Privacy Policy

With this privacy policy we inform you about the processing of your personal data by us and about the rights to which you are entitled under the EU General Data Protection Regulation. provide us with personal data of other people (e.g., fellow travelers) as the person booking your trip , you must ensure that they consent to this and that you are authorized to transmit the data. You must ensure that these people are aware of how their personal data is processed by us and what rights they have.

(Last updated on February 24, 2025)

*1. Who is responsible for data processing and who can you contact? *
The person responsible for data processing is ID Riva Tours GmbH Bahnhofstrasse 101 D–82166 Gräfelfing Phone: +49 89 23 11 00-0 Fax: +49 89 23 11 00-22 Email: info@idriva.de www.kroatien-idriva.de

Jointly responsible with her : Operating our Facebook fan page constitutes joint data processing pursuant to Art. 26 GDPR.

In this respect, we have no influence on the processing of data by the Facebook operator Meta. Responsibility for the processing of so-called Insights data and the fulfillment of corresponding obligations under the GDPR is assumed by the Facebook operator Meta. Further information can be found at: https://www.facebook.com/legal/terms/page_controller_addendum.

*2. Contact details of the data protection officer : *

Attorney Frank Hütten Noll | Hütten | Dukic Rechtsanwälte GbR c/o ID Riva Tours GmbH Bahnhofstrasse 101 D–82166 Gräfelfing Email: data protection officer@idriva.de Phone: +49 89 23 11 00-0

If you wish to exercise your rights as a data subject, such as access to, correction of, blocking of or deletion of your personal data, please do not contact the data protection officer directly, but first contact the aforementioned department of the data protection officer directly, which will process your request immediately.

*3. What rights do you have? *

Under the respective legal requirements, you have the right to information (Art. 15 EU GDPR), to rectification (Art. 16 EU GDPR), to erasure (Art. 17 EU GDPR), to restriction of processing (Art. 18 EU GDPR) and to data portability (Art. 20 EU GDPR).

In addition, you have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (f) GDPR, for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. An objection can be made to our contact address. Please inform us of the reasons for your objection so that we can weigh your reasons against our interests.

You can object to processing for advertising purposes at any time, free of charge and without giving reasons, in accordance with Art. 21 (2) of the EU GDPR. This also applies to profiling insofar as it is related to such direct advertising. After you object to processing for advertising purposes, your data will no longer be used for advertising purposes. Advertising data will be retained for a further three years from the last advertising activity in order to be able to pursue claims for damages arising from the advertising activities. After this period, the data will be deleted.

For processing operations that are legitimated by your consent, you can revoke your consent at any time without formality, in accordance with Art. 7 (3) of the EU GDPR, with effect for the future. In this case, the data will no longer be used for the respective processing. Your data will be retained for a further three years from the date of revocation/fulfillment of the purposes (if no revocation has yet been made) in order to pursue claims for damages resulting from the processing. After this period, the data will be deleted.

You also have the right to lodge a complaint with the competent data protection supervisory authority under Article 77 of the EU GDPR.

You can contact the supervisory authority responsible for complaints within the meaning of Art. 77 GDPR using the following contact details:

Bavarian State Office for Data Protection Supervision (BayLDA) Promenade 18 91522 Ansbach Phone: +49 (0) 981 53 1300 Fax: +49 (0) 981 53 98 1300 Email: poststelle@lda.bayern.de

4. Purposes, legal basis, types of data, recipients or categories of recipients

Processing purposes, legal basis, legitimate interests
For the initiation and execution of a legal contractual obligation (such as travel booking) within the meaning of Art. 6 (1) (b) EU-GDPR, in the case of optional data based on your consent under Art. 6 (1) (a) EU-GDPR

