Data Protection - according to the GDPR
Protection" at the bottom of our website.
I. Name and address of the responsible
The responsible party, within the meaning of basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:
unique by ATLANTIC Hotels Management GmbH
Telephone: +49 (0) 421 944888-0
Telefax: +49 (0) 421 944888-552
II. Name and address of the data protection officer
The data protection officer of the responsible party is:
SHIELD GmbH Datenschutz & Sicherheit
Managing Director: Martin Vogel
Phone: +49 (0) 4101 8050600
III. General data management
1. Scope of processing of personal data
We process personal data from our users principally only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly only carried out with their consent. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is required for our company, art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, art. 6 (1) (f) GDPR serves as legal basis for processing.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage expires. Additional storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
IV. Provision of the website and creation of logfiles
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- Information about the browser type and the version used
- The operating system of the users
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites accessed by the user's system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
3. Purpose of the data processing
The temporary storage by the system of the IP address is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
We have a justified interest in the processing of data for this purpose, according to Art. 6 (1) (f) GDPR.
In diesen Zwecken liegt auch unser berechtigtes Interesse an der Datenverarbeitung nach Art. 6 Abs. 1 lit. f DSGVO.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the session is completed. In the case of storing the data in log files, data is stored for no more than seven days. After one day, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.
5. Objection and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.
In this way, the following data is transmitted:
- IP address, age, gender, interests
- Activities on the website during the visit
- Frequency of page views
- Use of website features
- Origin / visitor source
Technical precautions pseudonymize the data of the users collected in this way. This makes it much more difficult to assign the data to the calling user and is only possible with the help of an appropriate "key". The data will not be stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the processing of personal data using is Art. 6 (1) (f) GDPR.
3. Purpose of the data processing
4. Duration of storage, objection and removal options
Cookies are stored on the computer of the user and transmitted by it to our page.
VI. Contact form and e-mail contact
1. Description and scope of data processing
Contact via the provided e-mail address is possible. In this case, the user's personal data that are transmitted by e-mail will be stored. In this context, data is not passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) (a) GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 (1) (b) GDPR.
3. Purpose of the data processing
The processing of the personal data from the input mask serves us only to establish contact with the user. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
5. Objection and removal possibility
The user has the option at any time to revoke his or her consent to the processing of the personal data. If the user contacts us by e-mail, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation cannot continue. You can always object to the storing of your data for the future by contacting email@example.com, by mail to unique by ATLANTIC Hotels Management GmbH, Ludwig-Roselius-Allee 2, 28329 Bremen or by phone +49 (0) 421 944888-0. All personal data stored in the course of the conversation will be deleted in this case.
XII. Rights of the affected person
If your personal data are processed, you are the person affected within the meaning of GDPR and you have the following rights vis-à-vis the data controller:
1. Right to information
You may ask the person responsible to confirm whether personal data concerning you is processed by us.
If your data is being processed, you can request information from the person responsible about the following information:
- the purposes for which the personal data are being processed;
- the categories of personal data being processed;
- the recipients or the categories of recipients to whom personal data concerning you have been disclosed or are being disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the data controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data, if the personal data is not collected from the data subject;
- the existence of automated decision-making, including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information is passed on to a third country or an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have a right to rectification and / or completion by the data controller, if your personal data being processed is incorrect or incomplete. The responsible person must make the correction immediately.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
- if you contest the accuracy of the information relating to you for a period of time, that allows the data controller to verify the accuracy of your personal information;
- the processing is unlawful, and you refuse the deletion of the personal data and instead demand restriction of the use of your personal data;
- the data controller no longer needs the personal data for the purposes of processing, but you need it in order to assert, exercise or defend legal claims; or
- if you have objected to the processing pursuant to Art. 21 (1) GDPR, and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of important public interests of the Union or a Member State. If the restriction of processing was restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You may demand that the controller delete your personal information immediately, and the controller is required to delete that information immediately if one of the following is true:
- Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, which the processing was based on according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for processing.
- You object to the processing according to Art. 21 (1) GDPR and there are no prior justifiable reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.
