Mann mit Laptop in Eingangsbereich eines Hotels

Data protection declaration (Website)

In the following Data protection declaration we, hotsplots GmbH, will be telling you about the processing of your personal data (e.g. name, address, e-mail address or usage data) on our website. We process personal data at all times in conformity with the EU General Data Protection Regulation (GDPR). The transmission of your personal data will always be carried out using SSL encryption (including username and password and the remainder of the data relating to the customer area and shop of

You can print out or save this Data Protection Notice by using your browser’s normal functions. You can also download and archive this Data Protection Notice as a PDF file by clicking here [PDF].

If you are not interested in the data processing of our website but in that of our products, you will find here information on data protection and data security for the usage of our hotspots, e.g. for data capture when using (WLAN) hotspots and data capture in VPN routing. Otherwise since 2005 HOTSPLOTS has been registered with the German Federal Network Agency for its supply of commercial telecommunication services to the public. Insofar as the law requires, there also exists a registration in other countries where HOTSPLOTS operates.

1. Controlling body

The controlling body for the data processing set our below under the terms of the GDPR is



hotsplots GmbH
Rotherstraße 22
10245 Berlin

Telephone: +49 (0)30 - 29 77 348-0
Fax: +49 (0)30 - 29 77 348-99

E-mail: datenschutz(at)


2. Data Protection Officer

Should you have any questions about data protection, you can contact our Data Protection Officer at any time. He can be reached under the foregoing e-mail address and under the postal address (to be headed: “FAO HOTSPLOTS Data Protection Officer”).

3. General use of the website

You can visit our website without telling us who you are. You can then use the website in order only to find out about our company and our products. In this case we shall only collect personal data insofar as this is necessary for technical reasons in order to use our website. When anyone visits our website, our webserver automatically and temporarily stores, in so-called log files, some connection data which your browser transmits to us. These are e.g. browser type and version, operating system, URL of last site visited (referrer URL) and time. The information stored in logfiles does not allow of any direct conclusion to be drawn about your person. IP addresses are captured in the webserver’s internal log and erased after a maximum of 24 hours. The processing of these connection data takes place for purposes of enabling use of the website, of system security and of technical administration of the network infrastructure, and for optimising our internet facilities. The legal basis for this data processing is Article 6(1)(b) of the GDPR.

No merger takes place of these data with other data sources. The log files are stored for two months and then automatically erased.

4. Use of contact forms

We offer you a facility to send us messages directly via a contact form. As part of our contact form we record the category of your interest, your name and first name, your e-mail address and the actual message. Further information is optional. The legal basis for this is Article 6(1)(b) of the GDPR. We shall only use the data recorded via our contact forms in order to process enquiries; afterwards they will be erased after six months.

If you wish to become an installation partner of HOTSPLOTS, we shall provide you with a contact facility via our website. Since the accounts in the customer area (see below) and the accounts of installation partners are linked, we request the HOTSPLOTS username as a compulsory field. All further data, such as personal contact or trading name, are optional.

5. Use of cookies

We use so-called cookies on our webpages. These are small text files which are stored on your device as soon as you visit one of our websites. If you visit this website again, the cookie indicates that the visit is a repeated visit. We use cookies in order to store your preferences on our website, for instance language settings, or in order for technical reasons to realise the log-in function to the protected customer area. These services are grounded on our legitimate interests. The legal basis is Article 6(1)(f) of the GDPR. In this way we aim to make a more convenient and more individual use of our website possible for you.

Of course you can also visit our website without cookies. You can so configure your browser that the acceptance of cookies is normally rejected or you are informed in advance if a cookie is stored.

If you do not accept any cookies, this may lead to restrictions on the use of our website. Cookies are necessary for registration in the customer area on

6. Customer area and shop

To operate hotspots yourself, to become an installation partner, or to upload credits for the use of hotspots, you must register for the protected customer area. When registering, collection is made of the username and password which the user freely chooses. The password is not stored en clair, but only encrypted, as a so-called hash value. Further collection is made of your name and address, which are necessary for the production of correct vouchers, and of your e-mail address, which is particularly necessary for HOTSPLOTS, in order to supply mandatory information to customers in case of amendments to the General Terms & Conditions of Business, and for the customer, in order to be able to use the “Password forgotten” function. You have the option of stating a telephone number for telephone support. Further optional information, such as fax number, URL of your own website and VAT Number, are only of importance for the location owner or hotspot operator. The legal basis for this processing is Article 6(1)(b) of the GDPR.

