1. AN OVERVIEW OF DATA PROTECTION
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator, TravelTrex GmbH, Bonner Straße 484-486, 50968 Cologne, Germany. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site. All of your data is processed in accordance with the regulations of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
2. GENERAL INFORMATION AND MANDATORY INFORMATION
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Bonner Str. 484-486
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email (firstname.lastname@example.org) making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by Art. 15 of the GDPR, you have the right, at any time, to be provided with information free of charge about any of your personal data that is stored, as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected in accordance with Art. 16 of the GDPR, as well as the right to have this data blocked or deleted in accordance with Art. 17 of the GDPR. Should you have further questions about this, or questions about the topic of personal data in general, you can contact our data protection officers at any time using the following address: email@example.com.
Data transfer to third countries
A transfer to entities in countries outside of the European Union takes place where necessary insofar as to execute the travel contract and to carry out the holiday, when it is required by law (in the event of tax reporting obligations, for example), or when you provide us with your consent.
3. DATA PROTECTION OFFICER
Statutory data protection officer
We have appointed a data protection officer for our company:
Tanja Busacker, Bonner Str. 484-486, 50968 Köln
4. DATA COLLECTION ON OUR WEBSITE
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Time of the server request
- IP address
These data will generally not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
The processing of data (customer data and contract data)
We collect, process, and use personal data only when they are necessary for the explanation, content-related design, or changes of legal relationships (inventory data). This occurs in accordance with Art. 6, Section 1 (b) of the DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to the contract. We collect, process, and use personal data provided while making use of our website (usage data) only when they are necessary to allow the user to make use of the services or to invoice them.
Data transfer upon conclusion of a contract for services and digital content
We transfer personal data to third parties only when it is necessary in order to execute a contract, such as transferring data to lift offices or accommodations, as well as to Stripe, the payment solution provider (PSP) responsible for payment processing.
No further transfer of the data takes place unless you have expressly approved such a transfer. The transferring of your data to a third party e.g. for advertising purposes will not take place without your approval.
The basis for data processing is Art. 6, Section 1 (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
Amazon Web Services/ Amazon Cloudfront
This website uses the Content Delivery Network (CDN) Cloudfront. This is a service provided by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN provides duplicates of data from a website to various Amazon Web Services (AWS) servers all over the world. As a result, faster loading times on the website, higher reliability, and increased protection against data loss are achieved. This is a legitimate interest based on Art. 6 Sec. 1 lit. f GDPR.
When visiting the website, some of the pictures and videos that are integrated into it are obtained from Cloudfront CDN. By visiting the website, information about your usage of our website (such as your IP address, for example) is transferred from Amazon servers to a non-EU country and saved there. This occurs the moment you visit our website. More information about the data protection practices of Amazon Web Services can be found here: https://aws.amazon.com/de/data-protection/. The current data protection policy of Amazon Web Services can be found here: https://aws.amazon.com/de/privacy/.[|https://aws.amazon.com/privacy/?nc1=f_ls]
Amazon Web Services Inc., based in the US, is certified for the “Privacy Shield“ EU-US data protection treaty, which ensures the compliance of the levels of data protection that are valid in the EU.
5. SOCIAL MEDIA
Share content via plugins (Facebook, Google+1, Twitter, etc.)
The content on our pages can be shared on other social networks like Facebook, Twitter, or Google+. This page uses the eRecht24 Safe Sharing Tool. This tool establishes direct contact between the networks and users only after users click on one of these buttons.
This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, the Like, +1, and Share buttons for Facebook, Google+1, Twitter, etc. will display an information window in which the user can edit the text before it is sent.
Our users can share the content of this page on social networks without their providers creating profiles of users’ surfing behavior.
Facebook plugins (Like & Share buttons)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.
Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1’d a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.
Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users’ +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.
Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.
