Privacy Policy Privacy Policy

Privacy Policy

Welcome to the website of I.D. Riva Tours GmbH and our online presence

We thank you for your interest in our services. Protecting your privacy and data is very important to us. We only collect and use your data in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the applicable provisions. In the following, we as the controller will explain to you what data we collect and how we process these data.

As defined by the GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data will only be saved if it is necessary for providing the booked services, adhering to legal guidelines or for purposes explained in the following.

You can visit our website without providing any personal data. However, certain anonymous data will be saved each time our website is visited, e.g. which page or which offer was called up. This data is not personal, however, and thus is not subject to the legal guidelines of the GDPR.

The website operator or site provider collects data about visits to the site and stores these as server log files. The following data are logged in this manner:

Website visited, time of access, quantity of data sent in bytes, source/link from which you reached the site, browser used, operating system used, IP address used. The data collected is used for statistical analysis and to improve the website. The website operator reserves the right to examine the server log files at a later time should there be specific indications of unlawful use.

Anonymous data is only collected for statistical evaluation in order to improve our services. For further information, please take note of the figure “Right to information / revocation rights”.

Personal data must however be provided if you make a travel booking or other booking via our website, contact us, subscribe to our newsletter or use other services on our website that require personal data to be given. These include the management of your data in a personal customer account with a login function, voucher purchases, participating in competitions or amending existing bookings or orders.

In accordance with legal provisions, we will normally only collect data necessary for the service you require. If our forms ask you to provide further information, this is always voluntary and will be marked as such.

The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the user’s computer. To do this, the IP address of the user must be stored for the duration of the session. This is also stored in log files in order to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. In this connection, the data will not be analyzed for marketing purposes. Our legitimate interests in data processing according to point (f) of Article 6(1) GDPR lie in these purposes.

If a travel booking is made or another service is booked, the data collected will be used to process this booking and used for advertising and statistical purposes, within the scope of legal provisions.

If you subscribe to our newsletter, we also store and use the data you provided about yourself and your orders and travel services when booking or registering in order to give you optimum service as a newsletter subscriber on the basis of point (f) of Article 6(1) GDPR.

The legal basis for mailing newsletters consequently to the sale of products or services is §7 (3) UWG (act against unfair competition).

The legal basis for the processing of data after the user registers for the newsletter is point (a) of Article 6(1) GDPR if the user has given consent.

We also use the personal data that we have collected to improve customer relations and to provide better customer care (e.g. information about the trip), to carry out our own advertising and marketing initiatives (e.g. sending out catalogues or other advertising within the scope permitted by law, feedback on customer satisfaction) and to process your order.

If we obtain the consent of the data subject for all processing of personal data, the legal basis shall be point (a) of Article 6(1) of the General Data Protection Regulation (GDPR).

For the processing of personal data required for the performance of a contract to which the data subject is a party, the legal basis is point (b) of Article 6(1) GDPR. This also applies to processing that is required to perform pre-contractual measures.

If the processing personal data is required in order to fulfil a legal obligation to which our company is subject, the legal basis shall be point (c) of Article 6(1) GDPR.

In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis shall be point (d) of Article 6(1) GDPR.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis shall be point (f) of Article 6(1) GDPR.

We will only transfer your personal data in accordance with the applicable competition and data protection regulations.

Your data will also be transferred to our subcontractors or other service providers related to your booking (e.g. processing newsletters to be sent by post or email, payment processing, customer service) if this is necessary for us to fulfil our legal obligations and to provide you with the services we owe you.

Data will also be transferred to persons or companies in order to process your order or booking, particularly for travel services to airlines, tour operators, hotels, travel agencies, incoming agencies, car rental companies, cruise operators, authorities etc. Ensure that the privacy provisions at the domicile of these persons and companies may differ from those in our country.

Your data will also be disclosed and sent to third parties if we are obliged to do this by law or on the basis of a final court ruling.

You have the right to receive the personal data concerning you which you have provided in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without being hindered by the controller to whom the personal data was provided.

Your personal data will be stored in accordance with the purposes listed under “Purpose of collecting personal data”. The personal data of the data subject will be erased or blocked once the purpose ceases to apply. Data may also be stored if this has been provided for by the European or national legislator in Union ordinances, laws or other regulations to which the controller is subject. The government has set down various storage periods for data. The data will also be blocked or erased if the retention period prescribed by the standards mentioned, unless it is necessary to continue storing the data for the conclusion or performance of a contract.

We use cookies (small computer files with text information sent by the web server to your Internet browser) in order to improve your experience when visiting our website. For example, some notices will only appear once if you allow us to use cookies. Cookies also have an expiry date. If you delete your cookies manually before their expiry, you will receive a new one upon your next visit to the site if you do not block the storage of cookies.

The technical specifications only allow cookies to be read by the server that sent them. We assure you that no personal data will be stored in cookies.