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
[First name, last name] of all travelers
[Address] of the travel registrant
[ Email address] of the travel registrant
[Emergency telephone number] of the person registering the trip
[Age] of all travelers
[Date of birth] of all travelers
Family [travel companions, family affiliation/relatives, e.g. when specifying children, spouses in the booking] Physical characteristics [gender] of all travelers
Travel details [type of trip, travel price, travel destination, travel date, travel duration, hotel details, room type, flight details, transfer details, other services] [Booking number]
Depending on the payment method: Account details [credit card details (credit card number token) or bank account details (IBAN, BIC )] Optional requests/other inquiries
Optional additional telephone numbers, such as a landline telephone number
Optional communication data (e.g. address, email address of other travelers, telephone number, correspondence, email correspondence) Optional data in the context of complaints
Data in the context of crisis/emergency situations
Acceptance of contractual conditions such as general terms and conditions and other legal instructions

Recipients or categories of recipients, if applicable:
Departments within the responsible party responsible for carrying out the trip/processing your request, e.g. service center, customer service, agency support, accounting, internal and external legal advice, compliance

If booked by you:
Destination agency (e.g. tour guide, hotel reservation, transfer and possibly excursion services) Transport service provider (airline, possibly train, bus) Accommodation operators (hotels)
Insurer
Shipping companies
Debt collection company
Service providers of other booked services
other bodies for which you have given us your consent to data processing

Processing purposes, legal basis, legitimate interests
For the initiation and processing of a legal contractual obligation (such as travel booking) within the meaning of Art. 6 (1) (b) EU GDPR

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
Physical characteristics such as [weight, height] for excursion bookings, if applicable

Recipients or categories of recipients, if applicable:
Departments within the responsible party responsible for carrying out the trip/processing your request, e.g. service center, customer service, agency support, accounting, internal and external legal advice, compliance

Destination agency (e.g. tour guide, hotel reservation, transfer and possibly excursion services) Transport service provider (airline, possibly train, bus) Accommodation operators (hotels)
Insurer
Shipping companies
Debt collection company
Service providers of other booked services
other bodies for which you have given us your consent to data processing

Processing purposes, legal basis, legitimate interests
For the initiation and processing of a legal contractual obligation (such as travel booking) within the meaning of Art. 6 (1) (b) EU GDPR

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
Identification [ID number or personnel number, place and date of issue, place of birth, date of validity, nationality, if necessary of all travelers] for cruise travel and VISA applications

Recipients or categories of recipients, if applicable:
public authorities (embassies of the destination country) if there is a legal or official obligation (e.g. obtaining a visa , obtaining entry requirements) Shipping companies

Processing purposes, legal basis, legitimate interests
To initiate and fulfill services based on your consent under Art. 6 (1) (b) in conjunction with Art. 9 (2) (a) EU GDPR, such as visa applications, excursion bookings, name changes

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
if provided voluntarily by you:
Medicine and health [e.g. for wheelchair orders, health-related meal orders such as lactose-free meals, and when indicating pregnancy] Sexual [Sexual behavior and orientation, preferences, inclinations] Religion and belief [Religious and ideological beliefs, e.g., when ordering food based on religion] 
Recipients or categories of recipients, if applicable:
Departments within the responsible party responsible for carrying out the trip/processing your request, e.g. service center, customer service, agency support, accounting, internal and external legal advice, compliance

Destination agency (e.g. tour guide, hotel reservation, transfer and possibly excursion services) Transport service provider (airline, possibly train, bus) Accommodation operators (hotels)
Shipping companies
Service providers of other booked services
other bodies for which you have given us your consent to data processing

Processing purposes, legal basis, legitimate interests
To provide contact options to us and process your inquiries ( e.g. contact form, appointment scheduling for consultation) (brokerage/travel contract) Art. 6 (1) (b) EU-GDPR for other inquiries due to the predominantly legitimate interest of the controller in answering inquiries, for optional data due to your consent from Art. 6 (1) (a) EU-GDPR

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
First name, last name, email address, if applicable reason/request
Communication data (e.g. address, email address, telephone number, correspondence, email correspondence) 
Recipients or categories of recipients, if applicable:
Departments within the responsible party responsible for carrying out the trip/processing your request, e.g. service center, customer service, agency support, accounting, internal and external legal advice, compliance
Destination agency (e.g. tour guide, hotel reservation, transfer and possibly excursion services) Transport service provider (airline, possibly train, bus) Accommodation operators (hotels)
Shipping companies
Debt collection company
Service providers of other booked services
other bodies for which you have given us your consent to data processing

