Data Protection Statement

The responsible party, within the meaning of basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

ATLANTIC Hotels Management GmbH
Ludwig-Roselius-Allee 2
28329 Bremen
Deutschland
Telephone: +49 (0) 421 944888-0
Telefax: +49 (0) 421 944888-552
Email: info@atlantic-hotels.de
Website: www.atlantic-hotels.de/en

The data protection officer of the responsible party is:

SHIELD GmbH Datenschutz & Sicherheit
Managing Director: Martin Vogel
Ohlrattweg 5
25497 Prisdorf
Phone: +49 (0) 4101 8050600
E-mail: datenschutz@atlantic-hotels.de
www.shield-datenschutz.de

1. Scope of processing of personal data
We process personal data from our users principally only to the extent necessary to provide
a functional website and our content and services. The processing of personal data of our
users is regularly only carried out with their consent. These consents can be revoked at any
time with effect for the future by informing the responsible. The contact details can be
found under "I. Name and address of the responsible".

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, art.
6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the
processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the
data subject is a party, art. 6 (1) (b) GDPR serves as the legal basis. This also applies to
processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is required
for our company, art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests
of the data subject or another natural person require the processing of personal data, art. 6
(1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate
interests of our company or a third party, and if the interests, fundamental rights and
freedoms of the data subject do not prevail over the first interest, art. 6 (1) (f) GDPR serves
as legal basis for processing.

3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of
the storage expires. Additional storage may take place if provided for by the European or
national legislator in EU regulations, laws or other regulations to which the data controller is
subject. Blocking or deletion of the data also takes place when a storage period prescribed
by the standards mentioned expires, unless there is a need for further storage of the data
for conclusion of a contract or fulfillment of the contract.

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

Information about the browser type and the version used
The operating system of the users
The Internet service provider of the user
The IP address of the user
Date and time of access
Websites from which the user's system accesses our website
Websites accessed by the user's system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

3. Purpose of the data processing

The temporary storage by the system of the IP address is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

We have a justified interest in the processing of data for this purpose, according to Art. 6 (1) (f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the session is completed. In the case of storing the data in log files, data is stored for no more than seven days. After one day, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.

5. Objection and removal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by
the Internet browser on the user's computer system. When a user visits a website, a cookie
may be stored on the user's operating system. This cookie contains a characteristic string
that allows the browser to be uniquely identified when the website is reopened.
We use cookies to make our website more user-friendly. Some elements of our website
require that the calling browser be identified even after switching pages. In addition, we use
cookies on our website that allow an analysis of users' browsing behavior.

In this way, the following data is transmitted:
1. IP address, age, gender, interests
2. activities on the website during the visit
3. frequency of page views
4. use of website features
5. origin / visitor source

Technical precautions pseudonymize the data of the users collected in this way. This makes
it much more difficult to assign the data to the calling user and is only possible with the help
of an appropriate "key". The data will not be stored together with other personal data of the
user.

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies that are technically
necessary or necessary for the provision of the service is Art. 6 (1) (f) GDPR.
The legal basis for the processing of personal data using all other cookies or cookies not
strictly necessary for the provision of the service is Art. 6 (1) (a) GDPR.

3. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for
users. Some features of our website cannot be offered without the use of cookies. For these,
it is necessary that the browser is recognized even after switching pages. The user data
collected through technically necessary cookies will not be used to create user profiles. The
use of the analysis cookies is for the purpose of improving the quality of our website and its
contents. Through the analysis cookies, we learn how the website is used and so we can
constantly optimize our services offered.

4. Duration of storage, objection and removal options
Cookies are stored on the computer of the user and transmitted by it to our page. For
cookies requiring consent, a so-called cookie consent banner is made available to you when
you visit the website. There you have the possibility, if you wish, to use our website only
with the technically necessary cookies.