Unfortunately, you will only have limited use of our services if you do not agree to the use of cookies. We therefore recommend you permanently activate the cookies when using our website. Most internet browsers automatically accept cookies. You can, however, deactivate cookies and set up your internet browser to inform you as soon as cookies are sent.

The legal basis for the processing of personal data when using cookies is point (f) of Article 6(1) GDPR.

The legal basis for the processing of personal data when using cookies for analytical purposes is point (a) of Article 6(1) GDPR if the user has given consent.

This website uses Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.  Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

The Google tracking codes of this website use the _anonymizeIp() function, which means that IP addresses are only processed in a shortened form in order to prevent direct personal identification. You may object to the collection and storage of data at any time for the future. Clicking on the “deactivate” button will completely stop tracking. In order to make a permanent objection, the browser used must accept cookies. Alternatively, the data collection can be refused by using a Google browser plug-in which prevents the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. You can find the relevant plug-in on the following link:

This online presence uses Facebook Pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This tracks the behaviour of users once they have viewed or clicked on a Facebook advertisement. This procedure serves to analyse the effectiveness of Facebook advertisements for statistical and market research purposes, and can help optimise future advertisement measures.

The data collected is anonymous to us, and cannot be used to identify the user. However, the data is stored and processed by Facebook in order to enable a connection with the relevant user profile and so that Facebook can use the data for its own advertisement purposes, in accordance with the Facebook privacy policy ( The user can switch off Facebook advertisements and those of its partners, including outside Facebook. A cookie may also be stored on your computer for this purpose. 
By visiting our website and our Facebook page, you consent to its use. In order to refuse the use of cookies on the computer in general, the Internet browser can be set so that no cookies can be stored on the computer in the future or any cookies already stored are deleted. Disabling all cookies may mean that some functions on our Internet pages will no longer work. The user can also deactivate the use of cookies by third part providers such as Facebook on the following website of the Digital Advertising Alliance:

You have the right:

  • Pursuant to Art. 15 GDPR, to obtain from us confirmation as to whether or not personal data concerning you are being processed. In particular, you can obtain information on the purposes of the processing, the categories of personal data, categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or to object, the existence of a right to lodge a complaint, the origin of the data, if this has not been collected by us, and on the existence of automated decision-making including profiling and any meaningful information on the details.
  • Pursuant to Art. 16 GDPR, to obtain the immediate rectification or completion of the personal data concerning you stored by us;
  • Pursuant to Art. 17 GDPR, to obtain the erasure of personal data concerning you stored by us unless the processing is necessary for exercising the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • Pursuant to Art. 18 GDPR, to obtain the restriction of processing of your personal data, where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose the erasure of the personal data, or we no longer need the data, but you require them or the establishment, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
  • Pursuant to Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or request the transmission to another controller;
  • Pursuant to Art. 7(3) GDPR, to withdraw the consent you once provided to us at any time… This will mean that we will no longer be able to continue the data processing relating to this consent in the future, and
  • Pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. Generally, you may contact the supervisory authority at your usual place of residence or workplace or at our registered office.

In order to withdraw your consent to data usage, to exercise your right of access, or request the rectification, blocking or erasure or to exercise your other rights as a data subject, please contact:

I.D. Riva Tours GmbH
Bahnhofstraße 101
82166 Gräfelfing
fon: +49 89 23 11 00-0
fax: +49 89 23 11 00-22

These rights are of course available to you free of charge, without you incurring higher transmission costs for your request than for the base rates.
The Data Protection Officer of our company can be contacted as follows:

Rechtsanwalt Frank Hütten
Noll & Hütten Rechtsanwälte GbR
c/o I.D. Riva Tours GmbH
Bahnhofstraße 101
D–82166 Gräfelfing
Phone: +49 89 23 11 00-0

In order to exercise your rights as a data subject to access, rectification, restriction or erasure of your personal data, please do not contact the Data Protection Officer directly, but initially contact the department of the Data Protection Officer mentioned above, who will process your inquiry immediately.

Security also depends ultimately on your system. You should always treat your access information as confidential, never allow your browser to save passwords and close the browser window when you leave our website. This makes it more difficult for third parties to access your personal data.

Use an operating system that can manage user rights. Always set up different user profiles, including amongst family members, and never use the internet under administrator rights. Use security software such as virus scanners and firewalls and always keep your system up to date.

The controller for this online presence as defined by the General Data Protection Regulation and other national data protection laws of Member States as well as other data protection regulations is:

I.D. Riva Tours GmbH
Bahnhofstraße 101
D–82166 Gräfelfing
phone: +49 89 23 11 00-0
fax: +49 89 23 11 00-22

If you no longer wish to receive our newsletter or our advertising e-mails, click on the link: “Unsubscribe from newsletter” which appears at the bottom of every newsletter or advertising e-mail from us.