Data protection
Privacy policy
side-hamburg.de
1. Name and contact data of the party responsible for the processing and of the company’s data protection officer
This privacy policy information applies to data processing by:
Responsible party:
SIDE Hamburg GmbH & Co. KG
Wexstraße 16
D-20355 Hamburg
Germany
E-Mail: info(at)seaside-collection.de
Tel.: +49 (0)40 35 74 00-0
Personally liable partner:
Seaside Hotels Management GmbH
Wexstraße 16
D-20355 Hamburg
Germany
General manager: Theo Gerlach, Christian Mohs
Data protection officer:
Dr. Jürgen Fechner
Walter-Markov-Ring 42
D-04288 Leipzig
Germany
E-Mail: j.fechner(at)fue-soft.de
Tel.: +49 (0)171 826 69 33
2. Collection and storage of personal data, together with the nature and purpose of its use
a) Visiting the website
When you visit our website side-hamburg.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention, and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file,
- website from which access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above-mentioned data will be processed by us for the following purposes:
- ensuring a smooth connection of the website,
- ensuring convenient use of our website,
- evaluation of system security and stability as well as
- for other administrative purposes.
The legal basis for any data processing is Art. 6 Section 1 Sentence 1 f GDPR (General Data Protection Regulation). relating to legitimate interest. Our legitimate interest is based on the purposes listed above for the data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations under sections 4 and 5 of this privacy policy.
b) Registering for our newsletter
If you have expressly consented according to Art. 6 Section 1 Sentence 1 a GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter it is sufficient to provide an email address.
You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscription request at any time to info(at)side-hamburg.de by email.
c) On using our contact form
If you have any questions, we offer you the opportunity to contact us using the form provided on the website. A valid email address is required so that we know who sent the request and can respond to it. Further information can be provided voluntarily.
The data will be processed for the purpose of contacting us in accordance with Art. 6 Section 1 Sentence 1 a GDPR on the basis of your voluntary consent. If contact is made to carry out pre-contractual measures (e.g. request for an offer), the data will be processed on the basis of Art. 6 Section 1 Sentence 1 b GDPR.
The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed. If the request concerns business correspondence (receipt of commercial mail – obligation to keep records in accordance with § 257 Section 1 No. 2 Commercial Code, obligation to keep records of commercial and business mail § 147 Section 1 No. 2, Section 3 Tax Code for 6 years).
d) Website service
In connection with our website, we use the services of myhotelshop GmbH, Floßplatz 6, D-04107 Leipzig. This collaboration pertains to the creation of placements (selection, setup and optimisation of campaigns), consulting and management (development of strategies in online direct sales) and website services. Within the scope of the contractual relationship, data such as name, address, e-mail address, telephone number if applicable, as well as details relating to contact use and order fulfilment of business customers and employees of the contractual partners and customers of the hotels are stored. For its part, myhotelshop GmbH uses support platforms that represent its own companies and work and act in compliance with the General Data Protection Regulation (GDPR). Partners in this collaboration:
- easybill, easybill GmbH, Düsselstr. 21, 41564 Kaarst, Germany https://www.easybill.de/privacy
- Google Ads, Google Tag Manager, Google Analytics and associated applications, Google Germany GmbH, ABC-Strasse 19, 20354 Hamburg, Germany, https://policies.google.com/privacy
- Microsoft Advertising, Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany, https://privacy.microsoft.com/de-de/privacystatement
- Matomo, ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg, Germany, https://matomo.org/privacy-policy/
- Mailchimp, The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, https://mailchimp.com/legal/privacy/
- Pipedrive, Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia, https://www.pipedrive.com/en/privacy
Tracking procedures can be used within the above-mentioned support platforms to measure the provision of the service and thus render it billable. Tracking devices:
- Cookies that create the following data records: Location / user agent (information about the browser itself) / time & duration of access
- Use of tools:
- Voucher tools
- Newsletter subscription forms Contact forms
- Web font libraries
e) Chat applications
We use the chat application of DialogShift GmbH, Rheinsberger Str. 76/77, D-10115 Berlin, on our website. This application collects, processes and stores data for the purpose of web analysis, operates the chat application and answers inquiries.
For the operation of the chat function, the chat texts are stored and a cookie with a unique ID is set. This cookie is used to recognize the user as a customer.
A cookie is a small text file that is stored locally in the cache on your device. Using this cookie, the chat application recognizes the device and can retrieve past chat logs. This cookie is stored for 90 days based on its last use. The storage of cookies can be deactivated in your browser settings. However, without the use of cookies, the chat function cannot be executed.
When using the chat application, personal data such as names, e-mail addresses, or telephone numbers are collected and processed. The collection and processing are voluntary and with the user’s consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact. After 90 days, this data is automatically deleted.