Furthermore, you as a user also have full control over the use of cookies. By changing the
settings in your internet browser, you can disable or restrict the transmission of cookies.
Already saved cookies can be deleted at any time. This can also be done automatically. If
cookies are disabled for our website, it may not be possible to fully use all the functions of
the website.

1. Description and scope of data processing

Our website contains contact forms that can be used for electronic contact and unsolicited applications. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.

On the career website jobs.atlantic-hotels.de, the following data can be transmitted for this purpose:
    What is your name?
    Are you applying for a specific job?
    Where are you from?
    What do you currently do?
    At which telephone number can you be reached?
    At which e-mail address can you be reached?
    Do you wish to make an appointment for our interview?

The following data is also stored at the time the message is sent:
Date and time

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

Userlike chat window:
This website uses Userlike, a live chat software of the company Userlike UG
(haftungsbeschränkt), Deisterweg 7, 51109 Cologne, Germany.

Userlike uses "cookies". These are text files that are stored on the computer of the website visitor and
computer and which enable a personal conversation in the form of a real-time chat on the website.

The live chat can be used in the same way as a contact form and represents an additional
customer service for visitors to our website to communicate almost
personally with our staff. The data collected will not be used to personally
identify the visitor to the website. They are only combined with
personal data of the owner of the pseudonym if personal data is voluntarily provided for the live chat when using the tool.
The connection between the operator and the visitor is
encrypted. The live chat can be terminated by the website visitor at any time.

The data processing takes place on the basis of your consent pursuant to Art. 6 Para. 1 lit. a
GDPR or, insofar as no processing takes place that requires your consent, on the basis of
our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. Our interests lie
primarily in simplifying and improving communication with website visitors.
improve.

Further information on data protection at Userlike can be found at:
https://www.userlike.com/de/terms#privacy-policy 

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

5. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
You can object to the storage of your data for the future at any time via info@atlantic-hotels.de, by mail to ATLANTIC Hotels Management GmbH, Ludwig-Roselius-Allee 2, 28329 Bremen or by phone +49 (0) 421 944888-0. All personal data stored in the course of contacting us will be deleted in this case.

If your personal data are processed, you are the person affected within the meaning of  GDPR and you have the following rights vis-à-vis the data controller:

1. Right to information
You may ask the person responsible to confirm whether personal data concerning you is processed by us.
If your data is being processed, you can request information from the person responsible about the following information:

the purposes for which the personal data are being processed;
the categories of personal data being processed;
the recipients or the categories of recipients to whom personal data concerning you have been disclosed or are being disclosed;
the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the data controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information on the source of the data, if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information is passed on to a third country or an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and / or completion by the data controller, if your personal data being processed is incorrect or incomplete. The responsible person must make the correction immediately.

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

if you contest the accuracy of the information relating to you for a period of time, that allows the data controller to verify the accuracy of your personal information;
the processing is unlawful and you refuse the deletion of the personal data and instead demand restriction of the use of your personal data;
the data controller no longer needs the personal data for the purposes of processing, but you need it in order to assert, exercise or defend legal claims; or
if you have objected to the processing pursuant to Art. 21 (1) GDPR, and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of important public interests of the Union or a Member State. If the restriction of processing was restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Obligation to delete

You may demand that the controller delete your personal information immediately, and the controller is required to delete that information immediately if one of the following is true:

Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent, which the processing was based on according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for processing.
You object to the processing according to Art. 21 (1) GDPR and there are no prior justifiable reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.
Your personal data have been processed unlawfully.
The deletion of personal data concerning you is required, in order to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you were collected in relation to information society services, pursuant to Article 8 (1) of the GDPR.
b) Information to third parties

If the data controller has made the personal data concerning you public and is required to delete them according to  Article 17 (1) of the GDPR, he must take appropriate measures, including technical means, with due regard to available technology and implementation costs, to inform data controllers that you, the data subject, have requested the deletion of all links to such personal data or copies or replications of this personal data.

