Privacy policy

As a service for guests on our website we present basic information in English. The privacy policy listed in German below is legally binding.

1. Controller

JMB Hotel-Betriebsgesellschaft, located at Wöhlerstr. 2, 22113 Hamburg, is responsible for data collection and processing. The company is represented by the managing director, Christian Wolff.

2. Storage of IP Addresses

The IP address of the requesting PC, laptop, or device, in general, is anonymized to prevent personal identification. Log data is processed anonymously, eliminating the mandatory need for data deletion.

Our website is hosted in Germany by STRATO AG, Otto-Ostrowski-Str. 7, 10249 Berlin.

3. Usage Data during Website Visit

When you visit our website, temporary usage data is logged on our web server for statistical purposes. This is done to improve the quality of our websites and facilitate technical access to the pages. The usage data includes:

  • File name
  • Referring page
  • Date and time of the request
  • Transmitted data volume
  • Access status (file transferred or not found)
  • Description of the browser type
  • Anonymized IP address of the requesting computer (see Point 2)

4. Use of Cookies

Our website and booking system use session cookies for technical operation. Cookies are cryptographic numbers that control the connection to our website during the session. Cookies do not harm your computer and do not contain viruses. They are used to enhance user guidance without collecting personal data. You can configure your browser to inform you about the placement of cookies, but refusing cookies may result in limitations in website functionality.

5. Redirection (Links) to Other Websites

Our website contains links to other providers’ websites. If these are not offerings of JMB Hotel-Betriebsgesellschaft, we cannot guarantee compliance with the data protection regulations of those providers. For privacy inquiries, please contact the respective providers.

Our website also has links to social networks (Facebook and Google+), where data processing is based on Art. 6(1)(f) GDPR. We have no control over the data processing by social networks. When accessing our pages on social networks, please review the statements of those providers.

6. Online Bookings

We process the following data according to Art. 6(1)(b) GDPR for contract fulfillment:

  • Title (all hotel guests)
  • First name, last name (all hotel guests)
  • Address data (primarily for sending invoices and/or travel documents)
  • Phone number of the main traveler and/or contact person (for short-term contact in case of changes)
  • Email address (primarily for sending booking data or confirmations)
  • Credit card details for credit card payments
  • Bank details for SEPA direct debit payments

This includes customer support. Providing your phone number is voluntary but non-provision may complicate or delay communication. If you plan to arrive after 6:00 PM, we also collect your payment details as a guarantee. Your information is processed exclusively for the provision of our contractual services and treated confidentially.

During online reservations on our website, you are automatically redirected to the online booking system of our carefully selected partner, Busy Rooms, office Essen: Kruppstrasse 82-100, 45145 Essen, who handles the reservation on our behalf. They are obligated to comply with data protection regulations.

We send your booking confirmation to your provided email address. Additionally, you may receive emails related to your trip with promotional content for our or similar goods. You can object to these emails at any time by emailing Upon receiving your objection, we will immediately stop sending such emails.

If necessary, personal data may be shared with companies involved in contract processing (e.g., banks for payment processing). Data required for contract fulfillment is retained only for possible queries and deleted after an internally defined period.

Data is not deleted if there are outstanding claims to be collected after contract termination. In case of statutory retention periods, the data is archived for the duration of these periods.

7. General Handling of Personal Data

If you provide us with your first and last name and/or postal address, we use this information for hotel-related advertising purposes and statistical evaluations based on Art. 6(1)(f) GDPR. This is done in the interest of informing you about products or news from Best Western Plus Hotel Böttcherhof.

You have the right to object to this data processing. Learn more under “Your Rights.”

Other personal information or contact details are only used for advertising or statistical evaluations if you have expressly consented to it. Processing is then based on Art. 6(1)(a) GDPR. If you do not want us to use your data for advertising and evaluations, you can inform us or revoke your consent at any time.

Please contact us:

  • By mail: Best Western Plus Hotel Böttcherhof, Wöhlerstr. 2, 22113 Hamburg.
  • By email:

The revocation does not affect the legality of processing carried out before the revocation.

When consent is revoked, we stop the corresponding data processing. Personal data transmitted to us online (via email or web forms) is collected and processed in accordance with legal regulations.

