Strandhotel Sylt Logo

Privacy policy

Purpose of This Policy

Below we inform you about the collection of personal data when using our website as well as in connection with your stay at the hotel. Personal data includes all data that can be related to you personally, e.g. name, address, email addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

1. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Operating company:
HRG Hospitality B.V. & Co. KG
Hauptstraße 66
D-12159 Berlin
Germany

Contact details of the Data Protection Officer

Intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
Germany

Phone: +49 40 790 235-0
Email: dataprivacy@hrg-hotels.com

You can reach our data protection officer at the above address with the addition “Data Protection Officer”. The HRG Hospitality B.V. & Co. KG and its subsidiaries and affiliated companies are an affiliated company of the Revo Hospitality Group pursuant to § 15 AktG.

2. General Information on Data Processing

Scope of processing personal data: We generally only process personal data of our users to the extent that this is necessary to provide a functional website as well as our services in connection with your hotel stay. Personal data is used exclusively within the framework of statutory data protection provisions, such as the General Data Protection Regulation (“GDPR”), the Federal Data Protection Act (“BDSG”), and the Telecommunications-Digital Services Act (“TDDDG”). Our employees and service providers are obligated to comply with data protection regulations.

The legal basis for processing personal data may include in particular: your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR, if you have given your consent; contract performance pursuant to Art. 6 (1) sentence 1 lit. b) GDPR, if processing is necessary for the performance of a contract with you and any accompanying persons/participants; a legal obligation pursuant to Art. 6 (1) sentence 1 lit. c) GDPR; vital interests pursuant to Art. 6 (1) sentence 1 lit. d) GDPR; or legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) GDPR, if processing is necessary to safeguard a legitimate interest of the company, unless the interests or fundamental rights of the data subjects prevail.

In connection with the provision of the website and our services, various personal data is collected and processed, which we inform you about below.

3. Provision of the Website

The website is hosted on servers by a service provider commissioned by us. The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when visiting the website. The stored information includes: browser type and version, operating system used, referrer URL, website accessed by the user’s system through our website, date and time of the server request, IP address.

This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) lit. f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimization of their website — to achieve this, the server log files must be collected. The server location of the website is geographically in Germany. Therefore, no data is transferred to the USA, and an adequate level of data protection is ensured. Data collected in this context is deleted once storage is no longer necessary unless statutory retention requirements exist.

Further information on data processing by Kinsta Inc. can be found here: https://kinsta.com/legal/privacy-policy/

4. Booking and Reservation as well as Payment Processing

In the course of our activities in connection with booking/reservation requests, various data necessary for the conclusion of the contract may be processed, such as first and last name, address, other contact details, and payment data. The legal basis is the conclusion and performance of a contract with you and your accompanying persons according to Art. 6 (1) lit. b) GDPR. The data is stored for the duration of the contract and in accordance with statutory obligations.

To process payments, various payment service providers are used. These are always indicated and receive your personal data directly as part of the payment process. The legal basis for involving payment service providers is contract processing under Art. 6 (1) lit. b) GDPR. Data is stored for the duration of payment processing and in accordance with statutory obligations.

5. Contact Form

When you contact us by email or via a contact form, the data you provide (your email address and name) is stored by us to answer your questions. Where we request information via our contact form that is not required for contacting us, we always mark it as optional. This information helps us to process your request more precisely and efficiently. Providing this information is expressly voluntary and based on your consent according to Art. 6 (1) lit. a) GDPR. If this includes information about communication channels (e.g. email address, telephone number), you also consent to us contacting you via those channels to respond to your request. You may withdraw your consent at any time with effect for the future.

Data collected in this context is deleted once storage is no longer necessary unless statutory retention obligations exist.

6. Hotel Stays, Guest Registration and Events

In the context of hotel stays, guest registrations, and events, various personal data of you and other guests/participants are collected that are required in this context, such as first and last name, address, date of birth, nationality (if applicable), and other data necessary for the execution of the accommodation or event. Data processing is carried out based on Art. 6 (1) lit. b) GDPR for fulfilling the accommodation/event contract and other offered services, including payment processing. Data is stored for the duration of the contract and according to legal obligations.

