1. At a Glance: Privacy on This Website

General Information

The following section provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you. For detailed information, please refer to the full “Privacy Policy” below this summary.

Data Collection on This Website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found under the heading “Responsible Entity” in this Privacy Policy.

How do we collect your data?
Some of your data is collected when you provide it to us—for example, when you fill out a contact form.

Other data is collected automatically or with your consent when you visit the website, such as technical information (e.g. browser type, operating system, or time of access). This data collection occurs as soon as you enter this website.

For what purposes do we use your data?
Some of the data is required to ensure error-free operation of the website. Other data may be used to analyze user behavior.

What rights do you have regarding your data?
You have the right at any time to receive, free of charge, information on the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent for data processing, you can withdraw it at any time in the future. You also have the right, under certain circumstances, to request restriction of processing of your personal data, as well as a right to lodge a complaint with the competent supervisory authority.

For more information or questions regarding privacy, you may contact us at any time.

Analysis Tools and Third‑Party Tools

Your browsing behavior may be statistically analyzed during your visit, primarily using so‑called analytics tools. Detailed information on these tools is provided in the full Privacy Policy below.

2. Hosting

We host the content of our website with the following provider:

Host Europe
Provider: Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany (“Host Europe”). When you visit our website, Host Europe collects various log files including your IP address.

Please refer to the Host Europe Privacy Policy for details.
The use of Host Europe is based on Art. 6(1)(f) of the GDPR. We have a legitimate interest in ensuring reliable operation of our website. If consent has been obtained, processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TTDSG, as far as the consent covers cookie storage or access to information on the user’s device (e.g. device fingerprinting). Such consent is revocable at any time.

Order Processing
We have entered into a Data Processing Agreement (DPA) with the aforementioned service provider. This GDPR-required contract ensures that the provider processes personal data only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection
The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This Privacy Policy explains what data we collect, why, how, and for what purposes.

We would like to point out that data transmission over the Internet (e.g. via email) can have security vulnerabilities. A completely secure data transfer to third parties is not possible.

Responsible Entity

The responsible entity for data processing on this website is:

Eichhorns Betriebs GmbH
Edyta & Mike Eichhorn
Dorfstraße 219
25920 Risum-Lindholm, Germany

Phone: +49 4661 8564
Email: hotel@eichhorns.de

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage Duration

Unless otherwise specified in this Privacy Policy, your personal data will be stored by us until the purpose of data processing no longer applies. If you request deletion, or withdraw consent, your data will be erased unless we are legally required to retain it (e.g. due to tax or commercial law retention periods); in such a case, deletion will follow once those requirements expire.

Legal Basis for Processing

If you have consented to data processing, we rely on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR for special categories of data. Where consent was given for transfer to third countries, processing is additionally based on Art. 49(1)(a) GDPR. If consent covers cookies or device access, processing is also based on § 25(1) TTDSG. Consent is revocable. If processing is necessary for contract fulfillment or pre-contractual measures, we rely on Art. 6(1)(b) GDPR. For legal obligations, we rely on Art. 6(1)(c) GDPR. Processing based on our legitimate interests is under Art. 6(1)(f) GDPR. Specific legal bases are explained in the following sections of this Privacy Policy.

Data Transfer to the USA and Other Third Countries

We use tools from companies based in the USA or other countries without adequate data protection. When these tools are active, your personal data may be transferred and processed there. Data protection standards equivalent to those in the EU may not be guaranteed. US authorities may have to disclose data without recourse. We have no influence over such processing.

Revocation of Consent

Many processing operations require your explicit consent. You may withdraw your consent at any time. Processing prior to withdrawal remains lawful.

Objection Rights

If processing is based on Art. 6(1)(e) or (f) GDPR, you can object at any time for reasons relating to your particular situation. This includes profiling based on these provisions. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds. If data are processed for direct marketing, you have the right to object at any time. After an objection, your personal data will no longer be used for direct marketing purposes.

Right to Lodge a Complaint

You have the right to file a complaint with a supervisory authority, particularly in your EU member state, regarding any GDPR violations, independent of other legal remedies.

Right to Data Portability

You have the right to receive data processed automatically based on your consent or contract in a standard machine-readable format, and to request transfer to another controller if technically feasible.

Right to Rectification and Deletion

You may request free of charge information on your personal data, its origin, recipients, and purpose, and to correct or delete it. Please contact us for questions about your personal data.

