Privacy policy

Current security advice!

Protect your personal data.

In particular, do not pass on any credit card details to third parties.

We as a hotel do not use WhatsApp to communicate with guests and would not ask you to make payments in this or any other electronic form.

Please ignore or block the message if you receive such a request via WhatsApp or a suspicious email. If in doubt, please contact us before disclosing your data.

DATA PROTECTION DECLARATION OF ALSTERKRUG-HOTEL GMBH & CO. KG

Thank you for visiting our website and for your interest in our hotel. The protection of personal data is important to us. Therefore, the processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is carried out in accordance with the applicable European and national legislation.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

You can of course revoke your declaration(s) of consent at any time with effect for the future. To do so, please contact the controller. The contact details can be found at the bottom of this privacy policy.

In the following, Alsterkrug-Hotel GmbH & Co KG would like to inform the public about the type, scope and purpose of the personal data it processes. Furthermore, data subjects are informed of their rights by means of this privacy policy.

DEFINITIONS

The data protection declaration of the Alsterkrug-Hotel GmbH & Co KG is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (hereinafter referred to as "GDPR"). Our privacy policy should be easy to read and understand for the public as well as for our guests and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this privacy policy and on our website:

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

RIGHTS OF THE DATA SUBJECT

Right to confirmation: Each data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact the controller.

Right of access: Any person affected by the processing of personal data has the right to receive information free of charge at any time from the controller about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information

the purposes of the processing
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the existence of the right to lodge a complaint with a supervisory authority
if the personal data are not collected from the data subject: All available information about the origin of the data
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right of access, they can contact the controller at any time.

Right to rectification: Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectification, they can contact the controller at any time.

Right to erasure (right to be forgotten): Any data subject affected by the processing of personal data has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar as the processing is not necessary:

The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Art. 21 (1) EU GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) EU GDPR.
The personal data has been processed unlawfully.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Alsterkrug-Hotel GmbH & Co KG, he or she may, at any time, contact the controller. The data subject's request for erasure will then be complied with immediately.

If the personal data has been made public by the Alsterkrug-Hotel GmbH & Co. KG and our company as the controller is obliged to erase the personal data pursuant to Article 17(1) of the EU GDPR, the Alsterkrug-Hotel GmbH & Co. KG shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data controllers, insofar as the processing is not necessary. The data controller will then take the necessary steps in individual cases.

Right to restriction of processing: Any person affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the Alsterkrug-Hotel GmbH & Co KG, he or she may at any time contact the controller. The restriction of processing will then be arranged immediately.

Right to data portability: Any person affected by the processing of personal data has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject can contact the controller at any time.

Right to object: Any person affected by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.

The Alsterkrug-Hotel GmbH & Co KG shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If the Alsterkrug-Hotel GmbH & Co KG processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the Alsterkrug-Hotel GmbH & Co KG to the processing for direct marketing purposes, the Alsterkrug-Hotel GmbH & Co KG will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the Alsterkrug-Hotel GmbH & Co. KG for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may contact the controller directly. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.

Automated decisions in individual cases, including profiling: Any person affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision:

is not necessary for the conclusion or fulfilment of a contract between the data subject and the controller, or
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
with the express consent of the data subject.

If the decision to enter into, or to perform, a contract between the data subject and the controller is required, or if the decision is made with the explicit consent of the data subject, the Alsterkrug-Hotel GmbH & Co KG shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to assert rights relating to automated decisions, they can contact the controller at any time.

Right to withdraw consent under data protection law: Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact the controller at any time.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The competent supervisory authority:

The Hamburg Commissioner for Data Protection and Freedom of Information

Ludwig-Erhard-Straße 22

20459 Hamburg

Telephone: +49 40 - 428 54-40 40

Fax: +49 40 - 428 54-40 00

E-mail: mailbox@datenschutz.hamburg.de

Homepage: https://www.datenschutz-hamburg.de

COOPERATION WITH PROCESSORS AND THIRD PARTIES

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA

The controller processes (in this sense also: stores) personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

DATA PROTECTION FOR JOB APPLICATIONS AND IN THE APPLICATION PROCESS

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends the relevant application documents to the controller by electronic means, for example by e-mail. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Information on video surveillance on site

Video surveillance is a particularly intensive form of personal data processing. Almost everyone feels uncomfortable when they are under video surveillance. This is also referred to as "surveillance pressure". Not being exposed to this pressure is almost a basic human need.

