Privacy Notice Intermediary services on the websites of MP Hotels

The protection of your privacy and your personal data is important to us.

The collection and use of your data by our FTI GROUP companies is therefore always in accordance with the relevant statutory provisions of data protection law, especially the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the Swiss Data Protection Act and the Data Protection Act 2018 (UK-GDPR).

 

Meeting Point Global Tourism LLC (hereinafter referred to as “MPG”) mediates accommodation services and other travel services from various service providers (hotels) on the internet portals listed below, which are operated by Meeting Point Hotelmanagement Holding GmbH based in Munich, Germany (hereinafter referred to as “MP Hotels”):

  • mphotels.com
  • labranda.com
  • designplus-hotels.com
  • kairaba-hotels.com
  • lemonandsoul.com
  • meetingpointhotels.com

In the following, we - as the party responsible for data processing - inform you about which data we collect and how we process this data.

 

1. Scope

This privacy notice applies to MPG's intermediary services for accommodation services and other travel services. They do not apply if you book (travel) services via the portal that are offered by other intermediaries.

For persons residing in Switzerland and in the United Kingdom: The provisions of this data protection notice also apply mutatis mutandis to persons from Switzerland and from the United Kingdom and fulfil the information obligations pursuant to Article 19 of the Swiss FADP and under UK GDPR.

 

2. Data controller

The controller pursuant to Art. 4 No. 7 GDPR for the processing of your personal data is

Meeting Point Global Tourism LLC
IBN Battuta Gate Fourth Floor - Office 401
51783 Dubai, Vereinigte Arabische Emirate
Register No.: 1243490 | License No.: 764826w

 

3. Object of data processing

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

3.1 Intermediation of travel services and travel insurance

3.1.1 Intermediation of travel services and travel insurance

If you book travel services through us, we process your personal data in order to mediate the booked travel services to the tour operator or service provider.

In this context, depending on the subject of your booking, we may process the following categories of personal data: title, name, address, e-mail address, nationality, identity card or passport details (if necessary), information about the travel services booked (such as hotel stay), payment details, customer requests.

In addition, we may process the following special categories of personal data: health data (e.g. wheelchair users, diabetics, physical and mental disabilities, vaccination status), sexual orientation (special request for homosexual group travel possible).

The processing of your personal data is necessary for the performance of the contract concluded with you. In this case, the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. If the processing of special categories of personal data is necessary for the processing, the processing is based on your consent in accordance with Art. 9 (2) (a) GDPR.

In the case of a direct booking, we collect the processed data directly from you. If you pass on personal data of other persons (e.g. fellow travellers) to us when booking a travel service, you must ensure that these persons agree to this and are accordingly informed about the processing of their data.

In order to process your bookings, your personal data will be forwarded to the following categories of recipients: providers of booked travel services (such as hotels), service and fulfilment service providers, insurers, IT service providers.

 

3.1.2 Handling of customer requests

We process personal data to process customer requests and complaints in connection with the mediation of travel services or travel insurance. In order to be able to process and understand the facts of the case, it may be necessary to make inquiries with tour operators or service providers such as airlines. You may also be required to provide us with sensitive information such as accident reports, medical records, death certificates, etc.

In particular, the following categories of personal data may be processed in connection with the processing of customer requests: first and last name, address, mobile phone number, landline number, date of birth, nationality, e-mail address, title, booking number, details of marital status and children, as well as all data provided by you in the context of your request.

In addition, to the extent necessary to process your request, we process in particular the following special categories of personal data: degree of disability, mark (severely disabled person's pass), validity of the severely disabled person's card, state of health, vaccination status, diagnosis, ethnic origin, nationality and other special category personal data transmitted by you in the context of your request.

Insofar as the processing of your personal data is necessary for the performance of the contract concluded with you, the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. Insofar as you assert legal claims in the context of your complaint, the legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is to defend against legal claims. Insofar as the processing of your personal data is necessary for the processing of other concerns, the processing is based on Art. 6 (1) (a) GDPR. Insofar as the processing of special categories of personal data is necessary for the processing, the processing is based on Art. 9 (2) (a) GDPR.

Depending on the nature of the request, your personal data will be forwarded to the following categories of recipients in order to process your request: insurance companies, service providers for the booked travel service (such as hotels), IT service providers, law firms, courts.

 

3.1.3 Call recording for telephone enquiries/bookings

If you contact us by phone, e.g. if you have any questions about your booking, we may occasionally record your conversation with our service employee with your consent.

The recordings are used to conduct training and quality control. The legal basis for the processing of the data is your consent in accordance with Art. 6 (1) (a) GDPR and Art. 9 (2) (a) GDPR.

In particular, the following categories of personal data may be processed: first and last name of you and fellow travellers, dates of birth, contact details, booking number, information on the booked travel services, technical data of the call such as telephone number and time stamp as well as other personal data transmitted by you in the context of your request. This may include special categories of personal data, for example, should you contact us to book a wheelchair service or to withdraw due to illness.

In the context of call recordings, your data will be forwarded to the following categories of recipients: own quality management (usually manager/coach), service and fulfillment service providers, technical service providers.

