Nieuwsbrief

Nu aanmelden en van veel voordeel profiteren!

Privacy Policy

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website and which rights arise for you via the data protection law. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy, located below.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

TravelTrex GmbH, Bonner Str. 484-486, 50968 Köln

E-Mail: dataprotection@snowtrex.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Statutory data protection officer

We have appointed a data protection officer for our company:

Tanja Busacker, Bonner Str. 484-486, 50968 Köln

Email: dataprotection@wintertrex.be

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site. All of your data is processed in accordance with the regulations of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. General information and mandatory information

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email (dataprotection@wintertrex.be) making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

Information, blocking, deletion

As permitted by Art. 15 of the GDPR, you have the right, at any time, to be provided with information free of charge about any of your personal data that is stored, as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected in accordance with Art. 16 of the GDPR, as well as the right to have this data blocked or deleted in accordance with Art. 17 of the GDPR. Should you have further questions about this, or questions about the topic of personal data in general, you can contact our data protection officers at any time using the following address: dataprotection@wintertrex.be.

Data transfer to third countries

A transfer to entities in countries outside of the European Union takes place where necessary insofar as to execute the travel contract and to carry out the holiday, when it is required by law (in the event of tax reporting obligations, for example), or when you provide us with your consent.

Furthermore, a transfer to entities in third countries is provided in individual cases, where necessary, in order to pass on personal data to IT service providers or payment service providers in the U.S., or to another third country in order to ensure IT operations. This occurs in compliance with the European privacy policy standards.

3. Data collection and data processing on our website

General information

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Cookies

Some of our websites use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser. These cookies allow us to recognize your browser the next time you visit our website. The cookies will remain saved on your terminal until you delete them.

Cookie categories

Our cookies can be divided into the four following categories. Please note that cookies can belong to more than one category.

Necessary: Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Functional: Functional cookies are used to store information that has already been entered (such as name, language selection or where you are located) and to offer the visitor improved, more personalised functions. During this process, plug-ins can be loaded and information can be transferred.

Statistics: Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing: Marketing cookies are used to follow visitors around websites. The intention is to show ads that are relevant and engaging for the individual user and are therefore more valuable to publishers and advertising third parties.

Agree

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Time of the server request
  • IP address
These data will generally not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

IP anonymisation

When visiting our website, your IP address is displayed in abbreviated form. We use this information to evaluate your use of our website, to compile reports on website activities and to provide other services related to website and Internet use. The transmitted IP address is only processed for the duration of the website visit and is not stored.

Google reCaptcha

In order to protect your data and to secure the transmission of forms, in particular in the context of contest participation, we use Google reCaptcha, a service of Google LLC ("Google"), on the basis of Article 6 para. 1 lit. f GDPR. Our legitimate interest follows from the purposes described. In this context, an analysis of various information is used to determine whether the data entry is made by a human or by an automated programme. The information generated is transferred to a Google server in the U.S. and processed there. The collection and analysis do not enable us or Google to identify you. In particular, Google will not associate the information with any personal data about you.Further information about Google reCaptcha can be found at https://policies.google.com/privacy?hl=en or https://policies.google.com/terms?hl=en.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.

3.1 Analyse Tools

General information

When visiting our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools.

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Google Optimize

Our website uses the web analysis and optimisation service "Google Optimize", which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Optimize is used to analyse the use of our website and to continuously improve individual content, functions and offers as well as the overall usage behaviour.

Google Optimize uses cookies, which are used to help us optimise and analyse website usage. This cookie information is usually transferred to a Google server and stored there. When using Google Optimize, IP anonymisation is carried out so that your IP address is shortened by Google and is not transmitted completely. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. This data is used to evaluate website use and to carry out optimisations.

You can prevent the storage of cookies by adjusting your internet browser settings accordingly. You can find more detailed information about data collection and processing by Google in the following Google privacy policy: https://policies.google.com/privacy?hl=en.

