Privacy Policy Holidu Hosts
Introduction and general information
Thank you for your interest in our website. The protection of your personal data is very important to us. In the following, you will find information on the handling of your data collected through your use of our website as well as information on the handling of your data if you are a customer, interested party or business partner. Your data will be processed in accordance with the legal regulations on data protection.
Person responsible within the meaning of the GDPR
Holidu Hosts GmbH
Riesstraße 24
80992 Munich
support@holidu.com
Contact details of the data protection officer
Proliance GmbH / www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
When contacting the Data Protection Officer, please state the company to which your enquiry relates. Please refrain from enclosing sensitive information, such as a copy of an ID card, with your request.
Definitions
Our privacy policy is intended to be simple and understandable for everyone. In this privacy policy, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 GDPR.
Access to and storage of information in terminal equipment
By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. With this access or this storage may be associated with further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of Section 25 para. 1 TTDSG with your consent in accordance with Article 6 para. 1 a GDPR. The consent can be revoked at any time for the future. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.
For further information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.
Web hosting
This website is hosted by an external service provider (Amazon Web Services). This website is hosted in Ireland. Personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, website traffic and other data generated by a website.
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded an order processing contract with the provider in accordance with the
requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers' data and not to pass it on to third parties.
Server log files
When you access our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
• Date, time and duration of the request
• Name of the requested file
• Page from which the file was requested
• Access status
• Web browser and operating system used
• (Complete) IP address of the requesting computer
• Amount of data transferred
• Http-referrer and http-method
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para.1 lit. f GDPR.
For technical security reasons, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. After 7 days at the latest, the data is
anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user.
In addition, the data is processed anonymously for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.
Registration
If you would like to register as a host, you can do so via Holidu Hosts GmbH at
https://www.holidu.com/host
We collect and use the following personal data as part of the regular registration and set-up process:
• First and last name
• E-mail address
• Date and time of registration
• Telephone number
• Accommodation location
In addition, voluntary information can be provided. Mandatory information provided for the purpose of registration is marked in the input mask with an asterisk as a mandatory field.
The legal basis for data processing is Art. 6 para. 1 lit. a GDPR in the case of consent or Art. 6 para. 1lit. b GDPR if the processing is necessary to provide the requested services. Your data will be deleted as soon as the user account is deleted and insofar as no legal retention obligations exist. You can usually make a change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a corresponding message to the responsible person mentioned at the beginning.
Zendesk for answering queries
If you send us a request via the Website or by email, we use the ticketing system "Zendesk" to process these requests, a service provided by Zendesk Inc, 989 Market Street 300, San
Francisco, CA 94102.
The data you initially provided in your enquiry will be recorded in Zendesk. This is at least your first and last name, your email address and/or your telephone number. If you have also provided us with your address and other personal data in the course of your enquiry, these will also be processed in the ticketing system. The legal basis for the processing of your data in Zendesk is Art. 6 para. 1 lit. f) GDPR, our legitimate interest in the efficient processing of customer enquiries.
In principle, your personal data is processed in the EU, but since Zendesk is a provider with
headquarters in the USA, a transfer of personal data to the USA cannot be ruled out. Accordingly, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
For more information on data processing by Zendesk, please see Zendesk's privacy policy at: http://www.zendesk.com/company/privacy
Communication via Whatsapp Business
We use Whatsapp Business, a service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for communication purposes.
You can contact us, for example, via a button on the website. In doing so, your contact data in the form of your telephone number will be processed, as well as meta/communication data (e.g. device information, IP addresses).
Please note that the content of communications (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by Whatsapp Ireland Limited itself. You should always use an up-to-date version of Messenger with encryption enabled to ensure that message content is encrypted.
However, we would also like to point out that although the messenger providers cannot view the content, they can find out that you are communicating with us and when, as well as technical information about the device used and, depending on the settings of your device, location information(so-called metadata) is processed.
