Privacy Policy

Information about the processing of your data
According to Art. 12 of the General Data Protection Regulation (GDPR), we are obliged to inform you about the processing of your data when using our website. We take the protection of your personal data very seriously. The existing privacy policy informs you about details of the processing of your data and your associated legal rights. The privacy policy applies regardless of the platforms and devices (e.g., desktop / mobile) on which the online offering is ran.

We reserve the right to amend the privacy policy with future effect, in particular in the event of any further development of our website, the use of new technologies or changes in the legal framework and it’s jurisdiction.

Please have a look from time to time and read our privacy policy to stay up to date. We recommend that you take a print or a copy of your documents. For the underlying terms, we refer to the General Data Protection Regulation (GDPR) and it’s definitions from Art. 4.

Personal data is any information that relates to an identified or identifiable natural person. These include e.g. your name, address and communication data, e-mail address, or user behavior.

Processing means any process or series of operations performed with or without the aid of automated processes in connection with personal data such as collection, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.

Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
Responsible or “controller” is the natural or legal person, agency, agency or other in which the processing of personal data is established.

Users include all categories of data subjects, including our customers, guests and visitors to our site.

1. Responsible
Oliver Blume
Badenstedter Str 42,
30453 Hannover
Tel .: +49 (0) 511-51949890
E-Mail: info[at]

2. Data Protection Officer
For all concerns regarding data protection our data protection officer is at your disposal. You reach this under:privacy [@] or contact us via our postal address with the addition “the data protection officer”.
According to Art. 37 GDPR and § 38 BDSG, there is no obligation to appoint a data protection officer.

3. Processing of personal data
3.1. Visit our website
3.1.1. Scope of data processing
If you visit our website, your browser will transfer certain data to our web server for technical reasons.

These are the following data (so-called server log files):
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (concrete page)
• Operating system and it’s access status / HTTP status code
• Transmitted amount of data
• Website that receives the request (“Referrer URL”)
• Browser, language, and version of the browser software

3.1.2. Purpose of data processing
The storage of this data in log files is necessary to ensure the functionality of the website. They help us to optimize the website and to ensure the security of our information technology systems.

3.1.3. Legal basis of data processing
We collect this data on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR to be able to view our website and to ensure it’s safety.

3.1.4. Duration of storage
Information in the log files is stored for security reasons (for example, to investigate abuses or frauds and attempts to attack) for a maximum of 12 months and then deleted.

3.1.5. Opposition & removal possibility
The collection of data for the provision of the website and it’s storage in log files is essential for operation for technical reasons. There is consequently no contradiction on the part of the user.

3.2. Online booking
3.2.1. Scope of data processing
If you would like to book a room online with us, we process the following data: title, first name, last name, e-mail address, telephone number, street, house number, postal code, city, country, nationality, name of the person or passengers.

3.2.2. Purpose of data processing
The listed data will be needed to book your hotel room.

3.2.3. Legal basis of data processing
For the realization of an accommodation contract we will exclusively process this data. The legal basis for this is Art. 6 para. 1 lit. b) GDPR

3.2.4. Duration of storage
As soon as the data stored by us is no longer necessary for their purpose and deletion does not conflict with any statutory storage requirements, it will be deleted from us. Retention requirements arise for commercial and tax reasons. According to the legal provision the storage takes place for 6 years according to § 257 Abs. 1 HGB (commercial letters, accounting vouchers.) As well as for 10 years according to § 147 Abs. 1 AO (accounting documents, commercial and business letters, documents relevant for taxation).

3.2.5. Contradiction & disposal option
All of the above data are subject to commercial and tax retention requirements. Consequently, there is no possibility of contradiction on the part of the user.

3.3. Cookies
3.3.1. Scope of data processing
The Venice Penthouse and Rooftop Terrace website uses different types of cookies. These are small text files that are stored when you visit our website on your PC, laptop, smartphone or the corresponding medium used. Cookies do not harm your device and do not contain malware (such as viruses). They contain a characteristic string that allows the browser to be uniquely identified when the website is reopened. Some elements of our website require that the calling browser be identified even after a page break. This website uses transient (temporary) and persistent (permanent) cookies.

  1. Temporary cookies are automatically deleted, e.g. as soon as you close the browser. These are in particular so-called session cookies. You save a session ID, which allows different requests from your browser to be assigned to a shared session. If you return to our website, your computer can be recognized. The session cookies are deleted when you log out or close your browser.
  2. Permanent cookies are automatically deleted after a given time / duration, these may differ depending on the cookie. In the security settings of your browser you can delete stored cookies at any time.