OneSignal

Our website uses OneSignal, a push notification service provided by OneSignal Inc., 2194 Esperanca Avenue, Santa Clara, CA 95054, United States, to send push notifications to visitors as well as to optimize and customize the sending of these messages to our visitors. OneSignal assigns a non-personal ID to determine a temporary unique device identifier (e.g. IDFA and Android ID) for the end device used. In addition, OneSignal will receive your e-mail address (if provided), IP address and current location when using OneSignal.

OneSignal's privacy policy can be found here: https://onesignal.com/privacy_policy.

The legal basis for data processing for these purposes is Art. 6 (1) lit. f GDPR. You can refuse to receive push notifications by adjusting the appropriate settings on your device.

Dynamic

The Dynamic Tracking System serves to determine the performance of different advertising channels. When visiting our website, data from your browser are collected for statistical evaluation and subsequently sent to the technical and statistical service provider, Dynamic 1001 GmbH, Im Mediapark 8A, 50670 Cologne, Germany. The collection of the data occurs through a single pixel, of which is integrated into all common online shops. When coming into contact with Dynamic servers, information, such as the operating system, the type of Internet browser utilised, the corresponding advertising material, the referrer, and the IP address, will be anonymously stored. The IP address will only be used for internal allocation purposes and will not be shared with third parties. In order to correctly execute commission management for advertising partners, data, such as the online booking number and order value of a successful booking, will be transmitted to Dynamic 1001 GmbH.

Cookies are used to collect data, of which contain an identification value that is created by the Dynamic Tracking System. Should you not want storage to occur, you can deactivate the cookies on your own by changing the settings in your browser.

Should you wish to object to the storage of your anonymously collected visitor data, you can do so at https://dynamic-tracking.com/Datenschutz.aspx?td=E64D8A6004E35875650135366B29E484&cn=3 so that it is no longer collected in the future. The current privacy policy of Dynamic 1001 GmbH can be found at https://www.dynamic1001.com/Datenschutz.aspx.

Amazon Web Services/ Amazon Cloudfront

This website uses the Content Delivery Network (CDN) Cloudfront. This is a service provided by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN makes duplicates of a website's data available on various Amazon Web Services (AWS) servers distributed around the world. This provides faster website load times, greater resilience and increased protection against data loss. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Some of the images and videos embedded on this website are retrieved from the Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our website (such as your IP address) is transmitted to Amazon servers in other EU countries and stored there. This happens as soon as you access our website.You can find out more about Amazon Web Services' data protection measures at: https://aws.amazon.com/compliance/eu-data-protection. You can find the current privacy policy of Amazon Web Services at: https://aws.amazon.com/privacy.

Amazon Web Services Inc. with headquarters in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.

TradeTracker

We are registered with our website as an advertiser with the affiliate network TradeTracker. This is an affiliate marketing platform which allows website operators (publishers) to display advertisements from third parties on their websites. Payment occurs based on performance, and in the case of TravelTrex, based on commission. TradeTracker cookies will be placed on the visitor’s computer in order to correctly document sales.

These cookies correspond with the currently valid privacy policy. The cookies used by TradeTracker will be accepted by an Internet browser’s standard settings. Should you prefer not to save these cookies, please deactivate the option to accept cookies from the relevant domains in your Internet browser. TradeTracker tracking cookies register the ID of the intermediary partner, the partly anonymous IP address of the visitor (reduced by the last octet), as well as the sequence number of the advertising material that the visitor has clicked on (banner, text link, etc.), all of which are necessary in order to settle commission payments.

The operating company of TradeTracker is TradeTracker Nederland B.V., 1327 GA Almere, Netherlands. The applicable privacy policy of TradeTracker can be found at https://tradetracker.com/de/privacy-policy/.

3.2 Advertising

Newsletter

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

E-mail distribution via Episerver (Optimizely)

Newsletter

With the following information, we will be informing you about the content of our newsletter as well as the sign up process, distribution process, statistical analysis process, and your right to objection. By subscribing to our newsletter, you agree to reception and the aforementioned processes.

