Data protection

GENERAL INFORMATION

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data means any data by which you can be identified personally. You can find detailed information concerning data protection in the privacy policy that follows this text.

DATA COLLECTION ON OUR WEBSITE

Who is the controller responsible for data collection on this website?

Data processing on this website is done by the owner of the website. You can find their contact details in the legal notice on this website.

How we collect your data

For one thing, your data are collected when you communicate them to us. This may be data you enter in a contact form.

Other data are collected automatically by our IT systems when you visit our website. These are mostly technical data (e.g., web browser, operating system or time of access to a page). The collection of these data happens automatically as soon as you enter our website.

How we use your data

Some of the data are collected to ensure the smooth running of the website. Other data can be used for analysing your user behaviour.

Your rights regarding your data

You have the right to obtain information about the source, recipient and purpose of your personal data stored by us at any time free of charge. You also have the right to obtain the rectification, blocking or erasure of these data. Regarding this and other questions concerning data protection, you can contact us at any time at the address given in the legal notice. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

ANALYTICS TOOLS AND THIRD-PARTY TOOLS

When you visit our website, your surfing behaviour may be analysed statistically. This is done mostly by means of cookies and analytics programs. Your surfing behaviour is generally analysed anonymously; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find more detail on this in the following privacy policy.

You can object to this analysis. We will inform you of your options for objecting in this privacy policy.

GENERAL AND MANDATORY INFORMATION

DATA PROTECTION

The owners of these websites take the protection of your personal data very seriously. We will keep your personal data confidential and handle them in accordance with statutory provisions on data protection as well as this privacy policy.

When you use this website, various personal data are collected. Personal data means any data by which you can be identified personally. This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this is done.

Please note that transferring data over the internet (e.g., when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

INFORMATION REGARDING THE CONTROLLER

The controller for data processing on this website is:

StrandGut Resort GmbH & Co. KG

Am Kurbad 2
25826 St. Peter-Ording

Telephone +49 (0)4863 / 9999-0
Email info@strandgut-resort.de

Managing Directors Joern U. Sroka, Karsten Werner

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses and the like).

WITHDRAWAL OF YOUR CONSENT TO DATA PROCESSING

Many instances of data processing are possible only with your express consent. You can withdraw any consent already given at any time. You can do this by sending us an informal message by email. The withdrawal of consent shall not affect the lawfulness of data processing based on consent before its withdrawal.

RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY

In the event of an infringement of data protection law, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the state data protection commissioner of the federal state in which our business has its registered office. You can find a list of the data protection commissioners and their contact details by following this link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

RIGHT TO DATA PORTABILITY

You have the right to receive the data which we process automatically based on your consent or in the performance of a contract or have them transmitted to a third party in a commonly used, machine-readable format. Where you request the direct transmission of the data to another controller, this will be done only where technically feasible.

ACCESS, BLOCKING, ERASURE

Under applicable legal provisions, you have the right, at any time and free of charge, of access to your personal data stored by us and to information about their source and recipients and the purposes of the data processing and, where appropriate, a right to rectification, blocking or erasure of these data. Regarding this and other questions concerning personal data, you can contact us at any time at the address given in the legal notice.

OBJECTION TO MARKETING EMAILS

We hereby object to the use of our contact details, as published under the obligation to provide a legal notice, for sending us marketing and information materials not expressly solicited by us. The owners of this website reserve the right to take legal action in the event of being sent unsolicited marketing information, for example in the form of spam emails.

DATA PROTECTION OFFICER

DATA PROTECTION OFFICER REQUIRED BY LAW

We have designated a data protection officer for our business.

Carsten H. Petersen
- external data protection officer -
Dänische Schanze 3
25876 Ramstedt

Tel.: 04884 909353
Fax: 04884 909354
Mobil: 01736327071
E-Mail: dsb@capee.de

DATA COLLECTION ON OUR WEBSITE

COOKIES

Some of our web pages use cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, more efficient and more secure. Cookies are small text files stored on your computer and used by your browser.

Most of the cookies we use are ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain on your terminal until you delete them. These cookies allows us to recognise your browser when you next visit.

You can configure your browser such that you are informed when cookies are set and allow cookies only in individual cases, refuse cookies in certain cases or generally and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. the shopping basket function) are stored on the basis of point (f) of Art.6(1) of the GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free presentation and optimisation of its services. Where other cookies (such as cookies for analysing your surfing behaviour) are stored, these are dealt with separately in the privacy policy.

SERVER LOG FILES

The provider of the website automatically collects and stores information in server log files which are transmitted to us automatically by your browser. These include:

  • Type and version of the browser used
  • Operating system used
  • Referrer URL
  • Host name of the computer accessing the website
  • Time of the server request
  • IP address

This data is not combined with other data sources.