Processing purposes, legal basis, legitimate interests
To participate in prize draws, competitions or similar promotions (competition contract) Art. 6 (1) (b) EU- GDPR, for optional data based on your consent from Art. 6 (1) (a) EU-GDPR

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
First name, last name, email address, if applicable, age of majority

Recipients or categories of recipients, if applicable:
departments within the controller responsible for carrying out the competition

Processing purposes, legal basis, legitimate interests
For marketing purposes for own and similar goods/services (e.g. advertising, market and opinion research), data processing is carried out on the basis of Art. 6 (1) (f) EU-GDPR in conjunction with Section 7 (3) UWG for existing customers
You can unsubscribe from existing customer emails at any time, effective in the future. You can do this by contacting us directly at datenschutz@dertouristik.com or, if applicable, via a link in existing customer emails, without incurring any costs other than the transmission costs according to the basic rates .
( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
First name, last name, email address, postal address if applicable, travel history, advertising and sales data (e.g. history of our advertising offers), your click behavior in the newsletter

Recipients or categories of recipients, if applicable:

Processing purposes, legal basis, legitimate interests
For marketing purposes (e.g., advertising, market and opinion research), data processing is based on Art. 6 (1) (a) of the EU GDPR. The newsletter contains current offers for travel services, attractive specials, competitions, and surveys (such as inspiration for your next trip, travel equipment/literature, attractions, or financial services ) . You can unsubscribe from the newsletter at any time with future effect. You can do this by contacting us directly and using the “Unsubscribe from newsletter” link included in every newsletter, or via the link in the email for existing customers, without incurring any costs other than the transmission costs according to the basic rates. Your data will be blocked from advertising. Your data will be deleted when priority retention periods have expired .
( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
Data that you provide to us when ordering the newsletter (email address, title, first name, last name, date of birth if applicable, content preferences) Data to prove your consent to receive the newsletter (IP address, timestamp of consent) Data on the use of the newsletter (openings, clicks on links contained, availability of the email address, data of the device used) Data collected when you use our website (e.g., IDs, pages accessed, booking a service, shopping cart abandonment) is temporarily used to personalize the newsletter content to your profile and then deleted.
Preferences (e.g. your preferences, your ratings regarding your trips, if you have consented to this separately) if necessary, the date of birth for a birthday gift

Recipients or categories of recipients, if applicable:

Processing purposes, legal basis, legitimate interests
Due to the predominantly legitimate interests of the controller (Art. 6 (1) (f) EU GDPR) in the assertion, exercise or defense of legal claims (Art. 6 (1) (f) EU GDPR), your data will be stored for 3 years in accordance with Section 195 and Section 199 (1) BGB.
( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
First name, last name, email address, postal address, communication, travel dates, booking number

Recipients or categories of recipients, if applicable:
Departments within the responsible party responsible for carrying out the trip/processing your request, e.g. service center, customer service, agency support, accounting, internal and external legal advice, compliance

Destination agency (e.g. tour guide, hotel reservation, transfer and possibly excursion services) Transport service provider (airline, possibly train, bus) Accommodation operators (hotels)
Insurer
Shipping companies
Debt collection company
Service providers of other booked services

Processing purposes, legal basis, legitimate interests
Due to predominantly legitimate interests of the controller pursuant to Art. 6 (1) (f) GDPR in the functionality, availability and security of business operations (e.g. IT, other services) 
( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
First name, last name, email address

Recipients or categories of recipients, if applicable:
internal departments responsible for processing at the controller

Processing purposes, legal basis, legitimate interests
Due to predominantly legitimate interests of the controller Art. 6 (1) (f) EU-GDPR in sales management

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
Booking number, travel dates

Recipients or categories of recipients, if applicable:
internal departments responsible for processing at the controller

Processing purposes, legal basis, legitimate interests
Due to predominantly legitimate interests of the controller Art. 6 (1) (f) EU GDPR in the further development of services/travel services and additional products ( e.g. quality management) 
( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
Booking number, travel dates