Processing also occurs based on Art. 6 (1) lit. c) GDPR to fulfil legal obligations, especially under §§ 29f Federal Registration Act, and under Art. 6 (1) lit. f) GDPR based on our legitimate interests in providing and personalizing our services, meeting guest preferences within our group, communicating with you, and fulfilling our business purposes.

This particularly includes activities related to: bookings and reservations (including online bookings via third parties), check-in and check-out processes, communication with you including handling inquiries or complaints, invoicing and accounting, guest services, fitness, wellness and leisure facilities, collecting and transmitting registration data under the Federal Registration Act, hotel security (video surveillance, documenting and handling incidents), providing personalized services including arrangements with third-party providers on behalf of guests, managing services and access such as WLAN access, and preparation/execution of events. If you have given consent under Art. 6 (1) lit. a GDPR, processing is based on that consent, which you may withdraw at any time. Data in this context is deleted once no longer necessary unless statutory retention obligations exist.

7. General Business Processes and Customer Support

General information such as first and last name, address, contact details, and other information arising in connection with general business operations and customer support (e.g. personal preferences) may be collected. Data processing is based on Art. 6 (1) lit. b) GDPR for fulfilling the accommodation/event contract and other services, as well as Art. 6 (1) lit. f) GDPR based on our legitimate interests in providing and personalizing services, meeting guest preferences within our group, communicating with you, and fulfilling our business purposes. Data is stored for the duration of the contract and in accordance with statutory obligations.

This includes in particular: customer support, handling complaints and inquiries, security measures including fraud prevention, provision and improvement of services, and processing related to corporate restructuring and transactions.

If you have given consent pursuant to Art. 6 (1) lit. a) GDPR, processing is based on that consent, which you may withdraw at any time with effect for the future. Data is deleted once no longer needed unless statutory retention obligations exist.

8. Emergency and Incident Management

As part of emergency and incident management and in connection with compliance requirements, we collect general information such as name, address, contact details, and other information necessary for managing emergencies and incidents, e.g. details required to describe a security incident to authorities. Data processing is based on Art. 6 (1) lit. b) GDPR to fulfil the contract… This includes evidence preservation, managing emergencies/incidents including communication with authorities, emergency services, and medical providers.

Data collected in this context is deleted once no longer necessary unless statutory retention obligations exist.

9. Guest Services and Marketing

As part of guest services and marketing, we collect general information such as first and last name, address, contact details, and other information relating to inquiries and preferences. This includes in particular: communication about the program and rewards offers, personalized service offers, execution of personalized services, promotions, and other actions… Data processing is based on Art. 6 (1) lit. b) GDPR to fulfil the contract, and Art. 6 (1) lit. f) GDPR based on our legitimate interests in providing and personalizing services, meeting guest preferences within the HR Group, communicating with you, and fulfilling our business purposes. If you have given consent pursuant to Art. 6 (1) lit. a) GDPR, processing is based on that consent… Data is deleted when storage is no longer necessary unless statutory retention obligations exist.

Use of Corporate Profiles on Social and Professional Networks

We use company profiles on social and professional networks for communication and information exchange with (potential) customers.

Joint responsibility: As operators of these pages, we are jointly responsible with the respective network operator pursuant to Art. 4 no. 7 GDPR. We have concluded corresponding data protection agreements. Based on joint responsibility, we inform you pursuant to Art. 26 GDPR about the essential aspects of the agreement between us and the network:

Further information on objection and removal options regarding providers of social/professional networks can be found here:

10. Data Deletion and Storage Duration

Personal data is deleted or blocked as soon as it is no longer required for the purposes for which it was collected and processed. Storage beyond this period occurs only if required by European or national legislation…

11. Data Recipients

Personal data is only shared with third parties for the purposes listed here…

12. Transfer to Third Countries

If data is transferred to recipients outside the European Economic Area (“EEA”)…

13. Your Rights

You have the following rights regarding your personal data…

14. Changes to This Privacy Policy

We reserve the right to change or update this privacy policy at any time in compliance with applicable data protection laws…

Last updated: 03/2025