However, another human need is the desire for security. Individuals and communities, but also inanimate things such as objects and systems, benefit greatly from an environment that is free from security risks or dangers.

Video surveillance is subject to strict data protection regulations for good reasons. On the other hand, the security interests of the person responsible must also be assessed fairly. After all, these interests are often not limited to the controller alone. Employees, interested parties, suppliers, customers, tenants, guests, visitors, etc. may also have a need for security, which can be satisfied by the appropriate and sensible use of video surveillance.

Even if some of the following information is already mentioned elsewhere in this privacy policy, we would like to list all information in this text section, as it can also be found in a downstream video sign (information sheet according to Art. 13 GDPR):

Name and contact details of the controller and, if applicable, their representative:

To be found at the bottom of this privacy policy.

Contact details of the data protection officer:

To be found at the bottom of this privacy policy

Purposes and legal basis of data processing:

Investigation and detection of criminal offences and other security-relevant events.

Art. 6 para. 1 lit. f EU General Data Protection Regulation.

Legitimate interests that are pursued:

Security of employees, suppliers, guests, visitors, etc.

Protection of property, exercise of domiciliary rights.

Storage duration or criteria for determining the duration:

Image data is usually deleted in our properties after 72 hours at the latest, provided that the purpose of storage has also ceased to apply at this time. In doing so, we are following a recommendation of the independent federal and state data protection authorities (Data Protection Conference - DSK).

With a storage period of 72 hours, according to the DSK's reasoning, the monitoring party can regularly pursue its security interests, while at the same time the interests of the data subjects worthy of protection are safeguarded.

If necessary, a special surveillance purpose may justify a longer storage period. However, this must be duly justified.

Recipients or categories of recipients of the data (if data transfer takes place):

The controller will not transfer the personal data to a third country or an international organisation

Information on the rights of data subjects

See also the section "Rights of the data subject" at the top of this privacy policy. The following applies to video surveillance in summary:

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued(right to erasure).

The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing, for the duration of the verification by the controller.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement. The competent supervisory authority in Hamburg is

The Hamburg Commissioner for Data Protection and Freedom of Information

Ludwig-Erhard-Str. 22, 7th floor
20459 Hamburg
Telephone: +49 40 428 54 40 40
E-mail: mailbox@datenschutz.hamburg.de

SECURITY

Alsterkrug-Hotel GmbH & Co KG takes numerous technical and organisational measures to protect your personal data against unintentional or unlawful deletion, alteration or loss and against unauthorised disclosure or access.

Nevertheless, internet-based data transmissions, for example, can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

ENCRYPTION

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the browser line.

If encryption is activated, the data you transmit to us cannot be read by third parties.

COLLECTION OF GENERAL DATA AND INFORMATION

The website of Alsterkrug-Hotel GmbH & Co KG collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following can be recorded

the browser types and versions used
the operating system used by the accessing system
the website from which an accessing system reaches our website (so-called referrer)
the sub-websites that are accessed via an accessing system on our website
the date and time of access to the website
a web protocol address (IP address)
the internet service provider of the accessing system
other similar data and information used for security purposes in the event of attacks on our information technology systems

When using these general data and information, the Alsterkrug-Hotel GmbH & Co KG does not draw any conclusions about the data subject. Rather, this information is required to

deliver the content of our website correctly
optimise the content of our website and any advertising for it
ensure the long-term functionality of our information technology systems and the technology of our website
provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack

Therefore, the Alsterkrug-Hotel GmbH & Co KG analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - the server log files must be recorded for this purpose.

ENQUIRY BY E-MAIL, TELEPHONE OR FAX

If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

DATA TRANSMISSION FROM FORMS

The data subject has the option of registering on the controller's website by providing personal data for data transmission via forms. Which personal data is transmitted to the controller is determined by the respective input mask used for the entries. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for the controller's own purposes. Data transmission from forms is always encrypted.

The controller may arrange for the data to be passed on to one or more processors (e.g. a parcel service provider), who will also use the personal data exclusively for internal use attributable to the controller.

