data protection declaration - sylc. Apartment Hotel GmbH

We are pleased that you are visiting our website and thank you for your interest in our hotel. The protection of personal data is important to us. Therefore, the processing of personal data, such as the name, address, email address or telephone number of a data subject, is carried out in accordance with applicable European and national legislation.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

You can of course revoke your declaration of consent at any time with effect for the future. Please contact the person responsible for this. You can find the contact details at the bottom of this data protection declaration.

In the following, the sylc would like to. Apartmenthotel GmbH (hereinafter referred to as “we”, “us”, etc.) informs the public about the type, scope and purpose of the personal data it processes. Furthermore, data subjects are informed about the rights to which they are entitled using this data protection declaration.

Definitions

Our data protection declaration is based on the terms used by the European legislator for directives and regulations when issuing the EU General Data Protection Regulation (hereinafter referred to as “GDPR”). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration and on our website:

Personal data is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

Processing is any operation or series of operations carried out on personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or other form of provision, alignment or association, restriction, deletion or destruction.

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

Profiling is any type of automated processing of personal data which consists in using these personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict the preferences, interests, reliability, behavior, location or movements of that natural person.

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data not be assigned to an identified or identifiable natural person.

The person responsible or responsible for processing is the natural or legal person, public authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.

The recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent is any voluntary, informed and unambiguous expression of wishes given by the data subject for a specific case, in the form of a statement or other unambiguous confirmatory act, by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her is.

Rights of the data subject

Right to confirmation: Every data subject has the right to obtain confirmation from the data controller as to whether personal data concerning him or her is being processed. If a data subject would like to exercise this right of confirmation, they can contact the person responsible for processing at any time.

Right to information: Every person affected by the processing of personal data has the right to receive free information from the person responsible for the processing at any time about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

• the purposes of processing
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations,
• if possible the planned period for which the personal data will be stored, or, if this is not possible, the criteria for determining that duration,
• the existence of a right to rectification or deletion of the personal data concerning them or to restriction of processing by the controller or a right to object to such processing,
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data are not collected from the data subject: All available information about the origin of the data,
• the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and the intended effects of such processing for the data subject

The data subject also has the right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer.

If a data subject would like to exercise this right to information, they can contact the person responsible for processing at any time.

Right to rectification: Every person affected by the processing of personal data has the right to request the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the processing.

If a data subject would like to exercise this right to rectification, they can contact the person responsible for processing at any time.

Right to deletion (right to be forgotten): Every person affected by the processing of personal data has the right to request from the controller that the personal data concerning him or her be deleted immediately if one of the following reasons applies and if the processing is not necessary :

• The personal data were collected for purposes or otherwise processed for which they are no longer necessary.
• The data subject revokes their consent to which the processing is based in accordance with Article 6 (1) (a) GDPR or Article 9 (1). 2 lit. a GDPR and there is no other legal basis for the processing.
• The data subject objects to the processing in accordance with Art the data subject objects to the processing in accordance with Article 21 (2) GDPR.
• The personal data were processed unlawfully. The deletion of the personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject .
• The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

If one of the reasons mentioned above applies and a data subject wishes to have personal data stored by us deleted, they can contact the person responsible for processing at any time. The data subject's request for deletion will then be complied with immediately.

If we have made the personal data public and our company, as the person responsible, is obliged to delete the personal data in accordance with Article 17 Paragraph 1 of the GDPR, we will take appropriate measures, including those of a technical nature, taking into account the available technology and the implementation costs, to ensure that others are responsible to inform the data controllers who process the published personal data that the data subject has requested the deletion of all links to these personal data or copies or replications of these personal data from these other data controllers, to the extent that the processing takes place is not required. The person responsible for processing will then take the necessary steps in individual cases.

Right to restriction of processing: Any person affected by the processing of personal data has the right to request that the controller restrict processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject refuses and instead requests the deletion of the personal data the restriction of the use of personal data.
• The person responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
• The data subject has an objection to the processing in accordance with Article 21 Paragraph 1 of the GDPR has been lodged and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by us, they can contact the person responsible for processing at any time. The restriction of processing will then be initiated immediately.