Content of the Newsletter

We only send newsletters and e-mails with advertising information (hereafter “newsletter“) with the consent of the recipient or with legal permission. Insofar as the content of a newsletter is concretely described in the context of an application for the newsletter, these are decisive for the consent of the user. Besides that, our newsletters contain information about our products, offers, deals, and company.

Double-Opt-In and Recording

Signing up for our newsletter occurs via a so-called “Double-Opt-In” procedure. This means that once you finish signing up, you will receive an e-mail which prompts you to confirm your registration. This confirmation is mandatory in order to prevent others from signing up with third-party e-mail addresses. Newsletter registrations will be recorded in order to demonstrate the corresponding legal requirements for the registration process. This includes the storage of both the registration and confirmation times, as well as the IP address. Changes to your data that is saved with your service provider will also be recorded.

Service Provider

The newsletter is sent using Episerver Gmbh (Optimizly), an e-mail marketing software of the provider Episerver GmbH, Wallstraße 16, 10179 Berlin. You can view the data protection provisions of the dispatch service provider here: https://www.optimizely.com/legal/privacy-policy/.

Furthermore, according to its own information, Episerver may use this data in pseudonymous form, i.e. without assigning it to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes. However, Episerver (Optimizly) does not use the data of our newsletter recipients to write to them on its own or to pass it on to third parties.

Registration Data

In order to sign up for the newsletter, you only have to provide us with your e-mail address. You also have the option to provide your first and last name as well as your preferred title. These entries will solely be used for the personalisation of your newsletter, in which we adjust the content of the newsletter to fit the interests of the reader.

Performance Measurement

The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider Episerver (Optimizly) when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical compilation also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The dispatch of the newsletter and the measurement of its success are based on the consent of the recipients according to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG (Act Against Unfair Competition) or on the basis of the legal permission according to § 7 para. 3 UWG.

The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.

Online Activity and Data Management

There are cases in which we direct the newsletter recipients to the websites of the dispatch service provider. For example, our newsletters contain a link that newsletter recipients can use to access the newsletters online (for example, in the event of display problems in the e-mail). Furthermore, newsletter recipients can subsequently correct or add to their data, such as that of their e-mail address. Likewise, the data protection policy of the dispatch service provider can only be accessed on their website. In this context, we would like to point out that cookies are used on the websites of Episerver (Optimizly) and that personal data is thus processed by the dispatch service provider, their partners and the service providers used (Google Analytics, for example). We have no influence over this data collection. Further information can be found in the privacy policy of Episerver (Optimizly). We would also like to draw your attention to the options for objecting to the collection of data for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area).

Cancellation/Withdrawal

You can, at any time, cancel your subscription i.e. withdrawal your consent. A link to newsletter cancellation can be found in each newsletter. Furthermore, you can also unsubscribe from the newsletter directly on the website. After completing cancellation, all of your data, excluding your e-mail address, will be deleted. Your e-mail address will be specifically saved to a blocking list and will only be used for the sole purpose of making sure that we no longer send e-mails to your e-mail address.

Completion of a Contract regarding Contract Data Processing

We have entered into a contract with Episerver (Optimizely) for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Episerver (Optimizely).

Facebook fanpage

For the services offered, TT uses the technical platform and services of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that you use our Facebook Fanpage and its functions under your own responsibility. This applies in particular to the interactive functions (e.g. commenting, sharing and rating).

TT uses the technical platform and services of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When you visit our Facebook fan page, Facebook collects your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us with statistical information about the use of the Facebook page as the operator of the Facebook pages.

Facebook provides more detailed information on this under the following link:http://de-de.facebook.com/help/pages/insights.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside of the European Union. What information Facebook receives and how it is used is described in general terms by Facebook in its data usage guidelines. There, you will also find information about contact possibilities to Facebook and to the setting options for advertisements. The data usage guidelines can be found under the following link:http://de-de.facebook.com/about/privacy

The complete Facebook data guidelines can be found here:https://de-de.facebook.com/full_data_use_policy.

