1. AN OVERVIEW OF DATA PROTECTION
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator, TravelTrex GmbH, Bonner Straße 484-486, 50968 Cologne, Germany. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site. All of your data is processed in accordance with the regulations of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
2. GENERAL INFORMATION AND MANDATORY INFORMATION
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Bonner Str. 484-486
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email (firstname.lastname@example.org) making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by Art. 15 of the GDPR, you have the right, at any time, to be provided with information free of charge about any of your personal data that is stored, as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected in accordance with Art. 16 of the GDPR, as well as the right to have this data blocked or deleted in accordance with Art. 17 of the GDPR. Should you have further questions about this, or questions about the topic of personal data in general, you can contact our data protection officers at any time using the following address: email@example.com.
Data transfer to third countries
A transfer to entities in countries outside of the European Union takes place where necessary insofar as to execute the travel contract and to carry out the holiday, when it is required by law (in the event of tax reporting obligations, for example), or when you provide us with your consent.
3. DATA PROTECTION OFFICER
Statutory data protection officer
We have appointed a data protection officer for our company:
Tanja Busacker, Bonner Str. 484-486, 50968 Köln
4. DATA COLLECTION ON OUR WEBSITE
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Time of the server request
- IP address
These data will generally not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
The processing of data (customer data and contract data)
We collect, process, and use personal data only when they are necessary for the explanation, content-related design, or changes of legal relationships (inventory data). This occurs in accordance with Art. 6, Section 1 (b) of the DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to the contract. We collect, process, and use personal data provided while making use of our website (usage data) only when they are necessary to allow the user to make use of the services or to invoice them.
Data transfer upon conclusion of a contract for services and digital content
We transfer personal data to third parties only when it is necessary in order to execute a contract, such as transferring data to lift offices or accommodations, as well as to Stripe, the payment solution provider (PSP) responsible for payment processing.
No further transfer of the data takes place unless you have expressly approved such a transfer. The transferring of your data to a third party e.g. for advertising purposes will not take place without your approval.
The basis for data processing is Art. 6, Section 1 (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
5. SOCIAL MEDIA
Share content via plugins (Facebook, Google+1, Twitter, etc.)
The content on our pages can be shared on other social networks like Facebook, Twitter, or Google+. This page uses the eRecht24 Safe Sharing Tool. This tool establishes direct contact between the networks and users only after users click on one of these buttons.
This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, the Like, +1, and Share buttons for Facebook, Google+1, Twitter, etc. will display an information window in which the user can edit the text before it is sent.
Our users can share the content of this page on social networks without their providers creating profiles of users’ surfing behavior.
Facebook plugins (Like & Share buttons)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.
Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1’d a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.
Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users’ +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.
Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.
6. ANALYTICS AND ADVERTISING
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.
If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
On our website, you have the chance to sign up for the sending of news and information about all content and themes of our website via the ”WhatsApp“ messaging service, and to also use this method to come to us directly with questions.
We provide this service via WhatsBroadcast GmbH, Schwanthaler Straße 32, 80336 Munich, who we have commissioned to implement the sending of messages.
The sending of messages occurs via one of the WhatsApp accounts that we have created. When you sign up for our WhatsApp messaging service via our website as per the instructions displayed, WhatsBroadcast receives the data stored with WhatsApp like your user name, your telephone number (only when signing up via WhatsApp), details about your device, all messages that have been sent by the service, as well as information about which messages you have read and clicked on. You have the choice to cancel the sending of WhatsApp messages via WhatsBroadcast at any time by sending “STOP” as a message to the WhatsApp account that you have previously used to order the messaging service. You can even request that WhatsBroadcast delete all of the aforementioned data by sending “DELETE ALL DATA” as a message to the corresponding WhatsApp messenger account.
We are registered with our website as an advertiser with the affiliate network TradeTracker. This is an affiliate marketing platform which allows website operators (publishers) to display advertisements from third parties on their websites. Payment occurs based on performance, and in the case of TravelTrex, based on commission. TradeTracker cookies will be placed on the visitor’s computer in order to correctly document sales.
Voucher deals from Sovendus GmbH
When selecting a voucher deal that currently interests you after completing your travel booking, we will pseudonymize and encode the hash value of your e-mail address and IP address and transfer these to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Art. 6 Sec.1 f DSGVO). The pseudonymized hash value of the e-mail address will be used by Sovendus when considering a possible existing opposition to advertisements (Art. 21 Sec.3, Art. 6 Sec.1 c DSGVO). The IP address will be used solely for data security purposes and, as a general rule, will be anonymized after seven days (Art. 6 Sec.1 f DSGVO). Furthermore, we will transfer a pseudonymized order number, order value with currency, session ID, voucher code, and time stamp to Sovendus for billing purposes (Art. 6 Sec.1 f DSGVO). Should you be interested in a voucher deal from Sovendus after completing your travel booking and therefore click on the voucher banner that is exclusively displayed at that time, and should there be no opposition to advertisements present, we will transfer your encrypted title, name, and e-mail address to Sovendus in preparation for the voucher (Art. 6 Sec.1 b, f DSGVO).