In order to always improve your requests to our website and to make it as user-friendly or attractive as possible for you, we use cookies. Some components of our website require that the calling browser can be identified even after a page break. These include, for example, bookings and log-in information.

3.3.3. Legal basis of data processing
The legal basis for the processing of personal data using the technically necessary cookies is Article 6 (1) lit. f) GDPR.

3.3.4. Duration of storage
Session cookies are deleted as soon as the browser is closed.Persistent cookies are automatically removed after a specified period of time.

3.3.5. Contradiction & disposal option
As a user, you have full control over the use of cookies.
By selecting in your browser the following settings: Browser settings: “do not accept cookies”.
In Microsoft Internet Explorer, select: “Tools> Internet Options> Privacy> Settings”;
For Firefox, choose: Tools> Settings> Privacy> Cookies);
If you use an alternative internet browser, please refer to the help function of the respective browser the necessary instructions to prevent the storage of cookies or to cause their deletion. The above changes in your settings will allow you to configure your internet browser so that cookies will not be stored or automatically deleted at the end of your internet session. Please note, however, that you may not be able to use all features of our website in this way.

3.4. Contact form & e-mail contact

3.4.1. Scope of data processing
On our website, you will find a contact form with which you can send us electronic questions, feedback or suggestions. If you use this way to get in contact with us, the data entered in the contact form will be transmitted to us and stored. This concerns the following data: name, first name, e-mail address, telephone number, your message to us, date and time of the sending process. Alternatively, it is possible to contact us via e-mail addresses provided by us. In this case, the personal data transmitted with your e-mail will be stored. Your data will only be used to process your e-mail interview and to process your request.

3.4.2. Purpose of data processing
The processing of your personal data from the contact form is solely for us to process your contact. In the case of contact via e-mail this is also the necessary legitimate interest in the processing of your data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

3.4.3. Legal basis of data processing
When contacting us using the contact form or by e-mail, your user details will be processed in order to process the contact request and process it. Art. 6 para. 1 lit. b) processed – GDPR.

3.4.4. Duration of storage
Your data will be deleted as soon as they are no longer necessary for the purpose of their survey. For the personal data from the input form of the contact form and those who have been sent to us by e-mail, this is the case when the respective vote with you as a user is completed. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified and that you have received the information you requested.

3.4.5. Contradiction & disposal option
As a user, you have the option at any time to revoke your consent to the processing of your personal data. If you contact us as a user by e-mail, you may object to the storage of your personal data at any time. If this happens, we cannot continue communication with you.
A revocation should be directed to info[at]

All of your personal information saved with the contact will be deleted.

3.5. Web analytics Google Analytics
3.5.1. Scope of data processing
This website uses features of the web analytics service Google Analytics, Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). Google analyzes on our behalf your use of our website. For this we use u.a. Cookies. What cookies are and how they can be deleted, we have explained in section 3.3 “Cookies” for you.
The information collected by Google about your use of our website (for example, the pages we visit) is transmitted to a Google server in the USA, stored there, analyzed and the result made available to us in anonymous form.We use on our website the IP anonymization offered by Google. Your IP address will be shortened beforehand by Google within member states of the EU (European Union) or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google is certified in the EU-US Privacy Shield, which provides reasonable privacy levels for data on Google in the United States.

3.5.2. Purpose of data processing
To analyze the use of our website and to report on various activities within our website, Google uses the information listed above on our behalf. Thus, we have the opportunity to improve your online experience and to improve the user-friendliness of our website steadily.

3.5.3. Legal basis of data processing
Our legitimate interest in the processing of data by Google Analytics is justified in the aforementioned purposes. The legal basis here is Art. 6 para. 1 lit. f) GDPR.

3.5.4. Duration of storage
After a defined period of time, campaigns and sessions will be terminated. Without activity, sessions usually end by default after 30 minutes. Campaigns will end after a maximum of six months. Campaign timeout can be a maximum of two years.

