privacy policy
Privacy policy
We are pleased that you have visited our website. We would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
responsible person
The body named in the imprint is responsible for the data processing listed below.
usage data
When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a protocol in order to improve the quality of our websites.
This dataset consists of
· the name and address of the requested content,
the date and time of the query,
· the amount of data transferred,
· the access status (content transferred, content not found),
· the description of the web browser and operating system used,
· the referral link, which indicates from which page you came to ours.
The legal basis for the processing of usage data is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. The processing is carried out in the legitimate interest of providing the contents of the website and ensuring a device- and browser-optimized display.
Storage of the IP address for security purposes
In addition, we store the full IP address transmitted by your web browser for a period of seven days, strictly for the purpose of detecting, limiting and
After this period of time, we delete or anonymize the IP address. The legal basis for the processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.
data security
We take technical and organizational measures to protect your data from unwanted access as comprehensively as possible. We use an encryption process on our websites. Your details will be protected by your
computer to our server and vice versa via the Internet using TLS encryption. You can usually tell this by the fact that the lock symbol in the status bar of your browser is closed and the address bar
starts with https://.
applicant data
If you apply to us, we will process your data in a permissible manner for the application process. After we have received your application, we will inform you about this processing in a separate Art. 13 Information by email.
If you apply using our application tool, you will find our Art. 13 Information for applicants as a link, as well as here .
Required Cookies
We use cookies on our websites that are necessary for the use of our websites.
Cookies are small text files that can be stored on your device and read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored on the
stored beyond the session.
We do not use these necessary cookies for analysis, tracking or advertising purposes.
Some of these cookies only contain information about certain settings and are not personal. They may also be necessary to enable user navigation, security and implementation of the site.
We use these cookies on the basis of our legitimate interest in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
You can set your browser to inform you about the placement of cookies. In addition, you can delete them at any time via the corresponding browser setting and prevent the setting of new cookies.
Please note that our websites may then not be fully displayed and some functions may no longer be technically available.
| Provider | Purpose | storage period | Appropriate data protection level |
| Cookiebot/ Usercentrics | provision consent management | 365 days | Data processing in the EU/ EEA area. |
| Hebs Digital | provision of online booking tool | 400 days | Data processing in the EU/ EEA area. |
| Adobe | Content Personalization/ tag management | Data processing in the EU/ EEA area. |
consent banner
We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the data you
The settings made are based on Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, in our legitimate interest to display our content according to your preferences and to prove your consent(s).
The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This means that they are retained for subsequent page requests and your consents can continue to be
Further information can be found under the link “Required cookies” (see above).
The provider of the consent management platform acts as a contracted service provider (contract processor) for us. A contract processing agreement in accordance with Art. 28 GDPR has been agreed.
visitor measurement (Google Analytics)
We use web analysis tools to design our websites to meet your needs. This created usage profile is based on pseudonyms. For this purpose, permanent cookies are stored on your device and read by us. In addition, it is possible that we retrieve recognition features for your browser or your device (e.g. a so-called browser fingerprint or your unabridged IP address). In this way, we are able to recognize returning visitors and count them as such.
In addition, we use the following functions as part of visitor measurement:
· We enrich the pseudonymous data with additional data provided to us by third parties. In this way, we are able to record demographic characteristics of our visitors, such as information on age, gender and place of residence.
We use a recognition method that allows us to record and subsequently evaluate the mouse pointer movement of our visitor.
We use contextual data, including usage history on other sites that also have cookies enabled, to create exploratory click paths and browsing behavior analyses.
The data processing is based on your consent, provided that you have given your consent via our banner. You can revoke your consent at any time. Please make the appropriate settings in our
consent banner.
Which third-party providers do we use in this context?