Right to data portability: Every person affected by the processing of personal data has the right to receive the personal data concerning him or her, which the data subject has provided to a controller, in a structured, common and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (1). 2 lit. a GDPR or on a contract in accordance with Article 6 Paragraph 1 lit Violence occurs which has been transferred to the person responsible.

Furthermore, when exercising his or her right to data portability in accordance with Article 20 (1) of the GDPR, the data subject has the right to have the personal data transmitted directly from one person responsible to another person responsible, to the extent that this is technically feasible and to the extent that this is not the case the rights and freedoms of other people are impaired.

To assert the right to data portability, the data subject can contact the person responsible for processing at any time.

Right to object: Every person affected by the processing of personal data has the right, for reasons arising from their particular situation, to object at any time to the processing of personal data concerning them based on Art. 6 Para. 1 lit. e GDPR or Art. 6 Para. 1 lit. f GDPR requires you to lodge an objection. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims .

If we process personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected to such direct advertising. If the data subject objects to us processing it for direct advertising purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from his or her particular situation, to object to the processing of personal data concerning him or her that is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR unless such processing is necessary to fulfill a task carried out in the public interest.

To exercise the right to object, the data subject may contact the person responsible for processing directly. Furthermore, in connection with the use of information society services, the data subject is free, notwithstanding Directive 2002/58/EC, to exercise his or her right to object by means of automated procedures using technical specifications.

Automated decisions on a case-by-case basis, including profiling: Every person affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, provided the decision:

• is not necessary for the conclusion or performance of a contract between the data subject and the controller
• or is permitted by Union or Member State law to which the controller is subject and such legislation takes appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject contain the data subject
• or is carried out with the express consent of the data subject.

If the decision is necessary for entering into or the performance of a contract between the data subject and the person responsible, or if it is based on the data subject's explicit consent, we will take appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests, for which purpose at least the right to obtain the intervention of a person on the part of the person responsible, to express one's own point of view and to challenge the decision.

If the data subject would like to assert rights with regard to automated decisions, they can contact the person responsible for processing at any time.

Right to revoke consent under data protection law: Every person affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time.

If the data subject would like to exercise their right to withdraw consent, they can contact the person responsible for processing at any time.

Right to lodge a complaint with a supervisory authority: Every data subject has the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or the place of the alleged infringement, if the data subject believes so that the processing of personal data concerning them infringes this Regulation.

A list of the state data protection officers and their contact details can be found at the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Collaboration with processors and third parties

If, as part of our processing, we disclose data to other people and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this only takes place on the basis of legal permission (e.g. if the data is transferred to third parties, such as to payment service providers, in accordance with Art. 6 Paragraph 1 lit.

If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Routine deletion and blocking of personal data

The person responsible for processing processes (in this sense also: stores) the personal data of the data subject only for the period necessary to achieve the purpose of storage or if this is required by the European legislator or another legislator in laws or regulations, to which the controller is subject.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another responsible legislator expires, the personal data will be blocked or deleted routinely and in accordance with legal regulations.

Data protection for applications and the application process

The person responsible for processing collects and processes the personal data of applicants for the purpose of processing the application process. The processing can also take place electronically. This is particularly the case if an applicant sends relevant application documents electronically, for example by email, to the person responsible for processing. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision is announced, provided that deletion does not conflict with any other legitimate interests of the person responsible for processing. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Security

We take numerous technical and organizational measures to protect your personal data against accidental or unlawful deletion, alteration or loss and against unauthorized disclosure or access.

However, internet-based data transfers, for example, can fundamentally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests that you send to us as the site operator. You can recognize an encrypted connection by the browser address bar changing from “http://” to “https://” and by the lock symbol in the browser bar.

If encryption is activated, the data you transmit to us cannot be read by third parties.

