Nova Hotels Group

GDPR Information

Privacy Policy

Information on the processing of your personal data — Last updated: November 2026

Our hotels operate under German law. This privacy policy is governed by the EU General Data Protection Regulation (GDPR) and German data protection legislation.

1. Data Controller

The data controller responsible for processing your personal data under the GDPR is:

2. Data Protection Officer

You can reach our Data Protection Officer at:

Email: datenschutz@nova-hotels.de

3. What Data We Process

3.1 Personal Identification Data

3.2 Travel Data

3.3 Business Data (for business travel)

3.4 Image and Biometric Data

4. Legal Basis for Processing

We process your data on the following legal bases:

5. Purpose of Data Processing

6. Recipients of Your Data

Your data is shared, to the extent necessary, with the following recipients:

7. Data Transfers to Third Countries

Some of our service providers are based outside the EU. Such transfers are based on:

8. Retention Period

9. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

9.1 Right of Access (Art. 15 GDPR)

You have the right to request information about the personal data we hold about you.

9.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of incorrect data or the completion of your data.

9.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your data, provided no statutory retention obligations stand against it.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request the restriction of the processing of your data.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used and machine-readable format.

9.6 Right to Object (Art. 21 GDPR)

You can object to the processing of your data where such processing is based on legitimate interests.

9.7 Withdrawal of Consent (Art. 7(3) GDPR)

If processing is based on your consent, you may withdraw it at any time with effect for the future.

10. Right to Lodge a Complaint with a Supervisory Authority

You have the right to file a complaint with a data protection supervisory authority. The competent authority for us is:

11. Data Security

We implement technical and organizational measures to protect your data from unauthorized access:

12. Automated Decision-Making

Automated decision-making within the meaning of Art. 22 GDPR that produces legal effects for you does not take place.

13. Obligation to Provide Data

The collection of registration data (Meldeschein) is required by law (§ 29 BMG). Without this data, we cannot accommodate you. The remaining data is required for contract performance — refusing to provide it will mean we cannot enter into the accommodation contract.

14. Changes to This Privacy Policy

We reserve the right to update this privacy policy when legal requirements or our processing activities change. The current version is always available at this address.

For questions about data protection, contact us at datenschutz@nova-hotels.de.