Privacy Policy

Privacy Policy

Please use the copy function to the right of the shortcodes in the plugin and paste it here. Make sure you select the correct language.

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data are all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Friesensee Touristik GmbH, Isums 47, 26409 Isums, Germany
Phone: +49 4462-915975-0
Email: info@friesensee.de

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for displaying the website:

  • Website visited

  • Date and time of access

  • Amount of data transferred in bytes

  • Source/referrer from which you reached the page

  • Browser used

  • Operating system used

  • IP address (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data are not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some cookies are deleted automatically after you close your browser (“session cookies”), while others remain on your device for a longer period and allow page settings to be saved (“persistent cookies”). In the latter case, you can find the storage duration in the overview of cookie settings in your web browser.

If personal data are processed through individual cookies, processing is carried out in accordance with Art. 6(1)(b) GDPR for contract performance, Art. 6(1)(a) GDPR on the basis of your consent, or Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a user-friendly and effective site visit.

You can configure your browser to inform you about the setting of cookies and decide individually on their acceptance or exclude cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

4) Contact

4.1 Own review reminder
Based exclusively on your express consent pursuant to Art. 6(1)(a) GDPR, we use your email address for a one-time reminder to submit a review of your order. You may revoke your consent at any time by notifying the controller.

4.2 When contacting us (e.g. via contact form or email), personal data are processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary.

The legal basis is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted once the matter has been conclusively resolved, provided that no statutory retention obligations apply.

4.3 Automated processing of email inquiries using AI

To handle and respond to your email inquiries efficiently, we use automated workflows and artificial intelligence (AI). Incoming emails are processed using the workflow automation platform n8n and analyzed or answered with the help of Microsoft Azure OpenAI Service. You will be informed where responses are generated by automated means.

Categories of data processed

Depending on your inquiry, this may include:

  • Email address and name of the sender

  • Subject line and content of your message

  • Further contact details contained in your email (e.g. phone number, address)

  • Technical metadata (date and time of receipt, message identifiers)

  • Information on booking or contractual matters, if you refer to them in your email

Purpose of processing

  • Receipt, classification, and processing of your inquiry

  • Automated or AI-assisted drafting and sending of replies

  • Summarization and structuring of inquiry content for handling

  • Improving the efficiency of our customer communication

The legal basis is Art. 6(1)(b) GDPR if your inquiry relates to a contract or pre-contractual measures, and Art. 6(1)(f) GDPR otherwise, based on our legitimate interest in efficient and timely communication.

Use of AI and involvement of processors

AI-generated text is produced exclusively via Microsoft Azure OpenAI Service, deployed in a Germany/EU Azure region. Azure OpenAI is an EU Data Boundary service; customer data submitted for processing is stored and processed within the EU Data Boundary and is not used to train or improve foundation models, unless you expressly instruct us otherwise. Microsoft acts as a processor; the service is governed by the Microsoft Products and Services Data Protection Addendum (DPA).

Workflow automation is carried out using n8n. Depending on the technical setup, processing takes place on infrastructure within the EU (e.g. our own hosting environment and/or n8n Cloud hosted in the EU, such as Microsoft Azure Germany West Central). n8n processes data solely to execute the workflows required for email handling. Where n8n acts as a processor, a data processing agreement is in place.

Storage duration

Email content and workflow data are stored only as long as necessary to handle your inquiry. As a rule, they are deleted within 30 days after the matter has been conclusively resolved, unless statutory retention obligations require longer storage. Technical log data are deleted after a short retention period where possible.

No sale of data; no automated decision-making with legal effect

We do not sell your personal data. Automated processing serves communication purposes only and does not produce decisions with legal or similarly significant effects within the meaning of Art. 22 GDPR without appropriate safeguards and your rights being preserved.

For further information on your rights, see Section 11 below. To object to processing based on legitimate interests, please contact the controller.

5) Data Processing When Creating a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data are collected and processed to the extent necessary when you provide them to us during the creation of a customer account. The required data can be found in the respective input form on our website.

You may delete your customer account at any time by sending a message to the controller. After deletion, your data will be erased provided that all contracts have been fully processed, no statutory retention periods apply, and no legitimate interest in further storage exists.

6) Use of Customer Data for Direct Advertising

Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. Only your email address is mandatory. Additional data are voluntary and are used to address you personally.

We use the double opt-in procedure, ensuring that newsletters are sent only after you have expressly confirmed your consent by clicking a verification link sent to your email address.

By activating the confirmation link, you give consent pursuant to Art. 6(1)(a) GDPR. We store your IP address as entered by your internet service provider, as well as the date and time of registration, to be able to trace potential misuse at a later date. Data collected for newsletter registration are used strictly for their intended purpose.

You may unsubscribe at any time via the link provided in the newsletter or by notifying the controller. After unsubscribing, your email address will be deleted immediately unless you have expressly consented to further use or we are legally permitted to retain the data.

7) Data Processing for Order Fulfillment

7.1 To the extent necessary for contract fulfillment for delivery and payment purposes, personal data are passed on to the commissioned transport company and the commissioned credit institution pursuant to Art. 6(1)(b) GDPR.

If we owe you updates for goods with digital elements or digital products, we process your contact data pursuant to Art. 6(1)(c) GDPR to inform you personally as required by law. The data are used exclusively for this purpose.

We also cooperate with service providers who support us in fulfilling contracts. Personal data are transmitted to these providers as described below.

7.2 Use of payment service providers
– Mollie

One or more online payment methods of the following provider are available on this website:
Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands.

When selecting a payment method requiring advance payment (e.g. credit card), your payment data (including name, address, bank and card details, currency, and transaction number) as well as order details are transmitted pursuant to Art. 6(1)(b) GDPR exclusively for payment processing and only to the extent necessary.

8) Web Analytics Services

8.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

By default, Google Analytics 4 does not use cookies unless you expressly consent. Instead, usage data are collected via so-called “pings”. These include your IP address, which is truncated by Google to prevent direct personal identification.

Data may be transferred to Google servers, including servers of Google LLC in the USA. Google processes the data on our behalf to analyze website usage and generate reports. The truncated IP address is not merged with other Google data. Data are stored for two months and then deleted.

All processing occurs only with your consent pursuant to Art. 6(1)(a) GDPR. Consent can be withdrawn at any time via the cookie consent tool.

We have concluded a data processing agreement with Google.

Demographic characteristics
Google Analytics 4 may generate statistics on age, gender, and interests using third-party advertising data. These data are anonymized and deleted after two months.

Google Signals
Google Signals enables cross-device reports if you have enabled personalized ads and linked your devices to your Google account. We receive only aggregated statistics. You can disable this feature in your Google account settings.

User IDs
If enabled and you have an account on this website, activities may be analyzed across devices. Data transfers to the USA are covered by the EU-US Data Privacy Framework.

8.2 Google Tag Manager

This website uses Google Tag Manager, provided by Google Ireland Limited. The Tag Manager itself does not store or analyze data but may transmit your IP address to Google servers, including those in the USA, only with your consent pursuant to Art. 6(1)(a) GDPR.

A data processing agreement has been concluded. Google participates in the EU-US Data Privacy Framework.

9) Site Functionality

Google Maps

This website uses Google Maps, a service provided by Google Ireland Limited. When accessing pages containing Google Maps, information such as your IP address is transmitted to Google servers, possibly in the USA.

If you are logged into Google, your data may be associated with your account. Google processes data based on its legitimate interests pursuant to Art. 6(1)(f) GDPR. You may object to this processing by contacting Google or disabling JavaScript in your browser.

Consent pursuant to Art. 6(1)(a) GDPR is obtained where legally required. Google participates in the EU-US Data Privacy Framework.

10) Tools and Miscellaneous

Cookie Consent Tool

This website uses a cookie consent tool to obtain legally valid consent for cookies and cookie-based applications. Only technically necessary cookies are set without consent.

Any processing of personal data (e.g. IP address) occurs pursuant to Art. 6(1)(f) GDPR and Art. 6(1)(c) GDPR to ensure legally compliant consent management. A data processing agreement has been concluded where required.

11) Rights of the Data Subject

You have the following rights under GDPR:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to notification (Art. 19)

  • Right to data portability (Art. 20)

  • Right to withdraw consent (Art. 7(3))

  • Right to lodge a complaint (Art. 77)

Right to object

If we process your data based on legitimate interests, you may object at any time for reasons arising from your particular situation. If you object to processing for direct marketing purposes, processing will cease immediately.

12) Duration of Storage of Personal Data

Personal data are stored according to the legal basis, processing purpose, and statutory retention periods.

  • Data processed based on consent are stored until consent is withdrawn.

  • Contractual data are deleted after statutory retention periods expire.

  • Data processed based on legitimate interests are deleted upon objection unless overriding legitimate grounds exist.

  • Marketing data are deleted upon objection.

Unless otherwise stated, personal data are deleted once they are no longer necessary for the purposes for which they were collected.