If we ask you for permission before communicating with you via Messenger, the legal basis for our processing of your data is consent pursuant to Art. 6 para. 1 p. 1 lit. a. GDPR. Otherwise, if we do not ask for consent and you contact us, for example, of your own accord, we use Whatsapp in relation to our contractual partners and within the scope of the initiation of the contract as a contractual measure pursuant to Art. 6 para. 1 p. 1 lit. b. GDPR and in the case of other interested parties on the basis of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f. GDPR in fast and efficient communication.
We have concluded an order processing contract with the service provider in which we oblige them to protect our customers' data and not to pass it on to third parties.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we will endeavour to obtain additional regulations and assurances from the recipient.
Whatsapp's terms of use and information on data protection can be accessed via the following links:
https://www.whatsapp.com/legal/
https://www.whatsapp.com/privacy
https://www.whatsapp.com/legal/business-data-processing-terms
You can revoke any consent given at any time and object to Whatsapp communication with us at any time. In this case, we delete the messages in accordance with our general deletion guidelines (i.e., e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information you may have provided, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention obligations.
Finally, we would like to point out that we reserve the right not to answer enquiries via Whatsapp for reasons of your security. This is the case if, for example, contractual internals require special confidentiality or an answer via Whatsapp does not meet the formal requirements. In such cases, we refer you to more adequate communication channels.
Writing reviews
On our website you have the possibility to leave reviews for the offered holiday homes. For this we need your name or a pseudonym and your e-mail address (will not be published). Furthermore, your IP address and the time of publication will be logged and stored for 7 days. This storage of the IP and email address is done for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a submitted comment.
Reviews can be submitted in such a way that it is not possible for other website users to identify you. It is up to you to decide whether you wish to provide personal details over and above the mandatory information. Please note that when choosing your pseudonym, as well as within the free text fields and when uploading photos, it is also possible to provide information that makes it possible to identify you personally. We recommend that you write your review text without providing personal data and upload photos accordingly. We reserve the right not to publish or to (partially) anonymise reviews that contain personal data.
If the review contains personal data, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. For this purpose, an informal communication by email to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation. In the event of revocation of your consent, we will delete or anonymise the review.
The storage of additional information (IP address and email address) is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the possibility of assigning the reviews to the authors.
We reserve the right to delete comments if they are objected to as illegal by third parties. The collected IP and email addresses are deleted after 7 days.
Newsletter (Airship)
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your email address as mandatory information.
We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by email once you have expressly confirmed that you consent to receiving newsletters. In the first step, you will receive an email with a link that you can use to confirm that you, as the owner of the corresponding email address, wish to receive future newsletters. By confirming, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of sending the newsletter you requested.
When you register for the newsletter, we store, in addition to the email address required for sending, the IP address used to register for the newsletter as well as the date and time of registration and confirmation, in order to be able to track possible misuse at a later date. The legal basis for this is our legitimate interest in accordance with §§ 3.1 and 4.1 of the German Data Protection Act. Art. 6 para. 1 lit. f GDPR.
You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the responsible person named above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise legally permitted.
Our email newsletter is sent via a technical service provider to whom we pass on the data you provided when registering for the newsletter. We have concluded an order processing contract with our email service provider in which we oblige him to protect our customers' data and not to pass it on to third parties.
Service provider: Airship
Address: Urban Airship Germany GmbH, Thurn-und-Taxis-Platz 6, 60313 Frankfurt, Germany
Privacy Policy: https://www.airship.com/legal/privacy/
Chekin
We offer our guests as well as hosts the possibility to collect and report registration data to the competent authorities via the registration solution of Chekin (Chekin Soluciones Digitales, Avenida República Argentina, 24, 7ª planta, 41011, Sevilla) ("Chekin").
By using the services of Chekin and the associated acceptance of the data protection provisions, you agree that the owner of the accommodation, who is responsible for your personal data, stores and processes the personal data provided by you for the purposes of using the platform. Accordingly, the processing of the guest check-in data is based on your consent pursuant to Art. 6 para. 1 a) GDPR. Please note that Holidu Hosts GmbH only provides the solution. However, any processing of personal guest data is the responsibility of the host.