Facebook Inc., the U.S. parent company of Facebook Ireland Ltd., is listed under the EU-U.S. Privacy Shield and thus pledges to adhere to the European data protection guidelines. Learn more about the Privacy Shield status of Facebook can be found here:https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .

When you access a Facebook page, the IP address assigned to your end device is sent to Facebook. According to Facebook, this IP address is anonymized and deleted after 90 days. In addition, Facebook stores information about its users' end devices (e.g. as part of the "registration notification" function); Facebook may thus be able to assign IP addresses to individual users.

If you are currently logged on to Facebook as a user, you will find that a cookie with your Facebook identification on your end device. This enables Facebook to understand that you have visited this page and how you have used it. This also applies to all other Facebook pages. Via Facebook buttons integrated into websites, Facebook is able to track your visits to said websites and associate them with your Facebook profile. This data can be used to tailor content or advertising to your needs.

If you want to avoid this, you should log out of Facebook or disable the "Stay logged in" function, delete the cookies available on your device and close and restart your browser.In this way, Facebook information that immediately identifies you is deleted. When you access the interactive features of the page (like, comment, share, message, etc.), a Facebook login screen appears. After a possible login, you are once again recognized by Facebook as a specific user.

The legal basis for the processing of personal data is Art. 6, Para. 1, Sent. 1(f) GDPR.

Facebook Pixel/Facebook Remarketing

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, should you be located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These allow the behaviour of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The Facebook pixel is immediately embedded via Facebook when visiting our website and can store a so-called “cookie” - a small file - on your device. When you subsequently log in to Facebook or visit Facebook while logged in, the visit to our website is noted in your profile. The data about you that is retrieved is anonymous to us, meaning we cannot make conclusions about the identity of the user. However, the data from Facebook is stored and processed so that a connection to the particular user profile is possible. The processing of data via Facebook occurs within the conditions of Facebook’s data use policy and cannot be influenced by us as a website operator. You will therefore find further information about the functionalities of the remarketing pixel and about the presentation of Facebook ads overall in the Facebook data use policy: https://www.facebook.com/policy.php.

The legal basis for the processing of the user’s personalised data is Art. 6 Sec. 1 lit. f GDPR.

With the help of the Facebook pixel, it is possible for Facebook to assign the visitors of our website to a target group for the presentation of Facebook ads. Therefore, we use the Facebook pixel in order to show our Facebook ads only to Facebook users who have shown an interest in our Internet offers. That means that with the help of the Facebook pixel, we ensure that our Facebook ads correspond with the potential interests of the user and do not come across as annoying. With the help of the Facebook pixel, we can also comprehend the effectiveness of the Facebook advertisements for statistical and marketing purposes in that we see whether or not a user was redirected to our website after clicking on a Facebook advertisement.

You can refuse the collection of your data from the Facebook pixel and the use of your data for the presentation of Facebook ads. You can view the Facebook-specific page about this and learn more about the settings for user-based advertisements: https://www.facebook.com/settings?tab=ads or refuse via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, meaning that they will be applied to all devices, such as desktop computers or mobile devices.

You can also deactivate the “Custom Audiences” remarketing function for advertisements in the settings via https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook in order to do this.

Google Ads and Google Conversion Tracking

This website uses Google Ads. Ads is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google Ads, we use so-called "conversion tracking". When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, we, along with Google, can tell that the user clicked on the ad and proceeded to that page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked using the website of an Ads customer. The information obtained using the conversion cookie is used to create conversion statistics for the Ads customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, customers do not obtain any information that can be used to personally identify users. If you do not wish to participate in tracking, you can easily opt-out of this by disabling the Google Conversion Tracking cookie in your Internet browser settings. In doing so, you will not be included in the conversion tracking statistics.

The storage of conversion cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

For more information about Google Ads and Google Conversion Tracking, see the Google Privacy Policy: https://www.google.com/policies/privacy/.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Google Remarketing (Google Ads and Analytics)

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) GDPR. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/.

Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated into this website in order to display the Trusted Shops seal of excellence and collective ratings, where applicable, as well as to display offers for Trusted Shops products to buyers after completing an order.

This serves to safeguard our predominantly legitimate interests in the optimal marketing of our product on the basis of the balancing of interests. The Trustbadge and the associated advertised services are offers of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln.

When using the Trustbadge, the web server automatically saves a so-called “server logfile“, of which contains, for example, your IP address, the date and time of usage, transferred data volume, and the requested provider (access data), and of which documents the usage. These access data will not be evaluated and will be automatically overwritten seven days after the end of your visit to the website at the latest.

Further personal data will only be transferred to Trusted Shops providing you have decided to make use of one of the Trusted Shops products after completing an order, or providing you have already been registered. In this case, the contractual agreement between you and Trusted Shops applies.

Voucher deals from Sovendus GmbH

When selecting a voucher deal that currently interests you after completing your travel booking, we will pseudonymize and encode the hash value of your e-mail address and IP address and transfer these to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Art. 6 Sec.1 f GDPR). The pseudonymized hash value of the e-mail address will be used by Sovendus when considering a possible existing opposition to advertisements (Art. 21 Sec.3, Art. 6 Sec.1 c GDPR). The IP address will be used solely for data security purposes and, as a general rule, will be anonymized after seven days (Art. 6 Sec.1 f GDPR). Furthermore, we will transfer a pseudonymized order number, order value with currency, session ID, voucher code, and time stamp to Sovendus for billing purposes (Art. 6 Sec.1 f GDPR). Should you be interested in a voucher deal from Sovendus after completing your travel booking and therefore click on the voucher banner that is exclusively displayed at that time, and should there be no opposition to advertisements present, we will transfer your encrypted title, name, and e-mail address to Sovendus in preparation for the voucher (Art. 6 Sec.1 b, f GDPR).

For more information about the processing of your data via Sovendus, please refer to the online data protection notices at https://www.sovendus.de/en/privacy_policy/.

4. Data processing in the context of contract fulfilment

The processing of customer and contract data

We collect, process, and use personal data only when they are necessary for the explanation, content-related design, or changes of legal relationships (inventory data). This occurs in accordance with Art. 6, Section 1 (b) of the GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to the contract. We collect, process, and use personal data provided while making use of our website (usage data) only when they are necessary to allow the user to make use of the services or to invoice them.

Data transfer of personal data upon conclusion of a contract for services and digital content

We transfer personal data to third parties only when it is necessary in order to execute a contract, such as transferring data to lift offices or accommodations, as well as to Stripe, the payment solution provider (PSP) responsible for payment processing.

No further transfer of the data takes place unless you have expressly approved such a transfer. The transferring of your data to a third party e.g. for advertising purposes will not take place without your approval.

The basis for data processing is Art. 6, Section 1 (b) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Payment service provider

Stripe

Should you select a method of payment from the payment service provider, Stripe, the transaction will occur via the payment service provider, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, in that we transfer the information from your booking that was provided by you during the booking process (name, IP address, IBAN and BIC, as well as possible credit card details, invoice amount, and currency). The transferring of your data to the payment service provider, Stripe Payments Europe Ltd., occurs only for the purpose of processing payment. Further information about data protection with Stripe can be found at https://stripe.com/de/terms.

All data that is required in order to process payment will only be used by Stripe in order to carry out payment, and will be safely transferred via the SSL process. Stripe is certified in accordance with PCI DSS. Stripe transfers, processes, and stores personal data outside of the EU where necessary.

The transferring of your data to Stripe occurs based on Art. 6 Sec. 1 (a) GDPR (consent) and Art. 6 Sec. 1 (b) GDPR (processing in order to fulfil a contract). You have the choice to revoke your consent to having your data processed at any time. When revoking your consent, it does not affect the processing of previously collected data.

Data protection for applications and during the application process