Data protection

Privacy information

We, the GenoHotel Operating Company Ltd., welcome you to our Internet presence (hereinafter also referred to as "Internet offer"). We appreciate your interest and would like to make your stay on our website as pleasant as possible. For us, this also includes responsible handling of your data, which complies with the legal requirements in Germany in every respect.

This data protection notice applies to the Internet presence offered by the GenoHotel Forsbach. If offers from other providers ("third-party offers") are accessible from our Internet presence, our data protection information does not apply to these third-party offers.

For the processing of your personal data on this website, we are the "controller" within the meaning of Art. 4 No. 7 DSGVO.

You can reach us as follows:

GenoHotel Operating Company Ltd.
Raiffeisenstr. 10-16
51503 Rösrath-Forsbach

Phone: +4922058030

You can reach our external data protection officer as follows:

GenoHotel Operating Company Ltd.
Raiffeisenstr. 10-16
51503 Rösrath-Forsbach 

1. processing of data with and without personal reference

1.1 Surfing our website

In principle, you can visit our Internet presence without telling us who you are. The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include:

  • Referrer URL (the web page you came from.)
  • Browser type, browser version and language
  • Operating system used and its interface
  • IP address (anonymized)
  • Time of the server request
  • Http status code - access status
  • The amount of data transferred
  • whether the call-up or retrieval was successful

The above data, including the IP address, is only evaluated in the event of attacks on our Internet infrastructure. In this case, we have a legitimate interest iSv. Art. 6 para. 1 f) DSGVO in the processing. This legitimate interest arises from the need to ward off the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take criminal and civil action against the person responsible, and to effectively prevent further attacks.

The IP address is deleted when we can exclude that no attack on our Internet infrastructure has occurred from it. This happens regularly after 7 days.

1.2 Use of cookies

When using our websites, cookies may be stored on your terminal device. These are small text packages that can be sent from a website to the browser, which stores them and sends them back again. Different information can be stored in cookies, which can be read by the body that sets the cookies. They usually contain a specific string of characters that enables the browser to be uniquely identified when the website is called up again or when a page is changed.

Within the framework of a consent management tool ("Cookie Banner"), we offer you the possibility to decide on the setting of cookies in the area of our offer according to your specifications: LINK 

You can find an overview of the cookies used here: LINK 

1.2.1 Technically Required Cookies ("Function")

Technically necessary cookies are those that are required for the smooth functioning of our website. The legal basis is Art. 6 para. 1 lit. c) DSGVO.

1.2.2 Cookies for marketing purposes ("Marketing")

Marketing cookies are used to show you interest-based advertising. When you visit another website, these cookies are recognized again and selected advertising is displayed to you. These cookies are only activated if you have given your consent to this (legal basis: Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time below. Google Site Tag

This website uses Google Site Tag, a service for collecting and forwarding data (not personal) to Google Analytics of Google Inc. ("Google"). The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Site Tag uses so-called "code snippets" that are embedded on the website. The Site Tag Manger makes it possible, for example, to offer a Google Analytics opt-out link for the website visitor. The naming of this service is done for transparency reasons. The overview of the cookies used can be found here: LINK

1.2.2 Google Adwords - Conversion Tracking

To improve the target-oriented navigation ("short advertising paths") of our website, we carry out so-called conversion tracking. The basis for this is a legitimate interest in the analysis of user behavior, (movement behavior) to optimize both the web offer and advertising. The storage of "conversion cookies" is based on Art. 6 para. 1 lit. f DSGVO.

1.2.3 Cookies for analysis ("Statistics")

These cookies can be used to measure the reach of our own offer. Through the cookies set, we can track, among other things, which website was visited before our website was called up and how our website was used. We use this data to, among other things, optimize our website by evaluating the campaigns we run (legal basis: Art. 6 para. 1 lit. a) DSGVO). These cookies are only activated if you have given your consent to this (legal basis: Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time below. Google Universal Analytics

This website uses services for web analysis with Google Universal Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This involves analyzing usage for the areas of "location", "internet browser", "orders", "movement behavior", "previous website" and "time of server request". Google Universal Analytics is an extension of Google Analytics. This now enables cross-device analysis. As a result, the type of ID stored has changed. For Google Analytics it is the Client ID and for Universal Analytics it is the User ID.

