1. Name and contact details of the controller responsible for processing and the company Data Protection Officer.
This data protection information applies to data processing carried out by:
Seaside Collection GmbH & Co. KG, Wexstrasse 16, D-20355 Hamburg, Germany
Email: info( at )seaside-collection.com, Tel: +49 -40 35 74 00 0
Seaside Hotels Management GmbH, Wexstrasse 16, D-20355 Hamburg
Managing Directors: Theo Gerlach, Christian Mohs
Data Protection Officer:
Dr Jürgen Fechner, Walter-Markov-Ring 42, D-04288 Leipzig
Email: j.fechner( at )fue-soft.de, Tel: +49-171 82 66 93 3
2. Collecting and storing personal data as well as the type and purpose of its use.
A) WHEN VISITING THE WEBSITE
If you go to our website seaside-collection.com, the browser used by your terminal will automatically send information to our website’s server. This information will be temporarily stored in a so-called logfile. In the process, the following information will be recorded without any actions by you and will be stored until it is automatically erased:
- IP address of the computer accessing the website,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access was made (referrer URL),
- Browser used and, if applicable, the operating system on your computer, as well as the name of your access provider.
We will use the data specified above for the following purposes:
- Guaranteeing a smooth connection is made to the website,
- Guaranteeing convenient use of our website,
- Evaluating system security and stability as well as
- for additional administrative purposes.
The legal basis for data processing is Art. 6 (1) 1 f) of the GDPR (legitimate interest). Our legitimate interest results from the purposes of data collection listed above. We will not use the data collected for the purposes of identifying you under any circumstances.
B) WHEN REGISTERING FOR OUR NEWSLETTER
If you give your explicit consent as per Art. 6 (1) 1 a) of the GDPR, we will use your email address to regularly send you our newsletter. Disclosing an email address is sufficient to receive the newsletter.
It is possible to unsubscribe at any time, for example, using the link at the end of every newsletter. Alternatively, you can also send your request to unsubscribe by email to info( at )seaside-collection.com at any time.
C) WHEN USING OUR CONTACT FORM
If you have any questions, we offer you the possibility to contact us via a form provided on the website. A valid email address is required for this purpose, so we know who sent the enquiry and so we can answer it. Any additional disclosures can be provided voluntarily.
Data processing for the purposes of making contact with us is carried out as per Art. 6 (1) 1 a) of the GDPR on the basis of your freely-given consent. If any contact is made to carry out pre-contractual actions (e.g. requesting a quotation), the data will be processed on the basis of Art. 6 (1) 1 b) of the GDPR.
The personal data we collect to use the contact form will be automatically erased after the enquiry you had made has been dealt with. If an enquiry involves business correspondence, a mandatory storage period in accordance with Section 257 (1) 2 of the HGB applies to a received commercial letter. The mandatory storage period for commercial and business letters in accordance with Section 147 (1) 2, (3) of the AO is six years.
3. Forwarding data
Apart from for the purposes detailed below, your personal data will not be transmitted to third parties. We will only forward your data to third parties, if:
- you have given your explicit consent to do so as per Art. 6 (1) 1 a) of the GDPR,
- forwarding is necessary as per Art. 6 (1) 1 f) of the GDPR to establish, exercise or defend legal claims and there is no reason to assume that you have any overriding interests that prevent the forwarding of the data,
- if there is a legal obligation to forward the data as per Art. 6 (1) 1 c) of the GDPR, and
- the forwarding is legally permissible and is necessary to perform a contract with you as per Art. 6 (1) 1 b) of the GDPR.
Information is placed in the cookie that is produced in connection with the terminal specifically used. However, this does not mean that we become directly aware of your identity as a result.
Cookies are used on the one hand, to make it more pleasant for you to use our offering. For example, we use so-called session cookies to recognise that you have already visited certain pages on our website. These cookies will be automatically erased when you leave our website.
We also use temporary cookies to optimise user-friendliness. These cookies will be stored on your terminal for a set period of time. If you visit our website again to utilise our services, it will be automatically recognised that you have already been with us and which inputs and settings you made, so that you do not have to enter these again.
The data processed by cookies is required for the specified purposes to safeguard our legitimate interests and those of third parties as per Art. 6 (1) 1 f) of the GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies will be stored on your computer or so that a message will always appear before a new cookie is set. However, completely deactivating cookies can lead to you being unable to use all the functions of our website.
5. Analysis tools
A) TRACKING TOOLS
The tracking detailed below that we use is carried out on the basis of Art. 6 (1) 1 f) of the GDPR. By using tracking, we want to ensure the needs-based design and continuous optimisation of our website. On the other hand, we use tracking to make statistical records about the use of our website, and to evaluate it for the purposes of optimising our offering for you.
