288 verified reviews


Name of controller
Inselloft OHG
Marc & Jens Brune

Address of controller 
Schwachhauser Heerstr. 88, 28209 Bremen
Telefon: +49 421 16500 00
Telefax: +49 421 16500-85
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Internet: www.inselloft-norderney.de

Purpose and legal basis for the collection, processing and use of the data

Pursuant to Article 6 (1) (b) of the General Data Protection Regulation (GDPR), based on your enquiry / contract

  • Processing of enquiries and information requests
  • Hotel & restaurant reservations
  • Retention of documents over the compulsory retention periods laid down in the German Commercial Code / Fiscal Code
  • Preparation and processing of employment contracts
  • Preparation and processing of employment contracts

Pursuant to Article 6 (1) (a) of GDPR, based on the consent given by you

  • Sending information of interest about services and special offers

Pursuant to Article 6 (1) (f) of GDPR, based on legitimate interests

  • CCTV surveillance is limited exclusively to the collection of evidence in cases of vandalism, housebreaking, burglary, hold-up, or other criminal offences. The existence and use of CCTV cameras are indicated by respective warning notices.

Description of the categories of data subjects/categories of personal data
Personal data is collected, processed and used essentially in relation to the following categories of persons:

  • Guests (in particular address data, reservation data, requests by guests, billing data)
  • Customers (in particular address data, contractual data, billing and service data)
  • Potential customers (in particular interest in accommodation, interest in space and room rentals, address data)
  • Employees, job applicants, boarding providers (certain personnel and payroll data)
  • Intermediaries/brokers/agencies (in particular address, billing and service data)
  • Business partners, external service providers (in particular address, billing and service data)
  • Suppliers (in particular address, billing, service and functional data)
  • Non-assignable category of persons: CCTV recordings where and as required for fulfilling above-mentioned purposes.

    Categories of recipients to which data may be disclosed Hotels, boarding houses
    and other accommodation facilities have the right to collect and store personal data of their guests by automated processes to the extent required within the scope of the accommodation contract. Generally, this also includes billing data for meals and beverages, phone calls from the room and/or other specific hotel services. The statutory reporting regulations require hotels and accommodation providers to obtain details of their guests and their guests’ family members, such as place of residence, data of birth and nationality.und die Staatsangehörigkeit ihrer Gäste und deren Familienangehörigen zu erfragen.

Data may also be forwarded to other recipients as follows:

  • Public bodies receiving data according to statutory regulations (e.g. social insurance carriers)
  • Internal departments involved in the execution and performance of business processes and transactions (e.g. human resources / personnel management, accounting, marketing, sales, IT)
  • External contractors (service providers) as may be assigned to such tasks
  • Other external entities (e.g. banks, intermediary agencies in the context of their brokerage activities, affiliated group companies insofar as the data subjects have given their written consent or as such disclosure is permissible for overriding legitimate interest), and partner companies within the scope of the activity ordered by the customer


Log files about user access to our web pages are registered on the servers, especially the fixed or dynamic IP address of the user, web pages visited, type of browser, referrer addresses, date and time of access. We have access t said files. The data contained in the log files is used for no purposes other than statistical evaluation. Users will not be identified – unless statutory obligation to the contrary.

 This website employs Google Analytics, which is a web analysis tool run by Google Inc. („Google“). Google uses cookies. The information generated by the cookies about how on-line pages are used by visitors is normally transmitted to and stored on a Google server based in the USA. Google will use such information on our behalf to analyse user access to our website, to compile reports about the activities within and across our web pages and to provide us with further services related to the use of this website and the Internet. The data may also be processed to create pseudonymised profiles of users.

This website uses Google Analytics with IP anonymisation only. Anonymisation means that Google will truncate any IP addresses of users within the member states of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area. In exceptional cases only, the full IP address will be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s Internet browser will not be merged with any other Google data.