In our shop we offer you a selection of products and installations for operating WLAN hotspots. If you set up a user account in our shop, you will be taken more rapidly through the order process, be able to store several dispatch addresses, follow the progress of your order so far, and much more.

When you register for the shop and undertake the subsequent order process, we collect compulsory data needed for handling the contract (name and first name, e-mail address, password, invoice and dispatch address). Information such as telephone and fax number is optional. The legal basis for this is likewise Article 6(1)(b) of the GDPR.

We store the data collected in the customer area and shop only as long as necessary for performing contractual or statutory duties for which we have collected the data. Afterwards we erase the data immediately, unless we still need these data until expiry of the statutory period of limitation for purposes of evidence in civil proceedings or due to statutory duties of storage.

7. Further transmission and recipients

Every usage of your personal data is made only for the foregoing purposes and to the extent necessary in order to achieve these same purposes. We will not pass on your personal data to our service providers or to third parties unless this is necessary for purposes of contact handling or you have expressly consented thereto.

To supply our service, it is necessary in certain business transactions to pass on personal data to selected external service providers:

  1. For dispatch of goods, the shipper employed to make the delivery (usually DHL Paket GmbH).
  2. For payment by credit card, the credit organisation employed to process the payment (usually Wirecard AG, cf. information of the Wirecard AG).
  3. For hotspot-provision contracts, the supplier of the preliminary work, DSL/SIM card provider, etc.
  4. For hotspot installations, the local installation partner.
  5. In case of payment default, we avail ourselves of external collection services and, if necessary, legal counsel.


Insofar as we pass on data to service providers, these providers must use the said data solely for performance of their commission. All service providers are carefully selected and commissioned by us. They are contractually bound to follow our instructions, have a duty of confidentiality, and are regularly monitored by us. In all cases the extent of data transmitted is restricted to the requisite minimum.

Transmission of personal data to government institutions and authorities is made only pursuant to compulsory national legal regulations, or if such transmission is required, in case of attacks upon our network infrastructure, for legal remedy and prosecution.

8. Google Maps

To display hotspots in Europe or as a guide to our company locations, we use the map service Google Maps provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). In order for the Google Maps material used to be incorporated and displayed on your web browser, calling up the contact page your web browser must make a connection to a server of Google in the USA. In this way Google receives the information that the corresponding page on our website has been called up from your device’s IP address. If you call up Google Maps on our website while you are logged into your Google profile, Google may additionally link this event with your Google profile. If you do not wish this allocation to your Google profile, it will be necessary for you to log out at Google before calling up our contact page. Google will store your data and use them for purposes of advertising, market research and personalised display of Google Maps. You can object to this data collection by contacting Google. You will find further information in Google’s Privacy Policy and the Additional Terms of Service for Google Maps/Google Earth. Google will also process your personal data in the USA and has acceded to the EU-US Privacy Shield:

9. Newsletter

Customers and hotspot operators can find out about your products and services regularly via a newsletter. To send the newsletter, your e-mail address is processed in our systems. You can cancel receipt of the newsletter again at any time. To unsubscribe from the newsletter for customers and hotspot operators, you will find a link at the end of each newsletter. You can also deselect the appropriate button in the customer area. A notice to the contact data given above or in the newsletter (e.g. by e-mail or letter) is of course likewise sufficient for this purpose. The legal basis for this data processing for purposes of the newsletter is Article 6(1)(a) of the GDPR.

In our newsletters we use normal market technologies by which interactions with the newsletters can be measured (e.g. opening of the e-mail, links clicked). We use these data in pseudonymised form for general statistical evaluations and to optimise and further develop our contents and customer communication. This is done with the aid of small graphics which are embedded in the newsletter (so-called pixels). These data are collected solely in pseudonymised form, nor are they combined with your other personal data. The legal basis for our legitimate interest in this matter is Article 6(1)(f) of the GDPR. Via our newsletter we aim as far as possible to share information which is relevant to our customers and to understand what our readers are actually interested in. If you do not wish these user patterns to be analysed, you can cancel receipt of the newsletter or disable graphics as standard in your e-mail program. These data on interaction with our newsletters are stored in pseudonymised form for 30 days and then completely anonymised.