Recipients or categories of recipients, if applicable:
internal departments responsible for processing at the controller

Processing purposes, legal basis, legitimate interests
To protect the vital interests of you or another natural person, for example to be able to provide emergency services with an evacuation list in emergency situations , your data will be processed by us or authorized third parties. Art. 6 (1) (d)
( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
First name, last name, email address, travel dates

Recipients or categories of recipients, if applicable:
Transport service providers
Accommodation operator
Destination agencies
public bodies (such as embassies of the destination country) 

Processing purposes, legal basis, legitimate interests
To fulfill tax/official control and reporting obligations Art. 6 (1) (c) GDPR

( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
[First name, last name] [Address]
[ Email address ] [Emergency Telephone Number]  [Age]
[Date of birth]
Family [travel companions, family affiliation,/ relatives, e.g. when specifying children, spouses in the booking] Physical characteristics [Gender]
Travel details [type of trip, travel price, travel destination, travel date, travel duration, hotel details, room type, flight details, transfer details, other services] [Booking number]
Depending on the payment method: Account details [credit card details (credit card number token) or bank account details (IBAN, BIC )] Optional requests/other inquiries
Optional additional telephone numbers, such as a landline telephone number
Optional communication data (e.g. address, email address, telephone number, correspondence, email correspondence) Optional data in the context of complaints
Data in crisis/emergency situations

Recipients or categories of recipients, if applicable:
departments within the controller responsible for implementation, such as internal and external legal advice, data protection management, compliance
Data processors for archiving and storage systems

Processing purposes, legal basis, legitimate interests
To comply with statutory retention obligations pursuant to Art. 6 (1) (c) of the EU GDPR, pursuant to Section 257 (1) of the German Commercial Code (HGB) and Section 147 (1) of the German Fiscal Code (AO), the retention period is 6 years for business and commercial letters and 10 years pursuant to Section 257 (4) and (5) of the German Commercial Code (HGB) and Section 147 (3) and (4) of the German Fiscal Code (AO) for invoice-related documents .
( Data marked with are required for the conclusion of the contract and must be provided. Without this data, the contract cannot be concluded/the service cannot be provided .)
[First name, last name] [Address]
[ Email address ] [Emergency Telephone Number]  [Age]
[Date of birth]
Family [travel companions, family affiliation,/ relatives, e.g. when specifying children, spouses in the booking] Physical characteristics [Gender]
Travel details [type of trip, travel price, travel destination, travel date, travel duration, hotel details, room type, flight details, transfer details, other services] [Booking number]
Depending on the payment method: Account details [credit card details (mask card number, expiration date, security code) or bank details (IBAN, BIC )] Optional requests/other inquiries
Optional additional telephone numbers, such as a landline telephone number
Optional communication data (e.g. address, email address, telephone number, correspondence, email correspondence) Optional data in the context of complaints
Data in crisis/emergency situations

Recipients or categories of recipients, if applicable:
bodies within the controller responsible for the implementation, as well as processors for archiving and storage systems
Authorities in the case of official duty

*5. Who do we get your data from? * We receive the data directly from you, e.g. when booking a trip or placing another order, e.g. via travel agencies, insurers , other service providers for services arranged by us or from the person booking the trip.

6. Transfer to third countries If there is no adequacy decision pursuant to Article 45(3) of the EU GDPR, we will transfer your data to recipients in a third country if the transfer is necessary: -to conclude or fulfill the contract with you or to carry out pre-contractual measures at your request -to fulfil a contract concluded in your interest by the controller with another natural or legal person -to assert, exercise or defend legal claims -to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent -You have given us your consent These data processing operations are permissible exceptions under Article 49 of the EU GDPR. If data transfer outside the scope of the EU GDPR is necessary due to our predominantly legitimate interest or if you have given us your consent, this is secured, among other things, with EU standard contractual clauses pursuant to Art. 46 (2) (c) EU GDPR. If necessary, the EU standard contractual clauses will be supplemented by further contractual assurances. Information and copies of these can be obtained from the contact details provided.