Users can adjust their browser settings so as to prevent cookies from being stored; in order to ensure that the data produced by the cookie in relation to their use of the website are not captured and processed by Google, users can download and install the opt-out browser add-on available at: http://tools.google.com/dlpage/gaoptout?hl=en. To learn more about privacy in Google Analytics, please visit: https://www.google.com/analytics/learn/privacy.html?hl=en, general information on Google’s privacy policy can be obtained from: http://www.google.com/intl/en/policies/privacy

This website includes links to external websites not under our control. Therefore, we assume no liability for such third-party contents. The contents of third-party websites to which links are provided do not reflect the opinion of this website’s owner, but are referred to for background and contextual information only. The owners or providers of such external websites have exclusive responsibility for the contents of their web pages. The third-party web contents were verified for their lawfulness at the moment the link was placed and illicit or unlawful contents were not found. However, it cannot reasonably be expected that linked websites be checked on a permanent basis without any specific indication of infringements or illicit contents. Should we become aware of any infringements, we will immediately remove the links concerned.


Our website includes the option to pay via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). If you opt for payment via PayPal, the payment data entered by you will be communicated to PayPal. The communication of your data to PayPal is covered by Art. 6 (1) (a) of GDPR (Consent) and Art. 6 (1) (b) of GDPR (Processing for the performance of a contract). You have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the effectiveness of processing operations performed before such withdrawal.

Statutory time limits for data erasure

Various data retention obligations and storage periods are laid down in legislation. Data and datasets that are no longer required for contract performance (accommodation, rental and service contracts) will be erased at the end of the respective statutory periods. The commercial or financial data related to a closed fiscal year will be erased after another period of ten years pursuant to the German commercial or fiscal code, unless longer retention periods are mandatory or otherwise required for justified reasons. Shorter erasure periods are applicable to certain cases related to human resources and personnel management. This is especially true for rejected job applications or warning letters. Data will be erased without special notice as soon as the mentioned purposes cease to exist, unless specified to the contrary.
Registration forms are kept by the respective hotels and accommodation facilities for the statutory minimum retention periods according to the applicable registration law and will then be brought to destruction under specific precautions meeting the relevant data protection standards.

Data communication to third countries

Data will be forwarded to third parties only for the purposes of contract performance, necessary communication, or other exceptional cases expressly provided for in the Federal German Data Protection Act (BDSG).
Data is not, and is not planned to be, communicated to third countries, especially countries with data privacy standards below EU standards, or non-EU countries.

User’s right of data access and data rectification

Right of access:
Pursuant to Article 15 of GDPR, you have the right to request confirmation as to whether or not data concerning your person is being processed. Where that is the case, you can request access to the information being processed.

Right of withdrawal of consent:
Where processing of your personal is based on consent, you have the right to withdraw your consent at any time according to Article 7 of GDPR. Right to object: Where processing of your personal data is required to safeguard the legitimate interests of our entity, you have the right to object to such processing at any time according to Article 21 of GDPR.

Right to erasure:
In case you have withdrawn your consent, or have objected to the processing of your personal data (and there are no overriding legitimate grounds for the processing), or your personal data is no longer required for the processing, or there is a corresponding legal obligation, or your personal data has been processed unlawfully, you have the right to obtain the erasure of your personal data according to Article 17 of GDPR.

Right to rectification:
Where your personal data is inaccurate from processing, you have the right to obtain immediate correction of the data according to according to Article 16 of GDPR.

Right to restriction of processing:
Subject to the conditions laid down in Article 18 of GDPR, you have the right to obtain restriction of processing of your personal data.

Right to data portability:
According to Article 20 of GDPR, you have the right to receive the personal data which you provided in a structured, commonly used and machine-readable format.

Right of complaint:
Article 13 of GDPR gives you the right to lodge a complaint with the competent supervisory authority. If you wish to exercise your rights, you can contact us at the following e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it. The supervisory authority having competence in legal data protection matters is the Commissioner for Data Protection (Landesdatenschutzbeauftragte) of the regional state where our company has its registered head office. A list of the data protection commissioners in Germany and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Name and address of the data protection officer
Brune & Company
Schwachhauser Heerstr. 88
28209 Bremen
Telefon: 0421 165000
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest update 01.05.2018