Collection of general data and information

Our website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server's log files. Can be recorded:

• the browser types and versions used,
• the operating system used by the accessing system,
• the website from which an accessing system accesses our website (so-called referrers),
• the sub-websites that are accessed via an accessing system on our website,
• the date and time of access to the website
• Web protocol address (IP address)
• the Internet service provider of the accessing system,
• other similar data and information that serves to avert danger in the event of attacks on our information technology systems

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to:

• To correctly deliver the contents of our website,
• to optimize the contents of our website and, if necessary, the advertising for them,
• to ensure the long-term functionality of our information technology systems and the technology of our website,
• to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack

We therefore evaluate this collected data and information statistically and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

This data will not be merged with other data sources.

This data is collected on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose the server log files must be recorded.

Inquiries by email, telephone or fax

If you contact us by email, telephone or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Data transfer from forms

The data subject has the opportunity to register on the website of the controller by providing personal data for data transfer via forms. Which personal data is transmitted to the person responsible for processing results from the respective input mask used for the entries. The personal data entered by the person concerned are collected and stored exclusively for internal use by the person responsible for processing and for their own purposes. Data transmission from forms is always encrypted.

The data controller may arrange for transfer to one or more processors (e.g. a parcel service provider) who also uses the personal data exclusively for internal use attributable to the data controller.

Through the data transfer on the website of the controller, the IP address assigned by the data subject's Internet service provider (ISP) and the date and time of the transfer are also stored. This data is stored because this is the only way to prevent misuse of the services offered and, if necessary, to make it possible to investigate crimes and copyright infringements that have been committed. In this respect, the storage of this data is necessary to protect the data controller. In principle, this data will not be passed on to third parties unless there is a legal obligation to pass it on or if the transfer serves the purpose of criminal or legal prosecution.

The data subject's entries with the voluntary provision of personal data serves the purpose of the data controller to offer the data subject content or services that, due to the nature of the matter, can only be offered to these users.

This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Links to other websites

This website contains links to other websites (so-called external links).

As a provider, we are responsible for our own content in accordance with applicable European and national legislation. Links to the content provided by other providers must be distinguished from this own content. We have no influence on whether the operators of other websites comply with applicable European and national legal regulations. Please inform yourself about the data protection declarations provided on the respective website.

Cookies

In order to make our website user-friendly for you and optimally tailored to your needs, we use cookies. Cookies are small text files that are sent to your browser by a web server as soon as you visit a website and are stored locally on your device (PC, notebook, tablet, smartphone, etc.).

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This allows the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognized and identified via the unique cookie ID. This information is used to automatically recognize you when you visit the website again using the same device and to make navigation easier for you.

You can also consent or reject cookies - including for web tracking - via the settings of your web browser. You can configure your browser so that it generally refuses to accept cookies or you are informed in advance if a cookie is to be saved. In this case, however, the functionality of the website may be affected (for example when placing orders). Your browser also offers a function to delete cookies (for example via “Delete browser data”). This is possible in all common web browsers. You can find further information about this in the operating instructions or in the settings of your browser.

First-party cookies: First-party cookies refer to permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word “Party” refers to the domain from which the cookie comes. In contrast to third-party cookies, first-party cookies usually come from the website operator itself. They are therefore not accessible by browsers across domains. For example, website A issues a cookie A, which is not recognized by website B and can only be recognized by website A. This means that data cannot be passed on to third parties.

Third-party cookies: With a third-party cookie, the cookie is set and recorded by a third party. These cookies are mostly used by advertisers who use the cookies to collect information about website visitors through their advertising on other websites. These are data sets that are stored in the user's web browser when they visit a page with advertising. If he visits a page with advertising from the same provider again, he will be recognized.

Cookiebot

A web service from Cybot A/S, Havnegade 39, 1058 Copenhagen, DK (hereinafter referred to as “Cookiebot”) is loaded onto our website. Through Cookiebot we can inform you precisely and transparently about the use of cookies on our website. You will receive an up-to-date and data protection-compliant cookie notice and you can decide for yourself which cookies you would like to allow.

