r

Data Protection

according to the DSGVO

We appreciate your visit to the ATLANTIC Hotels website and your interest in our company and our technical and organizational data protection measures. The confidentiality of your personal data and compliance with data protection regulations are important to us. In the context of this privacy policy, we would like to inform you which of your personal data we collect, process and use, and how you can exercise your rights. We therefore ask you to read the following statements carefully.

Our data protection officer and the entire ATLANTIC Hotels team ensure compliance with data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new), which has been in force since 25 May 2018. The privacy policy can be accessed at any time via the tab "Data Protection" at the bottom of our website.

The responsible party, within the meaning of basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

ATLANTIC Hotels Management GmbH
Ludwig-Roselius-Allee 2
28329 Bremen
Deutschland
Telephone: +49 (0) 421 944888-0
Telefax: +49 (0) 421 944888-552
Email: info@atlantic-hotels.de
Website: https://www.atlantic-hotels.de

The data protection officer of the responsible party is:

Martin Mielke
3G Business Datenschutz GmbH
Mailing address:
Michaelkirchplatz 5
10179 Berlin
Telephone: +49 (0) 162 1007910
Email: mielke@3g-business.de

1. Scope of processing of personal data

We collect and use personal data from our users principally only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data takes place regularly, only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is required for our company, art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, art. 6 (1) (f) GDPR serves as legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage expires. Additional storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  1. Information about the browser type and the version used
  2. The operating system of the users
  3. The Internet service provider of the user
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user's system accesses our website
  7. Websites accessed by the user's system through our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

3. Purpose of the data processing

The temporary storage by the system of the IP address is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

We have a justified interest in the processing of data for this purpose, according to Art. 6 (1) (f) GDPR.

In diesen Zwecken liegt auch unser berechtigtes Interesse an der Datenverarbeitung nach Art. 6 Abs. 1 lit. f DSGVO.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the session is completed. In the case of storing the data in log files, data is stored for no more than seven days. After one day, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.

5. Objection and removal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after switching pages. In addition, we use cookies on our website that allow an analysis of users' browsing behavior.

In this way, the following data is transmitted:

  1. IP address, age, gender, interests
  2. activities on the website during the visit
  3. frequency of page views
  4. use of website features
  5. origin / visitor source

Technical precautions pseudonymize the data of the users collected in this way. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.

3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after switching pages. The user data collected through technically necessary cookies will not be used to create user profiles. The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our services offered.

4. Duration of storage, objection and removal options

Cookies are stored on the computer of the user and transmitted by it to our page. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fuly use all the functions of the website.

1.    Beschreibung und Umfang der Datenverarbeitung

Auf unserer Internetseite besteht die Möglichkeit einen kostenfreien Newsletter zu abonnieren, der in regelmäßigen Abständen Kunden und Geschäftspartner über Angebote des Unternehmens und Neuigkeiten informiert. Dabei werden bei der Anmeldung zum Newsletter die Daten aus der Eingabemaske an uns übermittelt. Die Eingabe der E-Mail-Adresse sowie die Auswahl des Newsletters ist hierbei Pflicht. Optional kann die Anrede, der Titel, der Vor- und Nachname angegeben werden.

Zudem werden folgende Daten bei der Anmeldung erhoben:

  1. IP-Adresse des aufrufenden Rechners
  2. Datum und Uhrzeit der Registrierung
  3. URL
  4. Datum/Uhrzeit und IP der Bestellung

Für die Verarbeitung der Daten wird im Rahmen des Anmeldevorgangs Ihre Einwilligung eingeholt und auf diese Datenschutzerklärung verwiesen.

Wenn Sie auf unserer Internetseite Waren oder Dienstleistungen erwerben und hierbei Ihre E-Mail-Adresse hinterlegen, kann diese in der Folge durch uns für den Versand eines Newsletters verwendet werden. In einem solchen Fall wird über den Newsletter ausschließlich Direktwerbung für eigene ähnliche Waren oder Dienstleistungen versendet.

Für die Abwicklung des Versands des Newsletters ist das Unternehmen CleverReach GmbH & Co. KG beauftragt. Das Unternehmen bietet vertraglich zugesicherte Garantien dafür, dass geeignete technische und organisatorische Maßnahmen so durchgeführt werden, dass die Verarbeitung im Einklang mit der EU-DSGVO erfolgt und den Schutz der Rechte der betroffenen Person gewährleistet.
Die Daten werden ausschließlich für den Versand des Newsletters verwendet. Im Zusammenhang mit der Datenverarbeitung für den Versand von Newslettern erfolgt keine Weitergabe der Daten an Dritte.

2. Rechtsgrundlage für die Datenverarbeitung

Rechtsgrundlage für die Verarbeitung der Daten nach Anmeldung zum Newsletters durch den Nutzer ist bei Vorliegen einer Einwilligung des Nutzers Art. 6 Abs. 1 lit. a DSGVO sowie für die Datenverarbeitung im Rahmen des Newsletter-Tracking Art. 6 Abs. 1 lit. f DSGVO.

3. Zweck der Datenverarbeitung

Die Erhebung der E-Mail-Adresse des Nutzers dient dazu, den Newsletter zuzustellen. Die Erhebung sonstiger personenbezogener Daten im Rahmen des Anmeldevorgangs dient dazu, den Nutzer persönlich anzusprechen. Die Angabe weiterer personenbezogener Daten ist freiwillig.