The basis for this data processing is point (f) of Art.6(1) of the GDPR, which allows processing of data for the performance of a contract or in order to take steps prior to entering into a contract.

CONTACT FORM

If you send us requests via a contact form, your information from the request form including the contact details given there will be stored by us for the purpose of dealing with your request and any further questions. We will not pass these data on to others without your consent.

The processing of the data entered into the contact form is therefore solely on the basis of your consent in accordance with point (a) of Art.6(1) of the GDPR. You can withdraw this consent at any time. You can do this by sending us an informal message by email. The withdrawal of consent shall not affect the lawfulness of data processing based on consent before its withdrawal.

The data entered into the contact form by you will remain with us until you request their erasure, withdraw your consent to their storage or the purpose for which the data were stored no longer applies (e.g., when your enquiry has been dealt with). Mandatory statutory provisions – in particular retention periods – remain unaffected.

For security reasons and to protect confidential contents such as orders or queries which you send to us as owners of the site, this site uses SSL or TLS encryption with the latest encryption protocol TLS v1.2. You can tell an encrypted connection by the fact that the address bar of your browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser bar.

When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.

PROCESSING DATA (CUSTOMER AND CONTRACT DATA)

We collect, process and use personal data only where they are necessary for establishing, developing or changing the legal relationship (inventory data). The basis for this data processing is point (b) of Art.6(1) of the GDPR, which allows processing of data for the performance of a contract or in order to take steps prior to entering into a contract. We only collect, process and use personal data about the use of our websites (user data) where this is necessary to make the service available to a user or issue invoices for it.

The customer data collected will be erased on fulfilment of the order or on termination of the business relation.Statutory retention periods remain unaffected.

DATA TRANSMISSION AT CONCLUSION OF CONTRACT FOR ONLINE SHOPS, TRADERS AND DISPATCH OF GOODS

We will only transmit personal data to third parties where this is necessary for the performance of a contract, such as to the business entrusted with the delivery of the goods or the bank processing the payment. No further transmission of the data will be carried out unless you have expressly agreed to such transmission. Your data will not be transferred to third parties, e.g. for marketing purposes, unless you have given your express consent.

The basis for this data processing is point (b) of Art.6(1) of the GDPR, which allows processing of data for the performance of a contract or in order to take steps prior to entering into a contract.

ANALYTICS TOOLS AND MARKETING

GOOGLE ANALYTICS

This website uses functions of the web analytics service Google Analytics. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

Google Analytics uses ‘cookies’. They are text files stored on your computer that allow the analysis of your use of the website. The information generated by the cookie concerning your use of this website is usually transmitted to a Google server in the US and stored there.

The basis for the storage of Google Analytics cookies is point (f) of Art.6(1) of the GDPR. The owner of the website has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or other states party to the Agreement on the European Economic Area before it is transmitted to the US. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activities and to provide other services relating to the use of the website and the internet to the website operator. The IPaddress transmitted by your browser in connection with Google Analytics will not be merged with any other Google data.

Browser plug-in

You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, please note that, in this case, you may not be able to make full use of all the functions of this website. In addition, you can prevent the collection of the data created by the cookie and related to your use of the website (including your IP address) as well as the processing of such data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent Google Analytics from collecting your data on this website by clicking on the link below. An opt-out cookie will be set which will prevent any future collection of your data when you visit this website: Deactivate Google Analytics.

You can find more information about how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Third-party data processing

We have entered into a contract for data processing with Google and in using Google Analytics fully implement the strict guidelines of the German data protection authorities.

Demographics and Interests in Google Analytics

This website uses the ‘Demographics and Interests’ function in Google Analytics. This allows for the compilation of reports containing information about age, gender and interests of website visitors. These data originate from advertisements by Google based on users’ interests and from third-party user data. These data cannot be attributed to a specific person. You can deactivate this function at any time in the display settings in your Google account or refuse the collection of data by Google Analytics entirely, as described in the section ‘Objection to data collection’.

GOOGLE ANALYTICS REMARKETING

Our websites use Google Analytics Remarketing functions in connection with the cross-device functions of Google AdWords and Google DoubleClick. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

This function allows linking the advertising target groups compiled by Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, personalised advertising messages based on your interests that have been customised for you as a result of your earlier user and surfing behaviour on one device (e.g. mobile) can also be displayed on another of your devices (e.g. tablet or PC).

If you have given consent to this, Google will, for this purpose, link your web and app browser history to your Google account. In this way, the same personalised advertising messages can be activated on each device on which you log in to your Google account.

To support this function, Google Analytics collects Google-authenticated user IDs which are temporarily linked with our Google Analytics data in order to define and compile target groups for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; to do so follow this link: https://www.google.com/settings/ads/onweb/.