Below we list the third-party providers with whom we work in connection with visitor measurement. If the data is processed outside the EU or EEA (in particular in the USA),
We provide information on the level of data protection in the table below.
| Provider | Maximum storage period | Appropriate data protection level | revocation of consent |
| Google Analytics) | 400 days | For transfers to the USA is an appropriate Data protection level due to the Certification of the provider under the adequacy decision (EU-US Data Privacy Framework). | If you have your consent want to revoke, meet the corresponding setting over our banner. |
third-party tracking technologies for advertising purposes
We use cross-device tracking technologies so that targeted advertising can be shown to you on other websites based on your visit to our websites and so that we can understand how effective our
advertising measures.
The data processing is based on your consent, provided that you have given your consent via our banner. Your consent is voluntary and can be revoked at any time.
How does tracking work?
When you visit our websites, it is possible that the third-party providers listed below retrieve recognition features for your browser or your device (e.g. a so-called browser fingerprint), evaluate your IP address,
Store or read recognition features on your device (e.g. cookies) or gain access to individual tracking pixels. The individual features can be used by third-party providers to recognize your device on other websites. We can commission the relevant third-party providers to place advertisements that are based on the pages you visit on our website.
What does cross-device tracking mean?
If you register with the third-party provider using your own user data, the respective recognition features of different browsers and devices can be linked to each other. If the third-party provider also uses its own feature, for example
for the laptop, desktop PC or smartphone or tablet you use, these individual characteristics can be associated with each other as soon as you use your login data to access a service of the
third-party provider. This allows the third-party provider to target our advertising campaigns across different devices.
Which third-party providers do we use in this context?
Below we list the third-party providers with whom we work for advertising purposes. If the data is processed outside the EU or EEA (in particular in the USA), we will make the
The following table provides information on the level of data protection.
| Provider | Maximum storage period | Appropriate data protection level | Revocation of consent |
| Meta/ Meta pixel (Facebook) | For transfers to the USA is an appropriate data protection level due to the provider's certification under the adequacy decision (EU-US Data Privacy Framework). | If you have your consent want to revoke, meet the corresponding setting over our banner. | |
| Google (DoubleClick ) | For transfers to the USA is an appropriate data protection level due to the provider's certification under the adequacy decision (EU-US Data Privacy Framework). | If you have your consent want to revoke, meet the corresponding setting over our banner. |
online booking
You have the option of making a room reservation using our booking form. The following information is required (marked as mandatory):
• First name, last name of the guest and number of guests
• The first name and last name of the purchaser are different.
• Billing address
• Desired room category
• Phone number
• E-mail address
• Credit card details (only required for arrivals after 6:00 pm)
We process this data to reserve and book the desired hotel room and to bill for our services. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. b GDPR or Art. 6 Para. 1 S. 1 lit. C GDPR
in conjunction with § 312ff. BGB.
We process the information about the other arriving guests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR in the legitimate interest of being able to guarantee a faster and easier check-in upon arrival. The data subject can object to this processing at any time with effect for the future. To do so, please contact the email address provided in the imprint .
You also have the option of informing us of your special requests using the corresponding input mask. The legal basis for this processing is your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a or Art. 9 Paragraph 2 Letter a of GDPR.
(for health data, such as intolerances, allergies, etc.). You can revoke your consent at any time with effect for the future. Please contact the office named in the imprint .
The booking form is provided by caesar data & software GmbH. In this context, we transmit your personal data to caesar data & software GmbH, which acts as a contract processor bound by instructions for us.
We have concluded a corresponding order processing agreement with the service provider in accordance with Art. 28 Para. 3 GDPR. There is no transfer to a third country outside the EU/EEA.
contact form
You have the option of contacting us using our contact forms. To use our contact form, we first need the data marked as mandatory.
We use this data on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR to answer your inquiry.
In addition, you can decide for yourself whether you want to provide us with further information. This information is provided voluntarily and is not absolutely necessary for contacting us. We process your voluntary information on the basis of your
Consent.
Your data will only be processed to answer your request. We will delete your data if it is no longer required and there are no statutory retention periods to the contrary.
If your data transmitted via the contact form is processed on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you can object to the processing at any time. In addition, you can withdraw your consent to the processing of the
You can revoke your consent to provide voluntary information at any time. To do so, please contact the email address provided in the imprint .
social media plugins
We enable you to use social plugins. However, for data protection reasons, no data is transmitted to social media services when you visit our websites.
