I. Names and contact details of the controller and the company data protection officer
This data protection information applies to the Internet offering of Bikini Island & Mountain Hotels GmbH (hereinafter: “Bikini Hotels”), Ericus 1, 20457 Hamburg, Germany, which can be accessed at the domain https://www. bikini-hotels.com and in the various sub-domains:
1. Data controller as defined by the EU General Data Protection Regulation (GDPR)
Bikini Island & Mountain Hotels GmbH,
Ericus 1, 20457 Hamburg, Germany;
2. Data protection officer
Bikini’s company data protection officer can be contacted at the following address:
PROFESSIONAL GROUP CONVERSIA S.L.U.
Av. Mas Pins 150, 3a – Edifici Punt Blau
17457 Riudellots de la Selva (GIRONA)
II. Collection and storage of personal data and its type and purpose of use
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour. Information which cannot be used to identify you (or only with a disproportionate level of effort), for example because it is anonymised, is not defined as personal data. Processing of personal data (such as collection, consultation, use, storage or transmission) will always require a legal basis or your consent. Processed personal data will be erased as soon as the purpose of processing has been completed and it is no longer necessary to comply with any legal storage obligations.
Insofar as we process your personal data in order to provide specific offerings we will inform you below about the specific procedures, the extent and the purpose of the data processing, the legal basis for processing and the corresponding storage period.
1. When performing a contract
We will only collect, process and use personal data insofar as it is required for the establishment, structuring or amendment of a legal relationship (inventory data). This will take place on the basis of Art. 6 Para. 1 (b) GDPR, which permits the processing of data to perform a contract or pre-contractual measures. We will only collect, process and use personal data collected when you use our Internet offering (usage data) insofar as this is required to allow you to make use of the service or for us to charge for this use.
The customer data which has been collected will be erased following completion of the order or when the business relationship ends. Legal storage obligations remain unaffected by this.
We use the HotelNetSolutions booking engine to make it easier for you to book your stay with us and on well-known booking platforms online. Your data will be collected, processed and used solely for the purpose of establishing, performing and processing the contractual relationship established when a booking is made.
In this context, it should be taken into consideration that our business relationship may be intended to last for a number of years. Should the data no longer be required to perform contractual or legal obligations, then it will be erased at regular intervals unless its – time-limited – further processing is required for the following purposes:
2. When visiting the website
Cookies are employed to make using our offering more user-friendly. We thus use so-called ‘session cookies’ to recognise whether you have already visited specific pages on our website in the past. These cookies are automatically deleted when you leave our website.
Over and above this, we also employ temporary cookies to optimise user-friendliness; these cookies are installed on your end device for a predefined, limited period of time. Should you revisit our website to make use of our offering during this time, then we are able to automatically recognise that you are returning to the website and to identify the entries and settings you used. This in turn means that you do not have to provide this information again.
Parallel to this, we also employ cookies to collect statistics regarding use of our website and to evaluate how we can optimise our offering for you (see Section V). Should you revisit our site, these cookies allow us to automatically recognise that you have already visited us. They will automatically be deleted after a corresponding predefined period of time. The data processed using cookies is necessary for the above-mentioned purposes to safeguard our legitimate interests and those of third parties as defined by Art. 6 Para. 1 Clause 1 (f)) GDPR.
Most browsers accept cookies automatically. You can, however, configure your browser to block cookies or to inform you before a new cookie is installed. Full deactivation of cookies may, however, mean that you are unable to use all the features offered on our website.
What exactly does this mean?
When you visit our www.bikini-hotels.com website and its subdomains the browser installed on your end device will automatically transmit information to our web server. This information will be temporarily stored in a so-called log file. When doing so, the following information will be collected without any action on your part and stored until it is automatically erased:
We will process the above-mentioned data for the following purposes:
The legal basis for data processing is Art. 6 Para. 1 Clause 1 (f)) GDPR. Our legitimate interests arise from the above-mentioned list of data collection purposes. On no account will we use the data collected to identify you personally.
3. When subscribing to our newsletter
If, in accordance with Art. 6 Para. 1 Clause 1 (a) GDPR, you have explicitly consented to it, we will use your email address to send you our newsletter at regular intervals. Provision of an email address is sufficient to receive the newsletter. To ensure that no errors occur when users register for our newsletter we use the so-called ‘double opt-in procedure’ (DOI procedure). After you have registered for our newsletter by ticking the corresponding box we will send a confirmation link to the email address you have provided. Your email address will not be added to our newsletter emailing circulation list until you have clicked this confirmation link.
Note on right of withdrawal – you can unsubscribe from the newsletter at any time by withdrawing your consent, for example by using the link provided at the end of each newsletter. Alternatively you can email your unsubscribe request to
at any time.
4. Establishing contact / Contact form
You have several options to establish contact with us (e.g. by email, telephone, fax or postal mail). Should you establish contact with us, we will use the personal data which you provided to us voluntarily during this process for the sole purpose of establishing contact with you and processing your enquiry.
The legal basis for data processing within the scope of establishing contact is Art. 6 Para. 1 Clause 1 (a), (b), (c) and (f)) GDPR.
Personal data which we collect to establish contact with you will be erased after your enquiry has been dealt with, unless, following the establishment of contact, further data processing is required in accordance with Section II. 1 of this data protection declaration.
III. Transfer of data
Your personal data will only be transferred to third parties for the purposes listed below.
We will only transfer your personal data to third parties if:
IV. Google AdWords conversion tracking / Google Maps / Google Fonts
1. Google AdWords conversion tracking
We use Google conversion tracking to gather statistics on use of our website and to optimise it for you. Within the scope of this service Google AdWords installs a cookie (see Section II 2.) on your computer insofar as you access our website via a Google ad. These cookies expire after 30 days and are not used for personal identification purposes. Should the user visit certain pages on the AdWords client’s website before the cookie expires, Google and the client are able to recognise that the user clicked the ad and was taken to the website.
Every AdWords client is assigned a different cookie. Cookies cannot thus be traced via AdWords clients’ websites. The information obtained with the help of the conversion cookie is used to compile conversion statistics for AdWords clients who have booked the conversion tracking option. These clients receive information regarding the total number of users who clicked their ad and were taken to the website equipped with a conversion tracking tag. They do not, however, receive any information which would enable them to identify the user’s personal details.
Should you not wish to participate in the tracking process, you can block the cookie – for example by changing your browser settings to deactivate the automatic installation of all cookies. You can also deactivate conversion tracking cookies by setting your browser to block cookies from the “www.googleadservices.com” domain. To view Google’s data protection notice on conversion tracking click here (https://services.google.com/sitestats/de.html).
2. Google Maps
Our website uses the Google Maps service via an API. The service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To facilitate use of the Google Maps functions your IP address must be stored. This information is usually transmitted to a Google server in the USA, where it is stored. We have no influence over the transmission of this data. The use of Google Maps takes place in the interest of attractive presentation of our online offerings and to facilitate easy finding of the locations mentioned on the website. This is a legitimate interest as defined by Art. 6 Para. 1 (f) GDPR. For more information about handling of user data please see Google’s data protection notice at: https://www.google.de/intl/de/policies/privacy/.
3. Google Fonts
To facilitate the uniform presentation of fonts this website uses so-called ‘web fonts’ provided by Google. When accessing a site your browser will download the required web fonts to your browser cache to facilitate correct presentation of texts and fonts. Your browser must establish contact with Google’s servers for this purpose. By doing so, you are providing Google with information that our website was accessed via your IP address. The use of Google Fonts takes place in the interest of uniform, attractive presentation of our online offerings and is thus a legitimate interest as defined by Art. 6 Para. 1 (f) GDPR. Should your browser not support web fonts, then one of your computer’s standard fonts will be used instead. For more information about Google Fonts visit https://developers.google.com/fonts/faq and see Google’s data protection notice: https://www.google.com/policies/privacy/.
V. Embedded videos and images from external websites
Some of our pages included embedded content from YouTube or Instagram. When you retrieve a specific page from our Internet offering which includes embedded videos or images originating from our YouTube or Instagram channels, the only personal data which will be transmitted is your IP address. In the case of YouTube your IP address will be transmitted to Google Inc., in the case of Instagram to Instagram Inc., 181 South Park Street Suite 2, San Francisco, California 94107, USA (“Instagram”).
VI. Data subject rights
You have the following rights:
VII. Right to object / withdraw
1. Right to object
Insofar as your personal data is being processed on the basis of legitimate interests as defined by Art. 6 Para. 1 Clause 1 (f) GDPR and in accordance with Art. 21 GDPR, you have the right to object to processing of your personal data on grounds relating to your personal situation or where your data is being processed for direct marketing purposes. In cases of direct marketing you have a general right to object without having to state specific grounds which we must implement.
2. Right to withdraw
Insofar as we are processing data on the basis of consent given by you, you have the right to withdraw this consent at any time. Withdrawal of consent will not mean that any data processing which was carried out on the basis of this consent before the date on which it was withdrawn will become invalid.
3. Exercising of these rights
Should you wish to exercise your right to object / withdraw, simply send an email to firstname.lastname@example.org. Alternatively, you can exercise your right to object / withdraw by sending a letter to Bikini Island & Mountain Hotels GmbH, Ericus 1, 20457 Hamburg, Germany.
VIII. Data security
To ensure that your visit to our website is secure, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser. This is generally 256-bit encryption. Should your browser not support 256-bit encryption, then we will use 128-bit v3 technology instead. The locked padlock symbol in your browser’s lower status bar indicates that an individual page of our Internet presence is encrypted.
In addition to this, we have implemented appropriate technical and organization security measures to protect your data against accidental or deliberate manipulation; partial or full loss; destruction or unauthorized access by third parties. Our security measures are continuously updated in line with technological developments.
IX. Currentness and amendment of this data protection declaration
This data protection declaration is current and valid in the version of November 2019.
Further development of our website and offerings in connection with it or changes in legal or official requirements may make it necessary to amend this data protection declaration. To view or print off the relevant current data protection declaration at any time, please go to our website https://www.bikini-hotels.com/de/datenschutz/.