7. Storage period

Storage for 3 years due to the predominantly legitimate interest of the controller in the assertion, exercise and defense of legal claims Art. 6 (1) (f) EU-GDPR in conjunction with Section 195 and Section 199 (1) BGB, your data will be stored for 3 years

starting from the end of the year in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and the identity of the debtor or would have become aware of them without gross negligence in order to assert, exercise or defend legal claims in accordance with Section 199 (1) of the German Civil Code (BGB)
•Storage for 6 years begins at the end of the calendar year in which the last entry was made in the commercial book, the inventory was drawn up, the opening balance sheet or the annual financial statements were adopted, the individual financial statements were prepared in accordance with Section 325 (2a) or the consolidated financial statements were prepared, the commercial letter was received or sent, or the accounting document was created in accordance with the statutory retention periods under Section 257 (5) HGB for commercial letters and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were drawn up, the commercial or business letter was received or sent, or the accounting document was created, furthermore the recording was made or the other documents were created in accordance with Section 147 (4) AO for commercial and business letters, other documents insofar as they are relevant for taxation • Storage for 10 years begins at the end of the calendar year in which the last entry was made in the commercial book, the inventory was drawn up, the opening balance sheet or the annual financial statements were adopted, the individual financial statements according to Section 325 Para. 2a or the consolidated financial statements were drawn up, the commercial letter was received or sent or the accounting document was created in accordance with the statutory retention periods under Section 257 Para. 5 HGB for commercial books, inventories, opening balance sheets, annual financial statements, individual financial statements according to Section 325 Para. 2a, management reports, consolidated financial statements, group management reports as well as the work instructions and other organizational documents necessary for their understanding, evidence of entries in books to be kept according to Section 238 Para. 1 (accounting documents) and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were drawn up, the commercial or business letter was received or sent or the accounting document was created, furthermore the recording was made or the other documents have been created in accordance with Section 147 (4) AO for books and records, inventories, annual financial statements, management reports, the opening balance sheet as well as the work instructions and other organizational documents necessary for their understanding, accounting documents, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code for other claims for damages pursuant to Section 199 Paragraph 3 of the German Civil Code (BGB), after ten years from their occurrence.

*9. Is there automated decision-making in individual cases? * As a general rule, we do not use automated decision-making in accordance with Art. 22 of the EU GDPR to establish and conduct our business relationship. Should we use these procedures in individual cases, you will be informed separately, provided this is required by law.

*10. Will my data be used in any way for profiling ? * If you have booked a trip with us, we will process your data partially automatically with the aim of assessing your potential interest in certain products, offers, and services (“profiling” according to Art. 4 No. 4 EU GDPR). The evaluation is carried out using statistical and market research methods, taking into account your previously booked trips and services. and your booking behavior. We take into account your booking history with us, as well as characteristics of the bookings and booked trips, products, and services. These characteristics include booking frequency, booking channel, additional and canceled services, booking lead time, trip price, trip type, destination, number of travelers, and characteristics of the main product booked, such as star rating and amenities. Typically, a selection of the aforementioned characteristics is used with equal weighting, but they can also be used collectively with a non-predetermined weighting. We use the results of these analyses for market and opinion research, targeted and needs-based customer communication, and to acquire new customers. This form of data use is based on the legal basis of Art. 6 (1) (f) of the EU GDPR due to the overriding legitimate interest in direct advertising, market and opinion research, and new customer acquisition. In order to assess the potential risk of payment default, we use information about fraudulent behavior and publicly available information to create a forecast of the probability of your payment defaulting on the booking made. For this risk probability calculation, contact details, bank details, and date of birth are processed with equal weighting, along with public address data and bank account details provided to us by our partner Crif GmbH. Data is then assigned to statistical groups of people who have exhibited similar behavior in the past. The results support us in individual decision-making to prevent fraud losses and pursue legal claims. This data processing is carried out on the legal basis of Art. 6 (1) (f) EU GDPR due to the overriding legitimate interest in preventing fraudulent damage and pursuing legal claims.