4. Dauer der Speicherung

Die Daten werden gelöscht, sobald sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind. Die E-Mail-Adresse des Nutzers sowie die während des Anmeldevorgangs optional angegebenen personenbezogenen Daten werden demnach solange gespeichert, wie das Abonnement des Newsletters aktiv ist.

5. Widerspruchs- und Beseitigungsmöglichkeit

Das Abonnement des Newsletters kann durch den betroffenen Nutzer jederzeit gekündigt werden. Zu diesem Zweck findet sich in jedem Newsletter ein entsprechender Abmelde-Link.
Die E-Mail-Adresse des Nutzers sowie die im Anmeldevorgang erhobenen personenbezogenen Daten werden bei einem Widerspruch (Abmelden) sofort gelöscht.

Zudem können Sie jederzeit der Speicherung Ihrer Daten für die Zukunft über newsletter@atlantic-hotels.de widersprechen. Ihre Daten werden daraufhin umgehend gelöscht und Sie erhalten keinen Newsletter mehr.

6. Newsletter-Tracking

Der Newsletter enthält ein sogenanntes Zählpixel. Ein Zählpixel ist eine transparente 1x1 Pixel Grafik, die in der E-Mail eingebettet wird. Dies ist ausschließlich in HTML-Mails möglich, nicht in reinen Text-Mails, und ermöglicht die Aufzeichnung einer Logdatei-Analyse. Dadurch kann eine statistische Auswertung des Erfolges oder Misserfolges von Online-Marketing-Kampagnen durchgeführt werden. Anhand des eingebetteten Zählpixels kann die ATLANTIC Hotels Management GmbH erkennen, ob und wann eine E-Mail von einer betroffenen Person geöffnet wurde und welche in der E-Mail befindlichen Links von der betroffenen Person aufgerufen wurden.

Solche über die in den Newslettern enthaltenen Zählpixel erhobenen personenbezogenen Daten werden von dem für die Verarbeitung Verantwortlichen gespeichert und ausgewertet, um den Newsletterversand zu optimieren und den Inhalt zukünftiger Newsletter noch besser den Interessen der betroffenen Person anzupassen. Diese personenbezogenen Daten werden nicht an Dritte weitergegeben. Betroffene Personen sind jederzeit berechtigt, die diesbezügliche gesonderte, über das Double-Opt-In-Verfahren abgegebene Einwilligungserklärung zu widerrufen. Nach einem Widerruf werden diese personenbezogenen Daten von dem für die Verarbeitung Verantwortlichen gelöscht. Eine Abmeldung vom Erhalt des Newsletters deutet die ATLANTIC Hotels Management GmbH automatisch als Widerruf.

Öffnungen, Klicks, Abmeldungen, Bounces etc. werden als Aktivität für den jeweiligen Empfänger gespeichert. Diese Daten sind je angeschriebenem Empfänger im Empfängerdatensatz einsehbar. Sie haben eine Vorhaltezeit von bis zu sechs Monaten und werden anschließend wieder gelöscht. Es können dann keine Auswertungen, FollowUp-Kampagnen o. ä. mehr durchgeführt werden.

Auch im Reportbereich werden die Daten nicht dauerhaft gespeichert. Reports, welche älter als ein Jahr sind, werden vom System aus automatisch archiviert. Die archivierten Reports sind weiterhin durch die ATLANTIC Hotels Management GmbH einsehbar, allerdings erfolgt hier keine Auswertung personalisierter Daten. Diese sind lediglich bis zu sechs Monate nach Versand des Newsletters ersichtlich.

1. Description and scope of data processing

On our website, we offer users the opportunity to register in connection with the online booking by providing personal information. The data is entered into an input mask and transmitted to us. The data is processed and stored by our service provider Quality Reservations Deutschland GmbH and their partner SHS Sabre Hospitality. The Company provides guarantees under contract to ensure that appropriate technical and organizational measures are taken to ensure that the processing complies with the EU GDPR and ensures the protection of the data subject's rights. A transfer of data to third parties does not take place.

The following data is collected during the registration process:

Required Fields::

  1. Title
  2. First name
  3. Last name
  4. E-mail address
  5. Password
  6. Security question / answer
  7. Telephone number for inquiries

Optional information:

  1. Company
  2. Country
  3. Billing address
  4. City
  5. Postal code
  6. State / province

At the time of registration, the following data will also be stored:
Date and time of registration

2. Legal basis for data processing

The registration serves the fulfillment of a contract of which the user is a party or the implementation of pre-contractual measures. The legal basis for processing the data is Art. 6 (1) (b) GDPR.

3. Purpose of the data processing

Registration of the user is required for providing certain content and services on our website or for the fulfillment of a contract. The user has the possibility to create a customer account before or during a booking. The creation of a customer account facilitates the booking process for repeated bookings, since after logging in, the data stored by the user in the booking mask are filled out. In addition, a registered user has the opportunity to look up their current bookings with e-mail and password. When making an online booking, the user is asked to provide his e-mail address, title, salutation, first name, last name and telephone number. The processing and storage of the data is required for the processing of the booking, among other things to clarify inquiries about the booking.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case for the data collected during the registration process to fulfill a contract or to carry out pre-contractual measures, if the data is no longer necessary for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data from the contracting party in order to comply with contractual or legal obligations.

