Unsere Datenschutzrichtlinien | SICON Hospitality

Our privacy policy

We are pleased that you are visiting our website and thank you for your interest in our company. The protection of personal data is important to us. Therefore, the processing of personal data, such as the name, address, email address, or telephone number of a data subject, is carried out in accordance with applicable European and national law.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

You can, of course, revoke your consent(s) at any time with future effect. Please contact the controller to do so. You can find the contact details at the bottom of this privacy policy.

In the following, Sicon Hospitality GmbH would like to inform the public about the nature, scope, and purpose of the personal data it processes. Furthermore, this privacy policy informs data subjects about their rights.

Definitions

The privacy policy of Sicon Hospitality GmbH is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (hereinafter referred to as "GDPR"). Our privacy policy is intended to be easily readable and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. In this privacy policy and on our website, we use, among other things, the following terms:

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

A data subject is any identified or identifiable natural person whose personal data is processed by the controller. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisierung ist die Verarbeitung personenbezogener Daten in einer Weise, auf welche die personenbezogenen Daten ohne Hinzuziehung zusätzlicher Informationen nicht mehr einer spezifischen betroffenen Person zugeordnet werden können, sofern diese zusätzlichen Informationen gesondert aufbewahrt werden und technischen und organisatorischen Maßnahmen unterliegen, die gewährleisten, dass die personenbezogenen Daten nicht einer identifizierten oder identifizierbaren natürlichen Person zugewiesen werden.

The controller or controller responsible for processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.

Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct authority of the controller or processor.

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

Rights of the data subject

Right to confirmation: Every data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. If a data subject wishes to exercise this right of confirmation, they may contact the controller at any time.

Right to information: Any person affected by the processing of personal data has the right to obtain from the controller, free of charge, information about the personal data stored about him or her at any time, as well as a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

the processing purposes
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, where not possible, the criteria used to determine that period
the existence of a right to rectification or erasure of personal data concerning him or her or to restriction of processing by the controller or a right to object to such processing
the existence of a right of complaint to a supervisory authority
if the personal data are not collected from the data subject: all available information about the origin of the data
das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling gemäß Artikel 22 Abs.1 und 4 EU-DSGVO und — zumindest in diesen Fällen — aussagekräftige Informationen über die involvierte Logik sowie die Tragweite und die angestrebten Auswirkungen einer derartigen Verarbeitung für die betroffene Person. Ferner steht der betroffenen Person ein Auskunftsrecht darüber zu, ob personenbezogene Daten an ein Drittland oder an eine internationale Organisation übermittelt wurden. Sofern dies der Fall ist, so steht der betroffenen Person im Übrigen das Recht zu, Auskunft über die geeigneten Garantien im Zusammenhang mit der Übermittlung zu erhalten.

If a data subject wishes to exercise this right to information, he or she may contact the controller at any time.

Right to rectification: Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of providing a supplementary statement, taking into account the purposes of the processing.

Möchte eine betroffene Person dieses Berichtigungsrecht in Anspruch nehmen, kann sie sich hierzu jederzeit an den für die Verarbeitung Verantwortlichen wenden.

Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right to request the controller to delete the personal data concerning him or her without undue delay, provided that one of the following reasons applies and the processing is not necessary:

Die personenbezogenen Daten wurden für solche Zwecke erhoben oder auf sonstige Weise verarbeitet, für welche sie nicht mehr notwendig sind.
The data subject withdraws his or her consent on which the processing is based according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, and there is no other legal ground for the processing.
Die betroffene Person legt gemäß Art. 21 Abs. 1 EU-DSGVO Widerspruch gegen die Verarbeitung ein, und es liegen keine vorrangigen berechtigten Gründe für die Verarbeitung vor, oder die betroffene Person legt gemäß Art. 21 Abs. 2 EU-DSGVO Widerspruch gegen die Verarbeitung ein.
The personal data was processed unlawfully.
The erasure of personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.
The personal data were collected in relation to information society services offered in accordance with Article 8 (1) of the EU GDPR.

If one of the above reasons applies, and a data subject wishes to request the erasure of personal data stored by Sicon Hospitality GmbH, they may contact the controller at any time. The data subject's erasure request will then be complied with immediately.