However, you have the option of giving your consent for this data processing via our banner in order to activate and use the social plugins integrated on our websites. Only then will your browser
Connection to the servers of the operator of the respective social media service is established.
If you activate a plugin via the setting in the banner, the social media service will receive your IP address and, among other things, information about your visit to our websites (usage data). This is done
regardless of whether you have an account with the respective social media service. If you are logged in, the data can be assigned directly to your social media profile.
Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will process your
Data usage profiles are created and used for the purpose of personalized advertising. In addition, your data is used to inform other users of the social media service about your activities on our websites.
The embedding is based on your consent, provided that you have given your consent via our banner. If the data is processed outside the EU or EEA (in particular in the USA) in this context,
We provide information on the level of data protection in the table below.
If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by revoking your consent. To do so, please follow this
Link and make the appropriate settings above our banner.
| Provider | Maximum storage period | Adequate level of data protection |
| Meta social plugin) | For transfers to the USA, a adequate level of data protection due to the certification of the provider under the adequacy decision (EU-US Data Privacy Framework). | |
| X Corp./ (Twitter) | For transfers to the USA, a adequate level of data protection due to the certification of the provider under the adequacy decision (EU-US Data Privacy Framework). |
map services
If we embed map services on our websites that are not stored on our servers, we will inform you about this here. For data protection reasons, however, when you visit our websites, no
Third-party content is reloaded and the third-party provider does not receive any information. Third-party content is only reloaded when you give your consent via our banner. This gives the third-party provider the
Information that you have accessed our site and the usage data technically required in this context. We have no influence on the further data processing by the third-party provider. Your consent includes,
that third-party content is reloaded. The embedding is based on your consent, provided you have given your consent via our banner.
Captcha
In order to protect our web and contact forms from automated requests, we use a so-called Captcha. As part of the Captcha function, you will be asked, among other things, to solve tasks or click checkboxes.
User inputs made in this context and, if applicable, mouse movements are also used to estimate whether the inputs come from a human or an automated program.
The data processing is carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and in the legitimate interest of protecting us from spam and misuse and ensuring the security of our systems.
If you do not want this data processing, please refrain from using our web forms. We are supported in the provision and evaluation of the captcha by a contract processor who is bound by instructions. A
Order processing contract agreed.
newsletter registration and dispatch
You can order a newsletter on our website. Please note that we require certain data (at least your email address) to register for the newsletter.
The newsletter will only be sent if you have given us your express consent. After placing your order, you will receive a confirmation email to the email address you provided (so-called double opt-in). You
You can revoke your consent at any time. You can revoke your consent easily, for example, by using the unsubscribe link in every newsletter.
As part of the newsletter registration, we store additional data in addition to the data already mentioned, if this is necessary so that we can prove that you have subscribed to our newsletter. This may include the storage of the
complete IP address at the time of ordering or confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is carried out on the basis of Art. 6 Para. 1
S. 1 lit. f GDPR and in the legitimate interest of being able to account for the legality of sending the newsletter.
direct mail
If we receive your email address in connection with the sale of a product or service, we will use the address for direct advertising for our own products or services, unless you have objected to the processing
When collecting the address and each time it is used, we make it clear that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates.
The use is based on Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and in the interest of promoting the sale of our goods or services. You can obtain an uncomplicated option to object, for example, via the link in every e-mail.
The unsubscribe link in the email will be provided.
storage period
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests
or other (legal) retention reasons prevent deletion.
Other processors
As part of order processing in accordance with Art. 28 GDPR, we pass on your data to a service provider who supports us in operating our websites and the associated processes. These include, for example, hosting service providers.
Our service providers are strictly bound to our instructions and are contractually obliged accordingly.