*Additional information for website users: *

Use of cookies and similar technologies Our website uses so-called “cookies.” Cookies are small text files that do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or until your web browser automatically deletes them after the specified storage period. In some cases, cookies from third-party companies may also be stored on your device when you use our online offerings (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g., cookies for processing payment services). Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies are used to evaluate user behavior or display advertising. Cookies that are required to carry out electronic communication or to provide certain functions you have requested (e.g. for the shopping cart function) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested (e.g. to optimize the website using cookies to measure the web audience), processing will take place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG); consent can be revoked at any time. You can configure your browser to inform you about the use of cookies and to only accept cookies on a case-by-case basis, to exclude cookies for specific cases or in general, and to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website. If cookies are used for analysis purposes, we will ask for your consent in advance and inform you about this separately in this data protection declaration. In principle, it is possible to use our services without cookies or similar technologies that serve non-technical purposes. By accepting additional functional cookies, we can improve the ease of use and personalize our services for you. For individual configuration, we provide a cookie consent tool, which you can find here .

Newsletter On our website, you have the option to subscribe to our newsletter. We process the personal data submitted via the registration form to send you the individual newsletters. For the purpose of measuring reach and evaluating our email marketing campaigns, we collect data about your use of our newsletters, such as whether, how often, and for how long you read them, as well as which links you click on. The legal basis for the processing of your personal data for sending the newsletter is Art. 6 (1) Sentence 1 lit. a GDPR, if applicable in conjunction with Section 7 (2) No. 3 UWG (Unfair Competition Act). We may also send you certain information by email on the basis of legal permission in accordance with Section 7 (3) UWG. The legal basis for the processing of your personal data within the scope of reach measurement and evaluation of our email marketing campaigns is Art. 6 (1) Sentence 1 lit. f GDPR (based on our legitimate interest in recording and improving the success of our email advertising ). You can revoke your consent at any time with effect for the future (e.g. via the “unsubscribe” link in the newsletter). If you exercise your right of revocation, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter. The data will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or if the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. You can object to the storage if your interests outweigh our legitimate interest.

Intuit (Mailchimp) We use Intuit (Mailchimp) from Intuit Inc., 2700 Coast Ave, Mountain View, CA 94043, USA, to send our newsletter. This allows us to contact subscribers directly. We also analyze your usage behavior to optimize our offering. The following personal data is shared with Intuit (Mailchimp), among others: email address, name, and messages we send to you. Intuit (Mailchimp) is the recipient of your personal data and acts as a processor for us when it comes to sending our newsletter. In addition, Intuit (Mailchimp) collects the following personal data: Information about your device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as the date and time you opened the email/campaign and browser activities (e.g. which emails/websites were opened). Intuit (Mailchimp) needs this data to ensure the security and reliability of the systems, compliance with the terms of use and to prevent misuse. This corresponds to the legitimate interest of Intuit (Mailchimp) (pursuant to Art. 6 (1) (f) GDPR). Intuit (Mailchimp) also evaluates performance data, such as email delivery statistics and other communication data. This information is used to create usage and performance statistics for the services. Mailchimp also collects information about you from other sources. Personal data is collected via social media and other third-party data providers for an unspecified period and to an unspecified extent. We have no control over this process. Further information on objection and removal options with Mailchimp can be found at https://mailchimp.com/de/gdpr/

Automated decision in individual cases A fully automated decision means that decisions are made using technical means without the direct involvement of a person. Automated decision-making as defined in Art. 22 GDPR does not take place on our website. Should we use this procedure in individual cases, we will inform you separately – where required by law.

Use of data for profiling Profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not process your data for the purpose of evaluating certain personal aspects (profiling).