If the personal data was made public by Sicon Hospitality GmbH and our company as the controller pursuant to Art. 17 Para. 1 EU GDPR is obliged to erase the personal data, Sicon Hospitality GmbH shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, in order to inform other data controllers which process the published personal data that the data subject has requested the erasure by such controllers of all links to these personal data or of copies or replications of these personal data, unless processing is required. The controller will then arrange the necessary measures in individual cases.

Right to restriction of processing: Any person affected by the processing of personal data has the right to request the controller to restrict processing if one of the following conditions applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead.
The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims.
The data subject has objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by Sicon GmbH, they may contact the controller at any time. The restriction of processing will then be initiated immediately.

Right to data portability: Every person affected by the processing of personal data has the right to receive the personal data concerning him or her, which was made available to a controller, in a structured, common and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was made available, provided that the processing is based on consent pursuant to Art. 6 (1) (a) EU GDPR or Art. 9 (2) (a) EU GDPR or on a contract pursuant to Art. 6 (1) (b) EU GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

Zur Geltendmachung des Rechts auf Datenübertragbarkeit kann sich die betroffene Person jederzeit an den für die Verarbeitung Verantwortlichen wenden.

Right to object: Any person affected by the processing of personal data has the right to object at any time to the processing of personal data concerning him or her based on Article 6 (1) (e) or (f) of the GDPR, for reasons related to his or her particular situation. This also applies to profiling based on these provisions.

In the event of an objection, SICON Hospitality GmbH will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If SICON Hospitality GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such advertising purposes. This also applies to profiling insofar as it is associated with such direct marketing. If the data subject objects to SICON Hospitality GmbH processing the data for direct marketing purposes, SICON Hospitality GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right to object to the processing of personal data concerning him or her by SICON Hospitality GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to perform a task carried out in the public interest.

Zur Ausübung des Rechts auf Widerspruch kann sich die betroffene Person direkt an den für die Verarbeitung Verantwortlichen wenden. Der betroffenen Person steht es ferner frei, im Zusammenhang mit der Nutzung von Diensten der Informationsgesellschaft, ungeachtet der Richtlinie 2002/58/EG, ihr Widerspruchsrecht mittels automatisierter Verfahren auszuüben, bei denen technische Spezifikationen verwendet werden.

Automated decisions in individual cases, including profiling: Every person affected by the processing of personal data has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision:

is not necessary for the conclusion or performance of a contract between the data subject and the controller or
aufgrund von Rechtsvorschriften der Union oder der Mitgliedstaaten, denen der Verantwortliche unterliegt, zulässig ist und diese Rechtsvorschriften angemessene Maßnahmen zur Wahrung der Rechte und Freiheiten sowie der berechtigten Interessen der betroffenen Person enthalten oder
with the express consent of the data subject

If the decision is necessary for the conclusion or performance of a contract between the data subject and the controller or is made with the data subject’s explicit consent, SICON Hospitality GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise rights with regard to automated decisions, he or she may contact the controller at any time.

Recht auf Widerruf einer datenschutzrechtlichen Einwilligung: Jede von der Verarbeitung personenbezogener Daten betroffene Person hat das Recht, eine Einwilligung zur Verarbeitung personenbezogener Daten jederzeit zu widerrufen.

If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact the controller at any time.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data concerning him or her infringes this Regulation.

The competent supervisory authority:

The Hamburg Commissioner for Data Protection and Freedom of Information Prof. Dr. Johannes Caspar Ludwig-Erhard-Straße 22 7th floor 20459 Hamburg Telephone: 49 40 – 428 54-40 40 Fax: 49 40 – 428 54-40 00 Email: mailbox@datenschutz.hamburg.de Homepage: https://www.datenschutz-hamburg.de

Cooperation with processors and third parties

If, as part of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if transmission of the data to third parties, such as payment service providers, is necessary to fulfil the contract in accordance with Art. 6 (1) (b) GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 GDPR.

Routine deletion and blocking of personal data

Der für die Verarbeitung Verantwortliche verarbeitet (in diesem Sinne auch: speichert) personenbezogene Daten der betroffenen Person nur für den Zeitraum, der zur Erreichung des Speicherungszwecks erforderlich ist oder sofern dies durch den Europäischen Richtlinien- und Verordnungsgeber oder einen anderen Gesetzgeber in Gesetzen oder Vorschriften, welchen der für die Verarbeitung Verantwortliche unterliegt, vorgesehen wurde.

If the purpose of storage no longer applies or if a period prescribed by the European legislator or another competent legislator expires

Once the storage period has expired, the personal data will be blocked or deleted routinely and in accordance with legal regulations.