The following data may be processed (there are regions where the collection of some data is not mandatory) to manage your stay and to provide information to the authorities:
• First name, last name
• Gender
• Nationality
• Citizenship
• Date of birth
• Country of birth
• Birthplace
• Country of residence
• Place of residence
• Residence address
• Identity card type
• Identity card number
• Date of issue of the identity card
• Country of issue of the identity card
• Place of issue of the identity card
• Purpose of stay
• VISA number
• Signature
Chekin stores the data for as long as is necessary to carry out the various treatments, but at least, in accordance with tourism regulations, for a period of 3 years.
Cookies
Our website uses so-called "cookies". Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behaviour or to display advertising.
The processing of data through the use of absolutely necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free provision of our services. For details on the processing purposes and legitimate interests, please refer to the explanations on the specific data processing.
The processing of personal data through the use of other cookies is based on consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you separately about this within the framework of this data protection declaration and obtain consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can set your browser so that you are
• informed about the setting of cookies, allow
• cookies only in individual cases,
• exclude the acceptance of cookies for certain cases or in general,
• activate the automatic deletion of cookies when closing the browser.
The cookie settings can be managed under the following links for the respective browsers:
- [Google Chrome](https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en&sjid=8703210949097874472-EU)
- [Mozilla Firefox](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop)
- [Edge (Microsoft)](https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d)
- [Safari](https://support.apple.com/en-gb/guide/safari/sfri11471/mac)
- [Opera](https://help.opera.com/en/latest/web-preferences/#cookies)
You can also manage cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at
https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad- choices.
Most browsers also offer a so-called "do-not-track function". When this function is activated, the respective browser tells advertising networks, websites and applications that you do not want to be "tracked" for the purpose of behavioural advertising and the like.
Information and instructions on how to edit this function can be obtained from the links below, depending on your browser provider:
- [Google Chrome](https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en&sjid=9592219880805584251-EU)
- [Mozilla Firefox](https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature)
- [Edge (Microsoft)](https://support.microsoft.com/en-gb/windows/use-do-not-track-in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792)
- [Safari](https://support.apple.com/en-gb/guide/safari/sfri40732/13.0/mac/10.15)
- [Opera](https://help.opera.com/en/latest/security-and-privacy/#tracking)
In addition, you can prevent the loading of so-called scripts by default. "NoScript" allows JavaScripts, Java and other plug-ins to be executed only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at:
https://addons.mozilla.org/en-GB/firefox/addon/noscript/).
Please note that if you deactivate cookies, the functionality of our website may be limited.
Change cookie settings
You can revoke or change your cookie settings at any time. To do so, call up the cookie settings again via this link (embed hyperlink to cookie settings).
Sentry
We use the service Sentry (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to ensure and improve the technical stability of our service.
Sentry enables us to detect errors in our application that have led to a malfunction or crash. Sentry uses cookies for this purpose, which transmit technical data such as browser data and the calling IP address in anonymised form to Sentry in the event of an error. Sentry will use this information on our behalf to evaluate your usage, identify the source of the error and thus enable us to fix the error and optimise our application. The legal basis is our legitimate interest according to Art. 6 para. 1 S. 1 lit. f GDPR to the technical stability of our website. Sentry stores this data for as long as necessary for error analysis, but for a maximum of 90 days.
As a transfer of personal data by Sentry to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR with respect to companies certified under the EU-U.S. Data Privacy Framework. Sentry.io is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
For further information on the use of your data by the providers and your rights and settings
options in this regard, please refer to Sentry's privacy policy:
https://sentry.io/privacy/#whatinformation-do-we-collect
Google Analytics
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies".
Google will use this information on behalf of the operator of this website for the purpose of
evaluating your use of the website, compiling reports on website activity and providing other
services relating to website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics will not be combined with any other data held by Google. The processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the consent you have given.