The data collected are combined in your Google account solely on the basis of your consent which you may give to or withdraw from Google (point (a) of Art.6(1) of the GDPR). In the case of data collection processes not merged in your Google account (e.g. if you do not have a Google account or have objected to the merger), the basis for the data collection will be point (f) of Art.6(1) of the GDPR. The legitimate interest arises because the owner of the website has an interest in the anonymised analysis of website users for marketing purposes.

You can find further information and data protection guidelines in Google’s privacy policy at: https://www.google.com/policies/technologies/ads/.

GOOGLE ADWORDS AND GOOGLE CONVERSION TRACKING

This website uses Google AdWords. AdWords is an online advertising programme of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (‘Google’).

Within Google AdWords, we use conversion tracking. When you click on an advertisement activated by Google, a conversion tracking cookie will be set. Cookies are small text files stored on the user’s computer by the web browser. These cookies expire after 30 days and are not used for the personal identification of users. If a user visits certain pages of the website and the cookie has not yet expired, Google and we ourselves can see that the user has clicked on the ad and was forwarded to that page.

Each Google AdWords customer receives a different cookie. It is thus not possible to track cookies through the websites of AdWords customers. The information obtained using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers receive information on the total number of users who have clicked on their ad and have been forwarded to a web page with a conversion tracking tag. They do not, however, receive any information which can be used for the personal identification of users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in the user settings of your web browser. This means that you will not be included in the conversion tracking statistics.

The basis for the storage of ‘conversion cookies’ is point (f) of Art.6(1) of the GDPR. The owner of the website has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

You can find more information on Google AdWords and Google Conversion Tracking in Google’s privacy policy: https://www.google.de/policies/privacy/.

You can configure your browser such that you are informed when cookies are set and allow cookies only in individual cases, refuse cookies in certain cases or generally and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited.

META-PIXEL (FORMERLY FACEBOOK-PIXEL)

This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Facebook's privacy policy:

https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active


NEWSLETTER

NEWSLETTER DATA

You have the option to subscribe to our newsletter on our website. For registration we ask for the following data from you:

  • Title (optional)
  • First name and surname (optional)
  • Email address (mandatory)

You can give us your name but you do not have to. If you tell us your name, we will use it to address you personally.

Furthermore, we store your IP address when you order the newsletter.

After registration, you will receive an email sent to the email address you provided with a request to click on a link in the email to confirm your registration for the newsletter. Your email address will only be activated for sending the newsletter once you have confirmed it (double opt-in procedure).

Of course, you can revoke your consent with effect for the future or object to the further processing of your personal data for sending the newsletter at any time by clicking the “Unsubscribe” link provided for this purpose in the newsletter itself or by sending us a message in text form to the contact details above.
Your data will then be deleted from the mailing list and the newsletter will no longer be sent. The data records proving the double opt-in procedure or your declaration of consent under data protection law as well as your revocation or objection will then be stored for another 6 years in accordance with point (e) of Art. 17(3) of the GDPR. During this time, however, your personal data will be blocked against further processing.

ANALYSIS OF NEWSLETTER USE

We record the usage behaviour of our newsletter subscribers as soon as they open the newsletter, thus collecting the following usage data:

  • Status (newsletter opened, date and time),
  • Clicked links (to articles, advertisements etc.)

The analysis is not personalised.

This is done to improve our newsletter.

PLUGINS AND TOOLS

YOUTUBE

Our website uses plugins by YouTube, a site operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States.

If you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is made. In this way, this server receives information about which of our web pages you have visited.

If you are logged in to your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

Our use of YouTube is in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of point (f) of Art.6(1) of the GDPR.

You can find further information about how user data are handled in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

VIMEO

Our website uses plugins by the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages equipped with a Vimeo plugin, a connection to Vimeo’s servers is made. In this way, the Vimeo server receives information about which of our web pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged in to your Vimeo account, you allow Vimeo to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your Vimeo account.

You can find further information about how user data are handled in Vimeo’s privacy policy at: https://vimeo.com/privacy.

GOOGLE WEB FONTS

For the uniform presentation of fonts, this website uses web fonts provided by Google. When you access a page, your browser will load the web fonts required in your browser cache in order to display text and fonts correctly.

To that end, your browser needs to connect to Google’s servers. In this way, Google is made aware that our website has been accessed from your IP address. Our use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of point (f) of Art.6(1) of the GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

You can find further information on Google Web Fonts at developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

GOOGLE MAPS

The page uses the map service Google Maps via an API. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

Our use of Google Maps is in the interest of an appealing presentation of our online services and to make it easy to find the places we refer to on the website. This constitutes a legitimate interest within the meaning of point (f) of Art.6(1) of the GDPR.

You can find further information about how user data are handled in Google’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.