Data protection in applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to the controller electronically, for example by email. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this sense include, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).

Sicherheit

SICON Hospitality GmbH takes numerous technical and organizational measures to protect your personal data against accidental or unlawful deletion, alteration, or loss, as well as against unauthorized disclosure or access. However, internet-based data transmissions, for example, may generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example, by telephone.

Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the browser's address bar changing from "http://" to "https://" and by the lock symbol in the browser bar. When encryption is activated, the data you transmit to us cannot be read by third parties.

Collection of general data and information

The SICON Hospitality GmbH website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server's log files. The following may be collected:

the browser types and versions used
the operating system used by the accessing system
the website from which an accessing system reaches our website (so-called referrer)
the sub-websites that are accessed via an accessing system on our website
the date and time of access to the website
a web protocol address (IP address)
the Internet service provider of the accessing system
other similar data and information used to avert threats in the event of attacks on our information technology systems.

When using this general data and information, Sicon Hospitality GmbH does not draw any conclusions about the data subject. Rather, this information is needed to:

to deliver the contents of our website correctly
to optimise the content of our website and, if applicable, the advertising for it
to ensure the continued functionality of our information technology systems and the technology of our website
to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack

Sicon Hospitality GmbH therefore evaluates this collected data and information both statistically and with the aim of increasing data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a data subject. This data is not merged with other data sources.

This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.

Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We will not pass this data on without your consent. This data is processed on the basis of Art. 6 (1) (b) GDPR if your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this was requested. The data you send to us via contact inquiries will remain with us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Datenübertragung aus Formularen

The data subject has the option of registering for data transfer via forms on the controller's website by providing personal data. The personal data transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. Data transmission from forms is always encrypted.

The controller may arrange for the personal data to be passed on to one or more processors (e.g. a parcel service provider) who will also use the personal data exclusively for internal purposes attributable to the controller.

When data is transmitted on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date, and the time of the transmission are also stored. This data is stored to prevent misuse of the services offered and, if necessary, to enable the investigation of committed crimes and copyright infringements. Therefore, the storage of this data is necessary to protect the controller. As a general rule, this data will not be passed on to third parties unless there is a legal obligation to do so or the transfer serves the purposes of criminal prosecution or legal proceedings.

The data subject's voluntary provision of personal data allows the controller to offer the data subject content or services that, due to the nature of the matter, can only be offered to these users.

This data is processed on the basis of Art. 6 (1) (b) GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if requested.

The data you send us via contact requests will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular, statutory retention periods—remain unaffected.

Links to other websites

This website contains links to other websites (so-called external links). As a provider, Sicon Hospitality GmbH is responsible for its own content in accordance with applicable European and national law. Links to content provided by other providers must be distinguished from this own content. We have no influence on whether the operators of other websites comply with applicable European and national legal provisions. Please consult the privacy policies provided on the respective website for further information.

Cookies

We use cookies to make our website user-friendly and optimally tailored to your needs. Cookies are small text files that are sent from a web server to your browser when you visit a website and stored locally on your device (PC, notebook, tablet, smartphone, etc.).

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that websites and servers can use to associate the specific web browser in which the cookie was stored. This enables visited websites and servers to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognized and identified via the unique cookie ID. This information is used to automatically recognize you when you visit the website again using the same device and to make navigation easier for you.

You can also consent to or reject cookies – including for web tracking – via your web browser settings. You can configure your browser to refuse cookies altogether or to inform you in advance when a cookie is about to be saved. In this case, however, the functionality of the website may be impaired (for example, when placing orders). Your browser also offers a function for deleting cookies (for example, via "Delete browsing data"). This is possible in all common web browsers. Further information on this can be found in the user manual or in your browser settings.

First-party cookies: First-party cookies are persistent cookies that are stored on the computer and only expire after their assigned expiration date. The word "party" refers to the domain from which the cookie originates. Unlike third-party cookies, first-party cookies usually originate from the website operator themselves. They are therefore not accessible by browsers across domains. For example, website A issues cookie A, which is not recognized by website B, but can only be recognized by website A. This means that data cannot be passed on to third parties.

Third-party cookies: With a third-party cookie, the cookie is set and recorded by a third party. These cookies are typically used by advertisers who collect information about website visitors through their advertisements on other websites. These are data records that are stored in the user's web browser when they visit a page containing the advertisement. If they visit a page with an advertisement from the same provider again, they are recognized.