For more information about the processing of your data via Sovendus, please refer to the online data protection notices at https://www.sovendus.de/datenschutz.
Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated into this website in order to display the Trusted Shops seal of excellence and collective ratings, where applicable, as well as to display offers for Trusted Shops products to buyers after completing an order.
This serves to safeguard our predominantly legitimate interests in the optimal marketing of our product on the basis of the balancing of interests. The Trustbadge and the associated advertised services are offers of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln.
When using the Trustbadge, the web server automatically saves a so-called “server logfile“, of which contains, for example, your IP address, the date and time of usage, transferred data volume, and the requested provider (access data), and of which documents the usage. These access data will not be evaluated and will be automatically overwritten seven days after the end of your visit to the website at the latest.
Further personal data will only be transferred to Trusted Shops providing you have decided to make use of one of the Trusted Shops products after completing an order, or providing you have already been registered. In this case, the contractual agreement between you and Trusted Shops applies.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
This website uses Episerver for the purpose of sending newsletters. The supplier is Episerver AB, Regeringsgatan 67, Box 7007, 103 86 Stockholm, Schweden. Episerver is a service that organizes and analyzes the newsletter distribution. The data you provide (your e-mail address, for example) in order to subscribe to our newsletter will be stored on Episerver servers in Germany.
Sending our newsletters with Episerver allows us to analyze the behaviour of newsletter recipients. We can therefore find out how many recipients have opened the e-mail containing the newsletter and how often the links found within it are clicked on, among other things. With the help of conversion tracking, we can also analyze whether a predefined action (such as the purchase of a product on our website) takes place after clicking on the link in the newsletter.
The processing of data is based on your consent (Art. 6 Abs. 1 a DSGVO). You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
If you do not want to be analyzed by Episerver, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly via the website.
The data provided when registering for the newsletter will be used to distribute the newsletter and will be stored until you cancel your subscription, after which point said data will be deleted from both our servers as well as those of Episerver. Data we have stored for other purposes (e-mail addresses for the members area, for example) remain unaffected.
Completion of a contract via contracted data processing
We have completed a contract with Episerver regarding contracted data processing and fully implement the strict requirements of the German data protection authorities when using Episerver.
The processing of data is based on your consent (Art. 6 Abs. 1 a DSGVO). You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
8. PLUGINS AND TOOLS
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
9. PAYMENT SERVICE PROVIDERS
Our website accepts payments via Sofortüberweisung. The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.
Sofortüberweisung provides us with real-time payment confirmations, allowing us to begin fulfilling our end of our contract right away.
If you opt to pay using Sofortüberweisung, you will be submitting a PIN and a valid TAN to Sofort GmbH so that it can access your online banking account. Sofort GmbH will automatically check your account balance and perform the transfer to our account using the TAN you supply. It then sends an immediate transaction confirmation. After logging in, your income, the overdraft protection, and the availability of other accounts and their balances will be checked.
In addition to the PIN and TAN, the payment details you provide as well as personal information will be sent to Sofort GmbH. This personal information includes your name, address, telephone numbers, email address, IP address, and any other data required to process your payment. This data must be transferred to identify you securely and to prevent fraud.
Data is transmitted to Sofort GmbH based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Should you select a method of payment from the payment service provider, Stripe, the transaction will occur via the payment service provider, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, in that we transfer the information from your booking that was provided by you during the booking process (name, IP address, IBAN and BIC, as well as possible credit card details, invoice amount, and currency). The transferring of your data to the payment service provider, Stripe Payments Europe Ltd., occurs only for the purpose of processing payment. Further information about data protection with Stripe can be found at https://stripe.com/de/terms.
All data that is required in order to process payment will only be used by Stripe in order to carry out payment, and will be safely transferred via the SSL process. Stripe is certified in accordance with PCI DSS. Stripe transfers, processes, and stores personal data outside of the EU where necessary.
The transferring of your data to Stripe occurs based on Art. 6 Sec. 1 (a) DSGVO (consent) and Art. 6 Sec. 1 (b) DSGVO (processing in order to fulfil a contract). You have the choice to revoke your consent to having your data processed at any time. When revoking your consent, it does not affect the processing of previously collected data.