Privacy Policy at GREGORS GmbH

The operators of these pages take the protection of your personal data seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 GDPR.

The following information provides a simple overview of what happens to your personal data when you visit this website.

This privacy policy applies to data processing by

GREGORS GmbH

St. Pauli Landungsbrücken 10

20359 Hamburg

The company data protection officer can be contacted at the above address, for the attention of the data protection officer, or by e-mail at datenschutz@gregors-hamburg.de.

When you visit our website www.gregors-hamburg.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

When you contact us (e.g. contact form, e-mail, post, telephone, personal contact, etc.), the personal data you provide will be stored by us. We process this data to handle your request. We do not pass on this data without your consent. The processing of the above personal data is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. All you need to do is send us an informal email to info@gregors-hamburg.de. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide when you contact us until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

We process and store personal data only for the period necessary to achieve the purpose or if this has been provided for by a legislator in laws or regulations to which the controller is subject. If the processing purpose no longer applies or if a prescribed storage period expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

This site uses SSL or TLS encryption for security reasons, in particular to protect the transmission of confidential content, such as your personal data. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Cookies are used on our website. Cookies are text files that the provider of a website stores on the user’s computer and can retrieve when the user visits the website again in order to facilitate navigation on the Internet or transactions or to obtain information about user behavior. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If cookies are deactivated, the functionality of this website may be restricted.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

General information on revocation and objection (so-called “opt-out”): Users can revoke the consent they have given at any time and object to processing in accordance with the legal requirements. Among other things, users can restrict the use of cookies in their browser settings (although this may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Our website uses a consent tool from the provider Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, is used on our website. The Borlabs Consent Tool is a plugin for WordPress that allows visitors to choose which cookies they wish to allow. When they visit the website, they are notified and given the opportunity to save their preference by making a simple selection. The use of Borlabs cookie consent technology is in the legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR. The legitimate interest of the provider is the user-friendliness of the website and the fulfillment of the legal requirements of the GDPR.

When you use our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. When you use our website, the following personal data is stored in the borlabs cookie:

The UID is a randomly generated ID and not personal information. This data is not passed on to the provider of Borlab’s cookie. The data collected in this way is stored until you delete the Borlab cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. Users can prevent or terminate the storage of cookies and thus their cookie consent at any time by clicking on the symbol (circle) at the bottom left of the website or by changing their browser settings. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/. Further information on Borlabs’ data protection can be found here: https://de.borlabs.io/datenschutz/.

To order tickets via our website, it is necessary for you to provide the personal data that we require to conclude the contract and process your order. Mandatory information required for the processing of contracts is marked separately. This also includes your telephone number, as we need to be able to inform you of any changes to departure times or locations that may be necessary at short notice. Further details are voluntary. You do not need to create a customer account. We process the data you provide to process your order. The legal basis for this is Art. 6 Para. 1 b GDPR. Your data stored with us will only be stored until processing. However, due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. After three years at the end of the year, we will restrict processing, i.e. your data will only be stored to comply with legal obligations.

We use the booking service “FareHarbor” for ticket reservations and purchases. The provider is FareHarbor B.V., Herengracht 597, 1017 CE Amsterdam, Netherlands. The use of FareHarbor is in the interest of an appealing presentation and secure bookability of the harbor cruises specified by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. In order to ensure data protection-compliant processing, we have concluded an order processing contract with FareHarbour.

You can find more information on how FareHarbour handles your personal data in FareHarbor’s privacy policy. There you will also find information on the payment options. Currently, payment by credit card or PayPal(https://www.paypal.com/de/legalhub/paypal/privacy-full) or iDeal(https://www.ideal.nl/en/ideal-privacy-cookiestatement) is offered.

Content Delivery Networks (CDN) or Content Distribution Networks are a network of regionally distributed servers connected via the Internet, which are used to deliver content – especially large media files. CDNs work together to serve requests from end users for content as economically as possible. In the background, the data is stored in the network in such a way that the respective delivery is either as fast as possible (performance optimization) or uses as little bandwidth as possible (cost optimization), or both at the same time.

We use the Cloudfront content delivery network (CDN) to provide the website worldwide. This is a service provided by Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210, which makes duplicates of a website available on various AWS servers distributed around the world.

This enables us to achieve a faster loading time for the website, greater reliability and increased protection against data loss. Some of the images and files embedded on this website are then loaded from the Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our website (such as your IP address) is transferred to Amazon servers in other EU countries and stored there. This happens as soon as you enter our website. The use of Amazon Web Services and the Amazon CDN Cloudfront is in the interest of greater reliability of the website, increased protection against data loss and better loading speed of this website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

We do not know what data AWS CloudFront links to the data received and for what purposes AWS CloudFront may use this data. The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. You can find out more about Amazon Web Services’ data protection measures at: https://aws.amazon.com/de/data-protection/ You can find AWS’s current privacy policy at: https://aws.amazon.com/de/privacy/ AWS has contractually undertaken to ensure compliance with the level of data protection applicable in the EU in accordance with the EU standard contractual clauses.

Plug-ins are small additional programs that extend the functions of web applications. If you install a plug-in, the respective website or software usually receives a new function that it did not have before. One advantage of plug-ins is that you can easily add new functions to programs and applications without significantly increasing the size of the main application and without changing its source code. The program code with the new features is outsourced to the plug-in – uninstalling the extension automatically restores the original state.

We use Sentry from Functional Software, Inc, 132 Hawthorne St San Francisco, CA 94107, United States as a bug tracker to detect code errors at an early stage and thus ensure the technical functionality of our online offer. Anonymous information is collected about the device on which the error occurred and the time at which the error was detected. In some cases, user sessions may also be recorded to make it easier to rectify the error. In the event of errors in software functions, selected data is transferred to the company’s servers. This is data that makes it possible for developers to reconstruct the error. Functional Software, Inc. does not use this data for advertising purposes.

Further information on this and on the data transmitted in the event of an error can be found in the company’s privacy policy: https://sentry.io/privacy/

The use of the bug tracker is based on our legitimate interests, i.e. interest in the secure and error-free provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f GDPR.

The exact storage period varies from case to case. Data is deleted as soon as we have rectified the error and no longer require access to error details. Further information on the storage period on the part of Functional Software, Inc. can be found in the privacy policy for Sentry:

We use plugins from Yoast SEO on our website. This is an offer from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands, Tel: +31 (0)24 82 00 337 (Chamber of Commerce / KvK: 55404367, VAT Number: NL851692540B01).

This plugin takes over the complete technical optimization of our websites for search engines. It also supports the development of content. According to WP-Support(https://wordpress.org/support/topic/yoast-gdpr/), the tool does not store any personal data. For more information, please refer to Yoast BV’s privacy policy, which you can view at https://yoast.com/privacy-policy/.

We use the open source map service “OpenStreetMaps” (= “OSM”) on our website to display geodata. The provider is the company OpenStreetMap Foundation, , 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. OSM is used to provide an interactive map on our website that shows you where to find us and makes it easier for you to plan your journey. To use OSM, it is necessary to save the IP address of your device and the map material is loaded from an external server.

The map is integrated on our website by means of an iframe or by retrieving map images from the provider’s server. We base the use of OSM on your consent in accordance with Art. 6 para. 1 lit. a GDPR. In order for the map to be displayed to you, you must click on the “Load map” button. The map will then be displayed and your IP address will be forwarded to OpenStreetMap. In addition, a session cookie is set (for information on cookies, see above in this privacy policy), and you can find out how OpenStreetMap stores your data on the OpenStreetMap data protection page here https://osmfoundation.org/wiki/Privacy_Policy and here https://wiki.openstreetmap.org/wiki/DE:Legal_FAQ view.

The use of marketing cookies and tracking mechanisms enables us and our partners to show you personalized offers based on an analysis of your interests and usage behavior. Below we explain which mechanisms and tools we use on this website:

Please note that when using the tools, your data may be transferred to recipients outside the European Economic Area (e.g. USA). Details on this can be found in the following description of the individual marketing tools.

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and the Telecommunications Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

You can find more information in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

If your personal data is processed when you visit our website, you have the following rights as a “data subject”:

You can request information from us as to whether your personal data is being processed by us. The right to information is excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or serves exclusively for the purposes of data backup or data protection control, provided that the provision of information would require a disproportionately high effort and processing for other purposes is excluded by suitable technical and organizational measures. If the right to information is not excluded in your case and your personal data is processed by us, you can request the following information from us:

If you discover that we have incorrect personal data about you, you can request that we correct this incorrect data immediately. If your personal data is incomplete, you may request that it be completed.

You have the right to erasure (“right to be forgotten”), unless the processing is necessary for exercising the right of freedom of expression, the right to information or for compliance with a legal obligation or for the performance of a task carried out in the public interest and one of the following reasons applies:

The deletion of personal data is necessary to fulfill a legal obligation to which we are subject.

There is no right to erasure if, in the case of lawful non-automated data processing, erasure is not possible or only possible with disproportionate effort due to the special type of storage and your interest in erasure is low. In this case, the restriction of processing takes the place of erasure.

You can demand that we restrict processing if one of the following reasons applies:

You have lodged an objection pursuant to Art. 21 (1) GDPR. The restriction of processing can be requested as long as it has not yet been determined whether our legitimate reasons outweigh your reasons.

Restriction of processing means that the personal data will only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we are obliged to inform you of this.

You have a right to data portability if the processing is based on your consent (Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR) or on a contract to which you are a party and the processing is carried out by automated means. In this case, the right to data portability includes the following rights, provided that this does not adversely affect the rights and freedoms of other persons: You may request to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller without hindrance from us. Where technically feasible, you can request that we transfer your personal data directly to another controller.

You have the right to withdraw your consent at any time with effect for the future. All you need to do is send an email to info@gregors-hamburg.de. The revocation does not affect the lawfulness of the data processing that took place on the basis of the consent until receipt of the revocation. After receipt of the revocation, the data processing that was based exclusively on your consent will be discontinued.

As a responsible company, we do not use automated decision-making or profiling.

If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a supervisory authority for data protection that is competent for your place of residence or work or for the place of the alleged infringement. We would appreciate it if you would contact us first and tell us about your concerns or complaints. All you need to do is send an e-mail to info@gregors-hamburg.de.