HOTEL RESILIENT
Privacy Policy

1. Introduction

Hotel Resilient Certifications UG (haftungsbeschränkt) (“Hotel Resilient”, “we”, “us”) recognises the importance of protecting personal data and respecting the privacy rights of individuals and organisations using our platform.

This Privacy Policy explains how we collect, use, store, and protect personal information when you access or use the Hotel Resilient platform.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable German data protection laws.

2. Scope

This Privacy Policy applies to:

  • Visitors to our website
  • Registered users of the Hotel Resilient platform
  • Hotels, travel partners, and other organisations submitting information through the platform

3. Information We Collect Automatically

When you access our website or platform, we may automatically collect limited technical information, including:

  • IP address
  • Browser type and operating system
  • Date and time of access
  • Pages viewed
  • Referring website (if applicable)

This information does not directly identify you and is used solely to:

  • Ensure platform functionality and security
  • Improve user experience
  • Monitor performance and detect misuse

4. Information You Voluntarily Provide

When using the platform, you may voluntarily provide information, including:

  • Contact details (e.g. name, organisation, email address)
  • Information about accommodation operations and practices related to:
    • Environmental sustainability
    • Social responsibility
    • Accessibility and inclusiveness
  • Supporting documentation relevant to self-assessments

We do not collect:

  • Financial or commercial performance data
  • Occupancy rates
  • Payment or credit card information
  • Sensitive personal data unless explicitly required and consented to

5. Purpose of Data Processing

We collect and use information for the following purposes:

  • To provide self-assessment tools, dashboards, and reports
  • To support learning, benchmarking, and continuous improvement
  • To enable voluntary transparency and communication of practices
  • To improve platform functionality and content
  • To conduct aggregated and anonymised research related to sustainable, responsible, and inclusive tourism

We do not use your data for advertising or commercial resale.

6. Legal Basis for Processing

Personal data is processed on one or more of the following legal bases under GDPR:

  • Your consent
  • Performance of a service requested by you
  • Legitimate interests related to operating and improving a public-benefit platform
  • Compliance with legal obligations

7. Sharing of Information

We do not sell, rent, or trade personal data.

Information may be shared only in the following limited circumstances:

  • With your explicit consent, for example when engaging with a partner organisation through the platform
  • With trusted service providers supporting platform operations (e.g. hosting, analytics), under strict confidentiality agreements
  • With programme or funding partners, where participation is voluntary and clearly disclosed
  • With public authorities, where required by law

Where data is processed outside the EU/EEA, we ensure appropriate safeguards in accordance with GDPR.

8. Use of Aggregated and Anonymised Data

Hotel Resilient may use aggregated and anonymised data for:

  • Research and reporting
  • Benchmarking and sector insights
  • Public-interest publications and advocacy

Such data cannot be used to identify individual organisations or persons.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law.

Users may request deletion of their account and associated personal data at any time, subject to legal retention requirements.

10. Data Security

We apply appropriate technical and organisational measures to protect personal data against:

  • Unauthorised access
  • Loss or misuse
  • Alteration or disclosure

Security measures follow recognised industry best practices and are reviewed periodically.

11. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict or object to certain processing activities
  • Withdraw consent at any time
  • Lodge a complaint with a data protection authority

12. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

Privacy Officer
Hotel Resilient
Email: info@hotelresilient.org

We will respond within a reasonable timeframe and treat all requests confidentially.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our activities.
The latest version will always be available on our website.