Privacy Statement

Thank you for visiting our website. The following statement of our privacy policy explains how we handle your data, in accordance with Article 13 of the General Data Privacy Regulation (GDPR).

Name of the Controller:

The following party, as named in the Legal Notes section of the website, is the Controller, and as such is responsible for the data processing to be detailed below.

Purpose of Data Processing

Our website serves the following purposes

  • Providing information about our hotel and restaurant offerings
  • Processing of queries and requests
  • Reservations and bookings at our hotels & restaurants
  • Subscribing to a newsletter

User data

When you visit our websites, a log of usage data is kept temporarily stored on our webserver to allow for statistical analyses to improve the quality of our website. This record includes:

  • the name and address of the requested content,
  • date and time of the page request,
  • the transmitted volume of data,
  • the access status (content transmitted, content not found),
  • the description of the user’s web browser and operating system,
  • the referral link indicating the site from which you navigated,
  • the IP address of the requesting computer, shortened to prevent any association with a specific person.

The legal basis for processing of user data is Art. 6 Para 1.1(f) of the GDPR.


In accordance with Art. 6(1a) of the GDPR, our website uses cookies to provide a more convenient user experience. Cookies are small text files that are stored in a computer system and can be read by your browser.

On the home page of this website, you are offered the choice to accept all cookies, to accept no cookies or to customize your settings by allowing or denying specific cookies.

You can also configure your browser to inform you about the setting of cookies. This ensures that the use of cookies remains transparent. You can delete cookies at any time using your browser’s settings, or prevent the placement of new cookies. Please note that for technical reasons choosing to do so may prevent our website from functioning correctly, including the loss of some website functionality.

Google Analytics

To ensure that our website is designed appropriately for our users’ needs, we use the web analysis tool “Google Analytics.” Google Analytics creates pseudo-anonymous user profiles. To do so, permanent cookies that can be read upon each visit to our site are stored on your web browsing device. This allows use to recognize and count returning visitors.

Data processing related to this can take place outside the EU or EEC.

Data processing is performed on the basis of your consent in accordance with Art 6 Para. 1.1(a) of the GDPR, presuming you have provided consent via the banner. You can revoke your consent at any time by modifying the settings in the cookie banner.


Processing of queries and requests

Queries to the Haus am Meer Norderney – Hotelbetriebe Birgit Brune OHG can be submitted to us via email or the contact form.

Information about yourself that you provide in this context is used exclusively to answer your query, using the Outlook email program.

Where required to respond to your query, your query may be forwarded to our subsidiaries Betriebe Inselloft OHG; Seesteg OHG; Marc und Jens Brune GbR or Hotelbetriebe Brigit Brune OHG. No separate storage of your query will take place, nor will your email address be forwarded to other companies.


Reservations and bookings at our hotels & restaurants

Reservations and bookings can be made in three ways: by email, using the contact form on our homepage or via the [Inselloft und Haus am Meer: Net Solutions, Landgasthaus zur Linde: HS3]. In all three cases, the data is added to our Oracle fidelo guest database. We use this data to prepare for your stay with us as well as after your stay for a one-time dispatch of information about your visit.

We will only use your data to inform you at irregular intervals about news or special offers if you give specific consent for the use of your data for marketing purposes. You are queried about this when you check in or make a booking. You can revoke your permission at any time, through a simple email, letter or phone call. If you do not return for another stay with us, then your data will be automatically deleted from our database after 2 years of inactivity.


Booking of applications

Applications can also be booked via our website. In the process, we record and store your name, address, telephone number, email address and booking period at the Haus am Meer Norderney. Data processing is performed in accordance with Art. 6 Para. 1(b) of the GDPR.



The option is available on the website to subscribe to an email newsletter to allow us to send news about our company to the recipient on a regular basis. To receive the newsletter, the following personal data must be provided: Recipient (name or pseudonym) and a valid email address.

Registration to our email newsletter is handled through a double opt-in procedure. After the user provides an email address in the mandatory field on the registration form, we send a confirmation email to that address for explicit confirmation of interest in subscribing to the newsletter (as expressed by clicking on the confirmation link). This ensures that the receipt of the email newsletter is in fact desired. If confirmation is not made within 24 hours, then we lock the provided information, and then delete it automatically after one month at latest.

We process your IP address, the time of registration for the newsletter as well as the date and time of your confirmation, both to document your subscription and to prevent abuse of your personal data. We delete this data once the newsletter subscription is ended. We use “CleverReach” to dispatch the newsletters. This is a service of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that organizes the sending of newsletters and provides analytical data. By subscribing to the newsletter, you are providing consent as per Art. 6 Para 1(a) of the GDPR for logging of the time and date of subscription to optimize the newsletter subscription process.


Routine deadlines for the deletion of data

The applicable data protection legislation calls for a variety of retention obligations and deadlines. After expiration of these periods, the corresponding data and records are routinely deleted, as long as they are no longer necessary for the fulfillment of the contract (guest, rental or service contracts). Legal regulations require commercial and other financially significant data from a concluded fiscal year to be stored for ten years, where no other (longer) retention deadlines are in place or other justified reasons apply. Personnel and personal taxation issues are subject to shorter deletion deadlines in certain areas. This applies in particular to rejected applications and written reprimands. Insofar as data is not affected by these factors, then it will be deleted automatically when the intended purpose no longer applies.

Check-in forms will be retained for the minimum period in compliance with the application registration laws for the individual hotels, and then submitted for professional destruction in compliance with best data protection practices.

Planned transfer of data to third nations

No transmission of data to third nations or countries outside the EU is planned except for the aforementioned use of Google Analytics.

Right of access and user’s right to rectification

Right of Access:
Article 15 of the GDPR gives the right to demand confirmation of whether your personal data is being processed. Where this is the case, then you have the right of access to the processed data.

Right to Revocation of Consent:
Insofar as the processing of your personal data is conducted based on consent, then Article 7 of the GDPR gives you the right to revoke that consent at any time.

Right to Object:
Insofar as the processing of your personal data is required for the justifiable interests of our company, Article 21 of the GDPR allows you to issue an objection to such processing at any time.

Right to Erasure:
Insofar as you have revoked your consent, issued objection to the processing of your personal data (and no overriding justifiable reason for the processing is present), your personal data is no longer required for the purpose of processing, a corresponding legal obligation applies or your personal data is being processed in an illegal manner, you have the right according to Article 1 GDPR to demand the deletion of your personal data.

Right to Rectification:
Insofar as your personal data is incorrectly processed, you have the right to an immediate correction of that data as per Article 16 of the GDPR.

Right to Restriction of Processing:
Under the stipulations laid out in Article 18 of the GDPR, you have the right to limit the processing of your personal data.

Right to Data Portability:
Article 20 of the GDPR gives you the right to receive your personal data in a structured, commonly used and machine-readable format.

Right of Complaint:
Article 13 of the GDPR gives you the right to complain to a responsible oversight authority. To exercise this right, you can contact us at the following email address: The responsible oversight authority for questions related to data security is the State Data Protection Commissioner of the federal state in which our company is headquartered. A list of data protection officers and their contact data can be found at the following location:

Name and address of the data protection officer:

datenschutz nord GmbH
Konsul-Smidt-Str. 8
28217 Bremen

If you wish to contact our data protection officer, please remember to also indicate the responsible party as indicated in the Legal Notes.