6. ANALYTICS AND ADVERTISING
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Browser plugin, objecting to the collection of data
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
An opt-out cookie will be set to prevent your data from being collected on future visits to this site. However, the opt-out cookie will only apply to this browser, only for our website, and will be stored on your device. Should you delete the cookies in your browser, you will have to set the opt-out cookie once again.
More information about the handling of user data with Google Analytics can be found in Google’s data protection policy: https://support.google.com/analytics/answer/6004245?hl=en.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Facebook Pixel/Facebook Remarketing
Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, should you be located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
These allow the behaviour of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
The Facebook pixel is immediately embedded via Facebook when visiting our website and can store a so-called “cookie” – a small file – on your device. When you subsequently log in to Facebook or visit Facebook while logged in, the visit to our website is noted in your profile. The data about you that is retrieved is anonymous to us, meaning we cannot make conclusions about the identity of the user. However, the data from Facebook is stored and processed so that a connection to the particular user profile is possible. The processing of data via Facebook occurs within the conditions of Facebook’s data use policy and cannot be influenced by us as a website operator. You will therefore find further information about the functionalities of the remarketing pixel and about the presentation of Facebook ads overall in the Facebook data use policy: https://www.facebook.com/policy.php.
The legal basis for the processing of the user’s personalised data is Art. 6 Sec. 1 lit. f GDPR.
With the help of the Facebook pixel, it is possible for Facebook to assign the visitors of our website to a target group for the presentation of Facebook ads. Therefore, we use the Facebook pixel in order to show our Facebook ads only to Facebook users who have shown an interest in our Internet offers. That means that with the help of the Facebook pixel, we ensure that our Facebook ads correspond with the potential interests of the user and do not come across as annoying. With the help of the Facebook pixel, we can also comprehend the effectiveness of the Facebook advertisements for statistical and marketing purposes in that we see whether or not a user was redirected to our website after clicking on a Facebook advertisement.
You can refuse the collection of your data from the Facebook pixel and the use of your data for the presentation of Facebook ads. You can view the Facebook-specific page about this and learn more about the settings for user-based advertisements: https://www.facebook.com/settings?tab=ads or refuse via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, meaning that they will be applied to all devices, such as desktop computers or mobile devices.
You can also deactivate the “Custom Audiences” remarketing function for advertisements in the settings via https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook in order to do this.
On our website, you have the chance to sign up for the sending of news and information about all content and themes of our website via the ”WhatsApp“ messaging service, and to also use this method to come to us directly with questions.
We provide this service via WhatsBroadcast GmbH, Schwanthaler Straße 32, 80336 Munich, who we have commissioned to implement the sending of messages.
The sending of messages occurs via one of the WhatsApp accounts that we have created. When you sign up for our WhatsApp messaging service via our website as per the instructions displayed, WhatsBroadcast receives the data stored with WhatsApp like your user name, your telephone number (only when signing up via WhatsApp), details about your device, all messages that have been sent by the service, as well as information about which messages you have read and clicked on. You have the choice to cancel the sending of WhatsApp messages via WhatsBroadcast at any time by sending “STOP” as a message to the WhatsApp account that you have previously used to order the messaging service. You can even request that WhatsBroadcast delete all of the aforementioned data by sending “DELETE ALL DATA” as a message to the corresponding WhatsApp messenger account.
This website uses the Visual Website Optimizer, a web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India.
We have no possibility of assigning these anonymous readings to your person – such as via the assignment of your IP address or other methods, for example.
Further information about the cookies applied can be found at https://vwo.com/knowledge/what-are-the-cookies-stored-by-vwo/.
We use VWO with your consent. When visiting our websites, we receive your consent via the cookie banner located along the lower border of the website.
While VWO does save your data, it is regularly deleted. You can prevent the saving of cookies, or even delete them, when using the corresponding settings in your browser software. You can also deny the recording of data, which is produced by the cookie and based on your usage of the website (including your IP address) to VWO as well as the processing of data as a whole at https://vwo.com/opt-out/.