Exceptions

The right to erasure is not in force if the processing is necessary:

to exercise the right to freedom of expression and information;
to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
to assert, exercise or defend legal claims.
5. Right to information

If you have the right of rectification, erasure or restriction of processing to the controller, he / she is obliged to notify all recipients, to whom your personal data have been disclosed, of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort. You have a right to be informed about these recipients by the data controller.

6. Right to Data Portability

You have the right to receive personally identifiable information that you provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

the processing is based on consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract according to Art. 6 (1) (b) GDPR
the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data are transmitted directly from one controller to another, as far as technically feasible. This situation should not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data, which occurs pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, to exercise your right to object through automated procedures that use technical specifications.

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent before the revocation.

9. Automated decision in individual cases, including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or negatively affect you in a similar manner. This does not apply if the decision

is required for the conclusion or performance of a contract between you and the controller,
is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
occurs with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) apply, and reasonable measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from the side of the controller, to present the case and to challenge the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen (State Data Protection and Freedom of Information Officer)
Arndtstraße 1, 27570 Bremerhaven
Tel.: +49 471 596 2010 oder +49 421 361 2010
Fax: +49 421 496 18495
E-Mail: office@datenschutz.bremen.de

1. scope of the processing of personal data
For our online application process, we use a plugin of the HOTELCAREER portal of YOURCAREERGROUP, Kaiserswerther Straße 282, 40474 Düsseldorf. The company provides contractually assured guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with the EU-GDPR and ensures the protection of the rights of the data subject. The data will be used exclusively for the application procedure. The data will not be passed on to third parties. When applying online, the form of address, first name, surname, e-mail address as well as information on the CV and a covering letter are mandatory. In addition, you can use the contact form to create a CV or a covering letter, upload further digital attachments and submit data relevant to your application.

In addition to the online application, it is also possible to recommend a job advertisement by e-mail.
In this case, it is mandatory to provide your e-mail address, your first and last name and the recipient's e-mail address.

If you create a profile on www.hotelcareer.de and apply to other companies, YOURCAREERGROUP GmbH is responsible for the data processing. Please therefore also note the data protection provisions there.

2. Legal basis for the processing of personal data

ATLANTIC Hotels Management GmbH collects, processes and stores your applicant data on the basis
of Section 26 Para. 1 Sentence 1 of the Federal Data Protection Act 2018 (BDSG 2018) and Article 6
Para. 1 lit. b and f GDPR.

3. Purpose of the data processing

The processing of personal data serves us to process the contact. The personal data you provide as part of the application process will be processed and used by ATLANTIC Hotels Management GmbH exclusively for the purpose of applicant selection and applicant recruitment.

4. Duration of storage

If your application is unsuccessful, your data will be deleted six months after completion of the application process on the basis of Section 15 Para. 4 of the General Equal Treatment Act (AGG). See also IX. Data protection notice for the application process.

5. possibility of objection and removal

You can have the data stored about you changed at any time. You also have the option of revoking your consent to the processing of the data you have provided. Send your revocation to bewerbung@atlantic-hotels.de, by post to ATLANTIC Hotels Management GmbH, Human ResourcesDepartment, Ludwig-Roselius-Allee 2, 28329 Bremen or call us on +49 (0) 421 944888-564. We will then delete the data immediately. In such a case, communication cannot be continued.
If the data is required to fulfil a contract or to carry out pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

The protection of your personal data is important to us. ATLANTIC Hotels Management
GmbH collects, processes your applicant data on the basis of § 26 (1) sentence 1 of the
Federal Data Protection Act new version (BDSG-new). The personal data you provide as part
of the application process will be processed and used by ATLANTIC Hotels Management
GmbH exclusively for the purpose of applicant selection and recruitment.

We would like to point out that the transmission of personal data via e-mail is classified as
insecure. Please make sure that you only send application documents by e-mail if you
consider the risk to be low. You are welcome to send further documents that you do not
wish to send by e-mail (such as medical reports and doctor’s certificates) by post or to
submit them at the interview.