The legal basis for data processing when using the chat application is the legitimate interest in effective customer support, for statistical analysis of user behavior, and for optimization purposes of our offers in accordance with Art. 6 para. 1 lit. f DS-GVO. DialogShift offers further information on the collection and use of data as well as on users’ rights and options for protecting their privacy at https://www.dialogshift.com/datenschutz.
3. Transfer of data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 Section 1 Sentence 1 a GDPR,
- disclosure in accordance with Art. 6 Section 1 Sentence 1 f GDPR is necessary to assert, exercise or defend legal claims, if there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that a legal obligation exists for the transfer in accordance with Art. 6 Section 1 Sentence 1 c GDPR, and
- this is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Art. 6 Section 1 Sentence 1 b GDPR.
4. Cookies
We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your end device, do not contain viruses, Trojans or other malware.
Information is stored in the cookie, in each case in relation to the specifically used terminal device. However, this does not mean that we immediately become aware of your identity.
The application of cookies serves on the one hand to make the use of our service more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These cookies are automatically deleted after you leave our site.
In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimise user-friendliness. If you visit our site again to use our services, it will automatically recognise that you have already been with us, and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer (see Section 5). These cookies enable us to automatically recognise when you return to our site that you have already visited us. These cookies are automatically deleted after a defined period of time.
The data processed by cookies is required for the above-mentioned purposes in order to protect our legitimate interests and those of third parties in accordance with Art. 6 Section 1 S. 1 f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that you cannot use all functions of our website.
Objection: if you do not wish to use cookies or wish to delete existing cookies, you can switch them off and remove them via your Internet browser. For more information on deleting or disabling cookies, see the help texts for your browser or on the Internet, for example under the search words “Deactivate cookies” or “Delete cookies” (instructions for deletion in Microsoft Internet Explorer. How to delete in Mozilla Firefox. Instructions for deletion in Safari).
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 Section 1 Sentence 1 f GDPR. With the tracking measures used, we aim to ensure that our website is designed to meet your requirements and is continually optimised. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer. These interests are to be regarded as legitimate within the meaning of the above-mentioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
i) Google Analytics
For the purpose of demand-oriented design and continuous optimisation of our pages we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies (see Point 4) are used. The information generated by the cookie about your use of this website such as
- browser type/version,
- the operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data by Google. The IP addresses are anonymised so that an assignment to individuals is not possible (IP masking).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (Link).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy in connection with Google Analytics, please visit the Google Analytics Help function (Link).
6. Service providers
i) Google Maps plugin
We use a plugin of the internet service Google Maps on our website. Google Maps is operated by Google Inc. located in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. By using Google Maps on our website, information about the use of this website and your IP address is transmitted to a Google server in the USA and also stored on this server. We have no knowledge of the exact content of the data transmitted, nor of its use by Google. In this context, the company states that the data is not linked with information from other Google services and that personal data is not collected. However, Google may transfer the information to third parties. If you disable Javascript in your browser, you prevent Google Maps from running. However, you will not be able to use the map display on our website. By using our website, you consent to the collection and processing of the information by Google Inc. Learn more about the privacy policy and terms of use for Google Maps here.
ii) Google Web Fonts
This site uses so-called Web Fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required Web Fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Section 1 f GDPR.
If your browser does not support Web Fonts, a default font is used by your computer.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy statement: https://policies.google.com/privacy?hl=en.
iii) Revinate
If you have expressly consented according to Art. 6 Section 1 P. 1 a GDPR, we will use your email address to send you our newsletter on a regular basis. The newsletter is sent via “Revinate”, the email marketing service of the US provider Revinate, Inc. 1 Letterman Dr., Building C, Suite CM100, San Francisco, CA 94129, USA. The email addresses and names of our guests and newsletter recipients, as well as their other data described in this notice, are stored on Revinate’s servers in the USA. Revinate uses this information to send and evaluate the newsletters on our behalf and to optimise or improve its own services (e.g. to technically optimise the dispatch and presentation of the newsletters). When the newsletter is opened, technical information, such as information about the browser and your system, as well as your IP address and time of access, is first collected via a so-called “web beacon”. This information is used to improve the services based on the technical data or the target groups, and their browsing behaviour based on their retrieval locations (which can be determined using the IP address) or access times. We have concluded “standard contractual clauses” with Revinate in order to oblige Revinate to maintain an appropriate level of data protection.
You can object to being sent the newsletter at any time for the future. At the same time, your consent to being sent the newsletter by Revinate will expire. In this case please send an email to info(at)side-hamburg.de. You will also find a link to cancel the newsletter at the end of each newsletter.
iv) Use of the booking tool TheFork
Our online presence uses the booking tool TheFork. This online tool allows you to book a table in a restaurant and – in certain locations – to pay for the service. These services are provided by La Fourchette SAS, Registered Office: 70, rue Saint-Lazare, 75009 Paris, France, RCS PARIS 494 447 949, in the capacity of owner and data controller. By going to TheFork from our websites and related applications, you are leaving our website and agreeing to TheFork’s practices there. Information is collected from and about you for the purpose of providing a more personalised and relevant user experience. Some information is collected automatically, while other information is collected from a variety of sources, including affiliates, business partners and other independent third party sources. With this in mind, when you use TheFork’s services by “clicking through” from our website or when you visit third-party websites through our services, those third-party websites may share information about your use of their services with TheFork. The information collected may include the following:
- Contact information, including name, phone number, and postal and email addresses.
- Billing or payment information (such as your credit card number, cardholder name, expiry date, authentication code, and billing address) through partnerships with trusted payment service providers
- Username and password
- Photos, reviews, social media posts that you have provided to TheFork
- Geolocation information
- Device information, for example, when you access services from TheFork, and information about the device you are using (for example, IP address, software or internet browser used, preferred languages, unique device identifiers, and advertising identifiers)
- Online activity, including pages you have visited, rated content and rated apps
- Overview of restaurant reservations made
- Information about your restaurant reservations and preferences.
TheFork may also collect information about other restaurant guests, including their email address and other reservation information, such as their first and last name, in cases where you have provided this information. You must obtain consent from other individuals if you wish to share their information with TheFork. TheFork’s full privacy information can be found here.
v) Cookiebot
We use the Consent Manager Service (consent management service) Cookiebot from the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot) on our site.
The tool enables us to obtain and manage web users’ consent to data processing within our website. The processing is necessary for compliance with a legal obligation pursuant to Art. 6 para. 1 p. 1 lit.c DSGVO and pursuant to Art. 7 para. 1 DSGVO.
The following data is processed by cookies:
- Your IP address (the last three digits are set to ‘0’).
- Date and time of consent.
- Browser information URL from which the consent was sent.
Furthermore, an anonymous, random and encrypted value used to prove consent contains the consent status of the end user.
The key and consent status are stored for 12 months in the browser using the cookie “CookieConsent”.
This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be proven and tracked.
- If you enable the “Collective Consent” service feature to enable consent for multiple web pages through a single end-user consent, the service additionally stores a separate, random, unique ID with your consent.
- When you agree to all collective consent function in the service configuration, this key is stored in the third-party cookie “CookieConsentBulkTicket” in your browser in encrypted form. The result is that you agree to the use of cookies from all third-party providers via the browser settings.
- If you have disabled “Do not track” via browser settings, it means that you accept all or at least certain types of cookies, but the functionality of the website is not fully guaranteed without processing.
Cybot is a recipient of your personal data and acts as a processor for us. A contract for commissioned processing in accordance with Art 28 DSGVO has been concluded between the partners.
The processing of the data takes place in the European Union. For more information on objection and removal options vis-à-vis Cybot, please visit: https://www.cookiebot.com/en/privacy-policy/
Your personal data will be deleted consecutively after 12 months or immediately after the termination of the contract between us and Cybot.
Please also note the general explanations about the deletion and deactivation of cookies in paragraph 4. of this privacy policy.
7. Social plugins
This website uses social plugins of the social network Facebook.com. The plugins are provided by Facebook Inc. (hereinafter: Facebook), 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins are marked with a white “f” and refer to our “SIDE Design Hotel Hamburg” offer on Facebook. The list of Facebook plugins can be viewed here.
When you access a page on our website that contains such a plugin, the browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website. Please note that we have no control over the amount and manner of information Facebook collects and processes through this plugin. By integrating the plugins, Facebook receives the information that you have called up the corresponding page of our website. If you are logged in to Facebook, Facebook can assign your visit to your Facebook account. If you use the plugin (“like” button etc.), information from your browser is transmitted directly to Facebook and stored there. If you are not a member of Facebook, it is still possible for Facebook to determine and store the IP address of the device. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the corresponding rights and setting options for the protection of the privacy of the users can be found in the data protection information of Facebook in its currently valid form.
If you do not want Facebook to collect data about you via our website, we recommend that you log out of Facebook before visiting our website.
Our website uses so-called social plugins (“plugins”) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: Introducing Instagram Badges for Webpage Embedding | Instagram Blog
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Instagram’s servers. Instagram transfers the content of the plugin directly to your browser and integrates it into the page. This integration informs Instagram that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed in your contacts.
Please refer to Instagram’s privacy policy for the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights and setting options for protecting your privacy: (link)
If you do not want Instagram to associate the information collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Youtube
The responsible party for the processing of data has integrated components of YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, music videos, trailers or videos produced by users themselves can be called up via the Internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time one of the individual pages of this website is accessed which is operated by the responsible party and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/intl/en-GB/yt/about/ In the course of this technical procedure, YouTube and Google are informed which specific sub-page of our website is visited by the data subject.
If the data subject is logged on to YouTube at the same time, YouTube recognizes which specific sub-page of our website the data subject is visiting by calling up a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged into YouTube at the same time as he/she accesses our website; this happens regardless of whether the data subject clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by the data subject, he or she can prevent the transmission by logging out of their YouTube account before calling up our website.
The privacy policy published by YouTube, which can be accessed at https://policies.google.com/privacy?hl=en&gl=de, provides information about the collection, processing and use of personal data by YouTube and Google.
This website uses the social plugins of the following social networks:
twitter.com, which is operated by Twitter Inc, 795 Folsom St., Suite 600, San Francisco CA 94107, USA (hereinafter: Twitter). The plugins are marked with a Twitter logo or the suffix [Twitter social plugin].
If you call up a page of our website into which such a plugin is integrated, a direct connection to the servers of the Twitter social network is established by the browser. The content of the plugin is transmitted directly from Twitter to the browser and integrated into the website. We hereby wish to inform you that we have no influence on the scope and type of data that Twitter collects and processes with the help of the plugin. By integrating the plugins, Twitter receives the information that you have called up the corresponding page of our website. If you are logged in to Twitter at the same time, Twitter can assign the visit to your Twitter account. When you interact with the plugins, for example by pressing the [Like button] or posting a comment, the corresponding information is transmitted directly by the browser to Twitter and stored there. If you are not a member of Twitter, Twitter may still obtain and store your device’s IP address. The purpose and scope of the data collection, other processing and use of data by Twitter and the associated rights and setting options for the protection of privacy can be found in the privacy policy of the respective Twitter network in its applicable form.
If you do not want Twitter to collect data about you via our website, you should log out of Twitter before visiting our website. It is also possible to block the Twitter plugins with browser add-ons.
On our site we use the social plugins of the Pinterest social network, which is operated by Pinterest Inc, 808 Brannan Street San Francisco, CA 94103-490, USA (“Pinterest”). When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest’s servers. The plugin transfers log data to Pinterest’s server in the USA. This log information may include your IP address, the address of the sites you visit, which may also include Pinterest features, the type and settings of your browser, the date and time of your query, your use of Pinterest, and cookies.
For more information about the purpose, scope and further processing of data by Pinterest, as well as its use of the data and your rights and means of protecting your privacy, please see Pinterest’s privacy policy: https://policy.pinterest.com/en/privacy-policy
8. Your rights as a data subject
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on the relevant details;
- in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or complete personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive the personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another responsible party;
- in accordance with Art. 7 Section 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing data based on this consent in the future and
- to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority for your usual place of residence or work, or our office.
9. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Section 1 Sentence 1 f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to make use of your right of revocation or objection, simply send an email to info(at)side-hamburg.de
10. Data security / email communication
10.1. We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
10.2 Emails sent via the Internet without additional security measures (encryption) are no more confidential than a postcard. If you communicate with us by email without the additional security of encryption, we will assume that you are aware of this technical circumstance and allow us to answer you by simple email.
Basic encryption between email providers
However, we also attach great importance to confidentiality in communication by email. Our provider therefore automatically offers you secure email communication via your email provider.
Our German hosting provider implements email communication with you using additional security measures. However, the security depends on whether your email provider offers you the same security measures. At https://dane.sys4.de you can test whether your email provider uses the current security standards. If in doubt, we can discuss alternative security measures, e.g. PGP email encryption mentioned below. Regarding the security measures used by our provider, the provider writes:
“DNSSEC has been implemented as security measures for email communication (see Wikipedia). In addition, in 2015 (see how it works: Wikipedia) DANE was introduced, the next logical step towards greater security. The DANE (DNS-based Authentification of Named Entities) network protocol adds additional security to the SSL/TLS transport protocol frequently used in email traffic. Certificates are directly linked to special DNS entries (TLSA-RR) of a domain and secured via DNSSEC. This ensures that a certificate has not been exchanged in the meantime and that its authenticity can be confirmed. Mail servers that support DANE can now force encrypted connections to each other. This significantly increases security when transmitting emails.”
PGP email encryption
A better and therefore recommended encryption (cryptography) of data transmission is possible with asymmetric encryption after the exchange of public keys. We will gladly provide you with our public PGP key (PGP: Pretty Good Privacy).
You can use this key to encrypt messages.
To communicate securely, you must install OpenPGP Software on your computer. Here is a list of possible solutions for different operating systems:
Please import the public key into your local OpenPGP key management to encrypt a message to us.
11. Up-to-date status and modification of this privacy policy
This privacy policy is currently valid and was last updated on 13.02.2023.
Due to the further development of our website and offers, or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can call up and print out the current privacy policy at any time on our website under https://www.side-hamburg.de/en/imprint/data-protection/