Privacy Policy

Ruby GmbH, as the provider of the ruby-hotels.com website and the responsible party, takes its obligation to protect data very seriously and designs its website in such a way that only as little personal data as necessary is collected, processed and used. Under no circumstances will personal data be rented or sold to third parties for advertising purposes. No personal data will be used for advertising or marketing purposes without the express consent of the visitor.

At Ruby GmbH, access to personal data is only granted to those persons who need this data to perform their tasks within the responsible body, who are informed about the legal provisions on data protection and who have undertaken to comply with them in accordance with the applicable legal provisions (Art. 5 of the EU Data Protection Regulation (EU-DSGVO)). The collection, processing, use and transmission of the collected personal data takes place, according to Art. 6. paragraph 1 EU-DSGVO, only to the extent necessary for the implementation of a contractual relationship between Ruby GmbH, as the responsible entity, and the visitor, as the data subject.
Changes in the purpose of processing and use of data
Since due to technical progress and organizational changes, the processing methods used may change/further develop, the Controller reserves the right to further develop this Privacy Policy in accordance with the new technical framework conditions. The responsible body therefore requests that the privacy policy of Ruby GmbH be reviewed from time to time. If a visitor does not agree with the further developments that occur over time, he or she can request in writing, in accordance with Art. 17 EU-DSGVO, the deletion of data that is not stored on the basis of other legal requirements, such as commercial or tax law retention obligations.
Anonymous data collection
 In principle, the visitor can visit the websites of the responsible body without telling it who he is. The data controller only learns the name of the Internet service provider, the website from which the visitor visits the data controller, and the web pages the visitor visits at the data controller. This information is evaluated for statistical purposes. The visitor remains anonymous as an individual user.
Collection and processing of personal data
Personal data is only collected if the visitor provides it voluntarily, for example for newsletter registration or booking. The responsible party adheres to the requirements of Art 5 and 6 EU-DSGVO. Within the scope of the personalized services of the responsible party, the registration data of the visitor is processed under the condition of consent for the purpose of sending our newsletter, or for the needs-based design of the electronic services offered. The visitor has the possibility to object to the storage of his personal data at any time. To do so, an e-mail should be sent to: info@ruby-hotels.com with the subject "Unsubscribe data files".
The processing and use of the visitor's personal data is carried out in accordance with the provisions of the EU-DSGVO.  

Export and processing of data in countries outside the European Economic Area
There is no export of the visitor's personal data to countries outside the European Economic Area (hereinafter EEA).
Nevertheless, if the visitor is logged into Facebook or has a Twitter account or an Instagram account, personal data may be exported to the USA. For more detailed explanations and options to prevent this data export, please read the section "Use of Facebook social plugins", "Use of Twitter", or "Use of Instagram social plugins" of this privacy policy.
Insofar as the visitor is logged into Google or has a YouTube account, personal data may be exported to the USA. For further explanations and options to prevent this data export, please refer to the section "Use of YouTube plugins".
A transmission of personal data to Google in the context of the use of analysis programs by the responsible party does not take place, however, as the IP address of the visitor is only transmitted anonymously. For this purpose, the point "Use of analysis programs" of this privacy policy should be read.
The service providers engaged by the controller are based and operate their IT infrastructure exclusively within the EEA. This also applies to any use of cloud-based services. There are contracts with the service providers which comply with the data protection and data security requirements of the EU-DSGVO. Even in the event of the involvement of external service providers, Ruby GmbH remains the controller.
Use and disclosure of personal data
The personal data collected within the scope of the websites of the responsible body will only be used without the consent of the visitor for the purpose of contract processing and processing of the visitor's inquiries. In addition, the data will only be used for advertising and market research purposes by the responsible party if the visitor has given his or her prior consent. Otherwise, no data will be passed on to other third parties. The respective consent can of course be revoked by the visitor at any time with effect for the future.
External links
Furthermore, there are links on the pages of the responsible party that refer to pages of third parties. As far as this is not obviously recognizable, the responsible party points out to the visitor that this is an external link. The responsible body has no influence whatsoever on the content and design of these pages of other providers. The guarantees of this data protection declaration therefore do not apply to external providers.
Use of cookies
The responsible party uses so-called "cookies" to customize and optimize the customer's online experience and online time. A cookie is a text file that is either temporarily stored in the computer's memory ("session cookie") or stored on the hard drive ("permanent" cookie). Cookies contain, for example, information about the user's previous accesses to the corresponding server or information about which offers have been called up so far. Cookies are not used to execute programs or to load viruses onto the visitor's computer. The main purpose of cookies is rather to provide an offer tailored specifically to the customer and to make the use of the service as convenient as possible.
The responsible party uses session cookies as well as permanent cookies.
Session cookies
The responsible party mainly uses "session cookies", which are not stored on the visitor's hard drive and are deleted when the browser is exited. Session cookies are used for login authentication and load balancing.
Permanent cookies
In addition, the Responsible Entity uses "permanent cookies" to store the personal usage settings that a visitor enters when using the Services of the Responsible Entity, in order to be able to personalize and improve the Service. The permanent cookies ensure that the visitor will find his personal settings again when he visits the websites of the responsible party again. In addition, the service providers that the responsible party has commissioned with the analysis of user behavior use permanent cookies in order to be able to recognize returning users. These services store the data transmitted by the cookie exclusively anonymously. An assignment to the IP address of the visitor is not kept.

