will be deleted unless there is a statutory retention obligation or another legal basis for further storage.

c) Inclusion in our talent pool

If you give us your express consent, we will include your applicant profile in our internal applicant pool. This serves the purpose of being able to contact and invite you at a later date for suitable job vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

You may revoke this consent at any time with effect for the future (e.g. by email). In the event of revocation, your data will be deleted from the pool immediately. If no revocation is made, your data will be deleted automatically after 24 months unless you grant us renewed consent for further storage.

7. Instagram

Our website contains a link to our profile on the Instagram platform. The provider of the service is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The Instagram link is merely designed as an external reference. Therefore, no personal data is initially transmitted to Instagram when you access our website.

Only when you click on the Instagram button will you be redirected to the Instagram website. In doing so, Instagram may process your IP address and other information about your user behaviour. We have no influence on the type and scope of this data processing.

Further information on Instagram’s processing of personal data can be found in Instagram’s privacy policy at:
https://privacycenter.instagram.com/policy

The use of the link is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring the broadest possible presence of our company on social media.

8. Newsletter

If you are interested in receiving the newsletter via the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in procedure). No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered into the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You may revoke the consent given for the storage of the data, the email address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the revocation.

The data you have stored with us for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR if the purpose of storage no longer applies (e.g. after prolonged inactivity).

9. OnePageBooking

On our website, you have the option of booking rooms directly online. For the processing of online reservations, we use the booking software OnePageBooking. The provider is HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin, Germany.

If you make a reservation using the booking form, the personal data entered by you is transmitted to us and processed. This may include in particular the following data:

  • Arrival and departure date as well as length of stay
  • Number of guests and selected room category or additional services
  • First and last name of the guest or invoice recipient
  • Contact details (e.g. email address, telephone number, billing address)
  • Payment information, if required as part of the booking

This data is required in order to process your room booking, carry out the accommodation contract, and communicate with you in connection with your reservation.

The data is processed on the basis of Art. 6 para. 1 lit. b GDPR (performance of a contract or pre-contractual measures).

The technical provision and processing of the booking data is carried out by the provider of the booking system on our behalf. For this purpose, we have concluded a data processing agreement pursuant to Art. 28 GDPR with the provider, which ensures that personal data is processed exclusively in accordance with our instructions and in compliance with data protection regulations.

The data you enter as part of the booking will remain with us until the purpose of storage no longer applies or you request deletion. Statutory retention periods (e.g. retention obligations under commercial or tax law) remain unaffected.

Further information on data processing by the provider can be found in the service provider’s privacy policy.

10. Price Comparison and Booking Optimisation via MyHotelShop

On our website, we use the MyHotelShop service to display price comparisons and optimise online bookings. The provider of the service is RateGain Travel Technologies Limited, 80 Strand, London WC2R 0RL, United Kingdom.

MyHotelShop makes it possible to compare prices of our room offers with offers from various online booking platforms and improve the visibility of our direct bookings.

When using the service, technical information may be transmitted to the provider’s servers when accessing relevant content on our website. This may include in particular:

  • IP address
  • Date and time of access
  • Page accessed
  • Browser and device information
  • Referrer URL

This data is processed for the technical provision of the service, for analysing use, and for improving the direct booking function of our website.

The service is used on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the economic optimisation of our online room bookings and the improved discoverability of our direct booking offers.

Where personal data is processed on our behalf, we have concluded a data processing agreement with the provider pursuant to Art. 28 GDPR.

Further information on data processing by the provider can be found in the service provider’s data protection provisions.

11. Video Surveillance

In some of our properties, we use video surveillance. The monitored areas are marked with the corresponding pictogram and notices.

Video surveillance is carried out for the exercise of domiciliary rights, the prevention of criminal offences, and the preservation of evidence in the event of criminal offences. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. All persons present in the marked area are recorded. In the event of recording, the data is stored for a maximum of 72 hours. Longer storage only takes place if this is necessary in a specific individual case for the enforcement of legal claims or the prosecution of criminal offences. Recorded data is only transferred to third parties (e.g. police) if this is necessary for the investigation of criminal offences.

VI. Analytics Tools and Advertising

1. Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is an administration tool that enables website tags to be centrally integrated and controlled. Google Tag Manager itself does not process any personal data of website visitors and does not set any cookies. It merely triggers other tags, which in turn may collect data. Google Tag Manager does not access this data.

The integration of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the efficient and technically error-free integration and management of tracking and analytics tools on our website.

If tools integrated via Google Tag Manager process personal data, this is done solely on the basis of prior consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. Consent may be revoked at any time with effect for the future.

A transfer of data to third countries (in particular the USA) cannot be ruled out if corresponding services are integrated via Google Tag Manager. For transfers of data to the USA, Google relies on the adequacy decision of the European Commission (EU-U.S. Data Privacy Framework).

Further information on data protection at Google can be found at:
https://policies.google.com/privacy

2. Google Analytics

We use Google Analytics on this website, a web analytics service of Google Ireland Limited. Google Analytics uses cookies and similar technologies to collect information about your use of the website (e.g. pages visited, time spent, clicks). The information generated by the cookies is usually transmitted to a Google server in the USA and stored there. We have activated IP anonymisation in Google Analytics by default so that your IP address is truncated by Google within member states of the EU or in other contracting states to the Agreement on the European Economic Area.

Google Analytics enables the website operator to analyse the behaviour of website visitors for the purpose of optimising our web offering and marketing measures.

This service is used on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG via the cookie banner. Consent may be revoked at any time.

The information generated by cookies about your use of this website is usually transmitted to Google servers and processed there. A transfer to the USA cannot be ruled out. In this respect, Google relies on the adequacy decision of the European Commission (EU-U.S. Data Privacy Framework).