Resavio® booking system for “das Freytag”

We use Resavio®, a service provided by Lehnen Websolutions GmbH & Co. KG, Am Dürener Weg 82, 52355 Düren, for online room reservations. Clicking the corresponding button will open a new browser window where you can make a room reservation.

If you would like to book a room with us, you will be required to provide your personal information to process your booking. This information will be entered into an input mask, transmitted to us, and stored.

The types of data collected during your booking or stay can be found in the respective input fields. This includes, among other things, your first name and last name, your contact details, your payment details, etc. We use the collected data primarily to process your hotel booking, provide the booked services, communicate with you, and for billing purposes. The legal basis is Art. 6 (1) (b) GDPR. Regarding any data you may have provided voluntarily, the legal basis for processing is Art. 6 (1) (a) GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years after the contract has been executed. However, after six years we restrict processing, i.e. your data will only be used to comply with legal obligations. If a continuing obligation exists between us and the user, we will store the data for the entire term of the contract and for a period of ten years thereafter (see above). With regard to voluntarily provided data, we will delete the data six years after the contract has been executed, provided no further contract is concluded with the user during this time; in this case, the data will be deleted six years after the last contract has been executed.

If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller's database. With regard to voluntary data, you can revoke your consent to the controller at any time. In this case, the voluntary data will be deleted immediately.

Information on data protection at Lehnen Websolutions GmbH & Co. KG can be found here: https://resavio.com/de/datenschutz

OnePageBooking booking system for "HUB APARTMENTS", "sylc.", "Apartment040" & "Hood House"

For online room reservations, we use the OnePageBooking service provided by HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin. Clicking the corresponding button will open a browser window that redirects you to the corresponding OnePageBooking website.

The legal basis is Art. 6 (1) (b) GDPR. Regarding any data you may have provided voluntarily, the legal basis for processing is Art. 6 (1) (a) GDPR.

Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/

Newsletterversand

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected or is collected only on a voluntary basis. We use this data exclusively for sending the requested information and for the purposes of statistical analysis of newsletter campaigns.

When you open a sent email, a file contained in the email (a so-called "web beacon") connects to our servers. This allows us to determine whether a newsletter message has been opened and how many links have been clicked. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not wish to have your data analyzed, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message.

Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers after you unsubscribe. Data stored by us for other purposes remains unaffected.

Gstatic

Auf unserer Webseite wird ein Webservice des Unternehmens Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (nachfolgend: Gstatic) nachgeladen. Wir nutzen diese Daten, um die volle Funktionalität unserer Webseite zu gewährleisten. In diesem Zusammenhang wird Ihr Browser ggf. personenbezogene Daten an Gstatic übermitteln.

The legal basis for the use of this web service is your consent in accordance with Art. 6 (1) (a) GDPR.

You can prevent the collection and processing of your data by Gstatic by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The data will be deleted once the purpose for which it was collected has been fulfilled. Further information on how transferred data is handled can be found in Google's privacy policy: https://policies.google.com/privacy

Google Tag Manager

We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags via a single interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, this deactivation remains in effect for all tracking tags implemented with Google Tag Manager.

For more information about Google Tag Manager and Google's privacy policy, please visit the following link: https://policies.google.com/privacy

Google Analytics

If you have given your consent, this website uses Google Analytics, a web analysis service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

1. Umfang der Verarbeitung

Google Analytics uses cookies that enable analysis of your use of our website. The information collected through cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use Google Signals. This allows Google Analytics to collect additional information about users who have enabled personalized ads (interests and demographic data), and ads can be delivered to these users in cross-device remarketing campaigns.

We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, the following data is collected, among others:

the pages you visit, your “click path”
Achievement of “website goals” (conversions, e.g. newsletter registrations, downloads, purchases)
Your user behavior (e.g. clicks, dwell time, bounce rates)
Your approximate location (region)
Your IP address (in abbreviated form)
technische Informationen zu Ihrem Browser und den von Ihnen genutzten Endgeräten (z.B. Spracheinstellung, Bildschirmauflösung)
Your internet provider
the referrer URL (from which website/advertising medium you came to this website)

2. Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous [NOT USING A USER ID]) use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

3. Recipient

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as the data processor. We have entered into a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and possibly US authorities may access the data stored by Google.

4. Transfer to third countries

A transfer of data to the USA cannot be ruled out.