5. Objection and removal possibility

You can cancel the registration at any time or change the data you have stored. To do this, please send an e-mail to info@atlantic-hotels.de. If the data are necessary for the fulfillment of a contract or for the execution of precontractual measures, a premature deletion of the data is only possible, as far as contractual or legal obligations do not preclude a deletion.

1. Description and scope of data processing

On our website contact forms are available, which can be used for electronic communication. If a user uses this option, the data entered into the input mask will be transmitted to us and saved. Required data is:

Hotel websites on www.atlantic-hotels.de

  1. Subject
  2. Salutation
  3. First name
  4. Last name
  5. Telephone number
  6. E-mail address
  7. Message

Optionally, there is the possibility to select the mentioned hotel, to provide the title, company name and fax number as well as to register for our newsletter.

At the time of sending the message, the following data is also stored:
Date and Time

For the processing of the data, your consent is obtained in the context of the sending process and reference is made to this privacy statement. Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data that are transmitted by e-mail will be stored. In this context, data is not passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) (a) GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 (1) (b) GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask serves us only to establish contact with the user. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

5. Objection and removal possibility

The user has the option at any time to revoke his or her consent to the processing of the personal data. If the user contacts us by e-mail, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation can not continue. You can always object to the storing of your data for the future by contacting info@atlantic-hotels.de, by mail to ATLANTIC Hotels Management GmbH, Ludwig-Roselius-Allee 2, 28329 Bremen or by phone +49 (0) 421 944888-0. All personal data stored in the course of the conversation will be deleted in this case.

If your personal data are processed, you are the person affected within the meaning of  GDPR and you have the following rights vis-à-vis the data controller:

1. Right to information
You may ask the person responsible to confirm whether personal data concerning you is processed by us.
If your data is being processed, you can request information from the person responsible about the following information:

  1. the purposes for which the personal data are being processed;
  2. the categories of personal data being processed;
  3. the recipients or the categories of recipients to whom personal data concerning you have been disclosed or are being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  5. the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the data controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data, if the personal data is not collected from the data subject;
  8. the existence of automated decision-making, including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information is passed on to a third country or an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and / or completion by the data controller, if your personal data being processed is incorrect or incomplete. The responsible person must make the correction immediately.

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

  1. if you contest the accuracy of the information relating to you for a period of time, that allows the data controller to verify the accuracy of your personal information;
  2. the processing is unlawful and you refuse the deletion of the personal data and instead demand restriction of the use of your personal data;
  3. the data controller no longer needs the personal data for the purposes of processing, but you need it in order to assert, exercise or defend legal claims; or
  4. if you have objected to the processing pursuant to Art. 21 (1) GDPR, and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of important public interests of the Union or a Member State. If the restriction of processing was restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Obligation to delete

You may demand that the controller delete your personal information immediately, and the controller is required to delete that information immediately if one of the following is true:

  1. Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent, which the processing was based on according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for processing.
  3. You object to the processing according to Art. 21 (1) GDPR and there are no prior justifiable reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.
  4. Your personal data have been processed unlawfully.
  5. The deletion of personal data concerning you is required, in order to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you were collected in relation to information society services, pursuant to Article 8 (1) of the GDPR.

b) Information to third parties

If the data controller has made the personal data concerning you public and is required to delete them according to  Article 17 (1) of the GDPR, he must take appropriate measures, including technical means, with due regard to available technology and implementation costs, to inform data controllers that you, the data subject, have requested the deletion of all links to such personal data or copies or replications of this personal data.

Exceptions

The right to erasure is not in force if the processing is necessary:

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. to assert, exercise or defend legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of processing to the controller, he / she is obliged to notify all recipients, to whom your personal data have been disclosed, of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort. You have a right to be informed about these recipients by the data controller.

6. Right to Data Portability

You have the right to receive personally identifiable information that you provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

  1. the processing is based on consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract according to Art. 6 (1) (b) GDPR
  2. the processing is done by automated means.

In exercising this right, you also have the right to obtain that your personal data are transmitted directly from one controller to another, as far as technically feasible. This situation should not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data, which occurs pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, to exercise your right to object through automated procedures that use technical specifications.

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent before the revocation.

9. Automated decision in individual cases, including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or negatively affect you in a similar manner. This does not apply if the decision

  1. is required for the conclusion or performance of a contract between you and the controller,
  2. is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  3. occurs with your express consent.
  4. However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) apply, and reasonable measures have been taken to protect your rights and freedoms and your legitimate interests.
  5. With regard to the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from the side of the controller, to present the case and to challenge the decision.
  6. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen (State Data Protection and Freedom of Information Officer)
Arndtstraße 1, 27570 Bremerhaven
Tel.: +49 471 596 2010 oder +49 421 361 2010
Fax: +49 421 496 18495
E-Mail: office@datenschutz.bremen.de

1. Description and scope of data processing

On our website, we offer users the opportunity to buy vouchers, for certain values or services, by providing personal information. The data is entered into an input mask and transmitted to us and stored. The company Ongus Internet GmbH from Austria is responsible for processing and sending the voucher. Ongus Internet GmbH signed a data processing agreement with us. The collected data will be used exclusively for the delivery of the voucher. Furthermore, there is no disclosure of data to third parties.