Below we will name the processors with whom we work, if we have not already done so in the above text of the data protection declaration. If data is transferred outside the EU or
of the EEA, we will inform you about this in the table below.
| processor | Purpose | Adequate level of data protection |
| Amazon Inc./ Amazon Web Services (AWS) | Webhosting/ IT infrastructure/ Support | For transfers to the USA, a adequate level of data protection because of the certification of the provider under the adequacy decision (EU-US Data Privacy Framework) guaranteed. |
Your rights as a data subject
When processing your personal data, the GDPR grants you as the data subject certain rights:
right to information (Article 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to information about this personal data and to the information referred to in Art. 15
DSGVO in detail listed information.
Right to Report (Article 16 GDPR)
You have the right to request that inaccurate personal data concerning you be reported immediately and, if necessary, that incomplete data be completed.
Right to erasure (Article 17 GDPR)
You have the right to request that personal data concerning you be erased immediately if one of the reasons listed in Art. 17 GDPR applies.
Right to restriction of processing (Article 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the review
by the person responsible.
Right to data portability (Article 20 GDPR)
In certain cases, as detailed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to have the
to request that this data be transmitted to a third party.
Right of withdrawal (Art. 7 GDPR)
If the processing of the data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 Para. 3 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
right to object (Article 21 GDPR)
If data is processed on the basis of Art. 6 Para. 1 Clause 1 Letter f GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6 Para. 1 Clause 1 Letter e GDPR (data processing to safeguard public interest or in the exercise of
public authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless
there are demonstrable compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend
legal claims.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be asserted in particular with your supervisory authority in your approved place of habitual residence, your place of work or the place of the alleged violation.
assertion of your rights
Unless otherwise expressly stated, please contact the office stated in the imprint to assert your rights as a data subject.
Integration of other technical third-party content and functions
We use the technical functions and content from third parties listed below to display our websites. When you access our pages, content from the third party provider who provides these functions and content is reloaded. This gives the third party provider the information that you have accessed our site and the usage data technically required in this context. We have no influence on the further data processing by the third party provider.
The embedding is based on Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and in the interest of making our site as appealing and informative as possible. Please note that the use of third-party content and functions may result in your
Data is processed outside the EU or EEA (particularly in the USA). For transfers to the USA, an appropriate level of data protection is guaranteed based on the adequacy decision (EU-US Data Privacy Framework).
| Provider | Purpose | storage period | Appropriate data protection level |
| Wetter.de/ RTL Group | content integration/ weather widget | Data transfer in the EU/ EEA area | |
| HebsDigital | On-line- Reservation/ booking tool | Data transfer in the EU/ EEA area | |
| Usercentrics/ Cookiebot | consent management | Data transfer in the EU/ EEA area | |
| Twitter syndication | content integration | For transmissions to the USA is an appropriate data protection level because of the certification of the provider under the adequacy decision s (EU-US Data Privacy Framework). | |
| Hotels-online- buchen.com | provision On-line- booking tool | Data processing in EU/EEA area. | |
| livespotting.com | webcam transmission (Content- integration) | Data processing in EU/EEA area. | |
| Adobe Inc. | Content Personalization / day management | Data processing in the EU/EEA area. | |
| Amazon | content integration | Data processing in the EU/ EEA area. | |
| Cloudflare Inc./ Cloudfareinsights | provision/ Security | Data processing in the EU/ EEA area and in the USA. | |
| Google Tag manager | consent management | For transmissions to the USA is an appropriate data protection level due to the certification of the provider under the adequacy decision s (EU-US Data Privacy Framework). | |
| Fastly Content | content integration | For transmissions to the USA is an appropriate data protection level due to the certification of the provider under the adequacy decision s (EU-US Data Privacy Framework). | |
| Google Hosted Libraries & Javascript Libraries | technical functions/ libraries | For transmissions to the USA is an appropriate data protection level due to the certification of the provider under the adequacy decision s (EU-US Data Privacy Framework) for Google Hosted Libraries guaranteed. |
contact details of the data protection officer
Our external data protection officer will be happy to provide you with information on data protection using the following contact details:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: https://www.dsn-group.de/
Email: office@datenschutz-nord.de
If you contact our data protection officer, please also state the responsible body, which is named in the imprint.