For this purpose, Cookiebot shows you a cookie list divided into functional groups when you visit for the first time. Here you can switch on cookies by clicking on the corresponding box. Please note that the technical cookies are saved when you access the website and the relevant box is preset. If you deselect technical cookies, the use of the website or individual functions on the website may be restricted or even impossible.

If you allow cookies, the following data will be transmitted to Cybot:

• IP address (in anonymized form, the last 3 digits are set to 0)
• date and time of your consent
• our website URL
• technical browser data
• encrypted, anonymous key the cookies you have allowed (as proof of consent)

The legal basis for the use of Cookiebot arises from our legitimate interest in functional cookie management and is therefore in accordance with Article 6 (1) (f) GDPR. A further legal basis arises from the fulfillment of data protection requirements in connection with cookies requiring consent (e.g. also through the “cookie ruling” of the European Court of Justice) and is therefore in accordance with Article 6 Paragraph 1 Letter c GDPR.

If you have consented to the setting of cookies when you visit this website, you can revoke your consent by accessing Cookiebot (see below) and deselecting the relevant cookie category. In addition to the revocation option via Cookiebot, you can deactivate cookies directly from a cookie provider or prevent the processing of data through browser plug-ins. An additional way to control the use of cookies is through the appropriate settings that you can make in most browsers.

Further information about “Cookiebot” and the company Cybot behind it can be found in the data protection declaration at https://www.cookiebot.com/de/privacy-policy/

Booking system OnePageBooking

We use the OnePageBooking service from HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin, for online room reservations. By clicking on one of the following buttons “Book now”, “Book apartment” or “Book”, a browser window opens which redirects you to the OnePageBooking website.

If you would like to book a room with us, in order to conclude the contract it is necessary that you provide your personal data, which we need to process your booking. Mandatory information required to process the contracts is marked separately; further information is voluntary. The data is entered into an input mask and transmitted to us and stored.

Data is also passed on to the relevant payment service providers. The data will only be passed on to third parties if the transfer is necessary for the purpose of contract processing or for billing purposes or to collect payment or if you have expressly consented. In this regard, we only pass on the necessary data. The data recipients are: the respective delivery/shipping company (passing on name and address), debt collection companies if the payment has to be collected (passing on name, address, order details), payment institutions for the purpose of collecting claims, if you have chosen direct debit as the payment method as well as payment service providers - depending on the choice of payment method.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. With regard to voluntary data, the legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR. There is an order processing agreement between us and HotelNetSolutions GmbH.

The mandatory information collected is necessary to fulfill the contract with the user (for the purpose of providing the goods or services and confirming the contents of the contract). We therefore use the data to answer your inquiries, to process your booking, if necessary to check your creditworthiness or collect a debt and for the purpose of the technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to investigate crimes.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after execution of the contract. However, we restrict processing after 6 years, i.e. H. Your data will only be used to comply with legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for 10 years thereafter (see above). With regard to the data provided voluntarily, we will delete the data six years after execution of the contract, provided that no further contract is concluded with the user during this time; In this case, the data will be deleted 6 years after the last contract was implemented.

If the data is necessary to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible unless contractual or legal obligations prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the data controller's database. With regard to voluntary data, you can declare your revocation to the person responsible at any time. In this case, the voluntary data will be deleted immediately.

Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/

Newsletter mailing

If you would like to receive the newsletter offered on the website, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter . No further data is collected or only collected on a voluntary basis. We use this data exclusively to send the requested information and for the purposes of statistical analysis of the newsletter campaigns.

When you open an email that has been sent, a file contained in the email (so-called “web beacon”) connects to our servers. This makes it possible to determine whether a newsletter message was opened and how many links were clicked. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients. If you do not want any analysis, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

Data processing is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the servers after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected.

Gstatic

A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded onto our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can prevent the collection and processing of your data by Gstatic by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of transferred data can be found in Google's data protection declaration: https://policies.google.com/privacy

Google Tag Manager

We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags from one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.