Details about the handling of your personal data can be found at https://vwo.com/privacy-policy/.
We are registered with our website as an advertiser with the affiliate network TradeTracker. This is an affiliate marketing platform which allows website operators (publishers) to display advertisements from third parties on their websites. Payment occurs based on performance, and in the case of TravelTrex, based on commission. TradeTracker cookies will be placed on the visitor’s computer in order to correctly document sales.
Voucher deals from Sovendus GmbH
When selecting a voucher deal that currently interests you after completing your travel booking, we will pseudonymize and encode the hash value of your e-mail address and IP address and transfer these to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Art. 6 Sec.1 f DSGVO). The pseudonymized hash value of the e-mail address will be used by Sovendus when considering a possible existing opposition to advertisements (Art. 21 Sec.3, Art. 6 Sec.1 c DSGVO). The IP address will be used solely for data security purposes and, as a general rule, will be anonymized after seven days (Art. 6 Sec.1 f DSGVO). Furthermore, we will transfer a pseudonymized order number, order value with currency, session ID, voucher code, and time stamp to Sovendus for billing purposes (Art. 6 Sec.1 f DSGVO). Should you be interested in a voucher deal from Sovendus after completing your travel booking and therefore click on the voucher banner that is exclusively displayed at that time, and should there be no opposition to advertisements present, we will transfer your encrypted title, name, and e-mail address to Sovendus in preparation for the voucher (Art. 6 Sec.1 b, f DSGVO).
For more information about the processing of your data via Sovendus, please refer to the online data protection notices at https://www.sovendus.de/datenschutz.
Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated into this website in order to display the Trusted Shops seal of excellence and collective ratings, where applicable, as well as to display offers for Trusted Shops products to buyers after completing an order.
This serves to safeguard our predominantly legitimate interests in the optimal marketing of our product on the basis of the balancing of interests. The Trustbadge and the associated advertised services are offers of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln.
When using the Trustbadge, the web server automatically saves a so-called “server logfile“, of which contains, for example, your IP address, the date and time of usage, transferred data volume, and the requested provider (access data), and of which documents the usage. These access data will not be evaluated and will be automatically overwritten seven days after the end of your visit to the website at the latest.
Further personal data will only be transferred to Trusted Shops providing you have decided to make use of one of the Trusted Shops products after completing an order, or providing you have already been registered. In this case, the contractual agreement between you and Trusted Shops applies.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
E-mail distribution via Episerver (form. Optivo)
With the following information, we will be informing you about the content of our newsletter as well as the sign up process, distribution process, statistical analysis process, and your right to objection. By subscribing to our newsletter, you agree to reception and the aforementioned processes.
Content of the Newsletter
We only send newsletters and e-mails with advertising information (hereafter “newsletter“) with the consent of the recipient or with legal permission. Insofar as the content of a newsletter is concretely described in the context of an application for the newsletter, these are decisive for the consent of the user. Besides that, our newsletters contain information about our products, offers, deals, and company.
Double-Opt-In and Recording
Signing up for our newsletter occurs via a so-called “Double-Opt-In” procedure. This means that once you finish signing up, you will receive an e-mail which prompts you to confirm your registration. This confirmation is mandatory in order to prevent others from signing up with third-party e-mail addresses. Newsletter registrations will be recorded in order to demonstrate the corresponding legal requirements for the registration process. This includes the storage of both the registration and confirmation times, as well as the IP address. Changes to your data that is saved with your service provider will also be recorded.
Furthermore, Episerver can, according to its own information, use this data in a pseudonymous form, i.e. without a user being assigned to it, in order to optimise or improve their own services, such as technical optimisation for the distribution and presentation of the newsletter, or to use it for statistical purposes. However, Episerver does not use the data of newsletter recipients to contact them directly or to share with third parties.