The following data is collected as part of the voucher order:

Required Fields:

  1. First name
  2. Last name
  3. Street
  4. Postal code
  5. City
  6. Country
  7. E-Mail
  8. Payment method

Optional:

  1. Company
  2. Phone number
  3. E-mail address of additional coupon recipients
  4. Gift message (For, From, Message)

At the time of the voucher order, the following data is also stored:

  1. The IP address of the user
  2. Date and time of booking
  3. Order number
  4. Coupon code
  5. Value
  6. Transaction number

2. Legal basis for data processing

The legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) (a) GDPR. If the registration serves the fulfillment of a contract of which the user is a party or the implementation of pre-contractual measures, then additional legal basis for the processing is Art. 6 (1) (b) GDPR.

3. Purpose of the data processing
Registration of the user is necessary to fulfill a contract with the user or to carry out pre-contractual measures. When making a voucher order, the user is requested to provide personal data. The processing and storage of the data is necessary for the processing of the coupon delivery, among other things, to clarify inquiries about the booking or to allocate the payment.  

4. Duration of storage

The data will be deleted as soon as the warranty periods and the storage for tax purposes allow it.

5. Opposition and removal possibility

If the data are necessary for the fulfillment of a contract or for the execution of pre-contractual measures, a premature deletion of the data is only possible, as far as contractual or legal obligations do not preclude a deletion.

1. Description and scope of data processing

On our website, we offer users the opportunity to make a table reservation in a restaurant, by providing personal information. The data is entered into an input mask and transmitted to us and stored. This service is provided by the service provider Bookatable GmbH & Co. KG in Hamburg, Germany. The Company provides guarantees under contract to ensure that appropriate technical and organizational measures are taken to ensure that the processing complies with the EU GDPR and ensures the protection of the data subject's rights. A transfer of data to third parties does not take place.

The following data is collected during the registration process:

  1. First name
  2. Last name
  3. E-mail address
  4. Telephone number

At the time of online table reservation, the following data is also stored

  1. The IP address of the user
  2. Date and time of registration

Im Zuge der Tischreservierung hat der Nutzer die Möglichkeit sich zeitgleich zu dem Restaurant-Newsletter zu registrieren. Hierbei gelten die Regelungen wie unter XII Restaurant-Newsletter & Mittagstisch-Newsletter beschrieben.

2. Legal basis for data processing

Legal basis for the processing of the data if consent of the user is at hand is Art. 6 (1) (a) GDPR. If the registration serves the fulfillment of a contract of which the user is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The collection of personal data in the context of the table reservation is necessary for the operational processes of the restaurant concerned.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case for the data collected during the registration process to fulfill a contract or to carry out pre-contractual measures, if the data is no longer necessary for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data from the contracting party in order to comply with contractual or legal obligations.

5. Objection and removal possibility

As a user, you have the option to cancel the registration at any time. You can change the data stored about you at any time. The e-mail address of the user and the personal data collected in the registration process will be deleted immediately in the event of an objection (unsubscribe). You can object to the storage of your data for the future at the e-mail address of the respective restaurant, postal address or telephone number. Your data will be deleted immediately. If the data are necessary for the fulfillment of a contract or for the execution of pre-contractual measures, a premature deletion of the data is only possible, as far as contractual or legal obligations do not preclude a deletion.

1. Beschreibung und Umfang der Datenverarbeitung

Auf unserer Internetseite besteht die Möglichkeit einen kostenfreien Restaurant-Newsletter zu abonnieren, der in regelmäßigen Abständen Kunden und Geschäftspartner über Angebote des Restaurants und Neuigkeiten informiert. Dabei werden bei der Anmeldung zum Newsletter die Daten aus der Eingabemaske an uns übermittelt. Die Eingabe der E-Mail Adresse ist hierbei Pflicht. Optional kann die Anrede, der Titel, der Vor- und Nachname angegeben sowie weitere Interessen ausgewählt werden. Darüber hinaus kann der Newsletter im Prozess der Online-Tischreservierung des Restaurant (siehe XI) abonniert werden.

Neben den ersichtlichen Daten in der Eingabemaske werden zudem folgende Daten bei der Anmeldung erhoben:

  1. IP-Adresse des aufrufenden Rechners
  2. Datum und Uhrzeit der Registrierung
  3. URL
  4. Datum und Uhrzeit der Bestellung

Für die Verarbeitung der Daten wird im Rahmen des Anmeldevorgang Ihre Einwilligung eingeholt und auf diese Datenschutzerklärung verwiesen.

Für die Abwicklung des Versands des Newsletters ist das Unternehmen Bookatable GmbH & Co. KG aus Hamburg beauftragt. Das Unternehmen bietet vertraglich zugesicherte Garantien dafür, dass geeignete technische und organisatorische Maßnahmen so durchgeführt werden, dass die Verarbeitung im Einklang mit der EU-DSGVO erfolgt und den Schutz der Rechte der betroffenen Person gewährleistet. Die Daten werden ausschließlich für den Versand des Newsletters verwendet. Es erfolgt keine Weitergabe der Daten an Dritte.

2. Rechtsgrundlage für die Datenverarbeitung

Rechtsgrundlage für die Verarbeitung der Daten nach Anmeldung zum Newsletter durch den Nutzer ist bei Vorliegen einer Einwilligung des Nutzers Art. 6 Abs. 1 lit. a DSGVO sowie für die Datenverarbeitung im Rahmen des Newsletter-Tracking Art. 6 Abs. 1 lit. f DSGVO.

3. Zweck der Datenverarbeitung

Die Erhebung der E-Mail-Adresse des Nutzers dient dazu, den Newsletter zuzustellen. Die Erhebung sonstiger personenbezogener Daten im Rahmen des Anmeldevorgangs dient dazu, den Nutzer persönlich anzusprechen. Die Angabe weiterer personenbezogener Daten ist freiwillig.