5. Storage period

Die von uns gesendeten und mit Cookies verknüpften Daten werden nach 14 Monaten automatisch gelöscht. Die Löschung von Daten, deren Aufbewahrungsdauer erreicht ist, erfolgt automatisch einmal im Monat.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

a. Do not give your consent to the setting of the cookie or

b. Download and install the browser add-on to deactivate Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de

You can also prevent cookies from being saved by selecting the appropriate settings in your browser. However, if you configure your browser to reject all cookies, some functionality on this and other websites may be restricted.

6. Legal basis and right of revocation

Your consent is required for this data processing, Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings [LINK TO THE CONSENT TOOL'S SETTING OPTIONS HERE] and changing your selection there.

Further information on Google Analytics terms of use and Google's privacy policy can be found at https://www.google.com/analytics/terms/de.html and at https://policies.google.com/?hl=de

Google Maps

This website uses the Google Maps service to display maps or map sections, thus enabling you to conveniently use the map function on the website. The Google Maps Geocoding API is used to determine and display locations. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. Furthermore, the data specified in the "Access Data" section is transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be assigned to your Google profile, you must log out before activating the button.

The legal basis for the use of Google Maps is your consent in accordance with Art. 6 (1) (a) GDPR. We have no knowledge of the storage period at Google and have no influence over it.

Further information on the purpose and scope of processing by the plug-in provider can be found in Google's privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy

Further information on the Google Maps terms of use can be found at: https://www.google.com/intl/de_de/help/terms_maps.html

Google Fonts

Google Fonts (https://fonts.google.com/) are used to visually enhance the display of various information on this website. The web fonts are transferred to the browser's cache when the page is accessed so that they can be used for display purposes.

Beim Aufruf der Seite werden beim Webseiten-Besucher keine Cookies gespeichert. Daten, die im Zusammenhang mit dem Seitenaufruf übermittelt werden, werden auf ressourcenspezifische Domains wie fonts.googleapis.com oder fonts.gstatic.com gesendet. Sie werden nicht mit Daten in Verbindung gebracht, die ggf. im Zusammenhang mit der parallelen Nutzung von authentifizierten Google-Diensten wie Gmail erhoben oder genutzt werden.

You can prevent the collection and processing of your data by this web service by refusing your consent when accessing the website, disabling execution in your browser, or installing a script blocker in your browser. If your browser does not support Google Fonts or you prevent access to Google servers, the text will be displayed in the system's default font.

The legal basis for the use of this web service is your consent in accordance with Art. 6 (1) (a) GDPR.

Informationen zu den Datenschutzbedingungen von Google Fonts erhalten Sie unter: https://developers.google.com/fonts/faq#Privacy

General information on data protection is available in the Google Privacy Center at: https://policies.google.com/privacy

Google Ads

We use "Google Ads" (formerly Google AdWords) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers using advertising on external websites. This allows us to determine the success of individual advertising measures. These advertising materials are delivered by Google via so-called "ad servers." For this purpose, we use so-called ad server cookies, which enable us to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies generally expire after 30 days. They are not intended to identify you personally. The following information is generally stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be contacted). These cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be tracked across the Ads customers' websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular, we cannot identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through the use of Google Ads. To the best of our knowledge, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you have a Google user account and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or are not logged in, there is a possibility that Google will obtain and store your IP address.

We use Google Ads for marketing and optimization purposes, in particular to display relevant and interesting ads for you, improve campaign performance reports, and ensure fair calculation of advertising costs. The legal basis for the use of Google Ads is your consent in accordance with Art. 6 (1) (a) GDPR.

You can prevent the installation of these cookies by refusing your consent to the storage of these cookies when entering the website, by deleting existing cookies or by deactivating the storage of cookies in your web browser settings. We would like to point out that in this case you may not be able to use all of the functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser so that cookies from the domain "www.googleadservices.com" are blocked (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. You can also deactivate interest-based advertising via the link http://optout.aboutads.info. We would like to point out that this setting will also be deleted if you delete your cookies.

Third-party information: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Further information on data usage by Google, settings and objection options as well as data protection can be found on the following Google websites:

Google Website Statistics: https://services.google.com/sitestats/de.html

Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, we and Google can determine whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked and how often, and which products were viewed or purchased most frequently. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that could personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

The legal basis for the use of Google Conversion Tracking is your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time.