If your application is followed by the conclusion of a contract, your data will be stored and
used within the scope of the usual organizational and administrative processes in
compliance with the applicable legal regulations.
If your application is not successful, your data will be deleted three months after completion
of the application procedure on the basis of § 15 (4) of the General Equal Treatment Act
(AGG).

Should you wish to submit an unsolicited application or wish to have ATLANTIC Hotels
Management GmbH keep your application documents for further vacancies after an
unsuccessful application, we require written notification that we have been requested to
save the application documents. ATLANTIC Hotels Management GmbH will hold applications
for further recruitment procedures for a maximum of 12 months.

The data controller has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about referrers - from which website the user came to the website, which subpages of the website were accessed, or how often and for how long a subpage was viewed. A web analysis is mainly used for optimization of a website and for cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

The controller uses the addition "_gat._anonymizeIp" for web analytics via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject will be shortened and anonymized by Google, if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze streams of visitors on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our websites, and to provide other services related to the use of our website.

Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are has already been explained above. Using this cookie makes it possible for Google to analyze the usage of our website. Each time one of the pages of this website, that is processed by the data controller and where a Google Analytics component is integrated, is accessed, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google receives information about personal data, such as the IP address of the person concerned, which among other things serves Google to track the origin of visitors and clicks, and subsequently to allow commission billing.
The cookie stores personal data, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.

The data subject can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time through the Internet browser or other software programs.
Furthermore, the data subject has the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, the person must download and install a browser add-on at tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must re-install the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Additional information and Google's privacy policy can be found at www.google.com/intl/en/policies/privacy/ and www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at www.google.com/intl/de_de/analytics/.

You can prevent collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website: Disable Google Analytics

A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: DoubleClick) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to DoubleClick.

You can prevent DoubleClick from collecting and processing your data by refusing your consent when you enter the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.
The legal basis for the use of Google Double Click is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The data will be deleted as soon as the purpose of their collection has been fulfilled. Further information on the handling of the transferred data can be found in the DoubleClick data protection declaration: policies.google.com/privacy

Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone clicked on an ad, was redirected to our website and reached a previously determined target page (conversion page). We only find out the total number of users who clicked on a Bing ad and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed. If you do not want to participate in the tracking process, you can also reject the setting of a cookie required for this - for example via a browser setting that generally disables the automatic setting of cookies.

The legal basis for the use of Bing Ads is your consent pursuant to Art. 6 Para. 1 lit. a GDPR.

Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement

We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para.
1 lit. a GDPR.

Further information on Google Tag Manager and Google's data protection declaration can be found at the following link: https://policies.google.com/privacy

A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full
functionality of our website. In this context, your browser may transmit personal data to Gstatic.

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para.
1 lit. a GDPR.

You can prevent Gstatic from collecting and processing your data by refusing your consent when you enter the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The data will be deleted as soon as the purpose of their collection has been fulfilled. Further information on the handling of the transferred data can be found in Google's data protection declaration: https://policies.google.com/privacy

Google Fonts (https://fonts.google.com/) are used to visually improve the presentation of various information on this website. The web fonts are transferred to the cache of the
browser when the page is called up so that they can be used for display. If the browser does not support Google Fonts or prevents access, the text is displayed in a standard font.
When the page is called up, no cookies are stored by the website visitor. Data that are transmitted in connection with the page view are sent to resource-specific domains such as
fonts.googleapis.com or fonts.gstatic.com. You will not be associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution in your browser or
installing a script blocker in your browser. If your browser does not support the Google Fonts or you prevent access to the Google servers, the text is displayed in the system's standard font.

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para.
1 lit. a GDPR.

You can find information on the data protection conditions of Google Fonts at: https://developers.google.com/fonts/faq#Privacy

General information on data protection can be found in the Google Privacy Center at: https://policies.google.com/privacy

On this website we use MyFonts Counter, a web analytics service provided by Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA
(hereinafter referred to as "MyFonts").

