Privacy Policy
Thank you for visiting our website. In the privacy policy, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
Controller
The controller for the data processing described below is named in the imprint.
Usage data
When you visit our websites, our web server temporarily evaluates so-called usage data for statistical purposes in order to improve the quality of our website. This data consists of the following data categories:
- the name and address of the requested content,
- the date and time of the query,
- the amount of data transferred,
- the access status (content transferred, content not found),
- the description of the used web browser and operating system,
- the referral link, which indicates from which page you reached ours,
- the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
The aforementioned log data will be evaluated anonymously.
The legal basis for the processing of usage data is Art. 6 (1) (f) GDPR. The processing is based on the legitimate interest of providing the contents of the website and ensuring a device- and browser-optimised display.
Storage of IP adresses for security purposes
In addition, we store the complete IP address transmitted by your web browser with strict purpose limitation for a period of seven days in the legitimate interest of being able to detect, limit and eliminate attacks on our websites. We delete or anonymize the IP address when this period has expired. The legal basis for the processing is Art. 6 (1) (f) GDPR.
Data security
In order to protect your data as comprehensively as possible from unwanted access, we implement technical and organisational measures. These measures include encryption procedures on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
Necessary cookies
We use cookies on our websites, which are necessary for using our websites.
Cookies are small text files that can be stored on and extracted from your device. There is a difference between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored for more than the duration of the session.
We do not use these necessary cookies for analysis, tracking or advertising purposes.
In some cases, these cookies only contain information on certain settings and are not linked to a person. They may also be necessary to enable user guidance, security and operating of the site.
The legal basis for using these cookies is our legitimate interest according to Art. 6 (1) (f) GDPR.
You can set your browser to inform you about the use of cookies. You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings. Please note that if you delete certain cookies, our websites may not be displayed correctly and some functions may no longer be available.
Consent banner
We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to provide you with our content according to your preferences and to be able to prove your consent(s). The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This ensures that it is kept for further website visits and that your consents continue to be traceable. You can find more information about this under the section “Necessary cookies”.
Matomo
We use the web analysis tool “Matomo” to design our websites in accordance with the needs of our visitors. Matomo creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and accessed by us. This allows us to recognise returning visitors and count them as such.
The data processing is based on your consent, provided that you have given your consent via our banner.
You can withdraw your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.
The cookies set are deleted or no longer processed after 13 months or after you withdrew your consent.
| Cookie | Zweck | Speicherdauer |
| _pk_id | Speichert Informationen über den Besucher inklusive der User-ID | 393 Tage |
| _pk_ses. | Speichert die ursprüngliche Herkunft (referrer) des Besuchers auf unsere Webseite | 1 Tag |
Registration & Online Booking
On our website, you have the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us. Additionally, you have the option to make a reservation using the booking function. The following contact details are processed for this purpose: name, email (mandatory field), and telephone number (optional or mandatory field). Furthermore, you may provide additional information voluntarily in the free text field. You decide which data you voluntarily disclose to us and the service providers involved for the purpose of reservation. The legal basis for this data processing is Art. 6(1)(b), Art. 9(2)(a) of the GDPR, if sensitive data is processed. You can revoke your consent at any time with effect for the future by emailing hello@johnandwill-hotel.com. We process the data you enter here exclusively for the purpose of registration or reservation and only for as long as necessary for this purpose, unless there are legal or technically required retention obligations. In the context of the reservation process, we are supported by our partner company Guldsmeden Hotels, Gullfossgade 4, 2300 Copenhagen S. If you make a reservation, you will be automatically redirected to a booking page. For this purpose, a contract for data processing according to Art. 28(3) GDPR has been concluded with the partner company.
Contact form
You may contact us via our contact form. In order to use our contact form, we first require the data marked as mandatory.
The legal basis for this processing is Art. 6 (1) (f) GDPR in order to respond to your request.
Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no legal retention obligations in conflict to that. Usually this is the case XX days after handling the request.
Concerning the processing according to Art. 6 (1) (f) GDPR, you have the right to object at any time. To do so, please contact the e-mail address stated in the imprint.
Map services
On our websites, we embed map services that are not stored on our servers. To ensure that calling up our websites with embedded map services does not automatically lead to the reloading of content of the third-party provider, in a first step, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information.
Only after clicking on the preview image the content of the third-party provider will be reloaded. The third-party provider is therefore able to obtain the information that you have accessed our site as well as the usage data that is technically required in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission that contents from the third-party provider are reloaded.