For more information about Google Conversion Tracking, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google DoubleClick

Our website loads a web service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: DoubleClick). We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to DoubleClick.

You can prevent the collection and processing of your data by DoubleClick by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The legal basis for the use of Google DoubleClick is your consent in accordance with Art. 6 (1) (a) GDPR.

The data will be deleted once the purpose for which it was collected has been fulfilled. Further information on how the transferred data is handled can be found in DoubleClick's privacy policy: https://policies.google.com/privacy

Google

Our website loads a web service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The legal basis for the use of this web service is your consent in accordance with Art. 6 (1) (a) GDPR.

Microsoft Advertising (ehemals Bing Ads)

Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Advertising will place a cookie on your computer if you have reached our website via a Microsoft Advertising ad. This way, Microsoft Advertising and we can recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined landing page (conversion page). We only learn the total number of users who, for example, clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is disclosed. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this purpose - for example, by using a browser setting that generally deactivates the automatic setting of cookies.

The legal basis for the use of Microsoft Advertising is your consent in accordance with Art. 6 (1) (a) GDPR.

For more information about data protection and the cookies used by Microsoft Bing, please visit the Microsoft website:

https://privacy.microsoft.com/de-de/privacystatement

Facebook Pixel and Facebook Custom Audiences

On our website we use the so-called "Facebook Pixel" from the company "Facebook" (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). With the Facebook Pixel, we can classify visitors to our website into specific target groups in order to display corresponding advertising ("ads") to you on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked, possibly pixel IDs and other characteristics) cannot be viewed by us, but can only be used to display certain advertisements. Cookies are also set when the Facebook Pixel code is used.

If you have a Facebook account and are logged in, your visit to this website will be associated with your Facebook user account.

We also use the "Custom Audiences" remarketing feature from Facebook. This allows website users to be shown interest-based advertisements ("Facebook Ads") when they visit Facebook or other websites that also use this technology. This is done in our interest to show you advertising that matches your interests and thus make our website more interesting for you.

In order to exchange the respective data, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected through the use of this tool by Facebook and therefore inform you according to our current state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page on our website or clicked on one of our advertisements. If you are registered with a "Facebook" service, "Facebook" can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and save your IP address and other identification features.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel

More information about Facebook's data policy can be found at https://www.facebook.com/policy.php

Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy

We use these functions to provide you with advertising that matches your interests.

We process your data because you have consented to this (Art. 6 (1) (a) GDPR) or because we have a legitimate interest in processing the data (Art. 6 (1) (f) GDPR).

We store your data as long as we need it for the respective purpose (displaying interest-based advertising) or as long as you have not objected to the storage of your data or withdrawn your consent.

Logged-in users can deactivate the “Facebook Custom Audiences” function at https://www.facebook.com/settings/?tab=ads#.

You can change your Facebook ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged in to Facebook.

Optinmonster

OptinMonster is a plugin from Retyp LLC, 7732 Maywood Crest Dr., West Palm Beach, FL 33412, USA. This allows us to provide our visitors with additional offers via pop-up layers on our website, for example, allowing them to enter their email address for a newsletter or to inform them about promotions.

OptinMonster uses cookies for this purpose. Personal data is only collected through an active action by the customer (e.g., the customer signs up for a newsletter via a popup). OptinMonster does not store the collected data on its own servers, but forwards such data directly to us.

The legal basis for the use of OptinMonster is Art. 6 (1) (f) GDPR. We have a legitimate interest in providing visitors to our website with additional offers. The data entered into a form is processed exclusively on the basis of the consent granted, Art. 6 (1) (a) GDPR. The consent granted to the use and storage of the data can be revoked at any time. The revocation does not affect the legality of the data processing already carried out.

Wir haben mit OptinMonster einen Vertrag zur Auftragsverarbeitung abgeschlossen, in dem wir OptinMonster zum Schutz Ihrer Daten nach den geltenden Bestimmungen der DSGVO verpflichten.

The setting of cookies required for the use of the plug-in can be prevented by, for example, deleting existing cookies and deactivating the automatic setting of cookies in the web browser settings.

For more information and details on how OptinMonster handles personal data, please see OptinMonster's privacy policy: https://optinmonster.com/privacy/.

Taboola

This website uses technologies from Taboola, Inc., 1115 Broadway, 7th Floor, New York, NY 10010, USA. Taboola uses cookies to determine which content you use and which of our websites you visit when you clicked on a Taboola ad and came to our website.