Avoidance of cookies
The visitor has the option to refuse the setting of cookies at any time. This is usually done by selecting the appropriate option in the browser settings or through additional programs. More details can be found in the help function of the browser used by the customer. If the visitor decides to disable cookies, this may reduce the scope of services and may have a negative impact on the use of the services of the responsible.
Third-party providers mentioned below, e.g. Google Inc. and Facebook Inc., use cookies to serve ads based on a user's previous visits to our website. No personal data is stored in the process. Visitors to this website can object to the use of cookies by the third-party providers by visiting the "Google Ad Preferences" page or the deactivation page of the "Network Advertising Initiative" and making the appropriate settings there to deactivate cookies: www.google.com/ads/preferences/. Information on the settings and opt-out options of the "Network Advertising Initiative" can be found here: www.networkadvertising.org/managing/opt_out.asp.
Use of analysis programs
The Responsible Entity conducts, or has conducted, analyses of the behavior of its visitors in the course of using its Service. For this purpose, anonymized or pseudonymized usage profiles are created. The usage profiles are created for the sole purpose of constantly improving the service of the responsible party.
Google Analytics
In order to be able to optimally adapt the website of the responsible body to the interests of the visitor, Google Analytics is used, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses "cookies", which are text files placed on the visitor's computer, to help the website analyze how users use the site. The information generated by the cookie about the use of the visitor of this website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate the visitor's IP address with any other data held by Google. The visitor may refuse the use of cookies by selecting the appropriate settings on the browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, the visitor consents to the processing of data about the visitor by Google in the manner and for the purposes set out above. If the visitor does not want Google to receive data from the visitor's browser when calling up the pages, the link to the opt-out solution for Google Analytics can be found here (http://tools.google.com/dlpage/gaoptout?hl=de). This plugin prevents the browser from requesting the Analytics code so that Google does not receive any data when the page is accessed. The plugin is available for different browser types. According to Google, the browser blocks the Google Analytics script after installation. However, this website always uses Google Analytics with the extension "_anonymizeIp()", so that IP addresses are only processed in abbreviated form in order to be able to exclude direct personal references. This ensures that no detailed IP address data is transmitted by the visitor when accessing the website.

