Data protection

We are pleased that you are visiting our website and thank you for your interest in our hotel. The protection of personal data is a matter of great importance to us. Therefore, the processing of personal data, such as name, address, email address, or phone number of an individual, is carried out in accordance with applicable European and national legal regulations.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally seek the consent of the individual concerned.

You can, of course, revoke your consent declaration(s) at any time with future effect. Please contact the responsible party for this purpose. The contact details can be found in the lower part of this privacy policy.

The following information is provided by VVB Vierländer Betriebsgesellschaft mbH & Co. KG (hereinafter referred to as ‘Zollenspieker Fährhaus’) to inform the public about the nature, scope, and purpose of the personal data processed by them. Furthermore, individuals are informed about their rights through this privacy policy.

Definitions

The privacy policy of Zollenspieker Fährhaus is based on the terms used by the European legislator when adopting the EU General Data Protection Regulation (hereinafter referred to as ‘EU-GDPR’). Our privacy policy is intended to be easily readable and understandable for both the public and our guests and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy and on our website, we use, among others, the following terms:

Personal data includes all information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing means any operation or series of operations, whether or not carried out by automated means, in connection with personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing

Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

Pseudonymization is the processing of personal data in a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data is not attributed to an identified or identifiable natural person.

The controller, or data controller, is the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its nomination may be provided for by Union law or the law of a Member State.

Processor , or data processor, is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

Recipient is a natural or legal person, authority, agency, or other entity to whom personal data are disclosed, whether or not they are a third party. However, authorities receiving personal data in the framework of a particular inquiry in accordance with Union law or the law of Member States shall not be considered recipients.

third party is any natural or legal person, public authority, agency, or other entity, other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data.

Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her for a specific purpose.

Registraiton

The data subject has the opportunity to register on the website of the data controller by providing personal data. The specific personal data transmitted to the data controller is determined by the respective input mask used for registration. The personal data entered by the data subject is collected and stored solely for internal use by the data controller and for its own purposes. The data controller may arrange for the data to be disclosed to one or more processors (such as a parcel service), who will also use the personal data exclusively for internal purposes attributable to the data controller.

By registering on the website of the data controller, the IP address assigned by the Internet service provider (ISP) to the data subject, along with the date and time of registration, is also stored. The storage of this data is done against the background that it is the only way to prevent misuse of our services and, if necessary, to enable the investigation of committed offenses and copyright infringements. In this respect, the storage of this data is necessary to secure the data controller. Generally, this data is not disclosed to third parties unless there is a legal obligation to do so or the disclosure serves criminal or legal prosecution.

The registration of the data subject, with voluntary provision of personal data, is intended for the data controller to offer content or services to the data subject that can only be offered to registered users due to the nature of the matter. Registered individuals are free to request the complete deletion of the personal data provided during registration from the data controller’s database.

The data controller provides any data subject with information at any time upon request regarding which personal data about the data subject is stored. Furthermore, the data controller corrects or deletes personal data upon the request or notice of the data subject, as long as there are no legal storage obligations standing in the way.

Contact

Personal data is also processed by Zollenspieker Fährhaus when you provide this information voluntarily. This occurs, for example, every time you contact us. The personal data transmitted in this way will, of course, be used exclusively for the purpose for which you provide it to us when contacting us. The provision of this information is expressly on a voluntary basis and with your consent. In the case of communication channel details (such as email address, phone number), you also consent that we may contact you through these communication channels, if necessary, to respond to your inquiry.

Security

The Zollenspieker Fährhaus implements numerous technical and organizational measures to protect your personal data against accidental or unlawful deletion, alteration, loss, and unauthorized disclosure or access.

Nevertheless, internet-based data transmissions, for example, can inherently have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, it is at the discretion of each data subject to transmit personal data to us through alternative means, such as by telephone.

Links to other Websites

This website contains links to other websites (so-called external links).

Zollenspieker Fährhaus is responsible as a provider for its own content in accordance with applicable European and national legal regulations. Links to content provided by other providers are to be distinguished from these own contents. We have no influence on whether the operators of other websites comply with the applicable European and national legal regulations. Please inform yourself about the privacy policies provided on the respective website. Zollenspieker Fährhaus assumes no responsibility for external content provided for use via links and marked accordingly, and does not endorse their content. The provider of the website to which reference is made is solely liable for illegal, incorrect, or incomplete content, as well as for damages resulting from the use or non-use of the information.

Cookies

To make our website user-friendly and tailored to your needs, we use cookies. Cookies are small text files that are sent by a web server to your browser and stored locally on your device (PC, notebook, tablet, smartphone, etc.) as soon as you visit a website.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie, consisting of a string that can be assigned to specific web browsers in which the cookie was stored. This allows the visited websites and servers to distinguish the individual browser of the data subject from other web browsers that contain different cookies. A specific web browser can be recognized and identified again via the unique cookie ID. This information is used to automatically recognize you and facilitate navigation when you revisit the website with the same device.