Under the terms of the license agreement, page-view tracking is performed by counting the number of visits to the website for statistical purposes and transmitting this information to MyFonts. MyFonts only collects anonymous data. The data may be passed on by activating Java-Script code in your browser.

The legal basis for the use of this web service is your consent in accordance with Art. 6 Para.
1 lit. a GDPR.

To prevent the execution of Java-Script code from MyFonts, you can install a Java-Script blocker (e.g. www.noscript.net).

Further information on MyFonts Counter can be found in the MyFonts data protection Statement at:
https://www.monotype.com/legal/terms-conditions-business#Privacy

The data controller has integrated YouTube components on this website. YouTube is an internet video portal that allows you to watch video clips for free and also to view, rate and comment on them for free. YouTube allows the publication of all types of videos, so that both complete film and television programs, but also music videos, trailers or user-made videos are available on the Internet portal.

YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each visit to one of the pages of this site, that is operated by the data controller and where a YouTube component (YouTube video) is integrated, the Internet browser on the subject's information technology system will be caused by the particular YouTube component to download an image of the corresponding YouTube component from YouTube. More information about YouTube can be found at www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google receive information about which specific page of our website is visited by the data subject.

When the data subject visits a subpage containing a YouTube video while logged in to YouTube, YouTube recognizes which specific subpage the data subject is visiting. This information is collected by YouTube and Google and attributed to the individual YouTube account of the data subject.
YouTube and Google will always receive information through the YouTube components that the data subject has visited our website, if the data subject is logged into YouTube at the time of access to our website; this happens regardless of whether the person clicks on a YouTube video or not. If the data subject does not want the transmission of this information to YouTube and Google, he or she can prevent this by logging out of his or her YouTube account before accessing our website.

YouTube's privacy policy, available at www.google.de/intl/de/policies/privacy/, gives information about the collection, processing, and use of personal data by YouTube and Google.

We use the plug-ins of the social networks listed below on our website. To integrate these plug-ins, we in turn use the "Shariff" plug-in.
The legal basis is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in improving the quality of our website.

Shariff is an open source program developed by c't and heise. By integrating this plug-in, linked graphics prevent the social network plug-ins named in more detail below from automatically establishing a connection to the respective server of the social network plug-in when you visit our website(s) on which the respective social network plug-in is integrated. Only when you click on one of these linked graphics will you be redirected to the service of the respective social network. Only then will information about the usage process be collected by the respective social network. This information includes, for example, your IP address, the date and time as well as the page you visited on our website.

If you are logged into one of the social network services while visiting one of our websites with the corresponding plug-in, the provider of the respective social network may be able to recognise the information collected from your specific visit and assign it to your personal user account or publish it via this. If, for example, you use the so-called "share" button of the respective social network, this information may be stored in your user account there and published via the platform of the respective social network provider. If you want to prevent this, you must either log out of the respective social network before clicking on the graphic or make the corresponding settings in your user account of the social network.
Further information on "Shariff" is available from heise at
http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html 

The following social networks are integrated into our website:

•    Google+ of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA. Data protection information can be found at https://policies.google.com/privacy  
•    Facebook of Meta Platforms, Inc., 1601 Willow Rd, Menlo Park, CA 94025, USA, operated within the EU by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data protection information can be found at https://www.facebook.com/policy.php 
•    Twitter of Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA. Data protection information can be found at https://twitter.com/privacy  

We have integrated the kununu Score on our careers page. To view it, an image is retrieved from the kununu server and the browser's IP address is sent to kununu for this purpose. It is processed there. No other data is processed by kununu.

Here you can find the kununu privacy policy for your further information.

ATLANTIC Hotels use the services of Perspective Software GmbH to make potential applicants aware of vacancies at ATLANTIC Hotels.

Provision of the online offer

We use an external service provider for the provision of our online offer:
Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter "Perspective").

Perspective itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to entities in the United States of America, as Perspective uses sub-processors located in the USA. As the European Union Commission has determined that the data protection laws of the United States do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Perspective provides additional measures and safeguards for data transfers to the United States in accordance with the requirements of the GDPR to ensure an adequate level of protection. For example, by entering into standard contractual clauses between Perspective and sub-processors.

I. Description and scope of data processing
Perspective processes your data for us in order to provide you with our online services. For this purpose, Perspective will automatically transmit your IP address to deliver the content and functionality of our Online Services to your browser or terminal device.

The following data may be collected:
1. information about the type of browser and the version used
2. the operating system of your computer
3. the Internet service provider you are using
4. the IP address of your terminal device
5. the date and time you access the Funnel
6. websites from which you came to our website ("referrer")

II. legal basis for data processing
Perspective stores the data mentioned under I. in so-called log files. This is done to ensure
- to ensure a smooth connection of the website,
- to ensure a comfortable use of our website
- the evaluation of system security and stability, and
- for other administrative purposes.

The temporary storage of the IP address by the system is also necessary to enable delivery of the website to your computer. For this purpose, the IP address of your computer must remain stored for the duration of the session. Our legitimate interest in data processing also lies in these purposes. The legal basis for data processing is therefore Art. 6 para. 1 p. 1 lit. f DSGVO.

III. Duration of processing
The personal data processed by Perspective are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected:
- In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
- In the case of storage of the IP address in log files, this is the case after 7 days at the latest.

IV. Data subject rights
You have the right to obtain information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to demand the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority in the event of violations of the GDPR. Because the data processing is based on Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) DSGVO). Since the collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of our website, there should mostly be no possibility for you to object. You also have the right to request the restriction of the processing of your personal data under certain circumstances.
The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
- If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Contact and enquiry management

We use an external service provider for the provision of contact, enquiry or application forms: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter "Perspective"). Perspective itself stores your data exclusively on European servers.
However, there is a possibility that your data may be accessible to entities in the United States of America because Perspective uses sub-processors located in the United States. As the European Union Commission has determined that the data protection laws of the United States do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Perspective provides additional measures and safeguards for data transfers to the United States in accordance with the requirements of the GDPR to ensure an adequate level of protection. For example, by concluding standard contractual clauses between Perspective and the sub-processors.

I. Description and scope of data processing
When using Perspective's contact, enquiry or application forms, the following data is transmitted to Perspective's servers:
- Date and time of access
- Websites from which you came to our website ("referrer")
- Context information (e.g. button clicks on the pages, selections made on the pages)
- Contents of all completed text fields (e.g. contact data, such as your name or address, or other personal data, depending on the question posed in the specific text field)
- Files uploaded by you

II. Purpose Legal basis of data processing
The purpose of this data processing is to ensure the communication you have entered into. The processing of your data from contact or enquiry or application forms is therefore initially based on your consent. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. If a contract is initiated via an enquiry form, the legal basis is also Art. 6 para. 1 p. 1 lit. b DSGVO. The legal basis for the processing of data in an application form may also be Art. 88 DSGVO in conjunction with 26 BDSG in addition to Art. 6 para. 1 p. 1 lit. f DSGVO.

III. Duration of processing
Your personal data will be kept for as long as it is necessary to fulfil the purpose of the processing or until you withdraw your consent. Exempt from this principle is data that Perspective must retain due to legal obligations. These include, for example, the retention obligations under commercial and tax law. These retention periods are - currently - up to ten years.

IV. Data subject rights
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to demand the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection.
Furthermore, you have the right to lodge a complaint with the competent supervisory authority in the event of violations of the GDPR. You can revoke your consent to data processing at any time by informally notifying us (e.g. by e-mail). The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You also have the right to request the restriction of the processing of your personal data under certain circumstances.
The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
- If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.