This process is used to evaluate the effectiveness of advertisements for statistical and market research purposes and can help optimize future advertising measures. These usage profiles do not allow any conclusions to be drawn about you personally and are anonymous to us.

Taboola collects the following user information using cookies:

User's operating system
Websites accessed/content on our websites
Referrer/link through which the user came to our website
Time and number of website visits
Viewing error pages
Location information (city and state)
IP addresses in abbreviated form

The legal basis for the use of this web service is your consent in accordance with Art. 6 (1) (a) GDPR.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website. You can also prevent the installation of cookies by setting your browser software accordingly. Please note that if you do this, you may not be able to fully use all the functions of our website. This varies from browser to browser.

For more information about Taboola, please visit https://www.taboola.com/policies/privacy-policy

There, you can deactivate tracking at any time in the "User Choices and Opting Out" section. Once you have opted out, you will no longer receive personalized content or advertising.

TrustYou

This website uses tools to load current customer reviews of our hotel from the review portal trustyou.de (TrustYou GmbH, TrustYou Headquarters, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich) and display them on the website. For this purpose, the IP address is transmitted to the review portal's server. Customer reviews are displayed in the interest of providing comprehensive, unbiased information about our hotel.

The TrustYou widget is used in the interest of presenting the reviews of our hotel submitted on TrustYou.

The legal basis for the use of the TrustYou widget is your consent in accordance with Art. 6 (1) (a) GDPR.

For more information on how TrustYou handles user data, please see TrustYou’s privacy policy at:

https://www.trustyou.com/downloads/privacy-policy.pdf

Name und Anschrift des Verantwortlichen:

The controller within the meaning of the EU General Data Protection Regulation (EU GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

SICON Hospitality GmbHKühnehöfe 322761 HamburgGermany

Tel.: 49 (0) 40 298 439 0E-Mail: info@sicon-hospitality.de

Managing Director: Holger Siegel, Dipl.-Ing. | Franco Esposito

Name and address of the data protection officer:

SHIELD GmbH

Martin Vogel

Ohlrattweg 5

25497 Prisdorf

Telephone: 49 (0) 4101 80 50 600

E-Mail: info@shield-datenschutz.de

Hamburg, July 2021

Information about the hoster:

Amazon Web Services (AWS) Germany GmbHKrausenstr. 3810117 BerlinGermany The Amazon Web Services servers used to store the data are located in the territory of the Federal Republic of Germany in Frankfurt/Main and

are subject to the data protection laws of the national and European legislators. Amazon Web Services also handles your data in accordance with

the relevant legal provisions. The Amazon Web Services privacy policy can be accessed at the following link: https://aws.amazon.com/de/privacy/

Changes to the privacy policy

We reserve the right to modify our privacy practices and this Privacy Policy from time to time to reflect changes in applicable laws or regulations or to better meet your needs. We will post any changes to our privacy practices here. Please check the most recent version of this Privacy Policy for updates.

Our social media presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. You can find the specific social networks we use below.

Social networks such as Facebook, Twitter, etc. can generally comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g., Like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles that reflect your preferences and interests. This allows them to display interest-based advertising both within and outside of the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details on this can be found in the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presence is intended to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Verantwortlicher und Geltendmachung von Rechten

If you visit one of our social media sites (e.g., Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations initiated during this visit. You can generally assert your rights (rights to information, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) both against us and against the operator of the respective social media platform (e.g., Facebook).

Please note that despite our shared responsibility with the social media portal operators, we do not have full influence over the data processing practices of the social media portals. Our options depend largely on the company policies of the respective provider.

Storage period

The data we collect directly via your social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—in particular, retention periods—remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policy, see below).

Social networks in detail

Facebook

Wir verfügen über ein Profil bei Facebook. Anbieter dieses Dienstes ist die Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland. Die erfassten Daten werden nach Aussage von Facebook auch in die USA und in andere Drittländer übertragen.

We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing activities we and Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details entnehmen Sie der Datenschutzerklärung von Facebook: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal data, please see Instagram’s privacy policy: https://help.instagram.com/519522125107875.

We have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

Wenn Sie LinkedIn-Werbe-Cookies deaktivieren möchten, nutzen Sie bitte folgenden Link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details zu deren Umgang mit Ihren personenbezogenen Daten entnehmen Sie der Datenschutzerklärung von LinkedIn: https://www.linkedin.com/legal/privacy-policy.