You can give or withdraw your consent for cookies, including web tracking, through the settings of your web browser. You can configure your browser to generally refuse the acceptance of cookies or to notify you in advance when a cookie is about to be stored. However, in this case, the functionality of the website may be impaired (e.g., during orders). Your browser also provides a function to delete cookies (e.g., via “Clear browsing data”). This is possible in all common web browsers. You can find further information in the user manual or in the settings of your browser.

Collection of general data and information

With each visit to the Zollenspieker Fährhaus website by a data subject or an automated system, the website collects a range of general data and information. These general data and information are stored in the server’s log files. The following can be collected:

The types and versions of browsers used
The operating system used by the accessing system
The website from which an accessing system reaches our website (so-called referrer)
The subpages accessed via an accessing system on our website
The date and time of access to the website
A web protocol address (IP address)
The internet service provider of the accessing system
Other similar data and information that serve to prevent risks in the event of attacks on our information technology systems
When using this general data and information, Zollenspieker Fährhaus does not draw any conclusions about the data subject. Instead, this information is needed to:

Deliver the content of our website correctly
Optimize the content of our website and its advertising
Ensure the permanent functionality of our information technology systems and the technology of our website
Provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack
This anonymously collected data is evaluated by Zollenspieker Fährhaus both statistically and with the aim of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.

Routine deletion and blocking of personal data

The data controller processes (in this sense, also: stores) personal data of the data subject only for the period necessary to achieve the purpose of storage or as stipulated by the European legislator or another legislator in laws or regulations to which the data controller is subject.

Once the purpose of storage is no longer applicable or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal regulations.

Rights of the data subject

Right to confirmation: Every data subject has the right to request confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact the data controller at any time.

Right to information:

Every person affected by the processing of personal data has the right to obtain, at any time, from the data controller, free information about the personal data stored about them, as well as a copy of this information. Furthermore, the European legislator grants the data subject the right to information about the following:

the purposes of the processing
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially for recipients in third countries or international organizations
if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration
the existence of the right to correction or deletion of personal data concerning them or to restriction of processing by the data controller, or the right to object to such processing
the right to lodge a complaint with a supervisory authority
if the personal data is not collected from the data subject: all available information about the origin of the data
the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the EU General Data Protection Regulation (EU-GDPR), and — at least in these cases — meaningful information about the logic involved, as well as the scope and intended consequences of such processing for the data subject
Furthermore, the data subject has the right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right to information, they can contact the data controller at any time.

Right of rectification:

Every person affected by the processing of personal data has the right to demand the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data — also by means of a supplementary statement.

If a data subject wishes to exercise this right to rectification, they can contact the data controller at any time.

Right to erasure (Right to be forgotten): Every person affected by the processing of personal data has the right to request the data controller to immediately delete the personal data concerning them if one of the following reasons applies and to the extent that the processing is not necessary:

The personal data was collected or otherwise processed for purposes that are no longer necessary.
The data subject withdraws their consent, on which the processing was based according to Art. 6(1)(a) EU-GDPR or Art. 9(2)(a) EU-GDPR, and there is no other legal basis for the processing.
The data subject objects to the processing in accordance with Art. 21(1) EU-GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21(2) EU-GDPR.
The personal data has been processed unlawfully.
The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.
The personal data was collected in relation to services offered by the information society in accordance with Art. 8(1) EU-GDPR.
If one of the above-mentioned reasons applies and a data subject wants to request the deletion of personal data stored at Zollenspieker Fährhaus, they can contact the data controller at any time. The data subject’s deletion request will then be promptly fulfilled.

If Zollenspieker Fährhaus has made the personal data public and our company, as the data controller, is obliged to delete the personal data in accordance with Art. 17(1) EU-GDPR, Zollenspieker Fährhaus will take reasonable measures, including technical measures, taking into account the available technology and implementation costs, to inform other data controllers who process the published personal data that the data subject has requested from them the deletion of all links to this personal data or of copies or replications of this personal data, to the extent that processing is not necessary. The data controller responsible for the processing will then arrange for what is necessary in each individual case.

Right of restriction of processing: J

Every individual affected by the processing of personal data has the right to request the restriction of processing from the data controller under the following conditions:

The accuracy of the personal data is contested by the individual, for a period enabling the data controller to verify the accuracy of the personal data.

The processing is unlawful, and the individual opposes the erasure of the personal data and requests instead the restriction of its use.

The data controller no longer needs the personal data for the purposes of processing, but the individual requires it for the establishment, exercise, or defense of legal claims.

The individual has objected to processing pursuant to Article 21(1) of the EU General Data Protection Regulation (EU GDPR), pending the verification of whether the legitimate grounds of the data controller override those of the individual.

If any of the aforementioned conditions are met, and an individual wishes to request the restriction of personal data stored at Zollenspieker Fährhaus, they can contact the data controller at any time. The restriction of processing will then be promptly implemented.

Right to Data Portability:

Every individual affected by the processing of personal data has the right to receive their personal data, which they provided to a data controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another data controller without hindrance from the data controller to whom the personal data was provided, as long as the processing is based on consent pursuant to Article 6(1)(a) EU GDPR or Article 9(2)(a) EU GDPR, or on a contract pursuant to Article 6(1)(b) EU GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Furthermore, in exercising their right to data portability pursuant to Article 20(1) EU GDPR, individuals have the right to have their personal data transmitted directly from one data controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

To assert the right to data portability, individuals can contact the data controller at any time.

