Privacy policy

In the following, we provide information about the collection of personal data when using our website and in connection with your stay at the hotel. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

1. Name and Address of the Person Responsible

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is

Operating Company:
HRG Hospitality B.V. & Co. KG
Hauptstraße 66
D-12159 Berlin
Deutschland

This company is responsible for the operation of the following hotels:

Hotels by HR Sylt GmbH
Hauptstraße 66
12159 Berlin

E-Mail: info@hrg-hotels.com
You can contact our data protection officer at the above address with the addition “Data Protection Officer”.

HRG Hospitality B.V. & Co. KG and its subsidiaries and affiliated companies are affiliated companies of the Revo Hospitality Group in accordance with Section 15 AktG.

2. General Information on Data Processing

Scope of the processing of personal data: We only process personal data of our users to the extent necessary to provide a functional website and our services in connection with your hotel stay. The personal data is used exclusively within the framework of statutory data protection regulations such as the GDPR, the Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Act (TDDDG). Our employees and service providers are obliged to comply with data protection regulations.

The legal basis for processing personal data may include:

• Consent, Art. 6 para. 1 sentence 1 lit. a) GDPR
• Performance of a contract, Art. 6 para. 1 sentence 1 lit. b) GDPR
• Legal obligation, Art. 6 para. 1 sentence 1 lit. c) GDPR
• Vital interests, Art. 6 para. 1 sentence 1 lit. d) GDPR
• Legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR

In connection with the provision of the website and our services, various personal data are collected and processed, about which we inform you below.

3. Provision of the Website

The website is hosted on servers of a service provider commissioned by us. The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information includes browser type and version, operating system used, referrer URL, pages accessed, date and time of the server request, and IP address.

This data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. The website server is located in Germany, meaning no data is transferred to the USA. Data is deleted once storage is no longer required. More information: Kinsta Privacy Policy

4. Booking and Reservation as well as Payment Processing

During booking or reservation inquiries, necessary contract-related data such as name, address, contact details and payment data may be processed. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. Data is stored for the contract duration and required legal retention periods.

Various payment service providers process payment information directly and are recipients of your personal data accordingly.

5. Contact Form

When you contact us by e-mail or via contact form, the transmitted data (e.g. email address, name) is stored to respond to your inquiries. Optional fields are marked accordingly and processed with your consent under Art. 6 para. 1 sentence 1 lit. a) GDPR.

Data is deleted once storage is no longer required unless legal retention requirements apply.

6. Hotel Accommodation, Guest Registration and Events

In the context of hotel stays, guest registration and events, we process necessary data such as name, address, date of birth, nationality and additional required service-related information. Processing is done for contract fulfillment under Art. 6 para. 1 lit. b) GDPR, legal obligations under Art. 6 para. 1 lit. c) GDPR, and legitimate interests under Art. 6 para. 1 lit. f) GDPR.

Data is deleted once storage is no longer required unless statutory retention obligations apply.

7. General Business Processes and Customer Service

We process general customer data such as name, address, contact details, and preference information for customer support, complaint handling, fraud prevention, service improvement and corporate processes. Processing is based on Art. 6 para. 1 lit. b) and lit. f) GDPR.

Data is deleted when no longer required unless statutory retention obligations apply.

8. Emergency and Incident Management

For emergencies and incident handling, we process necessary information such as names, addresses, contact details and incident descriptions. Processing is based on Art. 6 para. 1 lit. b) and lit. f) GDPR.

Data is deleted when no longer required unless statutory retention obligations apply.

9. Guest Services and Marketing

For guest services and marketing, we may process general information, preferences and communication data to personalize services, provide rewards programs, run campaigns, send product or service information, and deliver personalized advertising. Processing is based on Art. 6 para. 1 lit. b) and lit. f) GDPR, or Art. 6 para. 1 lit. a) GDPR if consent was provided.

Data is deleted once storage is no longer required unless legal retention rules apply.

10. Use of Company Presences in Social and Professional Networks

We maintain presences on social and professional networks for communication and interaction with users. Under Art. 26 GDPR, we share joint responsibility with the respective platform operators.

Relevant agreements and privacy policies:

• LinkedIn: Agreement
• Instagram: Privacy Policy
• YouTube: Terms
• Facebook: Controller Addendum – Privacy Policy
• TikTok: EEA Privacy Policy
• Xing: Privacy Policy
• Pinterest: Privacy Policy

User actions on these platforms (e.g., likes, comments) may reveal personal information. As we cannot fully control platform data processing, we cannot provide binding details on purpose or scope.

11. Data Erasure and Storage Duration

Personal data is deleted or blocked once it is no longer required for its original purpose. Data may be stored longer where legally required, such as for tax or commercial law obligations or legal claims.

12. Data Recipient

Data is only passed to third parties for the purposes described. A legal basis must exist, such as:

• Consent (Art. 6 para. 1 lit. a GDPR)
• Contract performance (Art. 6 para. 1 lit. b GDPR)
• Legal obligation (Art. 6 para. 1 lit. c GDPR)
• Legitimate interest (Art. 6 para. 1 lit. f GDPR)

External service providers may process data under Art. 28 GDPR. We ensure appropriate technical and organizational measures to protect your data.

Our website provides an overview of destinations linking to franchise hotel websites. Selecting a hotel redirects you to its own website; no additional data transfer occurs.

13. Transfer to Third Countries

Transfers outside the EEA occur only with adequate safeguards such as adequacy decisions or EU standard contractual clauses. If no adequacy decision exists, supplementary contractual or organizational measures ensure an adequate level of protection.

14. Your Rights

You have the following rights regarding your personal data:

• Right to information
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to object
• Right to data portability
• Right to withdraw consent

Right to Object based on Legitimate Interests

You may object at any time, for reasons arising from your particular situation, to processing based on Art. 6 para. 1 lit. e or f GDPR.

Right to Object to Direct Marketing

If your data is processed for direct marketing, you may object at any time under Art. 21 para. 2 GDPR. We will then cease such processing.

To exercise your rights, contact the controller using the contact details above.

Right to Lodge a Complaint

You have the right to lodge a complaint with a competent data protection authority.

15. Changes to the Privacy Policy

We reserve the right to amend or supplement this privacy policy at any time in accordance with applicable data protection laws. For questions, please contact us by email: info@hrg-hotels.com

Status: 03/2025