Further information about Google Tag Manager and Google's privacy policy can be found at the following link: https://policies.google.com/privacy

Google Analytics

If you have given your consent, Google Analytics, a web analysis service provided by Google LLC, will be used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Scope of processing

Google Analytics uses cookies that enable analysis of your use of our websites. The information collected by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

We use Google Signals. This means that Google Analytics collects additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.

We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.

During your website visit, the following data, among others, is collected:

• the pages you access, your “click path”
• achievement of “website goals” (conversions, e.g. newsletter registrations, downloads, purchases)
• your user behavior (e.g. clicks, length of stay, bounce rates)
• your approximate location (region)
• your IP address ( in abbreviated form)
• technical information about your browser and the devices you use (e.g. language setting, screen resolution)
• your internet provider
• the referrer URL (via which website/which advertising medium you used to come to this website)

purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous) use of the website and to compile reports on website activities. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipient

is the recipient of the data

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

as a processor. For this purpose, we have concluded an order processing agreement with Google. Google LLC, based in California, USA, and possibly US authorities can access the data stored by Google.

Transfer to third countries

A transfer of data to the USA cannot be ruled out.

Storage period

The data we send and linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google

• Do not give your consent to the setting of the cookie
• or download and install the browser add-on to deactivate Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de

You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser to reject all cookies, functionality on this and other websites may be limited.

The legal basis and possibility of revocation for this data processing is your consent, Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings [https://www.sylc.de/cookie-policy/] and changing your selection there.

Further information on the terms of use of Google Analytics and data protection at Google can be found at https://www.google.com/analytics/terms/de.html and at https://policies.google.com/?hl=de

Google Maps

This website uses the “Google Maps” service from Google to display maps or map sections and thus enables you to conveniently use the map function on the website. The Google Maps Geocoding API is used to determine and display locations. Google Maps is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in the “Access data” section is transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button.

The legal basis for the use of Google Maps is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. We have no knowledge of how long Google stores your data and have no ability to influence it.

Further information on the purpose and scope of processing by the plug-in provider can be found in Google's data protection declarations. There you will also find further information about your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy

Further information on the terms of use of Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html

Google Fonts

Google Fonts (https://fonts.google.com/) are used to visually improve the presentation of various information on this website. When the page is accessed, the web fonts are transferred to the browser's cache so that they can be used for display.

When the website is accessed, no cookies are stored for the website visitor. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating its execution in your browser or installing a script blocker in your browser. If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system's standard font.

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

Information about the data protection conditions of Google Fonts can be found at: https://developers.google.com/fonts/faq#Privacy

General information on data protection is available in the Google Privacy Center at: https://policies.google.com/privacy

Google Ads

We use “Google Ads” (formerly Google AdWords), a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”) on our website. Google Ads enables us to draw attention to our attractive offers using advertising materials on external websites. This allows us to determine how successful individual advertising measures are. These advertising materials are delivered by Google via so-called “AdServers”. For this purpose, we use so-called ad server cookies, through which certain parameters can be measured to measure success, such as display of ads or clicks by users. If you reach our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored for this cookie as analysis values: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wants to be addressed). These cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular, we cannot identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. As far as we know, Google receives the information that you have accessed the relevant part of our website or clicked on an advertisement from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and store your IP address.

We use Google Ads for marketing and optimization purposes, in particular to show ads that are relevant and interesting to you, to improve campaign performance reporting and to achieve a fair calculation of advertising costs. The legal basis for the use of Google Ads is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can prevent the installation of these cookies by refusing your consent to the storage of these cookies when you enter the website, deleting existing cookies or deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to fully use all functions of our website. It is also possible to prevent the storage of cookies by setting your web browser so that cookies from the domain “www.googleadservices.com” are blocked (https://www.google.de/settings/ads). Please note that this setting will be deleted if you delete your cookies.

You can also deactivate interest-based ads via the link http://optout.aboutads.info. We would like to point out that this setting will also be deleted if you delete your cookies.