The embedding is based on your consent, provided you have given your consent by clicking on the preview image.
Please note that the embedding of some map services results in that your data will be processed outside the EU or EEA (in particular the USA). If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.
If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the thumbnails any more.
| Anbieter | Maximale Speicherdauer | Angemessenes Datenschutzniveau | Widerruf der Einwilligung |
| 6 Monate | Für Übermittlungen in die USA ist ein angemessenes Datenschutzniveau aufgrund der Zertifizierung des Anbieters unter dem Angemessenheitsbeschluss (EU-U.S. Data Privacy Framework) gewährleistet. | Wenn Sie ein Vorschaubild angeklickt haben, werden die Inhalte des Drittanbieters sofort nachgeladen. Wenn Sie ein solches Nachladen auf anderen Seiten nicht wünschen, klicken Sie bitte die Vorschaubilder nicht mehr an. |
Application by e-mail
You have the oportunity to apply for the positions we offer or to send us an unsolicited application via the following e-mail address recruiting@ueberseeinsel.de. You yourself determine the scope of the data that you transmit to us as part of your e-mail application. However, in order to be able to consider your application, at least the following information is required: name, address, e-mail address, letter of application or name of the desired position, CV, certificates and qualifications.
We process this information exclusively for the purpose of selecting applicants in accordance with § 26 (1) sentence 1 BDSG (German Federal Data Protection Act, „Bundesdatenschutzgesetz“), as this is necessary for the decision on the establishment of an employment relationship. Data processing for other purposes does not take place.
In addition, you can decide for yourself whether you would like to provide us with further information, e.g. your hobbies, your date of birth, your telephone number or a photo of yourself. The provision of this data is voluntary and not mandatory for your application. If you include voluntary data in your e-mail application, we process this data on the basis of your consent in accordance with Art. 6 Para. (1) (a) GDPR in conjunction with § 26 (2) BDSG. You can withdraw your consent at any time with effect for the future. To do so, please contact the controller for the data processing named in the imprint.
We will handle your data confidentially. If necessary, we use processors that are strictly bound by instructions and who support us e.g. in the areas of IT and with whom separate data processing agreements have been concluded. Besides that your data will not be passed on. If an employment contract is concluded after the application process, we store the data from your application that is required for your employment relationship. The legal basis for this processing is § 26 (1) sentence 1 BDSG. If your application is not successful, your data will be deleted after six months. The processing until deletion takes place in our legitimate interest to be able to defend us against any claims relating to the application. We only process the personal data that you provide to us as part of the application process.
In the event that we may also consider your application for other or future job advertisements, please indicate this on your application. We will then process your data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 26 (2) BDSG for a period of x years. You can withdraw your consent at any time with effect for the future. To do so, please contact the controller for the data processing named in the imprint.
Storage period
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.
Data processors
We share your data with service providers that support us in the operation of our websites and the associated processes as part of data processing on behalf of the controller pursuant to Art. 28 GDPR. These are, for example, hosting service providers. Our service providers are strictly bounded by our instructions and are contractually obligated accordingly.
In the following, we will name the processors with whom we work, if we have not already done so in the above text of the data protection declaration. If data may be processed outside the EU or the EEA in this context, we inform you about this in the following table.
| Auftragsverarbeiter | Zweck | Angemessenes Datenschutzniveau |
| Plutex GmbH (Deutschland) |
Webhosting | Verarbeitung nur innerhalb EU/EWR |
Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data of you is being processed; if this is the case, you have the right to obtain information about the processed personal data and to receive the information listed in detail in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to request the rectification of any inaccurate personal data relating to you and, where applicable, the completion of any incomplete data, without delay.
Right to erasure (Art. 17 GDPR)
You have the right to request the erasure of your personal data without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing, for the duration of the assessment by the controller, if one of the requirements listed in Art. 18 GDPR is met, e.g. if you have objected to the processing.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party.
Right to withdraw consent (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal of the consent only effective for the future. Processing that took place before the withdrawal is not affected.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) (e) GDPR (data processing for the protection of public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular witha supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.
Asserting your rights
Unless otherwise described above, please contact the controller of the data processing named in the imprint to assert your rights as a data subject.
Contact details of our data protection officer
Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: https://www.dsn-group.de/
E-mail: office@datenschutz-nord.de
If you contact our data protection officer, please also state the controller for the data processing named in the imprint.