Use of Google Analytics With your consent, this website uses Google Analytics, a web analysis service provided by Google Inc. Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in Ireland. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators, and provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google’s behalf. Google will never associate your IP address with any other data held by Google .
The legal basis for the use of Google Analytics is your consent within the meaning of Art. 6 (1) (a) GDPR. Google’s privacy policy can be found at https://policies.google.com/privacy?hl=de and at https://business.safety.google/privacy/

Use of Google Maps At your express request, our website uses Google Maps and the Google Maps API to visually display a map and geographical information. When Google Maps is used, Google also collects, processes, and uses data about the use of the maps functions by website visitors. Google Maps is used in the interest of an attractive presentation of our online offerings and to make the locations we list on the website easy to find. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If consent has been requested, processing will be based on Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the “EU-US Data Privacy Framework” mentioned above. Details can be found here: https://policies.google.com/privacy/frameworks?hl=de. For more information on how user data is handled, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de and at https://business.safety.google/privacy/

Use of multichannel tracking by intelliAd Media GmbH With your consent, this website uses the web analytics service with bid management provided by intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich. To tailor and optimize this website to meet your needs, anonymized usage data is processed and stored in aggregate, and usage profiles are created from this data. When using intelliAd tracking, cookies are stored locally. You can revoke your consent at any time. You also have the option of objecting to the processing of your usage data by intelliAd. To do so, use the intelliAd opt-out function. Further information on data protection at intelliAd can be found at https://www.intelliad.de/datenschutz/.

Reviews via Trusted Shops If you have given us your express consent to do so during or after your order by activating a corresponding checkbox or clicking a button provided for this purpose (“Rate later”), we will transmit your email address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de) to remind you to submit a review of your order. This consent can be revoked at any time by sending a message to the contact option described below or by contacting Trusted Shops directly. You can access the trustedshops privacy policy at: https://www.trustedshops.de/impressum-datenschutz/

*Meta Pixel (Facebook and Instagram) * With your consent, our website uses the “meta pixel” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”). This allows us to track user behavior after they have seen or clicked on a Facebook or Instagram ad. This process is used to evaluate the effectiveness of Facebook or Instagram ads for statistical and market research purposes and can help optimize future advertising campaigns. The data collected is anonymous to us, meaning it does not allow any conclusions to be drawn about the identity of the users. However, the data is stored and processed by Meta, allowing a connection to the respective user profile and allowing Meta to use the data for its own advertising purposes, in accordance with the Meta Data Usage Policy (www.facebook.com/policy.php). The user can allow Meta and its partners to place advertisements on and outside of Facebook or Instagram. Meta may also store a cookie on their computer for these purposes. By visiting our website and our Facebook or Instagram pages, you can consent to the use of cookies. The legal basis for processing is then your consent in accordance with Art. 6 (1) a GDPR. Data is transferred to the independent controller, Meta. The legal basis for transferring data to Meta is your consent in accordance with Art. 6 (1) a GDPR. This may also mean the transfer of personal data to the USA. The data is transferred on the basis of the “EU-US Data Privacy Framework” (see above under the heading “Transfer of data to a third country or to an international organization”). To the extent that personal data is collected on our website using the tool described here and forwarded to Meta, joint controllership exists (Art. 26 GDPR). Joint controllership is limited exclusively to the collection of the data and its forwarding to Meta. Any processing carried out by Meta after forwarding is not part of the joint controllership. The joint obligations have been set out in a joint processing agreement. You can access the agreement at: https://de-de.facebook.com/legal/terms/page_controller_addendum

Payment details on our online representation To ensure the secure processing of your payments, the necessary payment data (amount, booking reference, booking description, payer) will be transmitted to payment service providers.

*Payment by credit card: * Our payment service provider for processing credit card payments is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main. You can find out how Payone processes your data in Payone’s privacy policy: https://www.payone.com/dsgvo/. Your credit card details for payment, as well as the application of your credit card issuer’s security measures such as 3D Secure and strong customer authentication, are processed directly by the payment service provider. We do not receive access to your full credit card details and only store a reference in the form of an abbreviated credit card number so that you can recognize it. For fraud prevention purposes, a processor processes a fingerprint of your device or browser along with the payment data. This serves your and our protection to prevent the misuse of your payment method for payment. The legal basis for this is Art. 6 (1) (f) GDPR (based on our legitimate interest in fraud prevention).

Privacy Policy

Information

Services

Legal

Privacy Policy

Data protection information for customers in accordance with Art. 13 and 14 of the EU General Data Protection Regulation (EU GDPR)