You can take the relevant data processing purposes and data categories from the passages below detailing the analysis and tracking tools.
I) GOOGLE ANALYTICS
For the purposes of the needs-based design and continuous optimisation of our website we use Google Analytics, a web analysis service from Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; subsequently “Google”). Pseudonymised user profiles are generated and cookies (see Section 4) are used in this connection. The information generated by the cookies about your use of this website, such as
- Browser type/version,
- Operating system used,
- Referrer URL (the website previously visited),
- Host name of the accessing computer (IP address),
- Time of the server request,
will be transferred to a Google server in the USA and stored there. This information will be used to evaluate the use of the website, to compile reports about website activities, and to provide additional services associated with the use of the website and internet use for the purposes of market research and needs-based design of this website. This information may also be transferred to third parties, if this is stipulated by law or if third parties are commissioned to process this data. Your IP address will not be brought together with other data from Google under any circumstances. IP addresses will be anonymised so that no attribution to an individual is possible (IP masking).
You can prevent cookies from being installed by setting your browser software accordingly; however, we must point out that in this case you may not be able to use all the functions of this website in full.
You can also prevent the recording of the data generated by the cookie and that is related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to a browser add-on, in particular for browsers on mobile terminals, you can prevent recording by Google Analytics by clicking on this link. It will set an opt-out cookie, which will prevent the future recording of your data when you visit this website. An opt-out cookie will only work in this browser and only for our website, and will be placed on your device. If you erase the cookies in this browser, you will have to set the opt-out cookie again.
You will find further information about data protection in connection with Google Analytics in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=en).
6. Service providers
I) GOOGLE MAPS PLUGIN
The controller responsible for processing has integrated components from YouTube on this website. YouTube is an internet video portal, which enables video publishers to upload video clips free of charge and also allows users to watch, evaluate and comment on these videos free of charge. YouTube permits the publication of all kinds of videos, which is why complete film and television broadcasts, and also music videos, trailers or videos produced by users themselves, can be accessed via the internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
Every time an individual page of this website, which is operated by the controller responsible for processing and on which a YouTube component (YouTube video) has been integrated, is accessed the internet browser will automatically connect the relevant YouTube component on the information technology system of the data subject which will download a presentation of the corresponding YouTube components from YouTube. You can access further information about YouTube at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure YouTube and Google will find out which concrete sub-page of our website has been visited by the data subject.
If the data subject is simultaneously logged in to YouTube when accessing a sub-page that contains a YouTube video, YouTube will recognise which concrete sub-page of our website the data subject is visiting. YouTube and Google will collect this information and allocate it to the data subject’s YouTube account.
YouTube and Google will then always find out via the YouTube components that a data subject has visited our website, if at the point in time of the fetch on our website the data subject is simultaneously logged in to YouTube. This will happen regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent this transmission by logging out of their YouTube account before accessing our website.
We use the consent manager service Cookiebot from the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot).
This tool enables us to obtain and administer the consent given by web users to data processing within our website. This processing is necessary to meet a legal obligation as per Art. 6 (1) 1 c) of the GDPR and as per Art. 7 (1) of the GDPR.
The following data is processed by cookies:
- Your IP address (the last three figures will be set to ‘0’).
- Date and time of the consent.
- Browser information URL, from which consent was sent.
It also contains an anonymous, random and encrypted variable to prove agreement with the end user’s consent status.
The key and agreement status will be stored for 12 months in the browser with the help of the “CookieConsent” cookie.
This means your cookie preference will be retained for subsequent requests from the website. Your agreement can be proved and traced with the help of the key.
- If you activate the service function “Agree all” to activate agreement for several websites with one single end user agreement, the service will also store a separate, random, clear ID with your agreement.
- If you deactivate “No tracking” through the browser settings, this will mean that you have accepted all, or at least certain types of cookies, but the functionality of the website cannot be guaranteed in full without this processing.
Cybot acts for us as the recipient of your personal data and as a processor. A processing agreement as per Art. 28 of the GDPR has been concluded between the partners.
The data will be processed in the European Union. You will find further information about the possibilities to object to and remove Cybot at: https://www.cookiebot.com/de/privacy-policy/.
Your personal data will be consecutively erased after 12 months or directly after the termination of the agreement between our company and Cybot.
7. Social plugins
We use social plugins from the social network Pinterest on our website. This is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”). If you access a website that contains such a plugin, the browser will make a direct connection with the Pinterest servers. In the process, the plugin will transmit log data to the Pinterest servers in the USA. This log data can include your IP address, the address of the visited websites that also contain Pinterest functions, the type and settings of the browser, date and time of the request, the way you use Pinterest and cookies.