As a matter of principle, we store the call recordings for a maximum period of 60 days. Storage beyond this period will only take place if this is necessary for the assertion, exercise or defence against civil law claims.

 

3.2 Responding to official inquiries

Authorities may request information about individual customers. This could happen, for example, in the case of a missing person report or in the context of the investigation of crimes. In such cases, we will provide information to the relevant authority if this is legally permissible.

In the context of responding to government requests, the following categories of personal data may be processed: name, destination, travel period and other information requested by the authority.

In this case, the processing of your personal data is based on Art. 6 (1) (c) GDPR in conjunction with the respective legal basis for the asserted right to information.

In order to respond to official requests, your personal data will be forwarded to the following categories of recipients: Requesting authorities.

 

3.3 Customer information

We may use your personal data that you provide when booking a travel service to send you emails with relevant information and additional offers for your booked travel service.

Among other things, the following categories of personal data may be processed: name, address, e-mail address, booking data (e.g. booking number, number of (minor) guests, travel periods, travel price, destination, hotel).

The processing of your data is based on Art. 6 (1) (f) GDPR for our legitimate interest in addressing you for advertising purposes.

In order to send you information and additional offers, your personal data may be forwarded to the following categories of recipients: IT service providers.

In accordance with Art. 21 of the GDPR, you have the right to object to this processing. You can unsubscribe from our existing customer e-mailings at any time via the registration link at the bottom of the e-mails. Alternatively, please contact us using the contact details above. We will then block your data for the purpose of addressing you for advertising purposes.

 

4. Legal basis for transfers to third countries

Within our company, access to your data will only be granted to those departments or persons who need it to perform their respective tasks in connection with the processing activities referred to in this Privacy Notice.

Please note that we may transfer and process personal data in countries other than your country of residence. This may also apply to countries outside the EU or the EEA (so-called third countries). The laws of these countries may not guarantee a level of protection for your personal data comparable to that of your country of origin. If we transfer your personal data to such a country, we will ensure that the transfer is in accordance with the requirements of Art. 45 et seq. GDPR. We will only transfer your personal data to third countries if they have an adequacy decision by the EU Commission or if appropriate safeguards, including EU standard contractual clauses, are in place. Information and copies of this can be requested by you from the contact provided.

 

5. Automated decision-making, including profiling

Automated decision-making (including profiling) does not take place.

 

6. Duration of retention of personal data

We process and store your personal data only for as long as is necessary to fulfil the purpose for which it was collected. Thereafter, we delete or anonymise your personal data, with the exception of data that we are required to continue to store in order to comply with legal obligations (e.g. we are obliged to keep documents such as business letters, contracts and invoices for a certain period of time due to retention periods under tax and commercial law) or retain them within the framework of the statutory statute of limitations for the assertion, exercise or defence of legal claims.

 

7. Your rights

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 of the GDPR. Please note that we will need to verify your identity before we can comply with your request to exercise your data protection rights. This practice allows us to protect our customers' personal data from fraudulent requests.

  • Right of access
    In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that under certain circumstances, your right of access may be limited in accordance with the law.
     
  • Right to rectification
    If the information concerning you is no longer correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
     
  • Right to erasure
    Under the conditions of Art. 17 GDPR, you can request the deletion of your personal data. Your right to deletion depends, among other things, on whether the data concerning you is still required by us to fulfil our legal tasks or whether we have a legitimate interest in storing it.
     
  • Right to restriction of processing
    Within the framework of the provisions of Art. 18 GDPR, you have the right to request a restriction of the processing of data concerning you.
     
  • Right to data portability
    According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible.
     
  • Right to object
    In accordance with Art. 21 GDPR, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. However, we are not always able to comply with this, e.g. if legal provisions oblige us to process data as part of our official duties.
     
  • Withdrawal of your consent
    If we rely on your consent as the legal basis for processing your personal data, you can withdraw that consent at any tim

 

Exercising your rights

To revoke your consent to the use of data, to assert a right to information or the correction, blocking or deletion of your data, or to exercise the other rights of data subject mentioned above, please contact the data controller as mentioned above.

For persons and authorities from the EU, a representative has been appointed for data protection matters of the MPG in accordance with Art. 27 GDPR. The contact details of our EU representative are:

FTI Touristik GmbH
Att: Data Protection Meeting Point Global
Landsberger Str. 88
D-80339 Munich, Germany

You can contact the data protection officer of FTI Touristik GmbH at: dataprotectionofficer-eu@fti.de

When contacting our representative, please mention "Meeting Point Global" or "MPG" in the subject line for a quick assignment of your request.

 

Right to lodge a complaint

If you believe that we have not complied with data protection regulations when processing your data, you can lodge a complaint with a supervisory authority. The supervisory authority responsible for FTI Touristik GmbH is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

 

8. How we protect personal data

To ensure the security of the data transmitted to us, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the page link in the address bar of your browser.

Data that you transmit to our website - for example during enquiries or logins - cannot be read by third parties due to SSL encryption.

Recognizing that threats can arise and change at any time, we regularly review and update our security measures and infrastructure to mitigate operational risk and keep our security requirements up to date.

 

9. Changes to this privacy notice

This document is subject to periodic revision or supplementation.

 

Dubai, 18.04.2024