SOUNDCLOUD

Plugins by the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, Great Britain) may be integrated on our pages. You can recognise the SoundCloud plugins by the SoundCloud logo on the pages concerned.

When you visit our pages, a direct connection is established between your browser and the SoundCloud server after the plugin is activated. This means SoundCloud receives the information that you have visited our site with your IP address. If you click the “Like” or “Share” button while logged into your SoundCloud user account, you can link and/or share the content of our pages with your SoundCloud profile. This allows SoundCloud to allocate this visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by SoundCloud. You can find further information in this regard in SoundCloud’s privacy policy at: https://soundcloud.com/pages/privacy.

If you do not want SoundCloud to allocate the visit to our pages to your SoundCloud user account, please log out of your SoundCloud user account before activating SoundCloud plugin content.

PAYMENT PROVIDERS

PAYPAL

On our website we offer, among other things, payment by PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (subsequently “PayPal”).

If you select payment by PayPal, the payment data you enter will be transmitted to PayPal.

The transmission of your data to PayPal is based on point (a) of Art.6(1) of the GDPR (consent) and point (b) of Art.6(1) of the GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. Revocation does not affect the validity of past data processing operations.

SOFORTÜBERWEISUNG

On our website we offer, among other things, payment by “Sofortüberweisung”. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (subsequently “Sofort GmbH”).

With the help of the “Sofortüberweisung” transaction, we receive payment confirmation from Sofort GmbH in real time and can begin to fulfil our obligations immediately.

If you have chosen the payment method “Sofortüberweisung”, you transmit the PIN and a valid TAN to Sofort GmbH, with which they can log into your online banking account. Sofort GmbH automatically checks your account balance after logging in and carries out the transfer to us using the TAN you transmitted. It then immediately sends us a transaction confirmation. After logging in, your balance, your overdraft facility credit line and the existence of other accounts and their balances are also checked automatically.

In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), email address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts.

The transmission of your data to Sofort GmbH is based on point (a) of Art.6(1) of the GDPR (consent) and point (b) of Art.6(1) of the GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. Revocation does not affect the validity of past data processing operations.

For details on payment by Sofortüberweisung, please see the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

APPLICATION FORM

Scope of application

The following data protection information is aimed at all persons who apply to StrandGut Resort GmbH & Co. KG (permanent position, temporary help, internship, apprenticeship)

Purposes of data processing

We process the data that you send us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process.

This involves the following categories of data (depending on the position you are applying for)

- Name and address of the applicant, with photo if applicable

- Contact details: Telephone, cell phone, e-mail

- Personal data: date of birth, place of birth, nationality, language skills, marital status, driving license, hobbies, gender, hotel or catering-related skills

- School education and knowledge/skills: School leaving certificate, training, studies, further education and training, certificates and evidence

- Previous employers and experience related to the position

- Type of employment and general availability

- Cover letter

Legal basis for data processing

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted.

Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion of or defense against claims.

Information for underage applicants

If you are under the age of 16, we require a signature from your legal guardian(s) for the above-mentioned activity for which you have applied. We also require a signature from your legal guardian(s) on the required consents

If you are between 16 and 18 years old, in addition to your own signature, we also require a signature from your legal guardian(s) for the above-mentioned activity for which you have applied. In addition to your own signature, we also require an additional signature from your legal guardian(s) on the required consents.

Storage period / retention

If you have applied for a specific job advertisement or submitted an unsolicited application and received a rejection, the data will be deleted no later than 6 months after the end of the application process. If an employment relationship is established, parts of the application required for the employment relationship will be transferred to the personnel file.

In the event that you were not considered for a position in this application process, but you have consented in writing to further storage of your personal data for future application processes, we will transfer your data to our applicant pool. This data will be deleted after a further 12 months if no employment relationship has been established.

If you have given us your consent, you have the right to revoke your declaration of consent under data protection law at any time. Please send your revocation by e-mail to info@strandgut-resort.de or by post to Strandgut Resort GmbH & Co. KG, Am Kurbad 2, 25863 St. Peter-Ording. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To which recipients will the data be forwarded?

Your application data will be reviewed by the HR department after we receive your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The further process is then coordinated. Within the company, only those persons have access to your data who need it for the proper execution of our application process.

Where is the data processed?

If you apply via the employment agency, StepStone, jobs.sh or similar, the data protection information of the respective provider applies accordingly. Your application will be received there and forwarded to us. 

If your application is sent by post or e-mail, the data will be stored and processed on our own server systems. Otherwise, the data will not be transmitted to third parties or disclosed to third parties.


AMENDMENTS TO OUR PRIVACY POLICY

To ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be amended due to new or revised services, for example new services. The new privacy policy will then take effect the next time you visit our website.