Facebook and Instagram Analytics / Visitor Action Pixel
This website also uses the visitor action pixel of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; "Facebook") and Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram") for statistical purposes. By means of these pixels, the behavior of visitors can be tracked after they have been redirected to this website by clicking on a Facebook or Instagram ad. The procedures are used to evaluate the effectiveness of the Facebook or Instagram ads for statistical and market research purposes and may help to optimize future advertising measures. The collected data is anonymous for the provider, so it does not offer him any conclusions about the identity of the users. However, the data is stored and processed by Facebook or Instagram, so that a connection to the respective user profile is possible and Facebook or Instagram can use the data for their own advertising purposes. This data can enable Facebook or Instagram and their partners to place advertisements on and outside of Facebook or Instagram. Furthermore, cookies may be stored on the terminal device used by you for these purposes. To deactivate cookies, the point "Avoiding cookies" should be observed.
Remarketing activities / individual advertising
The responsible party uses so-called "retargeting tags" on its website. A "retargeting tag" is a JavaScript element that is placed in the source code of the website. If a user visits a page of this website that contains a retargeting tag, a provider of online advertising (e.g. Google or Facebook) places a cookie on this user's computer and assigns this to corresponding retargeting target group lists. This cookie is subsequently used to run retargeting campaigns (interest-based advertising) on other websites. The information obtained from this is used exclusively in pseudonymized form. By means of the analysis and evaluation of the information obtained, the responsible party is able to improve iWebsite and its service, as well as to send the visitor individualized advertising. This means advertising that could actually interest the visitor. The responsible party wants to make the advertising more useful and interesting for the visitor.
Facebook Custom Audience
The responsible party uses the Facebook Custom Audiences service on its website, which is provided by Facebook Inc. (cf. you to the provider already previously point VI), in order to be able to play out interest-based advertising to visitors in a targeted manner. For this purpose, a non-reversible and non-personal checksum (hash value) is generated from the user data, which is transmitted to Facebook for analysis and marketing purposes. Facebook uses cookies to provide these services. Visitors can object to the use of Facebook Website Custom Audiences at https://www.facebook.com/ads/website_custom_audiences/ or at https://www.facebook.com/settings/?tab=ads. Further information on the purpose and scope of data use by Facebook and the options for changing privacy settings on Facebook are contained in Facebook's privacy policy, which visitors can access at https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation.

Google Remarketing
The responsible party uses the remarketing function of Google Inc. on its website. This function makes it possible to target visitors to the website with personalized, interest-based advertising. The interest-based advertising is displayed to the visitor as soon as he visits other websites of the Google Display Network. Google uses cookies to perform an analysis of site usage, which forms the basis for the creation of the interest-based advertisements. In this context, Google stores a small file with a sequence of numbers in the browsers of website visitors. This number is used to record visits to the website as well as anonymized data on website usage. Provided that visitors to the website have consented to their web and app browsing history being linked by Google to their Google account and to information from their Google account being used to personalize ads they see on the web, Google uses data from these logged-in visitors together with Google Analytics data to create and define target group lists for cross-device remarketing. This allows website visitors to be targeted with personalized, interest-based advertising across devices. When other websites in the Google Display Network are subsequently called up, advertisements are displayed that are highly likely to take into account the product and information areas previously called up by the site visitor. If the visitor does not wish to use Google's remarketing function, this can be deactivated in principle by making the appropriate settings at www.google.com/settings/ads. In addition, the visitor can permanently disable the use of cookies by Google by accessing the following link and changing the settings for managing cookies accordingly: www.google.com/policies/technologies/managing/ www.google.com/policies/technologies/ads/. Alternatively, the use of cookies for interest-based advertising can be disabled via the advertising network initiative by following the instructions at www.networkadvertising.org/managing/opt_out.asp. Further information on Google Remarketing as well as Google's privacy policy can be found here www.google.com/privacy/ads/.
Bing Ads
The Responsible Entity uses conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft") on its website. In doing so, Microsoft Bing Ads sets a cookie on the end device used by the visitor, provided that the visitor has reached the website of the responsible party via a Microsoft Bing ad. In this way, Microsoft Bing and the responsible party can recognize that someone has clicked on an ad, has been redirected to the website of the responsible party and has reached a previously determined target page (conversion page). The controller only learns the total number of visitors who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the visitor's identity is shared. If the visitor does not wish to participate in the tracking process, the setting of a cookie required for this can also be rejected - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement.