10. Your rights

You have the right to receive information about the processing of your personal data by us at any time. In this context we shall explain the data processing to you and provide you with an overview of the data relating to your person which have been saved.

Should data which we have stored be erroneous or no longer up to date, you enjoy the right to have these data corrected. You can also require that your data be erased. Should such erasure be impossible in the exceptional case due to other legal regulations, these data will be blocked, so that they are only available for this statutory purpose. You can also restrict the processing of your personal data, if e.g. doubts exist on your part as to whether these data are correct.

You also have the right of data transferability, i.e. you may require us to send you a digital copy of the personal data which you have provided.


Insofar as we process your data pursuant to legitimate interests under Articale 6 (1)(f) of the GDPR, under Article 21 of the GDPR, you have the right to lodge objection to the processing of your data and to state to us such grounds arising from your particular situation as, in your opinion, must allow your protected interests to be overriding. Should your objection be an objection to data processing for purposes of direct advertising, you have a general right of objection, which will be implemented by us also without grounds being stated.


To exercise your rights as set out here, you can communicate at any time with the foregoing contact details. You also have the right to lodge a complaint to the data-protection authority to which we are subject (Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin). You can also contact the data-protection authority at your place of residence, which will then pass your application on to the competent authority.


Version 2.3, status: March 2018



Data protection declaration (Hotspot)

This data protection declaration informs you how hotsplots GmbH processes personal data and traffic data when you use our hotspots.

This data protection declaration can be printed or saved using the standard functions in your browser. You can also download and save this data protection declaration as a PDF file by clicking here: [PDF].

1. Responsible authority

Contact for and controller of the processing of your personal data when using our hotspots within the terms of the EU General Data Protection Regulation (GDPR) is

hotsplots GmbH
Rotherstraße 22
10245 Berlin

Telephone: +49 (0)30 - 29 77 348-0
Fax: +49 (0)30 - 29 77 348-99

E-mail: datenschutz(at)


Should you have any questions regarding data protection in connection with our products and services, you can contact our data protection officer at any time. This can be done via the above postal address or the previously stated email address (heading: “FAO Data Protection Officer HOTSPLOTS”).

2. Data processing when using the HOTSPLOTS WLAN

2.1. Traffic data

We collect traffic data every time our hotspots are used. This includes:

  1. Hotspot name
  2. Time stamp (date and time) of logins with type of login
  3. Duration of use
  4. Amount of data transferred
  5. Session ID, tariff ID, time stamp of the last billing data for a session
  6. Hardware ID of the terminal (MAC address)
  7. Hardware ID of the hotspot router (MAC address)
  8. IP address of the requesting device in the LAN and the hotspot router on the Internet
  9. Name of the VPN server and IP address on the Internet can be determined with the help of (a), (b) and (c)
  10. User name of a registered user or ticket number
  11. Time stamp (date and time) of unsuccessful login attempts with error type
  12. Average bandwidths of the last minutes (max. 10 min.), number of packets transferred.

The collection and processing of this traffic data is required for establishing and maintaining telecommunication and for the billing of charges. In addition to the purposes described above, the traffic data a to f is also temporarily stored internally (cf. section “Maximum storage time”) and statistically evaluated. During the storage period, and as an additional security measure, the traffic data is pseudonymised if possible using the hash algorithm.

In doing so, we protect the secrecy of communications, i.e. in particular, we do not evaluate the content of the telecommunication nor its specific circumstances and do not pass on the traffic data to third parties. The statistical evaluation of the data is necessary for operational reasons, in particular for the rectification of errors and for the purpose of identifying improper use. The data stored for the statistical evaluation does not allow for any information about your person to be directly inferred. The legal basis for these data processing operations is Art. 6.1.1.b of the GDPR.

2.2. Registered HOTSPLOTS users

It is possible to use your personally selected access data to log in to some of our hotspots, if you have previously registered with us. After registering you also have the option to top up your account for using our hotspots in the customer area. Further information about data collection and processing relating to registration can be found in the data protection declaration for our website. If you use our hotspots as a registered customer, in addition to the traffic data mentioned above, we will also collect billing data and your so-called inventory data for billing purposes and reasons of fraud prevention. The legal basis is Art. 6.1.1.b of the GDPR. The inventory data includes:

  • Username and password

  • First name and surname

  • Address

  • Email address

  • Bank details (account holder, IBAN, BIC, bank).