3.5.5. Opposition & removal possibility
The IP address provided by your browser will not be merged with other data provided by Google. You can prevent cookies from being stored by setting their browser software accordingly, as described under point 3.3. In addition, if you wish to prevent Google from collecting the data generated by the cookie and referring to your use of our website as well as the processing of this data by Google, then you must independently download and install the available browser plug-in from Google: If you want to prevent Google Analytics from collecting your data in the future on any of your used devices, you will need to opt-out on all systems used. Mobile devices can be especially smartphones or tablets. Please note that this opt-out cookie only prevents web analysis as long as you have not deleted it.
You can find more information about Google Analytics directly in the Google Analytics Terms of Use and the applicable security and privacy principles of Google Analytics and the Google Privacy Policy.
Use this link to opt out of Google Analytics tracking: Disable Google Analytics tracking

4. Data security
4.1. Technical, contractual & organizational measures
In accordance with the current state of the art, we take technical, contractual and organizational measures for the security of data processing. To ensure that the data protection laws, in particular the General Data Protection Regulation, are complied with and that the data processed by us is protected against loss, unauthorized access, destruction and alteration. One of these security measures is the encrypted transfer of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions made over the Internet if the key symbol appears in the lower menu bar of your browser window.
The address must always begin with https: //. Secure Socket Layer (SSL) protects data transmission against third-party data piracy using encryption technology. If this option is not available, you may choose to not send certain information over the Internet.
Unless otherwise stated in this document, any information you submit to us will be stored on our servers located in the Federal Republic of Germany.

5. Disclosure of data to third parties and processors
A transfer of data to third parties is only within the scope of legal requirements. We only pass on the data of the users to third parties if, for example, on the basis of Art. 6 para. 1 lit. b) GDPR is required for contractual purposes or based on legitimate interests in accordance with Art. Art. 6 para. 1 lit. f) GDPR on the economical and effective operation of our business operations.

We set in the context of a order processing gem. Art. 28 GDPR Subcontractors for the provision of various services, in particular for the operation, maintenance and hosting of IT systems. We have taken appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law. The Channel Manager we use for your bookings made by providers such as,, etc. is operated by Availpro, WeWork Sony Center Potsdamer Platz, Kemperpl.1, 10785 Berlin. 

The data processing takes place in Germany.

6. External services & content on our website
We integrate external services or content on our website. This is done on the basis of our legitimate interests in the analysis, optimization and economic operation of our online service as defined in Art. 6 para. 1 lit. f) GDPR.

For technical reasons, when using such a service or the display, third-party communication data such as e.g. IP address, time and date exchanged between you and the respective provider. Specifically, this is your IP address, which is required to display content in your browser.

It may be that the provider of the respective services or contents of your data for further, own purposes processed. We have no influence on the data collected by third parties and their processing and use. For this reason, it is not possible for us to make binding statements on the purpose and extent of further processing of your data. For further information, please refer to the privacy policy of the respective provider of data protection services responsible for the services or content we include. There you will receive the necessary information for the processing of data and contradictory possibilities.

We are currently using the following social media plug-ins: Facebook, and Instagram. If you visit our site, initially no personal data will be passed on to the providers of the plug-ins. You can recognize the provider of the plug-in via the icon/logo in our website footer.

We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, the retention periods. We also have no information to delete the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses these for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact the respective plug-in provider to exercise it. Through the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. f) GDPR.

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly linked to your existing account with the plug-in provider. If you press the activated button and z. For example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out after using a social network, but especially before activating the button, as this will prevent you from being associated with your profile with the plug-in provider.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the following privacy statements of the respective provider. Here we provide you with more information about your rights and settings options for the protection of your privacy.

Addresses of the respective plug-in providers and URL with their privacy notices:

7. Your rights
When we process personally identifiable information from you as a BoxHotel, you are i.S.d. Basic Data Protection Ordinance (GDPR) and you have the following rights of personal data concerning you:

• Right to information (Article 15 of the GDPR)
• Right to rectification (Article 16 of the GDPR)
• Right to cancellation (Article 17 of the GDPR)
• Right to restriction of processing (Article 18 of the GDPR)
• Right to data portability (Article 20 of the GDPR)
• Right to object to processing (Article 21 of the GDPR)
• Right to complain to a data protection supervisory authority (Article 77 GDPR)

8. Online Dispute Resolution
Online Dispute Resolution (Art. 14 para. 1 ODR-VO *)

The European Commission provides an online dispute resolution (OS) platform, available at
For first questions about a possible dispute resolution, we are at info[at] available.

* Regulation (EU) No 524/2013 on the online settlement of consumer disputes

Scroll to Top
This site is registered on as a development site.