Use of Facebook social plugins
The responsible party uses social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), on its website. The plugins are marked with a Facebook logo. When the visitor calls up a website of the responsible entity that contains such a plugin, the visitor's browser establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to the visitor's browser, which then integrates it into the website.
By integrating the plugins, Facebook receives the information that the visitor has called up the corresponding page of the website of the responsible party. If the visitor is logged into Facebook, Facebook can assign the visitor's session to his Facebook account. If the visitor interacts with the plugins, for example by clicking the "Like" button or posting a comment, the corresponding information is transmitted directly from the visitor's browser to Facebook and stored there. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the visitor's rights and settings options in this regard to protect his privacy, can be found in Facebook's privacy policy.
If the visitor does not want Facebook to collect data in the manner described above, the visitor must log out of Facebook before visiting the website of the responsible party.
Use of Twitter
The responsible body uses functions of the Twitter service on its website. These functions are offered by Twitter Inc, Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites visited by the visitor are linked to the Twitter account and made known to other users. In the process, data is also transmitted to Twitter.
The responsible party points out that, as the provider of the pages, it does not receive any knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter's privacy policy: www.twitter.com/privacy.
The visitor can change the privacy settings on Twitter in the account settings at www.twitter.com/account/settings.

Use of Instagram social plugins
The responsible entity uses social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"), on its website. The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plugins and their appearance can be found here:
When the visitor calls up a page of the Responsible Entity's website that contains such a plugin, the visitor's browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to the visitor's browser and integrated into the page. Through this integration, Instagram receives the information that the browser has called up the corresponding page of the website of the responsible party, even if there is no Instagram profile or the visitor is not currently logged into Instagram. This information (including the visitor's IP address) is transmitted by the browser directly to an Instagram server in the USA and stored there.
If the visitor is logged into Instagram, Instagram can directly assign the visit to the website to the visitor's Instagram account. If the plugins are interacted with, for example the "Instagram" button is pressed, this information is also transmitted directly to an Instagram server and stored there. The information is also published on the Instagram account of the visitor and displayed there to contacts.
The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as the visitor's rights and settings options in this regard to protect his or her privacy, should be taken from Instagram's privacy policy:
If the visitor does not want Instagram to directly assign the data collected via the website of the responsible party to the visitor's Instagram account, the visitor must log out of Instagram before a session on the website of the responsible party. The visit can also completely prevent the loading of Instagram plugins with add-ons for the browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
Use of YouTube plugins
The responsible party uses the provider YouTube, among others, for the integration of videos. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The responsible body uses plugins of the provider YouTube on its website. When the visitor calls up the website of the responsible party provided with a YouTube plugin, a connection to the YouTube servers is established. This transmits to the YouTube server which Internet pages the visitor has visited. If the visitor is logged in as a member of YouTube, YouTube assigns this information to the personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to the user account.
The visitor can prevent this assignment by logging out of the corresponding YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. and deleting the corresponding cookies of the companies before using the website of the responsible party.
Further information on data processing and privacy notices by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.
The visitor has the possibility to subscribe to the email newsletter of the responsible entity on the website. For the receipt of this newsletter, the provision of personal data (name and e-mail address) is required. Without the explicit consent of the visitor, the newsletter will not be sent. For this purpose, the visitor receives after registration a confirmation e-mail with a link that must be called for the final registration to the newsletter. Only after this, the visitor will regularly receive the newsletter of the responsible party. Unsubscribing from the newsletter is possible at any time, e.g. by e-mail (the contact details of the responsible body can be found below or in the website imprint) or by using the unsubscribe link contained in the e-mail newsletter itself.


Further information and contacts
If the visitor has further questions on the subject of "data protection", he can contact the data protection officer The visitor can inquire which of his data are saved. In addition, the visitor can send information, deletion and correction requests regarding his or her data and, if desired, suggestions at any time by letter or e-mail to the following address:


Leopoldstr. 21
80802 Munich

When contacting the data protection officer, please name the company to which your request refers. Please refrain from including sensitive information such as a copy of an ID card in your request.

Munich, October 2022