Privacy Policy

THE QVEST Hideaway – Good Hope Beteiligungsgesellschaft mbH

1. General Information

This privacy policy informs you about the type, scope, and purpose of the processing of personal data on our website www.qvest-hotel.com (hereinafter „Website“) and in connection with the hotel operations of THE QVEST Hideaway. We take the protection of your data very seriously and process your personal data confidentially and in accordance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).

2. Responsible Entity (Controller)

Good Hope GmbH

Gereonskloster 12

50670 Cologne

Germany

Phone: +49 (0)221 2785780

Email: hello@qvest-hotel.com

Managing Director: Michael Kaune

Commercial Register: Cologne District Court, HRB 71314

VAT ID: DE292147448

Data Protection Officer: Nina Nitsch

Email: nn@qvest-hotel.com

3. Collection and Processing of Personal Data

We collect personal data on our website only to the extent necessary for the provision of our services. When booking a stay at THE QVEST Hideaway, you will be redirected to our booking system SynXis (Sabre), where the following data may be processed:

• Name, address, phone number, email address
• Payment information
• IP address and usage data
• Newsletter subscription data (if voluntarily subscribed)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) for booking-related data; Art. 6(1)(a) GDPR (consent) for newsletter data.

4. Purposes of Data Processing

We use your personal data for the following purposes:

• Booking processing (Art. 6(1)(b) GDPR)
• Communication with you, e.g. responding to enquiries (Art. 6(1)(b) and (f) GDPR)
• Sending newsletters (only with explicit consent, Art. 6(1)(a) GDPR)
• Analysis of website user behaviour (Art. 6(1)(a) GDPR)
• Compliance with statutory retention obligations (Art. 6(1)(c) GDPR)

5. Booking System & External Service Providers

Our booking system is operated via SynXis by Sabre. The processing of personal data takes place within the SynXis platform; their privacy policy applies. A data processing agreement pursuant to Art. 28 GDPR is in place with Sabre.

Additionally, data may be shared with the following service providers:

• Guestline – property management and booking coordination (data processor pursuant to Art. 28 GDPR)
• Nexi – payment processing (data processor pursuant to Art. 28 GDPR)

Legal basis for data sharing: Art. 6(1)(b) GDPR (performance of a contract) and Art. 28 GDPR (data processing agreement).

6. Data Transfers to Third Countries

Some of the services we use may transfer personal data to countries outside the EU or EEA, in particular to the United States. We ensure that appropriate safeguards are in place, in particular through EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR or the certification of providers under the EU-US Data Privacy Framework (DPF). Further information and copies of the clauses are available on request at nn@qvest-hotel.com.

7. Data Retention

Personal data is stored only for as long as required for the respective purposes or as legally mandated. We comply with the statutory retention periods, in particular under the German Commercial Code (HGB) and the German Fiscal Code (AO). Upon expiry of the applicable retention period, data is routinely deleted unless it is still required for the performance of a contract.

8. Cookies & Tracking Technologies

Our website uses cookies and tracking tools to analyse user behaviour and optimise our services. These tools are only used with your explicit consent pursuant to Art. 6(1)(a) GDPR, which you can provide via our cookie banner (Usercentrics).

The following tools are used:

• Google Analytics (GA4) – user behaviour analysis; provider: Google LLC, USA
• Meta Pixel (Facebook Pixel) – conversion tracking and remarketing; provider: Meta Platforms Inc., USA
• Google Ads – conversion tracking and advertising; provider: Google LLC, USA
• Microsoft Clarity – heatmaps and usage analysis; provider: Microsoft Corporation, USA
• Hotjar – usage analysis and heatmaps; provider: Hotjar Ltd., Malta
• Usercentrics – cookie consent management; provider: Usercentrics GmbH, Germany

You can adjust or withdraw your cookie settings at any time via the cookie banner on our website.

9. External Services

We integrate the following external services on our website:

• Google Fonts – for font display; provider: Google LLC, USA. When the website is accessed, a connection to Google servers is established, during which your IP address may be transmitted. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent presentation).
• Google Maps – interactive maps; provider: Google LLC, USA. When used, a connection to Google servers is established. Legal basis: Art. 6(1)(a) GDPR (consent).

No external video or audio streaming services (e.g. YouTube, Vimeo, Spotify, SoundCloud) are used.

10. Newsletter & Marketing

If you subscribe to our newsletter, we will process your email address and, if applicable, your name for marketing purposes via Brevo (formerly Sendinblue). Subscription requires double opt-in confirmation, and you can unsubscribe at any time. Legal basis: Art. 6(1)(a) GDPR (consent).

For personalised advertising and remarketing, we use:

• Google Ads (legal basis: Art. 6(1)(a) GDPR)
• Facebook & Instagram Ads via Meta Pixel (legal basis: Art. 6(1)(a) GDPR)

11. IT Security & Data Protection Measures

Our website is protected by SSL encryption to ensure secure data transmission. Server logs and IP addresses are stored only as permitted by law. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security).

12. Video Surveillance at THE QVEST Hideaway

For security reasons, public areas of our hotel are monitored by video cameras. This applies to the following areas:

• Lobby
• Bar
• Library

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the safety of guests, staff, and property). Video footage is stored only for as long as legally permitted and is not shared with third parties unless required by law. Guests are informed of the video surveillance by corresponding notices on site.

Right to object pursuant to Art. 21 GDPR: You have the right to object to the processing of your personal data on the basis of legitimate interests. Please contact our Data Protection Officer in this regard.

13. Your Rights as a Data Subject

You have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification of inaccurate data (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR), where legally permissible
• Right to object to data processing (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to lodge a complaint with a data protection supervisory authority

Competent supervisory authority: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), P.O. Box 20 04 44, 40102 Düsseldorf, Germany, www.ldi.nrw.de

14. Updates to This Privacy Policy

This privacy policy may be updated to comply with legal requirements. The current version is always available on our website.

Updated: January 2026