PRIVACY POLICY

Privacy information

This privacy policy informs you about how we handle your personal data and your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The controller responsible for data processing (unless otherwise stated below) is Sylt Marketing GmbH (hereinafter referred to as "we," "us," or "Sylt Marketing GmbH").

Our privacy policy consists of two parts. Part A provides general information about data protection at Sylt Marketing GmbH, including your rights and where you can exercise them. Part B is dedicated to the various data subjects and explains in detail what data we collect and process about you. We address you in your role:

a) as visitors our websites;
b) as Sylt booking partner;
c) when ordering brochures;
d) when booking vouchers;
e) as a recipient of Sylt newsletters;
f) as social media visitors;
g) as a contact person for service providers, suppliers and business partners;
h) as applicants.

 

A. General information

1. Our contact details

If you have any questions or suggestions regarding this information or would like to exercise your rights, please address your request to: 

Sylt Marketing GmbH
Stephanstrasse 6
25980 Westerland
Phone: + 49 4651 82020
Email: info@sylt.de 

 

2. On what basis do we process your data?

The term "personal data" in data protection law refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG (German Federal Data Protection Act). We only process data on the basis of legal permission. We only process personal data with your consent (Art. 6 (1) (a) GDPR), to fulfill a contract to which you are a party or at your request to take steps prior to entering into a contract (Art. 6 (1) (b) GDPR), to fulfill a legal obligation (Art. 6 (1) (c) GDPR) or if processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data prevail (Art. 6 (1) (f) GDPR). 

If you apply for a vacant position in our company, we will also process your personal data to decide whether to establish an employment relationship (Section 26 (1) (1) BDSG).

 

3. Your Rights 

You control your data! As a data subject, you therefore have the right to assert your data subject rights against us. Within the framework of the data protection laws applicable to you, you have the following rights:

• In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we process personal data relating to you.
• You have the right to request that we correct your data in accordance with Art. 16 GDPR.
• You have the right to request that we delete your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
• You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
• In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another controller.
• If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such revocation does not affect the legality of the processing carried out based on the consent up to the time of revocation.
• If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.

Pursuant to Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR for reasons related to your particular situation. If we process personal data about you for direct marketing purposes, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

If you exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data you provide for the purpose of exercising these rights and to provide evidence of this. Data stored for the purpose of providing information and preparing it will only be processed for this purpose and for data protection monitoring purposes. Otherwise, we will restrict processing in accordance with Article 18 of the GDPR. 

This processing is based on the legal basis of Art. 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR and Section 34 (2) BDSG.

 

4. Where do we process your data?

We generally process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we send your data. Some data processing operations may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR does not apply. Such transfers are permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. This applies to all transfers to countries in this list: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. 

If such an adequacy decision by the European Commission is not available, personal data will only be transferred to a third country if appropriate safeguards are in place in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

Unless an adequacy decision has been made and unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data outside the scope of the GDPR to third countries. You have the option of receiving a copy of these EU standard data protection clauses or of viewing them. Please contact us at the address provided under Contact. 

If you consent to the transfer of personal data to third countries, the transfer will be carried out on the legal basis of Art. 49 (1) (a) GDPR. 

 

5. To whom and why do we share your personal data?

In order to provide our services and operate economically as a company, we use various external companies to whom we sometimes transfer personal data. If additional specific recipients of personal data are involved for certain data subjects, we will inform you about this in Part B.

• Hosting providers: We commission certified service providers to host our data, who adhere to the highest security standards.
• Content Delivery Networks (CDN): We use a content delivery network (CDN) to deliver our website content as quickly and reliably as possible. We rely on certified service providers who enable content distribution across globally distributed servers.
• Brochure orders: We transmit address data to our processors for the purpose of sending the brochures.
• Ordering vouchers: When booking vouchers, personal data is transmitted to service providers acting on our behalf.
• IT service providers and SaaS providers: We use the services of various other IT and data storage service providers who support us as data processors and simplify and optimize our processes.
• Advertising and marketing providers: With the help of our advertising and marketing providers, we aim to increase our brand awareness, drive demand for our products, and enhance customer loyalty. To this end, campaigns are planned and implemented, and their success is measured and analyzed. These providers are generally also contract processors.
• Payment providers: To process payments, we pass on your data to payment providers and banks who process your data as controllers and/or processors.
• Shipping service providers: We may transfer your personal data to fulfillment service providers as well as postal and delivery services in order to deliver our goods to you.
• Review portals: If you have agreed, we will transmit your data to review portals with which you have a contractual relationship and through which you can rate us and our services.

• Joint processing of data: Booking data is made available to all booking partners on the island of Sylt. These include the following companies: 

  Island of Sylt Tourism Service GmbH
  List on Sylt Tourist Office, a company owned by the municipality of List on Sylt
  Sylt Conference and Congress GmbH
  Sylt Marketing GmbH 
  Hörnum Tourism Service, a company owned by the municipality of Hörnum (Sylt)
  Kampen Tourism Service, a municipal enterprise of the municipality of Kampen
  Tourism Service Wenningstedt-Braderup GmbH & Co. KG (TSWB)

 

6. How long do we store your data? 

Unless otherwise stated in the following information, we will only store data for as long as necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention periods may arise, in particular, from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain personal data contained in our accounting data for eight years and personal data contained in commercial letters and contracts for six years. Furthermore, we will retain data related to consents that require proof, as well as complaints and claims, for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

 

7. How do we use cookies and other tracking technologies?

We use cookies and similar technologies on our websites. For more information about how we use these technologies, please see our Cookie Policy. The banner can be accessed directly via this linkThere you will also find a list of other companies that place cookies on our websites and process data based on your consent in accordance with Art. 6 (1) (a) GDPR, a list of cookies we place, and an explanation of how you can refuse certain types of cookies. Alternatively, you can also access the list via access this link directly.

 

8. How can you contact our data protection officer?

You can reach our data protection officer at the following contact details: 

Email: datenschutzbeauftragter@sylt.de
Herting Oberbeck Data Protection GmbH
Hallerstraße 76, 20146 Hamburg
https://www.datenschutzkanzlei.de   

Mailing address:
Data protection officer
c/o Sylt Marketing GmbH
Stephanstrasse 6
25980 Westerland

 

B. Special Part – How and why we process your data

a) Visitors to our website

1. We process pseudonymous information about the device and browser you use, server log files, your network connection and your IP address for the following purposes: purposes: 

• Ensuring the security, operability and stability of our websites, including defense against attacks;
• Integration of third-party content;
• Transmission to Content Delivery Networks (CDN).

Legal basis: Legitimate interest according to Art. 6 (1) (f) GDPR in the proper functionality and stability of the website.

2. We process information about your behavior on the website. This includes your IP address and user IDs, some of which are assigned by third parties, and is used for the following purposes: purposes: 

• Reach measurement and analysis of visitor behavior to optimize our websites, increase customer satisfaction and analyze errors;
• (Conversion) tracking to measure reach and determine commissions for our affiliate partners;
• Remarketing to acquire new customers through personalized display of our advertising;
• Display of external content (e.g. videos and maps) provided to us by third parties.

Legal basis: Consent according to Art. 6 (1) (a) GDPR, which we obtain via the consent banner on our website and which you can revoke or adjust at any time via the footer of the website. 

3. We process the data you provide to us via our contact form for the following purposes: 

• Feedback on accessibility 

Legal basis: The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to ensure accessibility requirements.

 

b) Sylt booking partner

We process the data you provide when booking accommodation, a ticket, or sending an email inquiry, such as your name, address, email address, and telephone number. The processing is carried out for the following purposes: purposes: 

• Fulfillment of our service: Arranging accommodation and event tickets;
• Customer service: This includes answering questions about your booking.

Legal basis: Contract fulfillment pursuant to Art. 6 (1) (b) GDPR. Without the provision of the data, contract fulfillment is not possible. 

• promotional communication via our Sylt newsletter 

Legal basis For data processing in connection with the receipt of our newsletter, your consent is in accordance with Art. 6 (1) (a) GDPR, which you can revoke at any time by contacting the contact details mentioned above or using the unsubscribe link.

• to comply with legal regulations and retention obligations.

Legal basis: Compliance with legal obligations according to Art. 6 (1) (c) GDPR 

 

c) Ordering brochures

We process the data you provide about yourself when ordering a brochure, such as your name, address, and email address. The processing is carried out for the following purposes: purposes: 

• Fulfillment of our service: This includes processing your order and sending the brochures;
• Customer service: This includes answering questions about your order.

Legal basis: Contract fulfillment pursuant to Art. 6 (1) (b) GDPR. Without the provision of the data, contract fulfillment is not possible. 

• Non-commercial communication on technical, contract and security-related topics (e.g. order and shipping confirmations). 

Legal basis: Legitimate interest according to Art. 6 (1) (f) GDPR to promote customer loyalty.

• to comply with legal regulations and retention obligations.

Legal basis: Compliance with legal obligations according to Art. 6 (1) (c) GDPR 

 

d) Booking of vouchers

We process your data, such as name, address, email address and telephone number, which you provide in the order form when ordering a voucher. The processing is carried out for the following purposes: purposes: 

• Fulfillment of our service: This includes processing your order and shipping the goods;
• Processing of payment via external payment providers;
• Voucher query: Processing your voucher code for validity and value.

Legal basis: Contract fulfillment pursuant to Art. 6 (1) (b) GDPR. Without the provision of the data, contract fulfillment is not possible. 

• Non-commercial communication on technical, contract and security-related topics (e.g. order and shipping confirmations);
• Internal analysis of purchasing behavior and segmentation by interest groups in preparation for marketing measures.

Legal basis: Legitimate interest according to Art. 6 (1) (f) GDPR to promote customer loyalty.

• to comply with legal regulations and retention obligations.

Legal basis: Compliance with legal obligations according to Art. 6 (1) (c) GDPR 

 

e) Sylt Newsletter

We process your email address for the following purposes: 

• Sending monthly island news, articles & event tips and sending the Natürlich Sylt magazine;
• Verification of the email address via the double opt-in process.

Legal basis For data processing in connection with the receipt of our newsletter, your consent is in accordance with Art. 6 (1) (a) GDPR, which you can revoke at any time by contacting the contact details mentioned above or using the unsubscribe link.

We process pseudonymous information on the use of our newsletter (click behavior, opening rate and time, length of stay) for the following purposes: purposes: 

• Measuring success to optimize our content and improve products.

Legal basis The legal basis for data processing in connection with the pseudonymous evaluation of our newsletter is our legitimate interest in measuring the success and optimizing our newsletter. The legal basis is Art. 6 (1) (f) GDPR. 

 

f) Social media visitors

1. Responsibility of social media providers

When you visit our social media pages (Facebook, Instagram, LinkedIn, TikTok) on which we present our company, certain information about you as a visitor is processed.

More information about cycling in the Leipzig Region as well as more interesting routes:

Facebook and Instagram:

• Privacy Policy from Meta Platforms Ireland Limited
• Opt-out option

LinkedIn: 

•  Privacy Policy from LinkedIn Ireland Unlimited Company

tik tok: 

• Privacy Policy TikTok Technology Limited

 

2. Joint responsibility of the social media providers and Sylt Marketing GmbH (joint controllers) 

The social media providers collect and process event data and send us anonymized statistics and data for our pages that help us gain insights into the various activities visitors perform on our page (so-called "page insights"). These page insights are created based on certain information about people who have visited our page(s).

More information about cycling in the Leipzig Region as well as more interesting routes: 

Facebook and Instagram:

• Joint Controller Agreement
• Data subjects can also assert their rights against Meta. Further information can be found in the Privacy Policy.

LinkedIn:

• Joint Controller Agreement
• Data subject rights can be exercised via this Contact form You can contact LinkedIn’s data protection officer via this Link Contact.
• LinkedIn and Sylt Marketing GmbH have agreed that the Irish Data Protection Commission is the competent supervisory authority that monitors the processing of Insights pages. You can lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or submit it to another supervisory authority.

TikTok:

• Joint Controller Agreement
• Data subject rights can be exercised via this Form can be asserted on TikTok.
• TikTok and Sylt Marketing GmbH have agreed that the Irish Data Protection Commission is the competent supervisory authority that monitors the processing of Insights. You can lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or submit it to another supervisory authority.

 

3) Responsibility of Sylt Marketing GmbH 

We process information that you have provided to us via our social media channels on the respective social media platform. This information may include the name used, contact information, or a message to us.

Legal basis: Legitimate interest according to Art. 6 (1) (f) GDPR in communicating with interested parties and followers. 

 

g) Contact persons at service providers/suppliers/business partners (e.g. for sponsorship, cooperations and donations)

We process data that you provide to us about yourself and, if applicable, the company you work for, such as your name, email address and telephone number, for the following purposes:

• Contract initiation: This includes receiving and responding to inquiries in order to initiate possible cooperation.
• Contract fulfillment: With you or with the company you work for (this includes contract management, documentation for ongoing collaboration, billing and communication).

Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the initiation or fulfillment of the contract between the company in which you work or Art. 6 (1) (b) GDPR if you are our contractual partner. 

 

h) General inquiries 

If you contact us via email with general inquiries, we will process the data you provide in the email, such as your name and email address, to respond to your inquiry.

Legal basis: Legitimate interest according to Art. 6 (1) (f) GDPR to answer the request

 

i) Applicants

Data that you provide to us in the course of your application or that a recruitment agency sends us about you. This includes information about your CV, your previous career and other data that we use for the following purposes: purposes process: 

• Determining whether employment is possible;
• Initiation of an employment relationship.

Legal basis: Contract initiation according to Art. 6 Para. 1 Letter b) GDPR and Section 26 Para. 1 Sentence 1 BDSG.

• Fulfillment of statutory retention obligations or defense against legal claims.

Legal basis: Compliance with legal obligations according to Art. 6 (1) (c) GDPR. 

• Inclusion in our talent pool for future contact if no employment relationship is established for the time being.

Legal basis: Consent according to Art. 6 (1) (a) GDPR, which you can revoke at any time by contacting the contact details mentioned above. 

If we are unable to offer you employment, we will retain the application documents you have submitted for up to six months after a possible rejection for the purpose of answering questions related to your application and rejection. This does not apply if legal provisions prevent deletion, further storage is necessary for evidentiary purposes, or you have expressly consented to longer storage. 

 

 

As of February 2025