Also, if specified by you:

  • Company

  • Telephone and fax number

  • Website

  • VAT no.

2.3. Users with location tickets

If you use our hotspots with a location ticket, in addition to the specified traffic data, we will also save the properties of the ticket such as ticket number and password as well as data on the validity of the ticket for billing purposes. The legal basis is Art. 6.1.1.b of the GDPR.

2.4. Contact

You have various options by which you can contact us, in particular by email or using the contact form on our website. In this context, we process data solely for the purpose of communicating with you. The legal basis is Art. 6.1.1.b of the GDPR. The data collected by us when you use the contact form will be automatically deleted after processing of your request is completed, unless we still need your request to fulfil contractual or legal obligations (cf. section “Maximum storage time”).

3. Disclosure of data

In principle, data collected by us shall be disclosed only if:

  • You have given your express consent to this in accordance with Art. 6.1.1.a of the GDPR

  • Disclosure as per Art. 6.1.1.f of the GDPR is required for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding and legitimate interest in preventing the disclosure of your data

  • In accordance with Art. 6.1.1.c of the GDPR, we are required by law to disclose it or

  • This is permissible by law and in accordance with Art. 6.1.1.b of the GDPR is required for the implementation of contractual relationships with you or for the execution of pre-contractual measures undertaken at your request.

A proportion of the data processing may be undertaken by our service providers. These include the operators of the data centres in which our database and web servers are located (Interxxion Deutschland GmbH and Plusserver GmbH). Although they are unable to log into the servers, they can come into contact with the hardware. The IT service provider who services our ERP system, Intero Technologies GmbH, is able to see part of the inventory data and the accounting system. If we disclose data to our service providers, they are only permitted to use the data to fulfil their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have access to appropriate technical and organisational measures to protect the rights of the persons concerned and are regularly monitored by us.

4. Maximum storage time

In principle, we store personal data only for as long as required to fulfil the contractual or statutory obligations for which we have collected the data. The data is then deleted immediately, unless we need the data until expiry of the statutory limitation period for evidentiary purposes for civil claims or for statutory retention requirements.

  • Inventory data from our registered users (cf. also 2.2) is deleted in the fourth year following the end of the last expired contract or in the year following cancellation of the customer account, if no contract has been concluded.

  • Inventory data from location tickets (cf. also 2.3) is deleted in the fourth year following the date of the last possible use.

  • In principle, traffic data from successful logins is stored for up to 7 days. Otherwise, this data is generally already deleted if it is more than 3 days old. Only if we also need the traffic data for billing purposes, will we also save it for longer: Traffic data relevant to billing is deleted on a monthly basis if it is more than 3 months old.

5. Your rights

You have the right to request information regarding the processing of your personal data by us at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of your personal data which we have stored.

If the data stored by us is incorrect or no longer current, you have the right to have this information corrected.

You may also restrict the processing of your data, for example, if you are of the opinion that the data stored by us is incorrect.

You also have the right to data portability, i.e. that we will send you a digital copy of the personal data provided by you if you so request.

In order to assert your rights as described here, contact us at the above mentioned address at any time. This also applies if you wish to obtain copies of guarantees verifying an adequate level of data protection.

Finally, you have the right to complain to the data protection supervisory authority responsible for us. You may assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the location of the supposed breach. The responsible supervisory authority for Berlin, the location of the headquarters of hotsplots GmbH, is: State Commissioner for Data Protection and Freedom of Information Berlin, Friedrichstr. 219, DE-10969 Berlin.

6. Right of revocation and objection

At any time, you have the right to revoke consent previously given to us. As a consequence, we will cease processing any data based on this consent in the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

Insofar as we process your data based on legitimate interests, you have the right to object at any time to the processing of your data for reasons relating to their particular situation.

Should you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the address or email address stated above.

7. Data security

We maintain up-to-date technical measures to guarantee data security, in particular to protect your personal data against risks arising during data transfers as well as from acquisition by third parties. These are adjusted in accordance with the current state of the art. Our security concept is transmitted to the German Federal Network Agency at regular intervals and inspected by this body.

8. Changes to the data protection declaration

We may occasionally update this data protection declaration, for example, when we adapt our website or legal or regulatory requirements are changed.

Version 1.0 / Issue: June 2018