We only share your data with third parties if we are legally authorized or obligated to do so (e.g., for contractual or law enforcement purposes) or if you explicitly wish it.

8. Data Recipients

In the context of contract processing according to Art. 28 GDPR, we transmit your data to service providers who support us in operating our website and related processes. Our service providers are strictly bound by instructions and contractually obliged to us.

9. Data Transfer to Third Countries

We may transfer personal data to a third country outside the EU. We have ensured an appropriate level of data protection in each case:

  • In the case of Best Western customer loyalty programs, data transfer to third countries is regulated by Best Western Central Europe GmbH, FrankfurterStr. 10 – 14, 65760 Eschborn.
  • For Google Analytics (USA), an appropriate level of data protection is ensured through participation in the Privacy Shield agreement (Art. 45(1) GDPR).

We will not sell or market your personal data to third parties.

10. Security of Your Data

To comprehensively protect your data from unwanted access, we have implemented technical and organizational security measures. Besides the obligation of our employees to confidentiality, careful selection and control of service providers, and securing our operating environment, we also use encryption methods in some areas. The information you provide is transmitted in encrypted form using an SSL protocol (Secure Socket Layer) and authenticated to prevent misuse by third parties. You can recognize this by the lock symbol and the address line starting with https in your browser’s status bar.

11. Your Rights as a User

When processing your personal data, the GDPR grants you certain rights as a website user:

Right to Information (Art. 15 GDPR):
You have the right to request confirmation of whether relevant personal data is being processed. If so, you have the right to information about this personal data and the details listed in Art. 15 GDPR.

Right to Rectification and Erasure (Art. 16 and 17 GDPR):
You have the right to promptly request the correction of inaccurate personal data and, if necessary, the completion of incomplete personal data. You also have the right to request that relevant personal data be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g., if the data is no longer needed for the intended purposes. Please note: Deletion of data is not possible if other legal requirements or retention periods exist, which take precedence over the GDPR.

Right to Restriction of Processing (Art. 18 GDPR):
You have the right to request restriction of processing if one of the conditions listed in Art. 18 GDPR applies. For example, if you have objected to processing, processing is restricted for the duration of any review.

Right to Data Portability (Art. 20 GDPR):
Under certain conditions specified in Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request the transfer of this data to a third party.

Right to Object (Art. 21 GDPR):
If data is collected based on Art. 6(1)(f) GDPR (processing for the protection of legitimate interests), you have the right to object to processing for reasons arising from your particular situation at any time. Processing will cease unless compelling legitimate grounds override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR):
You have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR if you believe that the processing of data concerning you violates data protection regulations. You can assert this right before a supervisory authority in the member state of your residence, workplace, or the place of the alleged violation. In Hamburg, the competent supervisory authority is the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), Klosterwall 6, 20095 Hamburg.

12. Whistleblower/Reporting Office

“Reporting Office” under the Whistleblower Protection Act: We have implemented a whistleblower system through which you can anonymously submit reports about violations concerning our company. In this context, we process the personal data transmitted by you in the course of the report. The legal basis for processing is a legitimate interest under Art. 6(1)(f) GDPR to implement applicable laws. Reports are stored for documentation purposes for 3 years and then deleted. Link to Whistlebox

13. Stepstone/HotelCareer

On our site, we publish a list of job advertisements provided to us by StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf, Germany, as the data protection controller. These contents are automatically loaded from there. The links lead to content of StepStone Deutschland GmbH. The legal basis is a legitimate interest on our part, namely, comprehensive service provision to our users, according to Art. 6(1)(f) GDPR. For more details on data protection at Stepstone Deutschland GmbH, please refer to their Privacy Policy

14. Data Protection Officer

D & C Datenschutz und Consulting
Mr. Dirk Borbe
Belemannweg 15
22419 Hamburg
Phone: +49 (0)162 / 58 17 253


This website uses cookies. We use cookies to personalize content and ads, provide social media features, and analyze website traffic. We also share information about your use of our site with our social media, advertising, and analytics partners. You consent to our cookies if you continue to use our website.

Cookies are small text files used by websites to make the user experience more efficient. According to the law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent from the cookie declaration on our website at any time.

Learn more about who we are, how to contact us, and how we process personal data in our Imprint. Please provide your consent ID and date when contacting us regarding your consent. Your consent applies to the following domains: