ananaea

Dear visitors to our website,

Thank you for visiting our website. To ensure that you feel safe and comfortable when visiting our website, we would like to inform you below about how we handle your data. The following data protection provisions are intended to inform you about our handling of the collection, use and disclosure of personal data.

For data collection and processing

DERTOUR Hotels & Resorts GmbH
Humboldtstr. 140-144
51149 Cologne
Germany

Sales tax ID: DE811177969
Cologne Local Court, HRB 51388

responsible.

Data protection information for customers (BtC) in accordance with Art. 13 and 14 EU GDPR

Data protection information for business partners (BtB) can be found below.

This privacy policy informs you about the processing of your personal data and your rights under the EU GDPR. (Status: 27 November 2023)

1. who is responsible for data processing and who can you contact?

DER Touristik Hotels & Resorts GmbH

Humboldtstr. 140-144

51149 Cologne

Germany

If you have any questions about data protection, please contact: datenschutz@dertouristik.com

2 Which data and which sources do we use?

We process data that we receive as part of our contractual relationship with you or on the basis of your consent. We receive the data directly from you, e.g. as part of the booking or other order placement, e.g. via another agent.

If you provide us with the personal data of other persons, you must ensure that they agree to this and that you are authorised to transmit the data. You must ensure that these persons know how their personal data is processed by us and what rights they have.

We process the following categories of data:

2.1 Identification/authentication data (surname, first name of all travellers, booking number, passport data).

2.2 Demographic data (age and date of birth of all travellers)

2.3 Physical characteristics (title and gender of all travellers)

2.4 Communication data of the trip applicant (address, e-mail address, telephone number, correspondence)

2.5 Account details of the traveller (credit card number masked, IBAN number)

2.6 Travel data (trip type, trip price, destination, trip date, trip duration, hotel data, room type, travel history, other booked services)

2.7 Special personal data in accordance with Art. 9 EU GDPR, if provided voluntarily (mobility aids, meal preferences, pregnancy).

2.8 Preferences (your ratings in relation to the booking)

2.9 Family (accompanying children, spouse)

2.10 Data in connection with complaints and crisis cases

2.11 Behaviour (behaviour on our websites/app, location via the IP address, activities in the system as a user)

3. on what legal basis and for what purpose is your data processed?

Data, 2.1-2.7, 2.9, 2.10, which are necessary for the implementation of pre-contractual measures at your request or for the fulfilment of contractual obligations with you (agency contract). (Art. 6 para. 1 lit. b EU GDPR).

We process your data to prepare offers and to process our contracts with you, i.e. in particular to arrange the booked services including complaints and crisis management by us or by authorised third parties (agency contract). Further purposes are

  • to provide contact options to us (e.g. via a contact form), title, first name, surname, email address

On the basis of legal requirements (Art. 6 para. 1 lit. c EU GDPR).

We are subject to various legal obligations and statutory requirements. Your data, 2.1-2.7, 2.9, 2.10 may be processed by us or by authorised third parties for the purposes of identity and age verification, the prevention of criminal offences (e.g. fraud), the fulfilment of tax/regulatory control and reporting obligations, the assessment and management of risks and the retention of data under financial and tax law.

To safeguard legitimate interests (Art. 6 para. 1 lit. f EU GDPR)

As part of a balancing of interests to protect predominantly legitimate interests, your data may be processed by us or by authorised third parties. This is done for the following purposes:

  • Function, availability and security of business operations (e.g. IT, other services), first and last name, e-mail address, data 2.11
  • Further development of services/travel services and additional products (quality management), first name, surname, e-mail address, travel data, reviews
  • Advertising, market and opinion research, new customer acquisition, surname, first name, email address, travel data, reviews
  • Assertion, exercise or defence of legal claims, 2.1-2.7, 2.9, 2.10, 2.11
  • Prevention and investigation of criminal offences (e.g. fraud), 2.1-2.7, 2.9, 2.10, 2.11
  • Processing of enquiries and provision of necessary information (e.g. contact form), 2.1-2.7, 2.9, 2.10

Our interest in the respective processing results from the respective purposes (provision and safeguarding of our business operations, efficient fulfilment of tasks, process optimisation, profit generation, avoidance of legal risks, assertion, exercise or defence of legal claims, avoidance and investigation of criminal offences, processing of enquiries and provision of necessary information). As far as the specific purpose allows, we process your data pseudonymously.

On the basis of your consent (Art. 6 para. 1 lit. a EU GDPR)

If you have given us your consent to process your personal data, this respective consent is the legal basis for the processing mentioned there. In particular, you may have consented to promotional contact by email, post, telephone or messenger service. You can revoke your consent at any time with effect for the future. Please contact us at our contact address. The cancellation only applies to future processing, but not to processing that has already taken place.

  • Optional personal data that you provide voluntarily

4 Who receives my data?

Your personal data will only be passed on in accordance with the provisions of the EU GDPR and only to the extent that a legal basis permits this. Your data will only be passed on to recipients who need it to fulfil our contractual and legal obligations or to fulfil their respective tasks, e.g.

  • Internal and external departments for processing your enquiry/booking, data 2.1-2.7, 2.9, 2.10
  • Service providers for the fulfilment of booked services, data 2.1.-2.7., 2.9., 2.10.
  • Financial service provider, surname, first name, account details of the person registering the trip
  • Internal and external bodies for the assertion, exercise or defence of legal claims, data 2.1-2.7, 2.9, 2.10, 2.11
  • Public authorities (tax authorities, tourism association under the Registration Act) in the event of a legal or official obligation to provide data 2.1-2.7, 2.9, 2.10.
  • Other recipients for whom you have given us your consent to data processing

5 How long will my personal data be stored?

We process your personal data for the duration of our business relationship with you, which includes the initiation and fulfilment of the contract.

After fulfilment of the contract, we retain your data during the warranty period in accordance with national laws in order to rectify defects.

For the assertion, exercise or defence of legal claims, your data will be stored until the general limitation period for claims in accordance with national laws.

For tax and financially relevant documents that are commercial or business letters, the regulations of the German Commercial Code (HGB) and the German Fiscal Code (AO) apply and justify a 6-year retention period.

Retention for 3 years according to §§ 195 ff. BGB

beginning at the end of the year in which the claim arose and the creditor becomes aware of the circumstances giving rise to the claim and the identity of the debtor or should have become aware of them without gross negligence for the assertion, exercise or defence of legal claims pursuant to Section 199 (1) of the German Civil Code (BGB)

Storage for 6 years

begins at the end of the calendar year in which the last entry was made in the trading book, the inventory was prepared, the opening balance sheet or the annual financial statements were adopted, the individual financial statements pursuant to Section 325 (2a) or the consolidated financial statements were prepared, the commercial letter was received or sent or the accounting voucher was created in accordance with the statutory retention periods under Section 257 (5) HGB for commercial letters and begins at the end of the calendar year in which the last entry was made in the trading book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or management report was prepared or the annual financial statements were adopted. 5 HGB for commercial letters and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting voucher was created, furthermore the record was made or the other documents were created in accordance with § 147 para. 4 AO for commercial and business letters.

The provisions of the German Commercial Code (HGB) and the German Fiscal Code (AO) apply to tax and financial documents that are relevant to an incoming or outgoing payment and justify a 10-year retention period.

Storage for 10 years

begins at the end of the calendar year in which the last entry was made in the trading book, the inventory was prepared, the opening balance sheet or the annual financial statements were adopted, the individual financial statements in accordance with Section 325 (2a) or the consolidated financial statements were prepared, the commercial letter was received or sent or the accounting document was created in accordance with the statutory retention periods from Section 257 (5) HGB for trading books, inventories, opening balance sheets, annual financial statements, individual financial statements in accordance with Section 325 (2a), management reports, consolidated financial statements, group management reports and the working instructions required to understand them. 5 HGB for trading books, inventories, opening balance sheets, annual financial statements, individual financial statements in accordance with Section 325 (2a), management reports, consolidated financial statements, group management reports and the work instructions and other organisational documents required to understand them, supporting documents for entries in books to be kept in accordance with Section 238 (1) HGB (accounting records). 1 (accounting vouchers) and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting voucher was created, the record was made or the other documents were created in accordance with Section 147 para. 4 AO for books and records, inventories, annual financial statements, management reports, the opening balance sheet and the work instructions and other organisational documents necessary for their understanding, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code.

Processing for advertising purposes can be revoked free of charge at any time upon informal request in accordance with Art. 21 EU GDPR. In this case, the data will be blocked for advertising purposes. Your data will be deleted as soon as overriding retention periods have expired.

Your personal data will be deleted on the basis of your consent as soon as the purpose has been fulfilled or, following revocation, as soon as priority retention periods have expired.

6. will my data be transferred to a third country?

We transfer your data to recipients outside the scope of the EU GDPR and if there is neither an adequacy decision pursuant to Article 45 (3) EU GDPR nor suitable guarantees pursuant to Article 46, including binding internal data protection regulations, only to the extent that the transfer is necessary:

  • for the conclusion or fulfilment of the contract with you or for the implementation of pre-contractual measures at your request, data 2.1-2.7, 2.9, 2.10
  • for the fulfilment of a contract concluded in your interest by the controller with another natural or legal person, data 2.1-2.7, 2.9, 2.10
  • for the assertion, exercise or defence of legal claims, data 2.1-2.7, 2.9, 2.10, 2.11
  • You have given us your consent

These data processing operations are permissible derogations from Art. 49 EU GDPR.

If a data transfer outside the scope of the EU GDPR is necessary due to our predominantly legitimate interest or if you have given us your consent, this is secured, among other things, by EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c EU GDPR. If necessary, the EU standard contractual clauses are supplemented by further contractual assurances. Information and copies can be obtained via the contact details provided.

7. do I have certain rights when handling my data?

You have the right to access (Art. 15 EU GDPR), rectification (Art. 16 EU GDPR), erasure (Art. 17 EU GDPR), restriction of processing (Art. 18 EU GDPR) and data portability (Art. 20 EU GDPR) under the respective legal requirements.

You also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR pursuant to Article 21 GDPR. This also applies to so-called "profiling" based on this provision within the meaning of Art. 4 No. 4 GDPR. In the event of a justified revocation, we will no longer process this personal data for these purposes. A cancellation can be made informally to our contact address. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU GDPR). The contact details of the competent data protection supervisory authority can be found under no. 12.

8. am I obliged to provide my data?

As part of our business relationship, you only need to provide personal data that is required for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or execute an order, or we will no longer be able to fulfil an existing contract and may have to terminate it.

9. is there automated decision-making in individual cases?

In principle, we do not use automated decision-making in accordance with Art. 22 EU GDPR to establish and conduct the business relationship. Should we use this procedure in individual cases, you will be informed separately if this is required by law.

10. will my data be used in any way for profiling?

Profiling does not take place.

11. contact details of the data protection officer

If you have any questions about data protection, please contact us:

datenschutz@dertouristik.com

 

Data protection information for business partners (BtB) in accordance with Art. 13 and 14 EU GDPR

This privacy policy informs you about the processing of your personal data and your rights under the EU GDPR.

(Status: 01 November 2023)

1. who is responsible for data processing and who can you contact?

DER Touristik Hotels & Resorts GmbH

Humboldtstr. 140-144

51149 Cologne

Germany

If you have any questions about data protection, please contact: datenschutz@dertouristik.com

2 Which data and which sources do we use?

We process data that we receive as part of our contractual relationship with you or on the basis of your consent. We receive the data directly from you, e.g. as part of our current or potential business relationship or other order placement, e.g. via another business partner or from public sources.

If you provide us with the personal data of other persons, you must ensure that they agree to this and that you are authorised to transmit the data. You must ensure that these persons know how their personal data is processed by us and what rights they have.

We process the following categories of data:

2.1 Identification/authentication data (surname, first name).

2.2 Physical characteristics (salutation)

2.3 Professional details (employer, title, job title)

2.4 Communication data (address, e-mail address, telephone number, correspondence)

2.5 Behaviour (behaviour on our websites/app, location via the IP address, activities in the system as a user)

2.6 Preferences (e.g. your preferences, your ratings with regard to our services)

3. on what legal basis and for what purpose is your data processed?

Data, 2.1.-2.4. which are necessary for the implementation of pre-contractual measures at your request or for the fulfilment of contractual obligations with you. (Art. 6 para. 1 lit. b EU GDPR).

We process your data that is necessary for the preparation of offers and for the processing of our contracts/business relationship with you, data 2.1-2.4:

  • to provide contact options to us, data 2.1-2.4 (e.g. via a contact form)

On the basis of legal requirements (Art. 6 para. 1 lit. c EU GDPR).

We are subject to various legal obligations and statutory requirements. Your data, 2.1.-2.4. may be processed by us or by authorised third parties for the purpose of fulfilling tax law / official control and reporting obligations, the assessment and management of risks as well as financial and tax law retention.

To safeguard legitimate interests (Art. 6 para. 1 lit. f EU GDPR)

As part of a balancing of interests to protect predominantly legitimate interests, your data may be processed by us or by authorised third parties. This is done for the following purposes:

  • Function, availability and security of business operations (e.g. IT, other services), data surname, first name, email address, IP address, data from 2.5
  • Further development of services and additional products (quality management), data first name, surname, e-mail address, services purchased, preferences, ratings
  • Advertising, market and opinion research, new customer acquisition, data surname, first name, e-mail address, purchased services
  • Assertion, exercise or defence of legal claims, data 2.1.-2.6
  • Processing of enquiries and provision of necessary information (e.g. contact form), data 2.1.-2.4
  • If you are not an existing or potential business partner yourself, we have usually received your contact details from our business partner who has named you as a contact person. In this case, your data will be processed on the basis of Art. 6 para. 1 lit. f EU GDPR (balancing of interests, based on our legitimate interest in contacting existing or potential business partners).

Our interest in the respective processing results from the respective purposes (provision and safeguarding of our business operations, efficient fulfilment of tasks, process optimisation, profit generation, avoidance of legal risks, assertion, exercise or defence of legal claims, avoidance and investigation of criminal offences, processing of enquiries and provision of necessary information). As far as the specific purpose allows, we process your data pseudonymously.

Data processing for direct marketing (Art. 6 para. 1 lit. f EU GDPR)

We process your data for the purpose of direct advertising, for sending e-mails customised to your trips with information and offers relating to your purchased services. The profiling explained in section 10 is used for this purpose. Data processing is carried out on the basis of Art. 6 para. 1 lit. f EU GDPR and in the overriding interest of informing you about new products and services. You have your own right to object to this processing in accordance with Art. 21 EU GDPR, the exercise of which leads to the termination of processing for the purpose of direct marketing. Your data will be blocked for direct marketing purposes. Your data will be deleted as soon as overriding retention periods have expired.

You can unsubscribe from advertising e-mails at any time with effect for the future. You can do this by contacting us directly at datenschutz@dertouristik.com or, if necessary, via a link, without incurring any costs other than the transmission costs according to the basic tariffs.

On the basis of your consent (Art. 6 para. 1 lit. a EU GDPR)

If you have given us your consent to process your personal data, this respective consent is the legal basis for the processing mentioned there. In particular, you may have consented to promotional contact by email, post, telephone or messenger service. You can revoke your consent at any time with effect for the future. Please contact us at our contact address. The cancellation only applies to future processing, but not to processing that has already taken place.

Separate consents can be granted for the following services:

  • Newsletter dispatch

You have the option of registering for our free newsletter on some of our websites. The newsletter contains current offers, attractive specials, competitions and surveys. When you subscribe to the newsletter, we process the data listed below. We only process this data to the extent that it is actually collected by us.

Data that you provide to us when subscribing to the newsletter (e-mail address, title, first name, surname, date of birth if applicable, content preferences)

Data to prove your consent to receive the newsletter (IP address, time stamp of consent)

Data on the use of the newsletter (openings, clicks on links contained therein, accessibility of the e-mail address, data of the end device used)

You can unsubscribe from the newsletter at any time with effect for the future. You can do this by contacting us directly and using the "Unsubscribe from newsletter" link contained in every newsletter or, if applicable, without incurring any costs other than the transmission costs according to the basic rates. Your data will be blocked for advertising purposes. Your data will be deleted when overriding retention periods have expired

  • Optional personal data that you provide voluntarily, data 2.1-2.4
  • Your contact with us, data 2.1-2.4

4 Who receives my data?

Your personal data will only be passed on in accordance with the provisions of the EU GDPR and only to the extent that a legal basis permits this. Your data will only be passed on to recipients who need it to fulfil our contractual and legal obligations or to fulfil their respective tasks, e.g.

  • Internal and external bodies for processing your enquiry/contract, data 2.1- 2.4
  • Service providers for the fulfilment of services, data 2.1-2.4
  • Internal and external bodies for the assertion, exercise or defence of legal claims, data 2.1-2.5
  • Public authorities (tax authorities, financial authorities) in the event of a legal or official obligation to provide data 2.1-2.4
  • Other recipients for whom you have given us your consent to data processing

5 How long will my personal data be stored?

We process your personal data for the duration of our business relationship with you, which includes the initiation and fulfilment of the contract.

After fulfilment of the contract, we retain your data during the warranty period in accordance with national laws in order to rectify defects.

For the assertion, exercise or defence of legal claims, your data will be stored until the general limitation period for claims in accordance with national laws.

For tax and financially relevant documents that are commercial or business letters, the regulations of the German Commercial Code (HGB) and the German Fiscal Code (AO) apply and justify a 6-year retention period.

Retention for 3 years according to §§ 195 ff. BGB

beginning at the end of the year in which the claim arose and the creditor becomes aware of the circumstances giving rise to the claim and the identity of the debtor or should have become aware of them without gross negligence for the assertion, exercise or defence of legal claims pursuant to Section 199 (1) of the German Civil Code (BGB)

Storage for 6 years

begins at the end of the calendar year in which the last entry was made in the trading book, the inventory was prepared, the opening balance sheet or the annual financial statements were adopted, the individual financial statements pursuant to Section 325 (2a) or the consolidated financial statements were prepared, the commercial letter was received or sent or the accounting voucher was created in accordance with the statutory retention periods under Section 257 (5) HGB for commercial letters and begins at the end of the calendar year in which the last entry was made in the trading book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or management report was prepared or the annual financial statements were adopted. 5 HGB for commercial letters and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting voucher was created, furthermore the record was made or the other documents were created in accordance with § 147 para. 4 AO for commercial and business letters.

The provisions of the German Commercial Code (HGB) and the German Fiscal Code (AO) apply to tax and financial documents that are relevant to an incoming or outgoing payment and justify a 10-year retention period.

Storage for 10 years

begins at the end of the calendar year in which the last entry was made in the trading book, the inventory was prepared, the opening balance sheet or the annual financial statements were adopted, the individual financial statements in accordance with Section 325 (2a) or the consolidated financial statements were prepared, the commercial letter was received or sent or the accounting document was created in accordance with the statutory retention periods from Section 257 (5) HGB for trading books, inventories, opening balance sheets, annual financial statements, individual financial statements in accordance with Section 325 (2a), management reports, consolidated financial statements, group management reports and the working instructions required to understand them. 5 HGB for trading books, inventories, opening balance sheets, annual financial statements, individual financial statements in accordance with Section 325 (2a), management reports, consolidated financial statements, group management reports and the work instructions and other organisational documents required to understand them, supporting documents for entries in books to be kept in accordance with Section 238 (1) HGB (accounting records). 1 (accounting vouchers) and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting voucher was created, the record was made or the other documents were created in accordance with Section 147 para. 4 AO for books and records, inventories, annual financial statements, management reports, the opening balance sheet and the work instructions and other organisational documents necessary for their understanding, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code.

Processing for advertising purposes can be revoked free of charge at any time upon informal request in accordance with Art. 21 EU GDPR. In this case, the data will be blocked for advertising purposes. Your data will be deleted as soon as overriding retention periods have expired.

Your personal data will be deleted on the basis of your consent as soon as the purpose has been fulfilled or, following revocation, as soon as priority retention periods have expired.

6. will my data be transferred to a third country?

We transfer your data to recipients outside the scope of the EU GDPR and if there is neither an adequacy decision pursuant to Article 45 (3) EU GDPR nor suitable guarantees pursuant to Article 46, including binding internal data protection regulations, only to the extent that the transfer is necessary:

  • for the conclusion or fulfilment of the contract with you or for the implementation of pre-contractual measures at your request, data 2.1-2.4
  • for the fulfilment of a contract concluded in your interest by the controller with another natural or legal person, data 2.1-2.4
  • for the establishment, exercise or defence of legal claims, data 2.1-2.6
  • you have given us your consent, 2.1-2.6

These data processing operations are permissible derogations from Art. 49 EU GDPR.

If a data transfer outside the scope of the EU GDPR is necessary due to our predominantly legitimate interest or if you have given us your consent, this is secured, among other things, by EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c EU GDPR. If necessary, the EU standard contractual clauses are supplemented by further contractual assurances. Information and copies can be obtained via the contact details provided.

7. do I have certain rights when handling my data?

You have the right to access (Art. 15 EU GDPR), rectification (Art. 16 EU GDPR), erasure (Art. 17 EU GDPR), restriction of processing (Art. 18 EU GDPR) and data portability (Art. 20 EU GDPR) under the respective legal requirements.

You also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR pursuant to Article 21 GDPR. This also applies to so-called "profiling" based on this provision within the meaning of Art. 4 No. 4 GDPR. In the event of a justified revocation, we will no longer process this personal data for these purposes. A cancellation can be made informally to our contact address. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU GDPR). The contact details of the competent data protection supervisory authority can be found under no. 12.

8. am I obliged to provide my data?

As part of our business relationship, you only need to provide personal data that is required for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or execute an order, or we will no longer be able to fulfil an existing contract and may have to terminate it.

9. is there automated decision-making in individual cases?

In principle, we do not use automated decision-making in accordance with Art. 22 EU GDPR to establish and conduct the business relationship. Should we use this procedure in individual cases, you will be informed separately if this is required by law.

10. will my data be used in any way for profiling?

If you have booked services with us, we process your data partly automatically with the aim of evaluating your potential interest in certain products, offers and services ("profiling" in accordance with Art. 4 No. 4 EU GDPR). The analyses are carried out using statistical and market research methods, taking into account the contractual products and services. We use the results of these analyses for market and opinion research, a targeted and needs-based customer approach and to acquire new customers. This form of data use is carried out on the legal basis of Art. 6 para. 1 lit. f EU GDPR due to the overriding legitimate interest in direct advertising, market and opinion research and the acquisition of new customers.

11. contact details of the data protection officer

If you have any questions about data protection, please contact us:

datenschutz@dertouristik.com

Use of a consent management system to manage and document consent and settings for data collection and cookies

As a user, you can decide for yourself on the use of cookie-based services/technologies and the data collection by these on our portal and adjust or revoke them at any time with effect for the future. This is possible via an information and consent banner, which is displayed on first visits and when changing services, as well as via the cookie settings, which can be accessed at any time via a link at the bottom of each page. As part of a GDPR-compliant approach, we only use services requiring consent after you have given your prior consent. You can also use our website without this consent.

We use a so-called Consent Management System from Usercentrics, GmbH, Rosental 4, 80331 Munich, Germany, to provide this setting and consent function within the meaning of the GDPR and to inform you about the use of cookie-based technologies. In addition, this system is used to document your decisions for your browser, which enables us to fulfil the data protection requirements of the documentation and verification obligation.

Usercentrics uses cookies and records the date and time of the visit, browser and device information, the anonymised IP address and opt-in and opt-out data exclusively to store your consent and to comply with legal obligations on the legal basis of Section 25 (2) No. 2 TTDSG in conjunction with Art. 6 (1) (c) GDPR. GDPR Art. 6 (1) (c). The data processing takes place within the European Union.

Further information on the data protection provisions of the data processor can be found at https://usercentrics.com/de/datenschutzerklaerung/

As a user, you have other, alternative ways such as browser extensions, settings, adblockers or opt-out links of individual tools to prevent the setting of cookies or data collection by services. We would like to point out that these methods are not equivalent to the use of a consent / consent management system.

Browser extensions, settings and adblockers can prevent cookies and, where applicable, data collection by services. However, you cannot always decide for yourself what you want to allow or prevent. It is possible that your decisions made via the consent management system may be overridden or even prevent the necessary use of the consent management system. In addition, extensions and adblockers can cause unexpected problems with the basic functions of the portal.

Many marketing services provide their own opt-out options via opt-out links or cookies. We list these in the privacy policy, if available. The opt-out often applies to the basic portal-independent use of the service, but only takes place subsequently and on a page of the provider, independent of the consent management of our portal. Often, so-called opt-out cookies are set, which in turn can be cancelled by the cookie settings of your browser or by deleting cookies.
If you use the alternative methods mentioned, it is not possible for us to document your settings and decisions.

USE OF COOKIES
When you visit our website, information may be stored on your computer in the form of cookies, for example to recognise visitor preferences and optimise the design of the website accordingly. This helps us, for example, to make navigation easier and to achieve a high level of user-friendliness.

Cookies are text files that are stored on the user's hard drive when they visit a website. They are harmless to your computer and cannot be viewed by third parties. They make it possible to store information for a certain period of time and to identify the user's computer.

If you accept our cookies, they will remain on your computer for a period of 30 days unless you delete them beforehand. During an online booking, cookies are temporarily stored for the duration of the booking. These are automatically deleted after 30 minutes of inactivity or after closing the website.

You can object to the collection and storage of your data via this service at any time. If you want to avoid the activation of cookies, deactivate them in your browser. Please note, however, that disabling cookies may restrict the use of the website and the services offered.

TO PARTNER SITES

We offer you links on our website to the websites of our partners, where you can find further products and services relating to travelling. When you use the links, you will be forwarded to the respective partner website without any user data being transmitted from our website to that of the partner. After using the link, you will find yourself on the portal of the respective partner, which is the responsibility of the partner.

TO SOCIAL MEDIA NETWORKS

You will find links to social media networks such as Facebook and Instagram on our website. These are not plugins provided by Facebook and Instagram, which already transmit data to the provider when the page is loaded without the user having any influence.

The buttons for the social media networks only contain a link to the social media network including the website to be shared. No user data is transmitted from the website to the social media network.

If you are already logged in to the relevant social media service when you click on the button, this will be recognised in the dialogue for sharing the website so that you can share the content directly. If this is not the case, you will be asked to log in to the social media network.

From this point onwards, you will be on the website of the respective social media network.

Clicking on the Facebook button will take you to a website of Facebook Inc, 1601 S. California Ave, Palo Ave, CA 04304, USA. Information on the collection, storage and use of your data by Facebook Inc. can be found in the provider's data protection guidelines: https://www.facebook.com/about/privacy/

Clicking on the Instagram button will take you to a website of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Information on the collection, storage and use of your data by Instagram LLC can be found in the provider's privacy policy:https://help.instagram.com/15583370790038

Our online presence on social media platforms serves to provide users as customers and interested parties with information about our services and offers. In addition, social networks provide a forum for communication between users and our company.

Through the use of social media, users' personal data is forwarded to the providers of social networks. Please note that the data of participating persons may therefore also be stored and processed outside the European Union. This results in a different legal situation than regulated by the GDPR. However, providers who have agreed to the Privacy Shield agreement between the USA and the EU undertake to comply with the data protection principles contained therein. In addition, user data is generally used by social network operators for market research and advertising purposes. Surfing behaviour and the interests derived from it can be used to create profiles that serve the purpose of presenting the user with customised advertisements within and outside the network, for example. As part of market research, so-called cookies are stored by the user's browser. These are small text files that can be deleted via the browser settings. In addition, further data can be stored in the user profiles, especially if the user has an account with the respective social media platform and is logged in.

The legal basis for the storage and processing of personal data is our legitimate interest in providing useful information for customers and interested parties as well as useful communication with users within the meaning of Art. 6 para. 1 lit. f GDPR. If the user's consent to the processing of personal data is obtained by ticking a checkbox or confirming with a button, Art. 6 para. 1 lit. a GDPR applies.

You can find detailed information on the storage and processing of user data as well as the opt-out rights on the websites of the respective providers listed below.

The relevant network provider is the right point of contact for any questions that may arise and for asserting user rights within social media platforms. This is because only the provider has full access to the stored user data. Therefore, only the respective provider can provide detailed information and, if necessary, initiate measures to change or delete the data. If you need advice or support, you can contact us at any time.

Facebook
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
e-mail: impressum-support@support.facebook.com
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads & http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Google and YouTube
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
e-mail: support-de@google.com
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Instagram
Instagram Inc.
1601 Willow Road
Menlo Park, CA 94025
USA
e-mail: impressum@support.instagram.com
Privacy Policy/Opt-Out: http://instagram.com/about/legal/privacy/

INTEGRATION OF YOUTUBE

Our website uses plugins from the YouTube website operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Such integration takes place exclusively in the extended data protection mode of YouTube (more information at https://support.google.com/youtube/answer/171780?hl=de), which does not use cookies. As long as there is no interaction with the video, no data is collected by the service. If a user clicks on an embedded YouTube video, data collection and further data processing for analysis purposes is carried out by Google LLC and its affiliated companies. The extended data protection mode prevents YouTube from connecting to Google's DoubleClick advertising network. When videos are played, the service collects browser and device settings, IP address, browser ID, date, time and reference URL of the request to play the video, name of the video and playback duration as well as system activities and crash reports for the purposes of providing, maintaining and improving the services and measuring performance. 

If you have a Google account and are logged into it at the time you use a video, the usage data may be merged with your profile data. This depends on the data protection settings you have made in your account. 

If you have a YouTube account and are logged in, YouTube will be able to assign your user behaviour to your personal profile. You can prevent this by logging out of your YouTube account. 

You can find Google's privacy policy and terms of use here: 
https://policies.google.com/privacy?hl=de&gl=de 

We use YouTube on our websites to display and present our offers in an appealing way. This data processing may also take place outside the EU or the EEA. As a suitable guarantee for the legality of these data transfers, we have concluded EU standard contracts with the processor in accordance with Art. 46 para. 2 lit. c GDPR. 

The service will only be used with your prior consent. You can give this consent via our Consent Management System either on your first visit to the portal via the consent banner or via the layer that is displayed via a YouTube integration without consent. 

In addition, you can give your consent at any time via the cookie settings, which can be accessed via a link at the bottom of every page of the portal, and adjust or revoke them with effect for the future. Your choice is documented for your browser, which means that we fulfil the data protection requirements of the documentation obligation. 

On our website you also have the opportunity to get in touch with us on various topics. Examples include forms for booking enquiries, callback requests, feedback, special customer requests, etc.

Depending on the background of the contact, various data is requested in the form. Personal details such as title, first name, surname and email address are usually mandatory for the purpose of establishing contact and addressing you personally. If you use a form to request a callback or an appointment, you may also be asked to provide additional data such as your telephone number. For travel enquiries or questions about existing transactions, you also have the option of providing your booking or invoice number.

To protect your data from unauthorised access, we use an encryption process on our website. Your data is then transmitted from your computer to our server and vice versa via the Internet using TLS 1.2 encryption. You can recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

en_GBEnglish
de_DEGerman en_GBEnglish