Ruby GmbH, as the provider of the ruby-hotels.com website and the responsible party, takes its obligation to protect data very seriously and designs its website in such a way that only as little personal data as necessary is collected, processed and used. Under no circumstances will personal data be rented or sold to third parties for advertising purposes. No personal data will be used for advertising or marketing purposes without the express consent of the visitor.
At Ruby GmbH, access to personal data is only granted to those persons who need this data to perform their tasks within the responsible body, who are informed about the legal provisions on data protection and who have undertaken to comply with them in accordance with the applicable legal provisions (Art. 5 of the EU Data Protection Regulation (EU-DSGVO)). The collection, processing, use and transmission of the collected personal data takes place, according to Art. 6. paragraph 1 EU-DSGVO, only to the extent necessary for the implementation of a contractual relationship between Ruby GmbH, as the responsible entity, and the visitor, as the data subject.
Changes in the purpose of processing and use of data
Anonymous data collection
In principle, the visitor can visit the websites of the responsible body without telling it who he is. The data controller only learns the name of the Internet service provider, the website from which the visitor visits the data controller, and the web pages the visitor visits at the data controller. This information is evaluated for statistical purposes. The visitor remains anonymous as an individual user.
Collection and processing of personal data
Personal data is only collected if the visitor provides it voluntarily, for example for newsletter registration or booking. The responsible party adheres to the requirements of Art 5 and 6 EU-DSGVO. Within the scope of the personalized services of the responsible party, the registration data of the visitor is processed under the condition of consent for the purpose of sending our newsletter, or for the needs-based design of the electronic services offered. The visitor has the possibility to object to the storage of his personal data at any time. To do so, an e-mail should be sent to: firstname.lastname@example.org with the subject "Unsubscribe data files". The processing and use of the visitor's personal data is carried out in accordance with the provisions of the EU-DSGVO.
Export and processing of data in countries outside the European Economic Area
There is no export of the visitor's personal data to countries outside the European Economic Area (hereinafter EEA).
Insofar as the visitor is logged into Google or has a YouTube account, personal data may be exported to the USA. For further explanations and options to prevent this data export, please refer to the section "Use of YouTube plugins".
The service providers engaged by the controller are based and operate their IT infrastructure exclusively within the EEA. This also applies to any use of cloud-based services. There are contracts with the service providers which comply with the data protection and data security requirements of the EU-DSGVO. Even in the event of the involvement of external service providers, Ruby GmbH remains the controller.
Use and disclosure of personal data
The personal data collected within the scope of the websites of the responsible body will only be used without the consent of the visitor for the purpose of contract processing and processing of the visitor's inquiries. In addition, the data will only be used for advertising and market research purposes by the responsible party if the visitor has given his or her prior consent. Otherwise, no data will be passed on to other third parties. The respective consent can of course be revoked by the visitor at any time with effect for the future.
Furthermore, there are links on the pages of the responsible party that refer to pages of third parties. As far as this is not obviously recognizable, the responsible party points out to the visitor that this is an external link. The responsible body has no influence whatsoever on the content and design of these pages of other providers. The guarantees of this data protection declaration therefore do not apply to external providers.
The responsible party uses so-called "cookies" to customize and optimize the customer's online experience and online time. A cookie is a text file that is either temporarily stored in the computer's memory ("session cookie") or stored on the hard drive ("permanent" cookie). Cookies contain, for example, information about the user's previous accesses to the corresponding server or information about which offers have been called up so far. Cookies are not used to execute programs or to load viruses onto the visitor's computer. The main purpose of cookies is rather to provide an offer tailored specifically to the customer and to make the use of the service as convenient as possible.
The responsible party uses session cookies as well as permanent cookies.
The responsible party mainly uses "session cookies", which are not stored on the visitor's hard drive and are deleted when the browser is exited. Session cookies are used for login authentication and load balancing.
In addition, the Responsible Entity uses "permanent cookies" to store the personal usage settings that a visitor enters when using the Services of the Responsible Entity, in order to be able to personalize and improve the Service. The permanent cookies ensure that the visitor will find his personal settings again when he visits the websites of the responsible party again. In addition, the service providers that the responsible party has commissioned with the analysis of user behavior use permanent cookies in order to be able to recognize returning users. These services store the data transmitted by the cookie exclusively anonymously. An assignment to the IP address of the visitor is not kept.
Avoidance of cookies
The visitor has the option to refuse the setting of cookies at any time. This is usually done by selecting the appropriate option in the browser settings or through additional programs. More details can be found in the help function of the browser used by the customer. If the visitor decides to disable cookies, this may reduce the scope of services and may have a negative impact on the use of the services of the responsible.
Use of analysis programs
The Responsible Entity conducts, or has conducted, analyses of the behavior of its visitors in the course of using its Service. For this purpose, anonymized or pseudonymized usage profiles are created. The usage profiles are created for the sole purpose of constantly improving the service of the responsible party.