In order to sign up for the newsletter, you only have to provide us with your e-mail address. You also have the option to provide your first and last name as well as your preferred title. These entries will solely be used for the personalisation of your newsletter, in which we adjust the content of the newsletter to fit the interests of the reader.
The newsletters receive a so-called “web-beacon“ – a pixel-sized file that is retrieved when opening a newsletter from the server of the service provider, Episerver. While being retrieved, technical information, such as browser and system information, as well as your IP address and the time of the retrieval, will be collected. This information is then used for the technical improvements of services based on technical data, or target groups and their reading behaviour based on the point of retrieval (which is determined with the help of the IP address) or access time. Determining whether or not the newsletter has been opened, when it was opened, and which links were clicked on are part of the statistical assessment. Due to technical reasons, this information can be assigned to individual newsletter recipients. However, neither we nor the service provider strive to monitor individual users. Instead, the results serve to illustrate the reading habits of our users and to help us adjust our content to their liking, or to send diverse content to our users based on their interests.
The sending of the newsletter, as well as performance measurement, occur based on the consent of the recipients as per Art. 6 Sec. 1 lit. a, Art. 7 GDPR in association with § 7 Sec. 2 No. 3 UWG, or rather based on the legal permission as per § 7 Sec. 3 UWG.
The recording of the registration process occurs based on our legitimate interests as per Art. 6 Sec. 1 lit. f GDPR and serves as proof of the consent to receive newsletters.
Online Activity and Data Management
You can, at any time, cancel your subscription i.e. withdrawal your consent. A link to newsletter cancellation can be found in each newsletter. Furthermore, you can also unsubscribe from the newsletter directly on the website. After completing cancellation, all of your data, excluding your e-mail address, will be deleted. Your e-mail address will be specifically saved to a blocking list and will only be used for the sole purpose of making sure that we no longer send e-mails to your e-mail address.
Completion of a Contract regarding Contract Data Processing
We have entered into a contract with Episerver concerning contract data processing and fully implement the strict requirements of the German data protection authorities when using Episerver.
8. PLUGINS AND TOOLS
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
9. PAYMENT SERVICE PROVIDERS
Our website accepts payments via Sofortüberweisung. The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.
Sofortüberweisung provides us with real-time payment confirmations, allowing us to begin fulfilling our end of our contract right away.
If you opt to pay using Sofortüberweisung, you will be submitting a PIN and a valid TAN to Sofort GmbH so that it can access your online banking account. Sofort GmbH will automatically check your account balance and perform the transfer to our account using the TAN you supply. It then sends an immediate transaction confirmation. After logging in, your income, the overdraft protection, and the availability of other accounts and their balances will be checked.
In addition to the PIN and TAN, the payment details you provide as well as personal information will be sent to Sofort GmbH. This personal information includes your name, address, telephone numbers, email address, IP address, and any other data required to process your payment. This data must be transferred to identify you securely and to prevent fraud.
Data is transmitted to Sofort GmbH based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Should you select a method of payment from the payment service provider, Stripe, the transaction will occur via the payment service provider, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, in that we transfer the information from your booking that was provided by you during the booking process (name, IP address, IBAN and BIC, as well as possible credit card details, invoice amount, and currency). The transferring of your data to the payment service provider, Stripe Payments Europe Ltd., occurs only for the purpose of processing payment. Further information about data protection with Stripe can be found at https://stripe.com/de/terms.
All data that is required in order to process payment will only be used by Stripe in order to carry out payment, and will be safely transferred via the SSL process. Stripe is certified in accordance with PCI DSS. Stripe transfers, processes, and stores personal data outside of the EU where necessary.
The transferring of your data to Stripe occurs based on Art. 6 Sec. 1 (a) DSGVO (consent) and Art. 6 Sec. 1 (b) DSGVO (processing in order to fulfil a contract). You have the choice to revoke your consent to having your data processed at any time. When revoking your consent, it does not affect the processing of previously collected data.