Right to object:

Automated Decisions on an Individual Basis, Including Profiling:

Every individual affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except where the decision:

is necessary for entering into or performing a contract between the individual and the data controller,
is authorized by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard the rights, freedoms, and legitimate interests of the individual, or
is made with the explicit consent of the individual.

If the decision is necessary for entering into or performing a contract between the individual and the data controller or is made with the explicit consent of the individual, Zollenspieker Fährhaus shall implement suitable measures to safeguard the rights, freedoms, and legitimate interests of the individual, which includes at least the right to obtain human intervention on the part of the data controller, to express one’s point of view, and to contest the decision.

If the individual wishes to exercise rights related to automated decisions, they can contact the data controller at any time.

Right to Withdraw Consent to Data Processing:Every individual affected by the processing of personal data has the right to withdraw their consent for the processing of personal data at any time. If the individual wishes to exercise their right to withdraw consent, they can contact the data controller at any time.

Data Protection in Job Applications and the Application Process

The data controller collects and processes the personal data of job applicants for the purpose of handling the application process. The processing can also be done electronically, especially when an applicant submits relevant application documents electronically, for example, via email, to the data controller. If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal regulations. If no employment contract is concluded between the data controller and the applicant, the application documents will be automatically deleted six months after the decision to reject the application is communicated, provided that there are no other legitimate interests of the data controller that oppose deletion. Another legitimate interest in this context could be, for instance, the obligation to provide evidence in a proceeding under the General Equal Treatment Act (AGG).

Data Protection Provisions for the Use of Google Analytics (with anonymization function:

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” which are text files stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by adjusting your browser software accordingly; however, please note that in this case, you may not be able to use all the features of this website to their full extent. Furthermore, you can prevent Google’s collection and processing of data generated by the cookie related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en

You can prevent the collection by Google Analytics by clicking on the link below. This will install an “opt-out cookie” in your browser, preventing the collection of your data when you visit this website in the future:

Google Analytics deaktivieren

For more information on terms of use and data protection, please visit Google Analytics Terms of Service or Google’s Privacy Policy

Given the ongoing discussion about the use of analytics tools with complete IP addresses, Zollenspieker Fährhaus would like to point out that, to exclude the identification of a natural person, IP addresses on this website are only processed to a limited extent, as we use Google Analytics with the extension “_anonymizeIp()”.

Social Plugins

Our website offers you an additional service called a Social Plugin, enabling interaction with the social service Facebook. To prevent unwanted transmission of your usage data, please log out of these services beforehand.

The following explanations apply to all Social Plugins mentioned and offered here:

When you visit our website and use a Social Plugin, your browser establishes a direct connection to the servers of the mentioned services. As a result, the content of the plugin is transmitted to your browser and integrated into the displayed website. This information, indicating that you have visited our website, is then forwarded to these services. If you are logged into your personal Facebook account during your visit to our website, this service can associate the website visit with that account. By interacting with plugins, such as clicking the “Like” button, “Sharing,” leaving a comment, etc., this relevant information is directly transmitted to these services and stored there.

The extent to which this data is collected and analyzed is beyond our control.

For the purpose and scope of data collection by Facebook, as well as the subsequent processing and use of your data, and your related rights and privacy settings, please refer to the privacy policy of the service directly at: https://www.facebook.com/about/privacy

Use of Google Maps

This website uses Google Maps for displaying maps and creating directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing, and use of data automatically collected or entered by you by Google, its representatives, or third parties. You can find the terms of use for Google Maps under the Google Maps Terms of Service.

Name and address of the data controller:

Responsible party within the meaning of the EU General Data Protection Regulation (EU GDPR), other data protection laws applicable in the Member States of the European Union, and other provisions with a data protection character is:

VVB Vierländer Betriebsgesellschaft mbH & Co. KG
Zollenspieker Hauptdeich 141
21037 Hamburg
Telefon: +49 (0)40 793133-0
Telefax: +49 (0)40 793133-88
E-Mail: info(at)zf-elbe.de
www.zollenspieker-faehrhaus.de

Please replace (at) with @ when sending an email. The writing style we use is intended to protect against spam.

Geschäftsführer:
André Egger, Karoline Pospiech

Name and address of the Data Protection Office:

SHIELD GmbH
Martin Vogel
Perleberger Str. 10b
25421 Pinneberg
Telefon: +49 (0) 4101 / 77 44 70
E-Mail: info(at)shield-datenschutz.de

Please replace (at) with @ when sending an email. The writing style we use is intended to protect against spam.

Hamburg, May 2018

Changes to the Privacy Policy

We reserve the right to modify our privacy practices and this policy to adapt them, if necessary, to changes in relevant laws or regulations or to better meet your needs. Any changes to our privacy practices will be announced accordingly at this location. Please check the current version date of the privacy policy for reference.