When data is transmitted on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of the transmission are also stored. This data is stored against the background that this is the only way to prevent misuse of the services offered and, if necessary, to enable criminal offences and copyright infringements to be investigated. In this respect, the storage of this data is necessary to safeguard the controller. In principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal or legal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to these users.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

LINKS TO OTHER WEBSITES

This website contains links to other websites (so-called external links).

Alsterkrug-Hotel GmbH & Co KG is responsible as provider for its own content in accordance with the applicable European and national legislation. These own contents are to be distinguished from links to contents provided by other providers. We have no influence on whether the operators of other websites comply with the applicable European and national legal provisions, please refer to the data protection declarations provided on the respective website.

COOKIES

We use cookies to make our website user-friendly for you and to optimise it to your needs. Cookies are small text files that are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) as soon as you visit a website.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that allows websites and servers to be assigned to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognised and identified via the unique cookie ID. This information is used to automatically recognise you when you visit the website again with the same end device and to make navigation easier for you.

You can also consent to or reject cookies - including for web tracking - via your web browser settings. You can configure your browser so that the acceptance of cookies is refused in principle or you are informed in advance if a cookie is to be stored. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. via "Delete browser data"). This is possible in all common web browsers. You can find further information on this in the operating instructions or in the settings of your browser.

First-party cookies: First-party cookies are permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word "party" refers to the domain from which the cookie originates. In contrast to third-party cookies, first-party cookies usually originate from the website operator itself. They are therefore not accessible by browsers across domains. For example, website A issues a cookie A, which is not recognised by website B, but can only be recognised by website A. This means that data cannot be passed on to third parties.

Third-party cookies: With a third-party cookie, the cookie is set and collected by a third party. These cookies are usually used by advertisers who use the cookies to collect information about the website visitor via their adverts on other websites. These are data records that are stored in the user's web browser when they visit a page with an advert. If they visit a page with advertising from the same provider again, they will be recognised.

COOKIEBOT

A web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen, DK (hereinafter referred to as "Cookiebot") is loaded on our website. Cookiebot enables us to provide you with accurate and transparent information about the use of cookies on our website. You will receive an up-to-date and data protection-compliant cookie notice and decide for yourself which cookies you wish to allow.

For this purpose, Cookiebot shows you a cookie list organised by function group when you visit our website for the first time. Here you can switch on the cookies by clicking on the corresponding box. Please note that the technical cookies are already saved when you access the website and the relevant box is preset. If you deselect technical cookies, the use of the website or individual functions on the website may be restricted or even impossible.

If you allow cookies, the following data will be transmitted to Cybot

IP address (in anonymised form, the last 3 digits are set to 0)
Date and time of your consent
our website URL
technical browser data
encrypted, anonymous key
the cookies that you have authorised (as proof of consent)

The legal basis for the use of Cookiebot results from our legitimate interest in functional cookie management and is therefore carried out in accordance with Art. 6 para. 1 lit. f GDPR. A further legal basis arises from the fulfilment of data protection requirements in connection with cookies requiring consent (e.g. also due to the "cookie ruling" of the European Court of Justice) and is therefore carried out in accordance with Art. 6 para. 1 lit. c GDPR.

If you have consented to the setting of cookies when visiting this website, you can revoke your consent by calling up Cookiebot (see below) and deselecting the relevant cookie category. In addition to the cancellation option via Cookiebot, you can deactivate cookies directly with a cookie provider or prevent the processing of data through browser plug-ins. An additional option for controlling the use of cookies is to make the appropriate settings in most browsers.

For more information about "Cookiebot" and the company behind it, Cybot, please refer to the privacy policy at https://www.cookiebot.com/de/privacy-policy/

BOOKING SYSTEM ONEPAGEBOOKING

We use the onepagebooking service from HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin for online room reservations. Click on the corresponding button to open a browser window which will redirect you to the onepagebooking website.

If you would like to book a room with us, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your booking. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. The data is entered into an input mask and transmitted to us and stored.

Data is also passed on to the relevant payment service providers. Data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect the payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are: the respective delivery/shipping company (forwarding of name and address), debt collection companies if the payment has to be collected (forwarding of name, address, order details), payment institutions for the purpose of collecting receivables if you have selected direct debit as the payment method and payment service providers - depending on the payment method selected.

The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR. There is an order processing contract between us and HotelNetSolutions GmbH.

The mandatory data collected is required to fulfil the contract with the user (for the purpose of providing the goods or services and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your booking, to check your creditworthiness or to collect a debt and for the technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences.

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after fulfilment of the contract. However, we restrict processing after 6 years, i.e. your data will only be used to fulfil legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for a period of 10 years thereafter (see above). With regard to the data provided voluntarily, we will delete the data 6 years after fulfilment of the contract, unless another contract is concluded with the user during this time; in this case, the data will be deleted 6 years after fulfilment of the last contract.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller's database. With regard to the voluntary data, you can declare your cancellation to the controller at any time. In this case, the voluntary data will be deleted immediately.

Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/

TRUSTYOU

This website uses tools to load current customer reviews of our hotel from the review portal trustyou.de (TrustYou GmbH, TrustYou Headquarters, Munich Centre of Technology, Agnes-Pockels-Bogen 1, 80992 Munich) and display them on the website. For this purpose, the IP address is transmitted to the server of the rating portal. Customer reviews are displayed in the interest of providing comprehensive, neutral information about our hotel.

The TrustYou widget is used in the interest of presenting the reviews of our hotel submitted on TrustYou.

The legal basis for the use of the TrustYou widget is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can find more information on how TrustYou handles user data in TrustYou's privacy policy at

https://www.trustyou.com/downloads/privacy-policy.pdf

VOUCHER PURCHASE VIA VBOOKING

We use the vBooking service of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin for online orders of vouchers. Click on the corresponding button to open a browser window which will redirect you to the vBooking website.

If you order vouchers from us, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. The data is entered into an input mask and transmitted to us and stored.

At the time the booking or enquiry is sent, the user's IP address, the date and time of registration, browser information and the address of the website visited are stored in addition to your details.

Data is also passed on to the relevant payment service providers. Data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are: the respective delivery/shipping company (forwarding of name and address), debt collection companies if the payment has to be collected (forwarding of name, address, order details), payment institutions for the purpose of collecting receivables if you have selected direct debit as the payment method and payment service providers - depending on the payment method selected.

The mandatory data collected is required to fulfil the contract with the user (for the purpose of providing the goods or services and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your booking, to check creditworthiness or to collect a debt and for the purpose of technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences.

Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/

NEWSLETTER DISPATCH

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and for the purpose of statistically analysing the newsletter campaigns.

When you open a sent email, a file contained in the email (known as a "web beacon") connects to our servers. This allows us to determine whether a newsletter message has been opened and how many links have been clicked on. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analysed, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from the servers after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

DialogShift chat application & other communication services

Our website uses the communication services of DialogShift GmbH, Torstr. 201, 10115 Berlin. These include a chat application, e-mail communication and telephone communication. The applications process and store data for the purpose of web analysis, operating the communication services and responding to enquiries.

To operate the chat function, the chat texts are saved and a cookie with a unique ID is set - this is used to recognise you as a customer. In the case of e-mail and telephone communication, the communication content is also stored temporarily in order to ensure efficient processing of your enquiries.

A cookie is a small text file that is storedlocally in the cache on your device. With the help of this cookie, our application recognises the device and can call up past chat logs. This cookie is stored for 90 days from the last

last use. You can deactivate the storage of cookies in your browser settings. However, the chat function cannot be executed without the use of cookies . The possible disclosure of e.g. name, e-mail address or a telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact. This personal data will be deleted after 90 days. When using the Journey Messaging Service, your contact details may also be used for the transmission of travel-related information (such as check-in information), provided you have consented to this.

The legal basis for data processing is in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG based on your consent.

DialogShift offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://www.dialogshift.com/datenschutz.

GOOGLE ANALYTICS

If you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

1. scope of the processing

Google Analytics uses cookies that enable your use of our website to be analysed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use the 'anonymiseIP' function (so-called IP masking): Due to the activation of IP anonymisation on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The following data is collected during your visit to the website

the pages you visit, your "click path"
Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
Your user behaviour (e.g. clicks, dwell time, bounce rates)
Your approximate location (region)
Your IP address (in truncated form)
Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
Your internet provider
the referrer URL (via which website/advertising medium you came to this website)

2. purposes of the processing

On behalf of the operator of this website, Google will use this information to analyse your (pseudonymous) use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our websites and the success of our marketing campaigns.

3. recipient

The recipient of the data is

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

as a processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.

4. transfer to third countries

A transfer of data to the USA cannot be ruled out.

5 Storage duration

The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

a. Not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to deactivate Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de

You can also prevent the storage of cookies by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.

6 Legal basis and cancellation option

for this data processing is your consent, Art.6 Para.1 S.1 lit.a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings via the link and changing your selection there.

You can find more information on the terms of use of Google Analytics and data protection at Google at https://www.google.com/analytics/terms/de.html and at https://policies.google.com/?hl=de

GOOGLE TAG MANAGER

We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

For more information about Google Tag Manager and Google's privacy policy, please see the following link: https://policies.google.com/privacy

BING ADS

Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), whereby Microsoft Bing Ads places a cookie on your computer if you have reached our website via a Microsoft Bing advert. In this way, Microsoft Bing and we can recognise that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing advert and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies.

The legal basis for the use of Bing Ads is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website:

https://privacy.microsoft.com/de-de/privacystatement

FACEBOOK PIXEL AND FACEBOOK CUSTOM AUDIENCES

On our website, we use the so-called "Facebook pixel" of the company "Facebook" (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). With the Facebook pixel, we can categorise visitors to our website into specific target groups in order to show you corresponding advertisements ("ads") on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked on, pixel IDs and other features) cannot be viewed by us, but can only be used in the context of displaying certain adverts. Cookies are also set as part of the use of the Facebook pixel code.

If you have a Facebook account and are logged in, your visit to this website will be assigned to your Facebook user account.

We also use the remarketing function "Custom Audiences" of the company "Facebook". This allows users of the website to be shown interest-based adverts ("Facebook Ads") when they visit Facebook or other websites that also use this process. We are interested in showing you adverts that match your interests in order to make our website more interesting for you.

To exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our Internet presence or clicked on an advert from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to find out and store your IP address and other identifying features.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel

You can find more information about Facebook's data policy at https://www.facebook.com/policy.php

Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy

We use these functions to provide you with advertising offers that match your interests.

We process your data because you have consented to this (Art. 6 para. 1 lit. a GDPR) or because we have a legitimate interest in processing the data (Art. 6 para. 1 lit. f GDPR).

We store your data for as long as we need it for the respective purpose (display of interest-based advertising) or you have not objected to the storage of your data or revoked your consent.

The deactivation of the "Facebook Custom Audiences" function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#.

You can change your settings for adverts on Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged into Facebook.

FACEBOOK CONNECT

On this website it is possible to register via the Facebook account.

Facebook Connect is an offer from Facebook, Inc. The use of Facebook Connect is subject to Facebook's privacy policy and terms of use.

When you use Facebook Connect, Facebook profile data and Facebook public data from your Facebook profile are transferred to us. Conversely, data may be transferred from us to your Facebook profile. Your transferred data will be stored and processed by us for the purpose of registration on our site.

By registering on our website via Facebook Connect, you consent to the transfer of profile data from your Facebook profile to us and to the transfer of data on the use of our website to Facebook. The data that is transferred is the data that is available as public data in your Facebook profile. Please note that following changes to Facebook's privacy policy and terms of use, the Facebook profile owner's "friends list" may also be transferred if it has been marked as "public" in Facebook's privacy settings.

The legal basis for the use of Facebook Connect is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can find further information at: https://www.facebook.com/about/privacy/your-info-on-other

TABOOLA

This website uses technologies from Taboola, Inc, 1115 Broadway, 7th Floor, New York, NY 10010, USA. Taboola uses cookies to determine which content you use and which of our websites you visit if you have reached our website by clicking on a Taboola advert.

This process is used to evaluate the effectiveness of the advertisements for statistical and market research purposes and can help to optimise future advertising measures. These user profiles do not allow any conclusions to be drawn about your person and are anonymous to us.

Taboola uses cookies to collect the following user information

Operating system of the user
Websites/content accessed on our websites
Referrer/link via which the user came to our website
Time and number of web page views
Calls from error pages
Location information (city and federal state)
IP addresses in abbreviated form

The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can prevent the collection and processing of your data by this web service by refusing your consent when you enter the website. You can also prevent the installation of cookies by selecting the appropriate settings in your browser software. We would like to point out that you may then not be able to use all functions of our website to their full extent. This varies from browser to browser.

You can find more information about Taboola at https://www.taboola.com/policies/privacy-policy

There you can deactivate tracking at any time in the "User Choices and Opting Out" section. Once you have opted out, you will no longer be shown personalised content or advertising.

GOOGLE MAPS

This website uses the "Google Maps" service from Google to display maps or map sections and thus enables you to conveniently use the map function on the website. The Google Maps geocoding API is used to determine and display locations. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under the section "Access data" is transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button.

The legal basis for the use of Google Maps is your consent in accordance with Art. 6 para. 1 lit. a GDPR. We have no knowledge of the storage period at Google and have no influence on it.

Further information on the purpose and scope of processing by the plug-in provider can be found in Google's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy

Further information on the terms of use of Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html

GOOGLE FONTS

Google Fonts (https://fonts.google.com/) are used to visually improve the presentation of various information on this website. The web fonts are transferred to the browser's cache when the page is called up so that they can be used for the display. If the browser does not support Google Fonts or prevents access, the text is displayed in a standard font.

No cookies are stored when the website visitor accesses the page. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution in your browser or installing a script blocker in your browser. If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system's default font.

The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can find information about Google Fonts' privacy policy at: https://developers.google.com/fonts/faq#Privacy

General information on data protection can be found in the Google Privacy Centre at: https://policies.google.com/privacy

GSTATIC

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.

The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can prevent the collection and processing of your data by Gstatic by refusing your consent to this when you enter the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled. You can find further information on the handling of the transferred data in Google's privacy policy: https://policies.google.com/privacy

CLOUDFLARE

On our website, we use a so-called Content Delivery Network ("CDN") of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). A Content Delivery Network is an online service that is used to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of Cloudflare's content delivery network helps us to optimise the loading speed of our website.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient provision and improvement of the stability and functionality of our website.

Further information can be found in Cloudflare's privacy policy at: https://www.cloudflare.com/privacypolicy/

And at: https://blog.cloudflare.com/what-cloudflare-logs/

OUR SOCIAL MEDIA PRESENCES

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.

Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options depend largely on the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

We have concluded an agreement with Facebook on joint processing (Controller Addendum).

This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link

https:// www.facebook.com/legal/terms/page_controller_addendum

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:

https:// www.facebook.com/settings?tab=ads

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube's privacy policy:

https://policies.google.com/privacy?hl=de.

CONTACT

Personal data is also processed by Alsterkrug-Hotel GmbH & Co KG if you provide it voluntarily. This happens, for example, every time you contact us. We will, of course, use the personal data transmitted in this way exclusively for the purpose for which you provide it to us when contacting us. This information is provided expressly on a voluntary basis and with your consent. If this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your enquiry.

NAME AND ADDRESS OF THE CONTROLLER:

The controller within the meaning of the EU General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the

Best Western Premier Alsterkrug Hotel
Alsterkrug-Hotel GmbH & Co KG
Alsterkrugchaussee 277
D-22297 Hamburg
Tel: +49(0)40-51 30 30
Fax: +49(0)40-51 303 403
E-mail: info@alsterkrug.de

Managing Directors:
Frank Pentzin, Jost Pentzin

NAME AND ADDRESS OF THE DATA PROTECTION OFFICER:

SHIELD GmbH
Martin Dalecki
Perleberger Straße 10b
25421 Pinneberg
Tel: +49(0)4101-77 44 70
E-mail: info@shield-datenschutz.de

CHANGES TO THE PRIVACY POLICY

We reserve the right to change our data protection practices and this policy in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the privacy policy.

Hamburg, April 2025

Best Western Premier Alsterkrug Hotel

Alsterkrugchaussee 277 | D-22297 Hamburg

Tel: +49(0)40-51 30 30
Fax: +49(0)40-51 303 403
E-mail: info@alsterkrug.de

Operating company:

Best Western Premier Alsterkrug Hotel
Alsterkrug-Hotel GmbH & Co KG
Alsterkrugchaussee 277
D-22297 Hamburg

Authorised managing director:

Frank Pentzin, Jost Pentzin
Register court: AG Hamburg
Register number: HRA 80097, HRB 32934
Sales tax identification number according to §27a sales tax law: DE 118981252

Responsible for content according to § 5 TMG

Frank Pentzin

Status April 2025