We take the protection of your personal data seriously and abide by the provisions of data protection laws and other relevant data protection requirements. In the sections below we tell you, as a user of our website or our app, how we handle your data and provide you with an overview of the measures we have implemented to protect personal data.
You may revoke any consent you have granted at any time with future effect. If you have any questions regarding our use of your personal data, please contact us.
1. Controller and Scope
The controller pursuant to the EU General Data Protection Regulation (‘GDPR’) and other national data protection laws of member states as well as other data protection provisions is:
MBC Property Edinburgh Ltd trading as On The Walk
18 Albert Place
The controller’s external data protection officer is:
3. Principles of data processing
Personal data refers to all information related to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour. Information that we cannot use to identify you personally (or that would involve a disproportionate effort to do so), for example, by anonymising the information, does not represent personal data. The processing of personal data (e.g. collecting, accessing, using, storing or transmitting such data) always requires a legal basis or your consent. Personal data that has been processed shall be deleted as soon as the purpose of the processing has been achieved and there are no further statutory retention obligations.
If we process your personal data in order to provide certain offers, we will subsequently inform you of the specific processes, the scope and the purpose of the data processing activity, the legal basis for the processing activity and the relevant storage period.
4. Individual processing steps
a. Provision and use of the website
When you access and use our website, we collect personal data that your browser automatically sends to our server. This information is temporarily saved in a log file. When you use our website, we collect the following information, which we need for technical reasons in order to display our website to you and ensure stability and security:
Every time a user accesses the website or the app and every time a file is accessed, access data related to this action is stored. This data includes:
- Browser type/version
- Operating system used
- Referring URL (the site previously visited)
- Host name of the accessing computer (IP address)
- Time and date of the server request
- Volume of data transmitted and access status (file transmitted, file not found, etc.).
This data is used to generate internal statistics that help us to analyse the use of the website, correct errors and improve our services. It is not used for any other purpose related to you individually. In particular, this data is not merged with other data sources. This data is automatically deleted after the statistical assessment. You can prevent your data being used for statistical purposes at any time by changing the settings in your browser to prevent cookies from being stored on your computer (see section 7).
The legal basis for the specified data processing is Article 6(1)(f) GDPR. The processing of the specified personal data is necessary to provide the website and therefore serves to safeguard a legitimate interest of our company.
The temporary storage of an IP address by the system is necessary for the purpose of transmitting the website to the computer of the user. The IP address of the user has to be stored for the duration of the session.
As soon as the specified data is no longer necessary to display the website, it will be deleted. The collection of data to provide the website and the storage of data in log files is necessary for the operation of the website. Consequently, the user does not have the right to object to such use. The data may be stored for longer periods in individual cases if such storage is legally required.
b. Reservations and bookings
You can make a reservation and/or booking on our website. When you do this, the following personal data will be entered into a form and processed by us:
- Name and surname
- Email address
- Phone number (if provided)
- Company name (if provided)
- Tax number (if provided)
- Bank details or credit card information (if provided)
In order to process payments, we will share your payment details with the financial institution that has been engaged to process the payment and to any payment service provider we have engaged or the payment service you choose when you place the order. These companies may only use your personal data to execute the contract and not for any other purposes.
Personal data is processed in connection with a booking or reservation in order to execute a contract between you and On The Walk in accordance with Article 6(1)(b) GDPR. This also applies to data processing that is necessary to take steps prior to entering into a contract.
As soon as the processed personal data is no longer necessary to execute the contract, it will be erased. After the conclusion of the contract, it may be necessary to store personal data concerning you in order to comply with contractual or statutory obligations. The data may be stored for longer periods in individual cases if such storage is legally required.
c. Contact form and email correspondence
Our website provides a form for you to contact us electronically. The personal data you enter in the form will be transferred to us. If you use the contact form, the following personal data concerning you will be processed:
- Email address
- First name and surname
- Any other personal data included in the message
Additionally, the following personal data will be stored when the message is sent:
- IP address
- Date and time of your message
Alternatively, you can contact us at the email address provided. In this case, your personal data that is transmitted along with the email will be stored. The personal data will not be disclosed to third parties in this context. The personal data will only be used to process your enquiry.
The legal basis for the processing of personal data is Article 6(1)(f) GDPR. We have a legitimate interest in responding to enquiries that you email to us. Additionally, pursuant to Article 6(1)(f) GDPR, we have a legitimate interest in processing personal data during the sending process in order to prevent misuse of the contact form and protect our IT systems.