- Your personal data have been processed unlawfully.
- The deletion of personal data concerning you is required, in order to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you were collected in relation to information society services, pursuant to Article 8 (1) of the GDPR.
b) Information to third parties
If the data controller has made the personal data concerning you public and is required to delete them according to Article 17 (1) of the GDPR, he must take appropriate measures, including technical means, with due regard to available technology and implementation costs, to inform data controllers that you, the data subject, have requested the deletion of all links to such personal data or copies or replications of this personal data.
The right to erasure is not in force if the processing is necessary:
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
- to assert, exercise or defend legal claims.
5. Right to information
If you have the right of rectification, erasure or restriction of processing to the controller, he / she is obliged to notify all recipients, to whom your personal data have been disclosed, of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort. You have a right to be informed about these recipients by the data controller.
6. Right to Data Portability
You have the right to receive personally identifiable information that you provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
- the processing is based on consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract according to Art. 6 (1) (b) GDPR
- the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data are transmitted directly from one controller to another, as far as technically feasible. This situation should not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data, which occurs pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, to exercise your right to object through automated procedures that use technical specifications.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent before the revocation.
9. Automated decision in individual cases, including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or negatively affect you in a similar manner. This does not apply if the decision
- is required for the conclusion or performance of a contract between you and the controller,
- is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
- occurs with your express consent.
- However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) apply, and reasonable measures have been taken to protect your rights and freedoms and your legitimate interests.
- With regard to the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from the side of the controller, to present the case and to challenge the decision.
- Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen (State Data Protection and Freedom of Information Officer)
Arndtstraße 1, 27570 Bremerhaven
Tel.: +49 471 596 2010 oder +49 421 361 2010
Fax: +49 421 496 18495
VIII. Data protection notice for the job application process
The protection of your personal data is important to us. The unique by ATLANTIC Hotels Management GmbH collects, processes your applicant data on the basis of § 26 (1) sentence 1 of the Federal Data Protection Act new version (BDSG-new). The personal data you provide as part of the application process will be processed and used by unique by ATLANTIC Hotels Management GmbH exclusively for the purpose of applicant selection and recruitment.
We would like to point out that the transmission of personal data via e-mail is classified as insecure. Please make sure that you only send application documents by e-mail if you consider the risk to be low. You are welcome to send further documents that you do not wish to send by e-mail (such as medical reports and doctor’s certificates) by post or to submit them at the interview.
If your application is followed by the conclusion of a contract, your data will be stored and used within the scope of the usual organizational and administrative processes in compliance with the applicable legal regulations. If your application is not successful, your data will be deleted three months after completion of the application procedure on the basis of § 15 (4) of the General Equal Treatment Act (AGG).
Should you wish to submit an unsolicited application or wish to have unique by ATLANTIC Hotels Management GmbH keep your application documents for further vacancies after an unsuccessful application, we require written notification that we have been requested to save the application documents. unique by ATLANTIC Hotels Management GmbH will hold applications for further recruitment procedures for a maximum of 12 months.
1. Google analytics (with anonymization function)
The data controller has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about referrers - from which website the user came to the website, which subpages of the website were accessed, or how often and for how long a subpage was viewed. A web analysis is mainly used for optimization of a website and for cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
The controller uses the addition "gat.anonymizeIp" for web analytics via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject will be shortened and anonymized by Google, if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze streams of visitors on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are has already been explained above. Using this cookie makes it possible for Google to analyze the usage of our website. Each time one of the pages of this website, that is processed by the data controller and where a Google Analytics component is integrated, is accessed, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google receives information about personal data, such as the IP address of the person concerned, which among other things serves Google to track the origin of visitors and clicks, and subsequently to allow commission billing.
The cookie stores personal data, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.
The data subject can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time through the Internet browser or other software programs.
You can prevent collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website: Disable Google Analytics
This data protection declaration was created on the basis of the information provided by the data protection declaration generator of the DGD (Deutsche Gesellschaft für Datenschutz GmbH).