4. Dauer der Speicherung

Die Daten werden gelöscht, sobald sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind. Die E-Mail-Adresse des Nutzers wird demnach solange gespeichert, wie das Abonnement des Newsletters aktiv ist.

5. Widerspruchs- und Beseitigungsmöglichkeit

Das Abonnement des Newsletters kann durch den betroffenen Nutzer jederzeit gekündigt werden. Zu diesem Zweck findet sich in jedem Newsletter ein entsprechender Abmelde-Link.
Die E-Mail-Adresse des Nutzers sowie die im Anmeldevorgang erhobenen personenbezogenen Daten werden bei einem Widerspruch (Abmelden) sofort gelöscht. Der Speicherung Ihrer Daten für die Zukunft können Sie zudem unter newsletter@atlantic-hotels.de widersprechen. Ihre Daten werden daraufhin umgehend gelöscht und Sie erhalten keinen Newsletter mehr.

6. Newsletter-Tracking

Der Newsletter enthält ein sogenanntes Zählpixel. Ein Zählpixel ist eine transparente 1x1 Pixel Grafik, die in der E-Mail eingebettet wird. Dies ist ausschließlich in HTML-Mails möglich, nicht in reinen Text-Mails, und ermöglicht die Aufzeichnung einer Logdatei-Analyse. Dadurch kann eine statistische Auswertung des Erfolges oder Misserfolges von Online-Marketing-Kampagnen durchgeführt werden. Anhand des eingebetteten Zählpixels kann die ATLANTIC Hotels Management GmbH erkennen, ob und wann eine E-Mail von einer betroffenen Person geöffnet wurde und welche in der E-Mail befindlichen Links von der betroffenen Person aufgerufen wurden.

Die über die in den Newslettern enthaltenen Zählpixel erhobenen personenbezogenen Daten werden von dem für die Verarbeitung Verantwortlichen gespeichert und ausgewertet, um den Newsletterversand zu optimieren und den Inhalt zukünftiger Newsletter noch besser den Interessen der betroffenen Person anzupassen. Diese personenbezogenen Daten werden nicht an Dritte weitergegeben. Betroffene Personen sind jederzeit berechtigt, die diesbezügliche gesonderte, über das Double-Opt-In-Verfahren abgegebene Einwilligungserklärung zu widerrufen. Nach einem Widerruf werden diese personenbezogenen Daten von dem für die Verarbeitung Verantwortlichen gelöscht. Eine Abmeldung vom Newsletters deutet die ATLANTIC Hotels Management GmbH automatisch als Widerruf.

Öffnungen, Klicks, Abmeldungen, Bounces etc. werden als Aktivität für den jeweiligen Empfänger gespeichert. Diese Daten sind je angeschriebenem Empfänger im Emfängerdatensatz einsehbar. Sie haben eine Vorhaltezeit von bis zu sechs Monaten und werden anschließend wieder gelöscht. Es können dann keine Auswertungen, FollowUp-Kampagnen o. ä. mehr durchgeführt werden.

Auch im Reportbereich werden die Daten nicht dauerhaft gespeichert. Reports, welche älter als ein Jahr sind, werden vom System aus automatisch archiviert. Die archivierten Reports sind weiterhin durch die ATLANTIC Hotels Management GmbH einsehbar, allerdings erfolgt hier keine Auswertung personalisierter Daten. Diese sind lediglich bis zu sechs Monate nach Versand des Newsletters ersichtlich.

1. Umfang der Verarbeitung personenbezogener Daten

Für unser Online-Bewerbungsverfahren nutzen wir ein Plugin des Portals HOTELCAREER der YOURCAREERGROUP, Kaiserswerther Straße 282, 40474 Düsseldorf. Das Unternehmen bietet vertraglich zugesicherte Garantien dafür, dass geeignete technische und organisatorische Maßnahmen so durchgeführt werden, dass die Verarbeitung im Einklang mit der EU-DSGVO erfolgt und den Schutz der Rechte der betroffenen Person gewährleistet. Die Daten werden ausschließlich für das Bewerbungsverfahren verwendet. Es erfolgt keine Weitergabe der Daten an Dritte.

Bei der Online-Bewerbung sind Anrede, Vorname, Nachname, E-Mail-Adresse sowie Angaben zum Lebenslauf und ein Anschreiben Pflichtangaben. Zudem haben Sie die Möglichkeit über das Kontaktformular einen Lebenslauf bzw. ein Anschreiben zu erstellen, weitere digitale Anhänge hochzuladen sowie bewerbungsrelevante Daten zu übermitteln.

Neben der Online-Bewerbung besteht die Möglichkeit eine Stellenausschreibung per E-Mail weiterzuempfehlen. Hierbei ist die Angabe Ihrer E-Mail-Adresse, Ihres Vor- und Nachnamens sowie die E-Mail-Adresse des Empfängers Pflicht.

Sofern Sie auf www.hotelcareer.de ein Profil anlegen und sich bei weiteren Unternehmen bewerben, ist die YOURCAREERGROUP GmbH verantwortlich für die Datenverarbeitungen. Bitte beachten Sie daher auch die dortigen Datenschutzbestimmungen.