Google Universal Analytics stores "cookies" with random user IDs in your Internet browser. This allows you to be recognized when you visit again and advertising measures can be optimized in your interest. The information generated by the cookie about your use of this website is usually transmitted to a Google server in Ireland and possibly the USA and stored there for 14 months.

1.4 Contacting and communication

1.4.1 Contact form

On some pages, you can enter the personal data specified there in input fields for the purpose of corresponding with us.

This data will only be processed for this correspondence with you and for the purpose for which you have provided us with the data in each case in the context of this communication, such as to process your inquiries or to contact you at your request. In this case, the processing of personal data is carried out with your consent and is then permissible pursuant to Art. 6 (1) a) DSGVO. We delete your data in this regard when the purpose for which you provided us with your data has been fulfilled or completed and we are not entitled or obliged to continue storing it for legal reasons.

1.4.2 LiveRate chatbot

LiveRate GmbH, Metzstr. 12, DE - 81667 Munich, Germany, processes personal information, such as inquiries you send to us, as part of the usage process. This data is processed by us only for this correspondence with you and for the purpose for which you have given us the data in each case as part of this communication, such as to process your requests or to contact you at your request.

The use of LiveRate is in the interest of the most direct and timely communication possible for our guests. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

You can find more information about the data protection of LiveRate GmbH at

1.5 Information applications from other providers

Furthermore, information applications (e.g. logos) provided by third parties ("partners") are integrated on our website. The applications are hosted on the partners' servers and operated by these partners. Personal data is only processed to the extent necessary to perform the services offered with the respective information application. Please note that the use of such an application is subject to the privacy policy of the respective partner, who is the controller for this processing within the meaning of Art. 4 No. 7 DSGVO.

Insofar as we transfer your personal data to a partner in this context, this will only be done on the basis of your consent and is therefore permitted under Art. 6 (1) a) DSGVO.

1.5.1 Google Maps

Our website uses the map material from Google Maps via an API. The provider is Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. To use the functions of Google Maps, it is necessary to transmit your IP address to a Google server. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

More information on the handling of user data can be found in Google's privacy policy:

1.6. company pages in social media

1.6.1. facebook

The goals of our Facebook page

  • direct contact with our online visitors with the aim of customer acquisition and retention and the associated offer of contemporary communication channels,
  • References to our contributions and offers,
  • statistical analyses for our own market research purposes.

According to Art. 6 (1) f DSGVO, the use of this social media channel is in our legitimate interest. Nevertheless, it is important to us to inform you transparently as far as possible about the data protection-relevant things for which we are actively responsible.

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your terminal device in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of our page. If you would like to avoid this, log out of Facebook or disable the stay logged in function and configure your browser so that cookies are not set or are deleted promptly.

You can find more information about Facebook's use of cookies in their Cookie Policy. You can also influence the way Facebook uses your data to a small extent in the advertising settings as well as in the general settings.

For the basic functions, you can find Facebook's privacy policy here

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines.

1.6.2 Instagram

We have a profile on Instagram

The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram's privacy policy:

1.6.3. youtube

We have a profile on Youtube Provider is Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. For details on their handling of your personal data, please refer to Google's privacy policy

1.7 Your rights as a user of our website

The EU GDPR aims to ensure that you, as the data subject, have the greatest possible control over your personal data. All data that can be directly or indirectly related to you as a person is considered personal data. In order for you to effectively exercise control over your data, you have the following rights vis-à-vis us:

  • the right to information according to Art. 15 DS-GVO
  • the right to rectification according to Art. 16 DS-GVO
  • the right to erasure according to Art. 17 DS-GVO
  • the right to restriction of processing according to Art. 18 DS-GVO
  • as well as the right to data portability from Art. 20 DS-GVO.