We only use Google Analytics with IP anonymisation activated. This means that your IP address will only be processed by Google in abbreviated form.
We have concluded an order processing contract with the service provider in which we oblige them to protect our customers' data and not to pass it on to third parties.
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
The Google Analytics terms of use and information on data protection can be accessed via the following links:
https://marketingplatform.google.com/about/analytics/terms/gb/
https://policies.google.com/?hl=en-GB
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user and event level data linked to cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 2 months after their collection.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restrictions. You may also prevent Google from collecting data generated by the cookie and from analysing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.
Google Marketing Platform (formerly DoubleClick)
This website uses DoubleClick from the Google Marketing Platform, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google").
DoubleClick uses cookies to present you with ads that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser or device in order to check which ads have been displayed in your browser and which ads have been viewed. This can improve campaign performance or, for example, prevent you from seeing the same ad more than once. In addition, Google can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and makes a purchase. According to Google, the cookies do not contain any personal information. If you have given us your consent, the processing of the data is based on Art. 6 para. 1 lit. a GDPR.
Due to the technology used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or that you have sent a request or that you have clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and store your IP address.
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR in relation to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
For more information on the Google Marketing Platform at
https://marketingplatform.google.com/intl/en_uk/about/ and on data protection at Google in general:
https://policies.google.com/privacy?hl=en.
Google Ads
We use "Google Ads" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). We use Google Ads for marketing and optimisation purposes, in particular to serve ads that are relevant and interesting to you.
If you have given us your consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR, we can use Google Ads to draw attention to our attractive offers with the help of advertising media on external websites. This allows us to determine how successful individual advertising measures are.
These advertisements are delivered by Google via so-called "AdServers". We use so-called AdServer cookies for this purpose, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users.
If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognise that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify the users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on one of our ads. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will obtain and store your IP address.
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR in relation to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on data use by Google, on setting and objection options and on data protection can be found on the following Google web pages:
• Privacy policy: https://policies.google.com/privacy?hl=en&gl=de
• Google website statistics: https://services.google.com/sitestats/en.html
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain "https://ads.google.com/intl/en/home/" (https://www.google.com/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted when you delete your cookies.
Google Optimize
The web analysis and optimisation service "Google Optimize" is used on our website (hereinafter "Google Optimize"). The operating company of the Google Optimize services is Google Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Insofar as you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use the Google Optimize service to increase the attractiveness, content and functionality of our website by playing new functions and content to a percentage of our users and statistically evaluating the change in usage (so-called A/B testing). Google Optimize is a sub-service of Google Analytics (see section Google Analytics).
Google Optimize uses cookies to optimise and analyse your use of our website.
We use Google Optimize with IP anonymisation activated so that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Google will use this information for the purpose of evaluating your use of our website, compiling reports on optimisation tests and related website activity and providing other services relating to website activity and internet usage to us.
We have concluded an order processing contract with the service provider in which we oblige them to protect our customers' data and not to pass it on to third parties.
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR in relation to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user and event level data linked to cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 2 months after their collection.
You can prevent the storage of cookies by setting your internet browser accordingly. In addition, you can prevent the collection of the data generated by the cookie and related to your use of our website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information on data collection and processing by Google, please refer to Google's privacy policy, which can be accessed at http://www.google.com/policies/privacy.
Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
The purpose of reCAPTCHA is to check whether data entry on our website (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information, e.g.
• IP address
• Dwell time of the website visitor on the website
• Mouse movements made by the user
The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from abusive automated spying and from unwanted automated mailings (spam).
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR in relation to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
We do not store any personal data from the use of reCAPTCHA. As a general rule, personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies.
Further information about Google reCAPTCHA as well as Google's privacy policy can be found at the following links: https://policies.google.com/privacy?hl=en and
https://www.google.com/recaptcha/intro/v3beta.html.