After we have processed your enquiry, the personal data will be erased unless the erasure is prevented by contractual or statutory retention periods. You have the right to withdraw your consent to the processing of personal data at any time. If you contact us by email, you can object to the processing of your personal data at any time. In this case, it will not be possible to process your enquiry any further. All personal data collected as part of your contacting us will be erased in this case unless the erasure is prevented by contractual or statutory retention periods.
Persons under the age of 18 should not provide us with any personal data without the consent of their parents or guardians. We do not request personal data from children and adolescents, nor do we collect such data or forward it to third parties.
For questions, please contact:
However, if the processed data is necessary for the performance of a contract or for the completion of steps prior to entering into a contract, the data can only be deleted early if doing so does not contradict a contractual or statutory obligation.
5. Email correspondence
a. Evaluation email following a stay
After staying at a On The Walk, customers will receive an email asking them to rate their stay and suggest improvements.
The legal basis for the data processing activity carried out with respect to the use of your email address is Art. 6 (1f) GDPR. The processing of email addresses and the collection of evaluations is necessary to ensure the quality of the hotel and to optimise hotel services, and therefore helps to safeguard the legitimate interests of our company. This evaluation email is not used for any other purpose.
As soon as the specified data (email address and evaluation) is no longer required for the specified optimisation purposes, it will be erased immediately.
b. On The Walk newsletter
When registering for the On The Walk newsletter, the user declared his/her consent to regularly receive a newsletter email containing news, campaigns and offers from On The Walk (as well as articles related to the topic of hotels, travel and overnight accommodation). The personal data that On The Walk processes to send the newsletter is not disclosed to other companies. Consent regarding use of your email address can be revoked at any time with future effect (email@example.com). In addition, a separate link located at the end of each newsletter can be used to unsubscribe from the newsletter.
You expressly gave the following declaration of consent when you subscribed to the newsletter on our website and we have logged this consent.
c. On The Walk newsletter
Users who have registered at On The Walk will automatically receive the On The Walk newsletter containing news and information about campaigns and offers. Your consent regarding use of your email address can be revoked at any time with future effect via email (firstname.lastname@example.org).
7. Processing and deletion
On The Walk may, of its own initiative or at the request of the user, complete, correct or delete incomplete, erroneous or outdated personal data that On The Walk has stored in connection with the operation of this website. If these processes are carried out at the request of the user, On The Walk may only do so if the user has sufficiently identified him/herself. Identity is verified using a copy of a photo ID – which will of course be deleted immediately after the authentication has been completed – or using criteria that can only be known by the user. On The Walk cannot agree to the user’s request if he/she is not properly identified.
In line with statutory provisions, On The Walk deletes personal data immediately upon the user’s request, provided there are no mandatory retention obligations to the contrary.
8. Disclosure of personal data to third parties
a. Personal data is handled confidentially and in line with the statutory data protection regulations. Data is not disclosed to third parties without the user’s consent, unless doing so is required to carry out orders, process payments or process requests or it is permitted in accordance with the statutory provisions. External service providers are obliged to handle data confidentially and securely, and they may only use the data as required to carry out their duties.
b. This is particularly true for any payments processed by external service providers. The user’s legitimate concerns are taken into account in line with the statutory provisions.
c. Otherwise, personal data is only disclosed if the user has given his/her express prior consent or if doing so is necessary for the prosecution of criminal offences. Personal data is only transmitted to the authorities or government agencies with the right to receive information if doing so is subject to a statutory obligation to provide information or there has been a court ruling to this effect. Your legitimate concerns are taken into account in line with the statutory data protection provisions. Where necessary, we may disclose your data to third parties on the basis of statutory requirements. We only comply with such requests if we are required to do so in line with statutory obligations.
d. You may revoke the consent to disclose your data at any time and without the need to provide us with a reason.
9. Protection of data
The protection of personal data is an important corporate principle at On The Walk. This is achieved through, among other things, training, a company data protection officer and a written agreement with all employees and external service providers to maintain the confidentiality of data and comply with data protection requirements.
All technical and organisational, physical and computer systems and measures in the area of data protection, IT and information security help to protect stored data from damage, destruction and unauthorised access and to achieve the protection objectives of confidentiality, availability and integrity.
For the sake of security, personal data is collected with the use of an encrypted secure socket layer (SSL) connection (which can be recognised by the use of ‘https://’ at the beginning of the website address in the address bar of the internet browser).
In addition, On The Walk takes all reasonable precautions to prevent unauthorised access to users’ personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. However, the provision of personal data, whether this is done in person, on the phone or online, always involves risks, and there is no technical system that is completely impervious to manipulation or sabotage.