We have concluded a data processing agreement with Google.

Further information:
https://policies.google.com/privacy

3. Microsoft Clarity

We use Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter “Clarity”).

Clarity is a tool for analysing user behaviour on this website. In particular, Clarity records mouse movements and creates a graphical representation showing which areas of the website users scroll to most frequently (heatmaps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behaviour within our website.

Clarity uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). Your personal data is stored on Microsoft’s servers (Microsoft Azure Cloud Service) in the USA.

Where consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 TDDDG. Consent may be revoked at any time.

Further details on Clarity’s data protection can be found here:
https://docs.microsoft.com/en-us/clarity/faq

4. Google Ads

We use Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed on the basis of user data available to Google (e.g. location data and interests) (audience targeting). As website operators, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.

This service is used on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://policies.google.com/privacy/frameworks
https://privacy.google.com/businesses/controllerterms/mccs/

5. Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to certain target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and browsing behaviour on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalised advertising at the following link:
https://www.google.com/settings/ads/onweb/

This service is used on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be revoked at any time.

Further information and the data protection provisions can be found in Google’s privacy policy at:
https://policies.google.com/technologies/ads?hl=en

6. Meta Pixel (Facebook & Instagram)

We use the Meta Pixel of Meta Platforms Ireland Ltd., Dublin, Ireland. When you visit our website, the pixel establishes a direct connection between your browser and the Meta server. Meta thereby receives the information that you have visited our website with your IP address. If you are logged into Facebook or Instagram, Meta can assign this visit to your user account.

With the help of the Meta Pixel, the behaviour of website visitors can be tracked after they have been redirected to our website by clicking on a Meta advertisement. This allows the effectiveness of advertisements to be evaluated and future advertising measures to be optimised.

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG.

The data collected is anonymous to us; we do not receive any personal data of individual users. However, Meta stores and processes the data so that a connection to the respective user profile is possible.

A transfer to the USA cannot be ruled out. Meta relies on the EU-U.S. Data Privacy Framework.

7. YouTube (Embedded Videos)

We embed videos from the YouTube platform. The provider is Google Ireland Limited, Dublin, Ireland.

When a page with an embedded YouTube video is accessed, a connection to YouTube servers is established after your consent has been obtained. In doing so, the server is informed about which of our pages you have visited.

If you are logged into YouTube, your browsing behaviour may be assigned to your personal profile.

The embedding takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG.

We use the enhanced privacy mode. In this mode, YouTube does not store any information about visitors before they watch the video. Only when the video is played is a connection established to YouTube servers and data transferred.

A transfer of personal data to the USA cannot be ruled out. Google is certified under the EU-U.S. Data Privacy Framework and therefore falls under the EU adequacy decision for the USA.

Further information:
https://policies.google.com/privacy

8. LinkedIn

We use functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland.

The tool sets a cookie in your web browser that enables the collection of data such as IP address, device and browser properties, as well as events on the website (e.g. form submissions). If you are logged into your LinkedIn account, LinkedIn can assign the visit to your user account.

Creation of anonymised reports on the audiences of our website and the performance of our LinkedIn ads.

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG.

A transfer of personal data to the USA cannot be ruled out. LinkedIn relies on the EU-U.S. Data Privacy Framework.

Further information:
https://www.linkedin.com/legal/privacy-policy

VII. Plugins and Tools

1. Font Awesome

This website uses Font Awesome for the uniform display of fonts. Font Awesome is installed locally. No connection to servers of Fonticons, Inc. is established.

Further information on Font Awesome can be found in Font Awesome’s privacy policy at:
https://fontawesome.com/privacy

2. Google Maps

This website uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), GordonHouse, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

Google Maps is used exclusively on the basis of your prior consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. Consent may be revoked at any time with effect for the future.

VIII. Duration of Data Storage

We only store personal data for as long as this is necessary to fulfil the respective purposes or as required by statutory retention periods (in particular retention periods under commercial and tax law of 6 to 10 years). Data processed on the basis of consent is stored until the consent is withdrawn, provided that there are no other legal grounds for storage. After the purpose ceases to apply or the retention periods expire, the data is routinely deleted.

IX. Your Rights as a Data Subject

Rights of data subjects
If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

1. Right of Access

Upon request, you will receive free information at any time about all personal data we have stored about you.

2. Rectification, Erasure, Restriction of Processing (Blocking), Objection

If you no longer agree to the storage of your personal data or if it has become inaccurate, we will, upon your instruction, arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under applicable law). The same applies if we are to process data only in a restricted manner in the future. You have a right to object in particular in cases where your data is required for the performance of a task carried out in the public interest or on the basis of our legitimate interests, including profiling based on these provisions. You also have such a right to object in the event of data processing for the purpose of direct marketing.

3. Right to Withdraw Consent with Effect for the Future

You may withdraw your consent at any time with effect for the future. Your withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

4. Data Portability

If data is processed on the basis of a contract, pre-contractual negotiations, consent, or by automated means, you have the right to data portability. Upon request, we will provide your data in a common, structured and machine-readable format so that you can, if desired, transfer the data to another controller.

5. Restriction of Processing

Data in relation to which we are not able to identify the data subject, for example where such data has been anonymised for analytical purposes, is not covered by the above rights. Access, erasure, blocking, correction or transfer to another company may nevertheless be possible in relation to such data if you provide us with additional information that enables identification.

6. Exercising Your Rights and Right to Lodge a Complaint

If you have any questions regarding the processing of your personal data, requests for information, rectification, blocking, objection or deletion of data, or if you wish to transfer your data to another company, please contact datenschutz@i-live.de.

You also have the option of lodging a complaint with a supervisory authority regarding your rights as a data subject.