With regard to the right to information and the right of deletion, the restrictions pursuant to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DS-GVO in conjunction with § 19 BDSG).

Status: May 2021

Privacy information for our hotel guests

In the following, we inform our hotel guests about the processing of their personal data by us and the claims and rights to which they are entitled under the data protection regulations (as of 19.05.2021).

Who is responsible for data processing and whom can you contact?

Responsible for the data processing is:

GENO Hotel Operating Company Ltd.
Raiffeisenstrasse 10-16
51503 Rösrath-Forsbach

Phone: 02205 8030

Data Protection Officer

You can reach our external data protection officer (Genoverband-Verband der Regionen e.V.) at:


What data is processed and from which sources does the data originate?

We process the data listed below (clauses 2.1. to 2.6.) as part of the initiation and execution of a contract (usually an accommodation contract). We usually receive the data from you or someone acting on your behalf. In some cases, we receive the data from third parties, such as agents or travel agencies (Expedia, Inc., Booking Holdings Inc., HRS - HOTEL RESERVATION SERVICE Group, Kassel Marketing GmbH, Corporate Rate Club,, Tripadvisor, Trivago), your airline or your employer.

  • First names, surnames, private address, date of birth, nationalities, dates of arrival and departure, number of travel companions, if applicable serial number of the recognized and valid passport or passport replacement document (only for foreign persons), signature
  • Invoice data (payment method details, credit card details if applicable, bank details if applicable).
  • Business contact details, company address, billing address
  • Goods and services used, special requests, comments about your service preferences (including room and vacation preferences), telephone numbers dialed, and fax, text, and telephone messages received
  • If applicable, health information (information on allergies, special diets and mobility restrictions), if you provide it to us voluntarily
  • E-Mail address, if applicable, car license plate number.

Registration and reporting data

Your data in the registration form raise on the following legal bases:

In the "Private address" section, we collect your registration data on the basis of Art. 6 (1) c) DSGVO in conjunction with. § 30 BMG. This data is generally deleted/destroyed after one year.

In the section "Private address" / "Billing address" we collect your data based on Art. 6 (1) b), c) DSGVO. Insofar as this data is relevant under tax law, it is deleted after 10 years (§ 147 AO, § 257 HGB).

In the section "Data protection consent to voluntary information", the data processing is based on Art. 6 (1) a) DSGVO with storage duration until the consent is revoked.

  • Video recordings (see section 3.2.

For what purposes is your data processed and on what legal basis?

Fulfillment of a contract or pre-contractual measures - Article 6 para. 1 b) DSGVO

Your data (clauses 2.1. to 2.4.) will be processed insofar as this is necessary for the fulfillment of contractual obligations (usually arising from the accommodation contract) towards you and all persons involved in your travel organization (e.g. travel agencies, organizers of group trips and your employer). This includes communication between us as well as billing for services rendered (billing for hotel accommodation and other goods and services such as catering and transport activities).

Within the framework of the balancing of interests - Article 6 para. 1 f) DSGVO

We process certain data on the basis of legitimate interests, for example, in order to be able to provide you with optimal and comprehensive care and information after your stay. For example, even after your stay with us has ended, we will continue to store some of the data mentioned in section 2.1 (including first names, surnames, address, past arrival and departure dates) for a limited period of time. As our legitimate interests - or those of a third party - the following come into consideration, for example:

  • Service and comfort for former and returning hotel guests,
  • Your preferences during your stay in our hotel, e.g.: certain room categories.
  • Fraud Prevention,
  • Assertion, exercise or defense of legal claims
  • Measures to protect our company against unlawful acts and
  • internal administrative purposes, in particular the exchange of data within our group of companies
  • Video surveillance

Insofar as video surveillance takes place in and around our buildings, this is done due to our interest in ensuring the fullest possible building and personal security as well as the safety of the hotel guests present. With the video surveillance we pursue the following goals:

  • Securing the building exterior from vandalism (property protection).
  • Prevention of criminal acts (burglary, theft)
  • Monitoring of alarmed doors
  • Detection of illegal access attempts (protection of life and health)
  • Detection of blocked emergency exits.