Facebook and Instagram Analytics / Visitor Action Pixel
This website also uses the visitor action pixel of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; "Facebook") and Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram") for statistical purposes. By means of these pixels, the behavior of visitors can be tracked after they have been redirected to this website by clicking on a Facebook or Instagram ad. The procedures are used to evaluate the effectiveness of the Facebook or Instagram ads for statistical and market research purposes and may help to optimize future advertising measures. The collected data is anonymous for the provider, so it does not offer him any conclusions about the identity of the users. However, the data is stored and processed by Facebook or Instagram, so that a connection to the respective user profile is possible and Facebook or Instagram can use the data for their own advertising purposes. This data can enable Facebook or Instagram and their partners to place advertisements on and outside of Facebook or Instagram. Furthermore, cookies may be stored on the terminal device used by you for these purposes. To deactivate cookies, the point "Avoiding cookies" should be observed.
Remarketing activities / individual advertising
Facebook Custom Audience
The Responsible Entity uses conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft") on its website. In doing so, Microsoft Bing Ads sets a cookie on the end device used by the visitor, provided that the visitor has reached the website of the responsible party via a Microsoft Bing ad. In this way, Microsoft Bing and the responsible party can recognize that someone has clicked on an ad, has been redirected to the website of the responsible party and has reached a previously determined target page (conversion page). The controller only learns the total number of visitors who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the visitor's identity is shared. If the visitor does not wish to participate in the tracking process, the setting of a cookie required for this can also be rejected - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement.
Use of Facebook social plugins
The responsible party uses social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), on its website. The plugins are marked with a Facebook logo. When the visitor calls up a website of the responsible entity that contains such a plugin, the visitor's browser establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to the visitor's browser, which then integrates it into the website.
If the visitor does not want Facebook to collect data in the manner described above, the visitor must log out of Facebook before visiting the website of the responsible party.
Use of Twitter
The responsible body uses functions of the Twitter service on its website. These functions are offered by Twitter Inc, Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites visited by the visitor are linked to the Twitter account and made known to other users. In the process, data is also transmitted to Twitter.
The visitor can change the privacy settings on Twitter in the account settings at www.twitter.com/account/settings.
Use of Instagram social plugins
The responsible entity uses social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"), on its website. The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plugins and their appearance can be found here:
When the visitor calls up a page of the Responsible Entity's website that contains such a plugin, the visitor's browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to the visitor's browser and integrated into the page. Through this integration, Instagram receives the information that the browser has called up the corresponding page of the website of the responsible party, even if there is no Instagram profile or the visitor is not currently logged into Instagram. This information (including the visitor's IP address) is transmitted by the browser directly to an Instagram server in the USA and stored there.
If the visitor is logged into Instagram, Instagram can directly assign the visit to the website to the visitor's Instagram account. If the plugins are interacted with, for example the "Instagram" button is pressed, this information is also transmitted directly to an Instagram server and stored there. The information is also published on the Instagram account of the visitor and displayed there to contacts.
If the visitor does not want Instagram to directly assign the data collected via the website of the responsible party to the visitor's Instagram account, the visitor must log out of Instagram before a session on the website of the responsible party. The visit can also completely prevent the loading of Instagram plugins with add-ons for the browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
Use of YouTube plugins
The responsible party uses the provider YouTube, among others, for the integration of videos. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The responsible body uses plugins of the provider YouTube on its website. When the visitor calls up the website of the responsible party provided with a YouTube plugin, a connection to the YouTube servers is established. This transmits to the YouTube server which Internet pages the visitor has visited. If the visitor is logged in as a member of YouTube, YouTube assigns this information to the personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to the user account.
The visitor can prevent this assignment by logging out of the corresponding YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. and deleting the corresponding cookies of the companies before using the website of the responsible party.
Further information on data processing and privacy notices by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.
The visitor has the possibility to subscribe to the email newsletter of the responsible entity on the website. For the receipt of this newsletter, the provision of personal data (name and e-mail address) is required. Without the explicit consent of the visitor, the newsletter will not be sent. For this purpose, the visitor receives after registration a confirmation e-mail with a link that must be called for the final registration to the newsletter. Only after this, the visitor will regularly receive the newsletter of the responsible party. Unsubscribing from the newsletter is possible at any time, e.g. by e-mail (the contact details of the responsible body can be found below or in the website imprint) or by using the unsubscribe link contained in the e-mail newsletter itself.
Further information and contacts
If the visitor has further questions on the subject of "data protection", he can contact the data protection officer The visitor can inquire which of his data are saved. In addition, the visitor can send information, deletion and correction requests regarding his or her data and, if desired, suggestions at any time by letter or e-mail to the following address:
When contacting the data protection officer, please name the company to which your request refers. Please refrain from including sensitive information such as a copy of an ID card in your request.
Munich, October 2022