Informationen des Drittanbieters: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Irland

Further information about Google's use of data, settings and objection options, and data protection can be found on the following Google websites:

Data protection declaration: https://policies.google.com/privacy

Google Website Statistics: https://services.google.com/sitestats/de.html

Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The legal basis for the use of Google Conversion Tracking is your consent in accordance with Article 6 Paragraph 1 Letter a GDPR. Consent can be revoked at any time.

You can find more information about Google conversion tracking in Google's data protection regulations: https://policies.google.com/privacy?hl=de.

Google DoubleClick

A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: DoubleClick) is loaded onto our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to DoubleClick.

You can prevent DoubleClick from collecting and processing your data by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The legal basis for the use of Google Double Click is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of transferred data can be found in DoubleClick's data protection declaration: https://policies.google.com/privacy

Google

A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland is loaded onto our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of transferred data can be found in Google's data protection declaration: https://policies.google.com/privacy

Microsoft Advertising (ehemals Bing Ads)

Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Advertising will place a cookie on your computer if you have reached our website via a Microsoft Advertising ad. In this way, Microsoft Advertising and we can recognize that someone clicked on an ad, was redirected to our website and reached a predetermined landing page (conversion page). We only find out the total number of users who, for example, clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is shared. If you do not want to take part in the tracking process, you can also refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies.

The legal basis for the use of Microsoft Advertising is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

Further information about data protection and the cookies used by Microsoft Bing can be found on the Microsoft website:

https://privacy.microsoft.com/de-de/privacystatement

Facebook Pixel und Facebook Custom Audiences

On our website we use the so-called “Facebook pixel” from the company “Facebook” (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Using the Facebook pixel, we can classify visitors to our website into specific target groups in order to be able to display relevant advertising (“Ads”) to you on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked, possibly pixel IDs and other characteristics) cannot be viewed by us, but can only be used when displaying certain advertisements. Cookies are also set as part of the use of the Facebook pixel code.

If you have a Facebook account and are logged in, your visit to this website will be assigned to your Facebook user account.

We also use the remarketing function “Custom Audiences” from the company “Facebook”. This means that users of the website can be shown interest-based advertisements (“Facebook Ads”) when they visit Facebook or other websites that also use this procedure. Our interest is to show you advertising that matches your interests in order to make our website more interesting for you.

In order to exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of ours accessed our website or clicked on an advertisement from us. If you are registered with a “Facebook” service, “Facebook” can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will find out and store your IP address and other identifying features.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel

More information about Facebook's data policy can be found at https://www.facebook.com/policy.php

Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy

We use these functions to be able to provide you with advertising offers that match your interests. We process your data because you have consented to this (Art. 6 Para. 1 lit. a GDPR) or we have a legitimate interest in processing the data (Art. 6 Para. 1 lit. f GDPR).

We store your data as long as we need it for the respective purpose (display of interest-based advertising) or you have not objected to the storage of your data or withdrawn your consent.

The “Facebook Custom Audiences” function can be deactivated for logged in users at https://www.facebook.com/settings/?tab=ads#.

You can change your advertising settings in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, provided you are logged in to Facebook.

Optinmonster

OptinMonster is a plugin from Retyp LLC, 7732 Maywood Crest Dr., West Palm Beach, FL 33412, USA. This allows us to provide our visitors with additional offers via a pop-up layer on our website, for example to enable them to register their email address in a newsletter or to point out promotions.

OptinMonster uses cookies for this purpose. Personal data is only collected through an active action by the customer (e.g. the customer registers for the newsletter via a pop-up). OptinMonster does not store the collected data on its own servers, but rather forwards such data directly to us.

The legal basis for the use of OptinMonster is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. We have a legitimate interest in providing visitors to our website with additional offers. The data entered into a form is processed exclusively on the basis of the consent given, Article 6 Paragraph 1 Sentence 1 Letter a GDPR. The consent given to the use and storage of the data can be revoked at any time. The revocation does not affect the lawfulness of the data processing that has already taken place.