2. Rechtsgrundlage für die Verarbeitung personenbezogener Daten

Die ATLANTIC Hotels Management GmbH erhebt, verarbeitet und speichert Ihre Bewerberdaten auf der Grundlage von § 26 Abs. 1 Satz 1 Bundesdatenschutzgesetz 2018 (BDSG 2018) sowie Art. 6 Abs. 1 lit. b und f DSGVO.

3. Zweck der Datenverarbeitung

Die Verarbeitung der personenbezogenen Daten dient uns zur Bearbeitung der Kontaktaufnahme. Die von Ihnen im Rahmen des Bewerbungsverfahrens angegebenen personenbezogenen Daten werden von der ATLANTIC Hotels Management GmbH ausschließlich zum Zwecke der Bewerberauswahl und Bewerbereinstellung verarbeitet und genutzt.

4. Dauer der Speicherung

Sollte Ihre Bewerbung nicht erfolgreich sein, werden Ihre Daten auf der Grundlage von § 15 Abs. 4 Allgemeines Gleichbehandlungsgesetz (AGG) drei Monate nach Abschluss des Bewerbungsverfahrens gelöscht. Siehe hierzu auch XIV. Datenschutzhinweis für den Bewerberprozess.

5. Widerspruchs- und Beseitigungsmöglichkeit

Die über Sie gespeicherten Daten können Sie jederzeit abändern lassen. Zudem haben Sie die Möglichkeit, Ihre Einwilligung zur Verarbeitung der von Ihnen übermittelten Daten zu widerrufen. Senden Sie Ihren Widerruf an bewerbung@atlantic-hotels.de, per Post an ATLANTIC Hotels Management GmbH, Personalabteilung, Ludwig-Roselius-Allee 2, 28329 Bremen oder rufen Sie uns an unter Telefon +49 (0) 421 944888-564. Die Daten werden von uns dann unverzüglich gelöscht. In einem solchen Fall kann die Kommunikation nicht fortgeführt werden.

Sind die Daten zur Erfüllung eines Vertrages oder zur Durchführung vorvertraglicher Maßnahmen erforderlich, ist eine vorzeitige Löschung der Daten nur möglich, soweit vertragliche oder gesetzliche Verpflichtungen einer Löschung nicht entgegenstehen.

Der Schutz Ihrer personenbezogenen Daten ist uns wichtig. Die ATLANTIC Hotels Management GmbH erhebt, verarbeitet und speichert Ihre Bewerberdaten auf der Grundlage von § 26 Abs. 1 Satz 1 Bundesdatenschutzgesetz 2018 (BDSG 2018). Die von Ihnen im Rahmen des Bewerbungsverfahrens angegebenen personenbezogenen Daten werden von der ATLANTIC Hotels Management GmbH ausschließlich für Zwecke der Bewerberauswahl und Bewerbereinstellung verarbeitet und genutzt.

Wir weisen darauf hin, dass die Übermittlung von personenbezogenen Daten über E Mail als unsicher eingestuft wird. Bitte achten Sie darauf, dass Sie lediglich dann Bewerbungsunterlagen per E-Mail zusenden, wenn Sie das Risiko als gering einschätzen. Gerne können Sie weitere Unterlagen, wie zum Beispiel medizinische Gutachten, ärztliche Bescheinigungen, die Sie nicht per E-Mail versenden möchten, per Post zuschicken oder bei dem Vorstellungsgespräch nachreichen.

Folgt auf Ihre Bewerbung der Abschluss eines Vertrages, so werden Ihre Daten im Rahmen der üblichen Organisations- und Verwaltungsprozesse unter Beachtung der einschlägigen rechtlichen Vorschriften, gespeichert und genutzt.

Sollte Ihre Bewerbung nicht erfolgreich sein, werden Ihre Daten auf der Grundlage von § 15 Abs. 4 Allgemeines Gleichbehandlungsgesetz (AGG) drei Monate nach Abschluss des Bewerbungsverfahrens gelöscht.

Sofern Sie eine Initiativbewerbung einreichen wollen oder die ATLANTIC Hotels Management GmbH nach einer nicht erfolgreichen Bewerbung Ihre Bewerbungsunterlagen für weitere freiwerdende Stellen aufbewahren soll, benötigen wir einen schriftlichen Hinweis, dass wir die Bewerbungsunterlagen aufbewahren sollen. Die ATLANTIC Hotels Management GmbH hält Bewerbungen längstens 12 Monate für weitere Einstellungsverfahren vor.

Plugins

The data controller has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about referrers - from which website the user came to the website, which subpages of the website were accessed, or how often and for how long a subpage was viewed. A web analysis is mainly used for optimization of a website and for cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the addition "_gat._anonymizeIp" for web analytics via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject will be shortened and anonymized by Google, if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze streams of visitors on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our websites, and to provide other services related to the use of our website.

Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are has already been explained above. Using this cookie makes it possible for Google to analyze the usage of our website. Each time one of the pages of this website, that is processed by the data controller and where a Google Analytics component is integrated, is accessed, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google receives information about personal data, such as the IP address of the person concerned, which among other things serves Google to track the origin of visitors and clicks, and subsequently to allow commission billing.
The cookie stores personal data, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.

The data subject can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time through the Internet browser or other software programs.
Furthermore, the data subject has the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, the person must download and install a browser add-on at tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must re-install the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Additional information and Google's privacy policy can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

You can prevent collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website: Disable Google Analytics

The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to run ads in both Google search engine results and in the Google advertising network. Google AdWords allows an advertiser to set keywords in advance, that will display an ad on Google's search engine results only when user uses the search engine to retrieve a search result relevant to the key words. In the Google advertising network, ads are distributed on relevant web pages using an automated algorithm and according to pre-defined keywords.