Where video recording takes place, the recordings are deleted after 72 hours at the latest, unless they are required as part of an investigative procedure.

Based on consent -Article 6 (1) a) DSGVO

Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of the processing of this data is based on your consent. This applies, for example, to processing that is not necessary for the fulfillment of contractual purposes and where we cannot demonstrate any legitimate interests in data processing (e.g. your e-mail address for the use of our newsletter or our guest satisfaction survey) You can revoke your consents at any time.

Due to legal requirements - Article 6 paragraph 1 c) DSGVO

Furthermore, data is processed if we are required to do so by law. Based on §§ 29, 30 of the Federal Registration Act (BMG), we are obliged, for example, to collect the data specified in § 30 (2) BMG (see section 2.1) on a registration form.

Who gets your data?

In our company, employees are only given access to your personal data to the extent necessary.

Your data will only be forwarded if this is necessary for the provision of the contractual service owed by us (e.g. to subcontractors or service providers for the processing of an online booking (we use the online booking tool cbooking of HotelNetSolutions GmbH), electronic communication, payment processing, customer service).

If necessary in individual cases, certain data will be forwarded to your employer, airlines, tour operators, travel agencies or rental car companies.

Furthermore, we only forward your data on the basis of your express consent or in the event of a legal obligation. For example, pursuant to Section 30 (4) Sentence 2 of the German Federal Data Protection Act (BMG), we are obligated to submit the registration forms (see Section 2.1.) to the authorities designated under state law and to the authorities named in Section 34 (4) Sentence 1 Numbers 1 to 5 and 9 to 11 of the German Federal Data Protection Act (BMB) for inspection upon request in order to fulfill their duties.

Other potential recipients:

  • Bank/banking service provider
  • Service provider for credit assessment (only in the event sector)
  • Public social security institutions and tax offices receive your personal data in the context of social security contributions and taxes.

A data transfer to third countries (countries outside the European Economic Area - EEA) does not take place in principle.

How long will your data be stored?

As far as necessary, we process your personal data for the duration of the contract. If the data is no longer required for the fulfillment of our contractual purposes or legal obligations, it is regularly deleted, unless its - temporary - retention is still permissible. Criteria for determining the retention period result, for example, from the retention obligations under commercial and tax law (as a rule, there are 6 or 10-year retention obligations, e.g. for accounting-relevant data).

In addition, there may be a right to retain data for a limited period of time as long as legal disputes may arise from a contractual relationship or further processing is necessary to protect our and your legitimate interests.

The registration forms are kept for one year from the date of arrival of the accommodated person and are destroyed within three months after the expiry of the retention period.

Where video recording takes place, the recordings are deleted after 72 hours at the latest, unless they are required as part of an investigative procedure.

What data protection rights do I have?

Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG).

The supervisory authority responsible for GENO Hotel Betriebsgesellschaft mbH is:

State Commissioner for Data Protection and Freedom of Info rmation of North Rhine-WestphaliaKavalleriestr. 2-4
40213 Düsseldorf

Is there an obligation to provide data?

You only have to provide us with the data that is required for the fulfillment of the contract or that we are legally obligated to collect. Without the provision of this data, a contract can not be concluded in principle.

Does automated decision making take place?

A fully automated decision-making process does not take place.

Information about your right of objection and revocation

You have the right to object at any time, on grounds relating to your particular situation, to the processing of data concerning you which is carried out on the basis of Article 6(1)(f) DSGVO (data processing based on a balance of interests).

If you have given us consent to process your data, you can revoke this consent at any time.

The objection/revocation can be made without any formalities and should, if possible, be addressed to the address stated under point 1.