We have concluded an order processing contract with OptinMonster, in which we oblige OptinMonster to protect your data in accordance with the applicable provisions of the GDPR.

The setting of the cookies required to use the plugin can be prevented by deleting any existing cookies and deactivating the automatic setting of cookies in the web browser settings.

Further information and details on how OptinMonster handles personal data can be found in OptinMonster's privacy policy. https://optinmonster.com/privacy/.

Taboola

This website uses technologies from Taboola, Inc., 1115 Broadway, 7th Floor, New York, NY 10010, USA. Taboola uses cookies to determine what content you use and which of our websites you visit if you clicked on a Taboola advertisement to reach our website.

This procedure is used to evaluate the effectiveness of the advertisements for statistical and market research purposes and can help to optimize future advertising measures. These usage profiles do not allow any conclusions to be drawn about you personally and are anonymous to us.

Taboola collects the following user information using cookies:

• Operating system of the user
• Visited websites/content on our websites
• Referrer/link through which the user came to our website
• Time and number of website views
• Views of error pages
• Location information (city and state)
• IP addresses in shortened form

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website. You can also prevent the installation of cookies by setting your browser software accordingly. We would like to point out that you may then not be able to fully use all of the functions of our website. This varies from browser to browser.

For more information about Taboola, please visit https://www.taboola.com/policies/privacy-policy

There you can deactivate tracking at any time in the “User Choices and Opting Out” section. Once you have opted out, you will no longer receive any personalized content or advertising.

TrustYou

This website uses tools to load current customer reviews of our hotel from the review portal trustyou.de (TrustYou GmbH, TrustYou Headquarters, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich) and display them on the website. For this purpose, the IP address is transferred to the rating portal server. Customer reviews are displayed in the interest of providing comprehensive, neutral information about our hotel.

The TrustYou widget is used in the interest of presenting the reviews of our hotel submitted on TrustYou.

The legal basis for the use of the TrustYou widget is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can find more information about how TrustYou handles user data in TrustYou’s privacy policy at:

https://www.trustyou.com/downloads/privacy-policy.pdf

Name and address of the person responsible:

The person responsible within the meaning of the EU General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

sylc. Apartmenthotel GmbH

Kühnehöfe 3

22761 Hamburg

Phone:  49(0)40 - 298 439 00

Website: www.sylc.de

E-Mail: office@sicon-gmbh.de

Managing Director: Holger Siegel

Name and address of the data protection officer:

SHIELD GmbH

Martin Vogel

Ohlrattweg 5

25497 Prisdorf

Phone:  49 (0) 4101 - 80 50 600

E-Mail: info@shield-datenschutz.de

Hamburg, April 2021

Information about the host:

Amazon Web Services (AWS) Germany GmbH

Krausenstr. 38

10117 Berlin

Germany

The servers used for data storage by Amazon Web Services are located in Frankfurt/Main, Germany, and are subject to the data protection laws of the national and European legislator. Amazon Web Services also handles your data in accordance with the relevant legal provisions. The privacy policy of Amazon Web Services can be accessed at the following link: https://aws.amazon.com/de/privacy/

Changes to the privacy policy

We reserve the right to change our privacy practices and this Privacy Policy to adapt to changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the data protection declaration.

Our social media presence

Data processing through social networks

We maintain publicly accessible social media profiles. You can find the social networks we use in detail below.

Social networks such as Facebook, Twitter, etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. LikeButtons or advertising banners). Visiting our social media presence triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot understand all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection regulations of the respective social media portals.

Legal basis

Our social media presence is intended to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a DSGVO).

Responsible person and assertion of rights

If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data transferability and complaints) both against us as well as against the operator of the respective social media portal (e.g. Facebook).

Please note that despite our shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the collected data will also be transferred to the USA and other third countries.

We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

Instagram

We have a profile on Instagram. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875.

Pinterest

We have a profile on Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Details on how they handle your personal data can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy