Privacy Policy


  1. Introduction
The protection of personal data and the privacy of our website users are of utmost importance to us. We are committed to protecting your personal data and processing it in accordance with the General Data Protection Regulation (GDPR) and national data protection laws. Below, we inform you about the processing of your personal data on our website.
  1. Controller
The controller as defined by the General Data Protection Regulation and other national data protection laws, as well as other data protection regulations, is:
Surfnturf Locations GmbH Klinkerstrasse 28 25436 Moorrege Germany Phone.: (+49) 163 6828426 Email: info@schloss-dueneck.de
III. General Information on Data Processing
  1. Scope of Processing Personal Data
Your personal data is generally processed only to the extent necessary to provide a functional website and our content and services. The processing of your personal data on our website typically occurs only with your consent, our overriding legitimate interest, or based on legal provisions.
  1. Legal Basis for Processing Personal Data
The legal bases for processing personal data are defined in Art. 6 (1) GDPR, as follows:
  • Art. 6 (1) sentence 1 (a) GDPR:
If we obtain the consent of the data subject for processing operations involving personal data.
  • Art. 6 (1) sentence 1 (b) GDPR:
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations necessary for pre-contractual measures.
  • Art. 6 (1) sentence 1 (c) GDPR:
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
  • Art. 6 (1) sentence 1 (f) GDPR:
If processing is necessary to protect the legitimate interests of our company or a third party and such interests are not overridden by the interests, rights, and freedoms of the data subject.
  1. Technology
  2. Log Files
Our system automatically collects data and information from the computer system of the accessing device each time our website is accessed. The following data is collected:
  • IP address (anonymized)
  • Date and time of access
  • Requesting Internet Service Provider
  • Browser type and version
  • Operating system
  • Referrer URL
This data is also stored in the log files of our system. These data are not stored together with your other personal data. The temporary storage of data and log files is based on Art. 6 (1) sentence 1 (f) GDPR, representing our overriding legitimate interest in ensuring the functionality of the website, the security of our IT systems, and optimizing the website. No analysis of the data for marketing purposes is conducted. The data stored in the log files are deleted after 28 days unless longer storage is necessary for specific purposes outlined above.
  1. SSL/TLS Encryption
To ensure the security of data processing and to protect the transmission of confidential content, this site uses SSL or TLS encryption. A secure connection can be identified by the address line of the browser changing from "http://" to "https://" and the lock icon in your browser line.
General Information on Cookies
  1. Use of Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. We use technically necessary cookies required for the provision of the website. For this, Art. 6 (1) sentence 1 (f) GDPR, representing our overriding legitimate interest in the technically flawless and user-friendly presentation of the website, serves as the legal basis. If cookies are not technically necessary, the processing of personal data is based on Art. 6 (1) sentence 1 (a) GDPR, your consent. We obtain your consent via our cookie banner using an opt-in field. You are free to revoke your consent at any time without giving reasons.
  1. Contact - Email and Contact Form
To contact us, we offer a form on our website where the following data is collected:
  • Name
  • Company
  • Email address
  • Phone number
  • Message
You can also contact us via email. The processing of your data from the form or email is based on Art. 6 (1) sentence 1 (f) GDPR, based on our legitimate interest in answering your inquiries and providing you with a quick and easy way to communicate. If the contact also aims to conclude a contract, Art. 6 (1) sentence 1 (b) GDPR serves as an additional legal basis. If the data processing is no longer necessary to achieve the purpose, the data from the form or your email will be deleted. This is the case when the respective communication with you has ended, i.e., when it is clear that the issue in question has been resolved. Longer storage may occur in individual cases due to commercial or tax law obligations, up to 10 years.
VII. Newsletter Distribution
  1. *Newsletter Distribution to Existing Customers
We send emails to our customers with current information and notices regarding data protection to inform them about legal changes, current case law, etc. Data processing is based on our contractual relationship with you according to Art. 6 (1) sentence 1 (b) GDPR. You are free to notify us if you no longer wish to receive the newsletter. You have the right to object to the use of your email address for advertising purposes at any time with effect for the future by notifying the controller mentioned at the beginning.
  1. Newsletter for Subscribers
On our website, you have the opportunity to subscribe to our newsletter. The newsletter will inform you regularly about offers and news from us. For this, we ask for the following data in the input mask:
  • Email
  • First name (optional)
  • Last name (optional)
The legal basis for processing your data is your consent under Art. 6 (1) sentence 1 (a) GDPR. You can revoke your consent to store personal data, which you have given us for the newsletter distribution, at any time. To revoke consent, there is a corresponding link in every newsletter. A confirmation email is sent to the email address you initially provided for newsletter distribution for legal reasons in the double opt-in procedure. This confirmation email serves to verify whether you, as the owner of the email address, have authorized the receipt of the newsletter. When subscribing to the newsletter, we also store the IP address assigned by your Internet Service Provider (ISP) and the date and time of registration. The collection of this data is necessary to track the (possible) misuse of your email address at a later date and is thus for our legal protection. The legal basis for this is Art. 6 (1) sentence 1 (f) GDPR. The data you provide to receive the newsletter will be stored until you unsubscribe and then deleted.
  1. Sendinblue
This website uses Sendinblue for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Sendinblue is a service that organizes and analyzes newsletter distribution. The data you enter for the purpose of subscribing to the newsletter will be stored on Sendinblue's servers in Germany. If you do not want your data analyzed by Sendinblue, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. With the help of Sendinblue, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links may have been clicked. This allows us to determine, among other things, which links were particularly frequently clicked. For more information, visit: https://de.sendinblue.com/legal/privacypolicy/. ).
VIII. Data Disclosure to Third Parties/Transfer of Data to Third Countries If data transfers to third countries occur, this is done solely in compliance with the legally regulated admissibility requirements according to Art. 44 et seq. GDPR. To make our website as pleasant and comfortable as possible for you as a user, we occasionally use services of external service providers. Below you can find information about the data protection provisions related to the use and application of the employed services and functions, enabling you to exercise your rights if necessary.
  • Cookiebot
  • Proven Expert
  • Google Analytics
  • Google Tag-Manager
  1. Cookiebot
We use a cookie banner from the provider Cookiebot on our website. Cookiebot is a product of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Through this cookie banner, we can inform website visitors about the use of cookies on our site and offer them the opportunity to decide whether or not to consent to the use of cookies. If the website visitor consents to the use of cookies and thus the processing of their personal data, the following data is recorded:
  • The anonymized IP number of the user;
  • Date and time of consent;
  • User-agent of the browser of the end-user;
  • The URL of the provider;
  • An anonymous, random, and encrypted key;
  • The user's consented cookies (cookie status), which serves as proof of consent.
The encrypted key and the cookie status are stored in a cookie on the user's device to establish the respective cookie status for future page views. This cookie automatically deletes itself after 12 months. The legal basis is Art. 6 (1) sentence 1 (f) GDPR, our legitimate interest in designing our website user-friendly and documenting the granting of consent for compliance with GDPR requirements. The user can prevent or end the installation of the cookie and thus their cookie consent at any time by adjusting their browser settings. Further information can be found at: https://www.cookiebot.com/de/privacy-policy/)

  1. Google Analytics
We use Google Analytics, a product of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). With the help of Google Analytics, we receive analyses of your usage behavior on our website. These analyses help us with the strategic orientation of our marketing and the improvement of our website. The processing of your personal data is based on your consent under Art. 6 (1) sentence 1 (a) GDPR, which you grant us via the opt-in on the cookie banner. The following data is processed in this context:
  • IP address (anonymized)
  • Browser used
  • Device type used with settings
  • Internet provider
  • Pages visited
  • Conversions
  • Individual usage behavior (e.g., clicks)
  • Location (region)
  • Website from which you reached us (referrer)
We use Google Analytics with IP anonymization. This means that Google generally shortens your IP address within the EU or the EEA. We store your data for 14 months. They are then generally deleted. You can prevent the collection of your data by Google by clicking on the following link: [Disable Google Analytics](https://tools.google.com/dlpage/gaoptout?hl=de). An opt-out cookie will be set that prevents the future collection of your data when visiting our website. The opt-out cookie applies only to this browser and our website and is stored on your device. If you delete cookies in this browser, you must set the opt-out cookie again. You can prevent the installation of cookies by adjusting your browser settings; however, please note that this may prevent you from using all the features of this website fully. We have agreed with Google to use standard data protection clauses of the European Commission, as data transfers to third countries may occur with the processing of personal data by Google Analytics: [https://privacy.google.com/businesses/processorterms/mccs/](https://privacy.google.com/businesses/processorterms/mccs/). You can access Google's privacy policy at the following link: [https://policies.google.com/privacy?hl=de](https://policies.google.com/privacy?hl=de). Further information on data protection can be found here: [https://support.google.com/analytics/answer/6004245?hl=de](https://support.google.com/analytics/answer/6004245?hl=de).
  1. Google Tag-Manager
This website uses Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tag management system that allows the management of HTML elements (tags) via an interface. This tool itself does not collect personal data. However, it triggers other tags that may collect data. Google Tag Manager does not access this data. For more information, see: [https://www.google.com/intl/de/tagmanager/faq.html](https://www.google.com/intl/de/tagmanager/faq.html). You can find the privacy policy here: [https://policies.google.com/privacy?hl=de](https://policies.google.com/privacy?hl=de).
  1. Our Activities on Social Networks
To communicate with you and inform you about our services, we maintain our own pages on social networks. When you visit one of our social media pages, we may share responsibility with the provider of the respective social media platform for processing personal data. However, we are not the primary provider of these pages but use them within the scope of the opportunities offered by the respective providers. Therefore, we advise you that your data may be processed outside the European Union or the European Economic Area. This may pose data protection risks for you, such as difficulty exercising your rights (e.g., right to information, deletion, objection, etc.), and data processing may frequently occur directly for advertising or behavioral analysis by the providers, without our influence. If usage profiles are created by the providers, they often involve cookies or the direct assignment of usage behavior to your own member profile of the social networks (if you are logged in there). The described processing of personal data occurs according to Art. 6 (1) sentence 1 (f) GDPR based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary manner or inform you about our services. If you must consent to the processing of your data by the respective providers as a user, the legal basis is Art. 6 (1) sentence 1 (a) GDPR in conjunction with Art. 7 GDPR. Since we do not have access to the data holdings of the providers, we recommend that you exercise your rights (e.g., to information, correction, deletion, etc.) directly with the respective provider. For further information on the processing of your data in social networks and the possibility of exercising your right to object or revoke your consent (so-called opt-out), please see the following information on the providers of social networks we use:
  1. Twitter
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA Privacy Policy: [Twitter Privacy Policy](https://twitter.com/privacy) Opt-Out: [https://twitter.com/settings/account/personalization](https://twitter.com/settings/account/personalization)
  1. XING
XING SE, Dammtorstraße 30, 20354 Hamburg Privacy Policy and Opt-Out: [XING Privacy Policy](https://privacy.xing.com/en/privacy-policy)
  1. LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 Privacy Policy: [LinkedIn Privacy Policy](https://www.linkedin.com/legal/privacy-policy) Cookie Policy: [https://www.linkedin.com/legal/cookie-policy](https://www.linkedin.com/legal/cookie-policy)
  1. Links to Social Networks
We refer to our social media profiles with links on our website. However, these are purely links and not social media plugins. Therefore, merely visiting our site does not inform the respective social media platform about your visit. If you click on the link to the corresponding social media platform, your data will be processed by that platform. For more information on how social media platforms process your data, please refer to their privacy policies.

  1. Google Ads
We use Google Ads to be visible in Google search results. Based on your search queries, ads for our online presences are displayed. The provider of Google Ads is Google Ireland Limited., Gordon House, Barrow Street, Dublin 4, Ireland. Further information and privacy policies regarding Google advertising can be found here: [https://www.google.com/policies/technologies/ads/](https://www.google.com/policies/technologies/ads/) and [https://policies.google.com/technologies/partner-sites/](https://policies.google.com/technologies/partner-sites/).

  1. XII. Your Rights as a Data Subject

  • Right to Confirmation:** You have the right to request confirmation from us whether personal data concerning you are being processed.
  • Right to Access (Art. 15 GDPR):** You have the right to obtain free information from us at any time about the personal data stored concerning you and a copy of this data in accordance with the legal provisions.
  • Right to Rectification (Art. 16 GDPR):** You have the right to request the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, considering the purposes of the processing.
  • Right to Erasure (Art. 17 GDPR):** You have the right to request that we delete personal data concerning you without undue delay if one of the statutory grounds applies and if processing or storage is not required.
  • Right to Restriction of Processing (Art. 18 GDPR):** You have the right to request that we restrict the processing if one of the statutory conditions applies.
  • Right to Data Portability (Art. 20 GDPR):** You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to have this data transmitted to another controller without hindrance from us, to whom the personal data has been provided, as long as the processing is based on consent under Art. 6 (1) sentence 1 (a) GDPR or Art. 9 (2) (a) GDPR or on a contract under Art. 6 (1) sentence 1 (b) GDPR and the processing is carried out using automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability under Art. 20 (1) GDPR, you have the right to request that the personal data be transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
  • Right to Object (Art. 21 GDPR):** You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6 (1) sentence 1 (e) (data processing in the public interest) or (f) (data processing based on a balance of interests) GDPR, including profiling based on those provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. In individual cases, we process personal data to conduct direct advertising. You can object at any time to the processing of personal data concerning you for such advertising purposes. This also applies to profiling, as far as it is related to such direct advertising. If you

object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes. You also have the right to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes under Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
  • Right to Withdraw Consent:** You have the right to withdraw consent to process personal data at any time with future effect. The lawfulness of the processing of your personal data up to this point remains unaffected. You can withdraw your consent by emailing info@sundayventures.de or calling us at (+49) 163 6828 426.
  • Right to Complain to a Supervisory Authority:** You have the right to complain to a data protection supervisory authority about our processing of personal data. The supervisory authority responsible for us is the Hamburg Commissioner for Data Protection and Freedom of Information, P.O. Box, Hamburg, Germany, Email: poststelle@lda.hamburg.de. You can also use the online complaint form on the website of the Hamburg Commissioner.

  1. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose or as required by the regulations to which our company is subject. If the storage purpose ceases to apply or a legally prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, provided they are no longer required for contract fulfillment or contract initiation.

  1. Validity and Changes to the Privacy Policy


This privacy policy is currently valid as of October 2021. Due to the further development of our websites and offers or due to changing legal or regulatory requirements, it may be necessary to amend this privacy policy. The current privacy policy can be viewed at any time on the website at: [https://schloss-dueneck.de/datenschutz](https://schloss-dueneck.de/datenschutz).