8. Your data processing rights as a data subject
You have the right:
- as per Art. 15 of the GDPR to obtain information about the personal data we process. In particular, you can demand information about the purposes of the processing, categories of personal data concerned, the categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data, or restrict processing of personal data, information about the source of your data, if we did not collect it, as well as the existence of automated decision-making, including profiling and meaningful information about the details of these;
- as per Art. 16 of the GDPR to demand the rectification of inaccurate personal data about you and to have incomplete personal data completed without delay;
- as per Art. 17 of the GDPR to demand the erasure of your personal data stored by us, if the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- as per Art. 18 of the GDPR demand the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, but you oppose the erasure of the data and we no longer need the data, but you require it to establish, exercise or defend legal claims, or as per Art. 21 of the GDPR, you object to the processing;
- as per Art. 20 of the GDPR to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
- as per Art. 7 (3) of the GDPR to withdraw any consent you have given to us at any time. The result of this will be that we must no longer continue the data processing in the future that relates to your consent, and
- as per Art. 77 of the GDPR to lodge a complaint with a supervisory authority. For this purpose, you can usually contact the supervisory authority of your usual place of residence or of our company registered office.
9. Right to object
If your personal data is processed on the basis of legitimate interests as per Art. 6 (1) 1 f) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data on grounds relating to your personal situation, or if you object to direct marketing. In the latter case you have a general right to object, which we will implement without disclosing any special situation.
If you would like to exercise your right of withdrawal or right to object, it is sufficient to send an email to info( at )seaside-collection.com.
10. Data security / Email communication
10.1. Within a visit to the website we use the common SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level that is supported by your in browser. This will usually be 256-bit encryption. If your browser does not support 256-bit encryption, we will fall back on 128-bit v3 technology instead. You can recognise whether a single page of our website is transmitted in encrypted form from the presentation of a closed lock or lock symbol in the lower status bar in your browser.
Otherwise, we use suitable technical and organisational measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised third-party access. Our security measures are continuously improved in accordance with technological developments.
10.2 Emails that are sent via the internet without any additional security measures (encryption) generally have as low a level of confidentiality as a post card. If you communicate with us by email without any additional confidentiality safeguards, we will assume that you are aware of these technical circumstances and permit us to answer by simple email as well.
BASIC ENCRYPTION BETWEEN EMAIL PROVIDERS
However, we also attach great importance to confidentiality when communicating by email. Consequently, our provider automatically offers you secured email communication via your email provider.
Our German hosting provider establishes email communication with you on the basis of additional security measures. This security depends on whether your email provider also offers you the same security measures. At https://dane.sys4.de you can test whether your email provider uses the current security standards. If you have any doubts, we can discuss alternative safeguarding measures, for example, the PGP email encryption detailed below. Our provider has written the following about the security measures used: “DNSSEC has been implemented as a security measure for email communication (to see how it works go to https://de.wikipedia.org/wiki/Domain_Name_System_Security_Extensions). In addition, 2015 DANE (to see how it works go to: https://de.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) has been introduced, which is the next consistent step towards more security. The DANE network protocol (DNS-based Authentication of Named Entities) expands the SSL/TLS transport protocol (which is frequently used in email correspondence) by additional safeguarding. Certificates are directly linked to a domain with special DNS entries (TLSA-RR) and secured via DNSSEC. This ensures that a certificate cannot be exchanged in the meantime, and its authenticity can be confirmed. Mail servers that support DANE can now force encrypted connection with each other. This significantly increases security when transporting emails.”
PGP EMAIL ENCRYPTION
A better, and consequently recommended encryption (cryptography) of data transmission is possible with asymmetric encryption after exchanging public keys. We will be pleased to provide you with our public PGP key (PGP: Pretty Good Privacy). You can use this key to encrypt messages. In order to be able to communicate securely, you must install OpenPGP software on your computer. Here is a list of possible solutions for different operating systems:
- macOS https://gpgtools.tenderapp.com/kb/how-to/erste-schritte-gpgtools-einrichten-einen-schlssel-erstellen-deine-erste-verschlsselte-mail
- Linux https://ssd.eff.org/en/module/how-use-pgp-linux
- Windows https://ssd.eff.org/en/module/how-use-pgp-windows-pc
- iOS https://itunes.apple.com/app/ipgmail/id430780873?mt=8
- Android https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain
Please import the public key in your local OpenPGP key administration to encrypt a message sent to us.