The operating company for the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the search engine Google.

If a data subject comes to our website via a Google ad, a conversion cookie will be stored on the user's information technology system by Google. What cookies are has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. If the conversion cookie has not yet expired, it will be traced whether certain sub-pages, such as the shopping cart from an online shop system, were accessed on our website. The conversion cookie allows both us and Google to understand whether a data subject who came to our website via an AdWords ad generated revenue, i.e. completed or interrupted a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visitor statistics for our website. These visit statistics are then used by us to determine the total number of users who have been sent to us through AdWords ads, in order to determine the success or failure of each AdWords ad and to optimize our AdWords ads for the future. Neither our company nor any other Google AdWords advertiser receives any information from Google that could identify the data subject.

The conversion cookie stores personal information, such as the web pages visited by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.

The affected person can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a conversion cookie on the data subject's information technology system. In addition, a cookie already set by Google AdWords can be deleted at any time through the Internet browser or other software programs.

Furthermore, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the data subject must access the link www.google.com/settings/ads from each of the Internet browsers they use and make the desired settings there.
Additional information and Google's privacy policy can be found at https://www.google.com/intl/en/policies/privacy/.

The data controller has integrated Google Remarketing services into this website. Google Remarketing is a feature of Google AdWords that allows a business to show advertisements to internet users that have previously been on the company's website. The integration of Google Remarketing allows a company to create user-friendly advertising and thus show the Internet user interest-related ads.

The Google Remarketing Services operating company is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to show interest-based advertising. Google Remarketing allows us to display ads through the Google advertising network or other websites tailored to the individual needs and interests of Internet users.
Google Remarketing places a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google will be able to recognize the visitor to our website, if he subsequently accesses websites that are also members of the Google advertising network. With each visit to a website on which Google Remarketing's service has been integrated, the data subject's Internet browser is automatically identified with Google. As part of this technical process, Google receives personal data, such as the IP address or the surfing behavior of the user, which Google uses among other things to display interest-relevant advertising.

The cookie is used to store personal data, such as the websites visited by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.

The affected person can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time through the Internet browser or other software programs.
Furthermore, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the data subject must access the link www.google.com/settings/ads from each of the Internet browsers they use and make the desired settings there.

Additional information and Google's privacy policy can be found at https://www.google.com/intl/en/policies/privacy/.

This site uses the map service Google Maps via an API interface. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this site has no influence on this data transfer. Google Maps is used in order to create an attractive presentation of our online offers and make it easy to find the places that we show on our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. For more information about the handling of user data, please refer to Google's Privacy Policy: https://www.google.com/intl/en/policies/privacy/.

The data controller has integrated YouTube components on this website. YouTube is an internet video portal that allows you to watch video clips for free and also to view, rate and comment on them for free. YouTube allows the publication of all types of videos, so that both complete film and television programs, but also music videos, trailers or user-made videos are available on the Internet portal.

YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each visit to one of the pages of this site, that is operated by the data controller and where a YouTube component (YouTube video) is integrated, the Internet browser on the subject's information technology system will be caused by the particular YouTube component to download an image of the corresponding YouTube component from YouTube. More information about YouTube can be found at www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google receive information about which specific page of our website is visited by the data subject.

When the data subject visits a subpage containing a YouTube video while logged in to YouTube, YouTube recognizes which specific subpage the data subject is visiting. This information is collected by YouTube and Google and attributed to the individual YouTube account of the data subject.
YouTube and Google will always receive information through the YouTube components that the data subject has visited our website, if the data subject is logged into YouTube at the time of access to our website; this happens regardless of whether the person clicks on a YouTube video or not. If the data subject does not want the transmission of this information to YouTube and Google, he or she can prevent this by logging out of his or her YouTube account before accessing our website.

YouTube's privacy policy, available at https://www.google.com/intl/en/policies/privacy/, gives information about the collection, processing, and use of personal data by YouTube and Google.

Payment options

The data controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are made through PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments with credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to make online payments to third parties or to receive payments. PayPal also takes on fiduciary functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects "PayPal" as the payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal information connection with the respective order is also necessary for the execution of a purchase contract.

The purpose of the transmission of the data is payment processing and fraud prevention. The data controller will provide PayPal with personal data, in particular if there is a legitimate interest for the transfer. The personal data exchanged between PayPal and the data controller may potentially be transferred by PayPal to credit reporting agencies. The reason for this transmission is for identity verification and credit checking.

PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations or to process the data on behalf of them. The data subject has the option to revoke the consent to the handling of personal data by PayPal at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing.
PayPal's applicable privacy policy is available at https://www.paypal.com/webapps/mpp/ua/privacy-full.

The data controller has integrated components from SOFORT Banking, from SOFORT GmbH on this website. SOFORT Banking is a payment service that enables cashless payment for products and services on the Internet. SOFORT banking uses a technical process through which the online retailer immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer immediately after the order has been placed.

The operating company of SOFORT Banking is SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.

If the person involved selects "SOFORT Banking" as a payment option during the order process in our online shop, their personal data will be automatically transmitted to SOFORT GmbH. By selecting this payment option, the data subject consents to a transfer of personal data required for payment processing.
When paying with SOFORT Banking, the buyer transmits the PIN and the TAN to Sofort GmbH. After a technical check of the account balance and retrieval of further data to check the account funds, SOFORT Banking then makes the transfer to the online retailer. The execution of the financial transaction is then communicated to the online retailer automatically.
The personal data exchanged with SOFORT Banking is first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. The purpose of the transmission of the data is payment processing and fraud prevention. The data controller will provide SOFORT Banking with other personal information, if there is a legitimate interest in the transfer. Personal information exchanged between SOFORT Banking and the controller may be transferred by SOFORT Banking to credit reporting agencies. The reason for this transmission is for identity verification and credit checking.

If necessary, SOFORT GmbH will pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of them. The data subject has the opportunity to revoke the consent to the handling of personal data at any time from SOFORT GmbH. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing. The applicable privacy policy of SOFORT GmbH can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

The ATLANTIC Hotels' internet sites are constantly updated and adapted to meet the requirements of a customer-friendly, interactive information platform. For existing internet sites as well as those uploaded in the future, we hereby assure you that we only store, process or forward your personal data if you have actively volunteered this information, e.g. as part of a newsletter request, a booking or in the event of email enquiries. Your personal data will only be processed for the purpose for which it has been provided. This data will only be forwarded to third parties outside the ATLANTIC Hotels Group if this is required by law or you have provided your written consent.

In the future we will also be using various types of cookies in order to make your visit to our internet site as comfortable as possible for you. Cookies are small text files that are stored in directories in your PC that have been provided specifically for this purpose in order to manage your connection to our internet site.

We use both technical as well as organizational security measures in order to protect your personal data. Our employees are subject to the company's specific non-disclosure obligations.

You can visit our site without providing personal information. Personal data is only collected if you voluntarily provide this information during your visit to our internet site.

Our website also contains programs (plug-ins) run by the social network Facebook. These are exclusively operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The plug-ins are identified on our internet site by the Facebook logo or the addition "Like". When visiting one of our websites with this kind of plug-in, your browser establishes a direct connection with the Facebook servers which then transmit the content of the plug-in to your browser and integrate it into the displayed website. This means that the information that you have visited our website is forwarded to Facebook. If you are logged into your personal Facebook user account during your visit to our website, Facebook may allocate this visit to your account. By interacting with plug-ins, e.g. by clicking the "Like" button or leaving a comment, this information is transmitted directly to Facebook where it is then stored. If you would like to prevent this type of data transmission please log out of your Facebook account before visiting our website.

The purpose and extent of the data collection by Facebook and the processing and use of your data as well as your related rights and settings options to protect your privacy can be obtained by accessing Facebook's data protection information (http://en-en.facebook.com/privacy/explanation.php).

Please contact our Data Protection Supervisor (see below for contact data) if you have any questions on the collection, processing or use of your personal data or if you would like to provide further information or corrections or if you would like to block or delete data.

The privacy policy regarding Facebook was prepared by the WILDE BEUGER SOLMECKE law firm and is available on http://www.wbs-law.de/eng/.

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies" which allow your use of the website to be analysed. The information generated about your use of this website by the cookie (including your IP address) is transmitted to a Google server in the USA where it is also stored.

Google uses this information to assess your use of the website in order to compile reports on the website activities for the website operator and to provide additional services related to the use of the website and the internet. Google may also transmit this information to third parties, if required by law or if third parties process this data on behalf of Google. Google will not link your IP address with other data.

You can prevent cookies from being installed by adjusting your browser software settings; however, please note that you may then not be able to use all the functions on this website.

By accessing this website you consent to the processing of the collected data by Google in the manner described above and for the purposes previously mentioned. The data collection and storage may be revoked at any time with effect for the future.

Given the debate regarding the use of analysis tools with complete IP addresses, we would like to note that this website uses Google Analytics with the extension "_anonymizeIp()" so that IP addresses are only processed in an abbreviated form in order to prevent direct personal references.

This website uses the remarketing function from Google Inc ("Google"). As a part of the Google advertising network, this function is intended to present website visitors with advertising based on their interests. The website visitor's browser saves so-called "cookies". These are text files which are stored on the visitor's hard drive and which enable recognition of the visitor when he/she accesses websites that belong to Google's advertising network. On such sites, adverts can then be presented to the visitor. These adverts are based on content which the visitor previously accessed in websites which use the Google remarketing function.

If the user has consented to his/her web and app browser history being linked to his/her Google account and information from his/her Google account being used to personalise adverts, Google will apply data from this signed-in user along with Google analytics data to create target-group lists for cross-device remarketing. This involves Google Analytics firstly recording Google-authenticated IDs from users of our website. These IDs are linked to the Google accounts (i.e. personal data) of these users. Google Analytics will then temporarily link these IDs with our Google Analytics data in order to optimise our target groups.

If the remarketing function is not wanted, you can fully disable it via the relevant settings under http://www.google.com/settings/ads. Alternatively you can disable the use of cookies for interest-based advertising by following the instructions under http://www.networkadvertising.org/managing/opt_out.asp. Further information on Google remarketing and privacy terms are available under: http://www.google.com/privacy/ads/.

This data privacy policy was created based on the information provided by the privacy policy generator from the DGD Deutsche Gesellschaft für Datenschutz GmbH (German Society for Data Protection).

Information on data protection in accordance with GDPR Articles 13, 14 and 21