Right to Restrict Processing

You have the right to request restriction of processing in certain cases (e.g. if accuracy is disputed or data are no longer needed). Restricted data may only be processed with consent, for legal claims, or for EU/Member State public interest reasons.

SSL/TLS Encryption
For security and protection of confidential content (e.g. orders or inquiries), we use SSL/TLS encryption. An encrypted connection is recognizable by “https://” and a padlock icon in your browser.

When SSL/TLS is active, data you transmit cannot be read by third parties.

Objection to Promotional Emails
Use of contact data published under imprint obligations for sending unsolicited advertising and informational materials is hereby objected to. The operators of this site reserve the right to take legal action in case of unsolicited advertising (e.g. spam emails).

4. Data Collection on This Website

Cookies

Our website uses so‑called “cookies”. Cookies are small data packets that cause no harm and can be session-based (deleted after each visit) or permanent (remain until manually deleted). Cookies may come from us (first‑party) or third parties (third‑party). Third‑party cookies enable integration of services such as payment processing.

Cookies perform different functions. Some are technically necessary (e.g. shopping cart or video display). Others are used for analyzing user behavior or for advertising.

Necessary cookies are stored based on Art. 6(1)(f) GDPR if no other legal basis is stated. If you consented to cookie storage and similar technologies, processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked.

You can configure your browser to be informed about or to block cookies, allow them selectively, or delete them automatically on browser close. Disabling cookies may limit website functionality.

Details of cookies and services used are included in the full Privacy Policy.

Consent via Complianz
We use Complianz consent technology to obtain and document your consent for cookie storage and other technologies. The provider is Complianz B.V., Kalmarweg 14‑5, 9723 JG Groningen, Netherlands (“Complianz”).

Complianz is hosted on our servers, so no connection is made to Complianz servers. A cookie is stored in your browser to record granted or withdrawn consents. Data are stored until you request deletion, delete the cookie, or the purpose no longer applies. Legal retention obligations remain unaffected.

Consent use is based on Art. 6(1)(c) GDPR.

Contact Form
When you send inquiries via contact form, data—including contact information—is stored to process your inquiry and for follow-up questions. We do not share these data without your consent.

Processing is based on Art. 6(1)(b) GDPR if related to a contract or pre-contractual measures. Otherwise, it’s based on our legitimate interest (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), which can be revoked. Data remain stored until you request deletion, withdraw consent, or purpose ends. Legal retention obligations remain.

Email, Telephone or Fax Inquiries
If you contact us via email, phone, or fax, your inquiry and personal data (e.g. name) will be stored and processed for the purpose of handling your request. These data are not shared without your consent.

Processing is based on Art. 6(1)(b) GDPR if related to contract fulfillment; otherwise on Art. 6(1)(f) GDPR or your consent (Art. 6(1)(a) GDPR), which can be withdrawn. Data are stored until deletion request, consent withdrawal, or end of purpose—legal retention obligations apply.

WhatsApp Communication
We use WhatsApp for communication. Provider: WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Communication is end‑to‑end encrypted, preventing third-party access to message contents. WhatsApp, however, accesses metadata (e.g. sender, recipient, time), and may share personal data with its US parent Meta. Details are in WhatsApp’s privacy policy.

Usage is based on our legitimate interest in fast, effective communication (Art. 6(1)(f) GDPR), or—if consent is obtained—on that consent, which is revocable.

Messages exchanged on WhatsApp remain until you request deletion, withdraw consent, or purpose ends. Legal retention obligations apply.

 

5. Plugins and Tools

Cloudflare Turnstile

We use Cloudflare Turnstile (“Turnstile”; Cloudflare Inc., San Francisco, CA, USA) on this website to check whether form submissions are human or automated bots. Turnstile analyzes user behavior (e.g. IP address, time spent, mouse movements). The data are shared with Cloudflare.

Processing is based on Art. 6(1)(f) GDPR. If consent was obtained, processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG; consent may be withdrawn at any time.

Data processing relies on standard contractual clauses; see details on Cloudflare’s website.

6. eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal data related to customer and contractual interactions. Usage data are collected only as needed for enabling or billing services. Legal basis: Art. 6(1)(b) GDPR.

Data are deleted after order completion or termination of business relationship and after any legally required retention periods.

Data Transmission in Service or Digital Content Contracts

We transmit personal data to third parties only when necessary for contract execution (e.g. payment service provider). Further data transfer occurs only with your explicit consent. No transfer for advertising purposes without consent. Legal basis: Art. 6(1)(b) GDPR.