Google Fonts
We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access our website. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these Google Fonts takes place via a server call, usually a Google server in the USA. This transmits to the server which page of our website you have visited. The IP address of the browser of the visitor's terminal device is also stored by Google.
We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. The processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent. This consent can be revoked at any time with effect for the future.
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR in relation to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on data protection can be found in Google's privacy policy:
https://policies.google.com/privacy?hl=en
Further information on Google Fonts can be found at https://fonts.google.com/.
Google Maps
Our homepage uses the online map service provider Google Maps via an interface. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to save your IP address.
Google uses cookies to collect information about user behaviour. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 Para. 1 lit. a GDPR, § 25 Para. 1 TTDSG.
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR in relation to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
For more information on the handling of user data, please refer to Google's privacy policy:
https://policies.google.com/privacy?hl=en Opt-out: https://www.google.com/settings/ads/
Google Tag Manager
This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish the connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
We use the Google Tag Manager on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Since a transfer of personal data by Google to affiliated companies and sub-service providers in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 of the GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Facebook Pixel
We use "Facebook Pixel" on our website, a service provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland (hereinafter referred to as: "Facebook").
If you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting ads for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.
Facebook Pixel enables Facebook to display our ads on Facebook, so-called "Facebook Ads", only to those Facebook users who were visitors to our internet presence, in particular who have shown interest in our online offer. In this case, Facebook Pixel also makes it possible to check whether a user was redirected to our website after clicking on our Facebook Ads. Facebook Pixel uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into your Facebook user account, your visit to our website will be recorded in your user account. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, this data can be linked by Facebook to your user account there. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Further information on data protection from the third-party provider can be found on the following Facebook website: https://www.facebook.com/about/privacy. Information on the Facebook pixel can be found on the following Facebook website: https://www.facebook.com/business/help/742478679120153
You can make the relevant settings as to which types of advertisements are displayed to you within Facebook on the following Facebook website:
https://www.facebook.com/settings?tab=ads.
Please note that this setting will be deleted when you delete your cookies. In addition, you can deactivate cookies that are used for range measurement and advertising purposes via the following websites: http://optout.networkadvertising.org/ http://www.aboutads.info/choices http://www.youronlinechoices.com/uk/your-ad-choices/
Please note that this setting will also be deleted when you delete your cookies.
Facebook Custom Audiences
We use "Facebook Custom Audiences" on our website, a remarketing tool of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland (hereinafter referred to as "Facebook").
Facebook Custom Audiences enables us to display interest-based advertisements, so-called "Facebook Ads", to visitors to our website when they visit the social network Facebook or when they visit other websites that also use Facebook Custom Audiences. For this purpose, a pixel (Facebook Pixel) of the provider Facebook of the same name (see above) is used.
Through the use of "Facebook Custom Audiences" in conjunction with Facebook Pixel, your web browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of Facebook Custom Audiences. As far as we are aware, Facebook receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will learn and store your IP address and possibly other identifying features.
We use Facebook Custom Audiences for marketing and optimisation purposes, in particular to display ads that are relevant and interesting for you and thus improve our offer and make it more interesting for you as a user. The legal basis for Facebook Custom Audiences and the Facebook Pixel is Art. 6 para. 1 p. 1 lit. a GDPR (consent).
We have concluded an order processing agreement with our service provider Facebook, in which we oblige them to protect our customers' data and not to pass it on to third parties.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Further information from Facebook on data protection can be found on the following Facebook website: https://www.facebook.com/about/privacy
Information on the Facebook pixel can be found on the following Facebook website: https://www.facebook.com/business/help/742478679120153
Deactivating Facebook Custom Audiences via Pixel is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#.
In addition, you can deactivate cookies that are used for range measurement and advertising purposes via the following websites: http://optout.networkadvertising.org/ http://www.aboutads.info/choices http://www.youronlinechoices.com/uk/your-ad-choices/
Please note that this setting will also be deleted when you delete your cookies.
Microsoft Advertising (formerly Bing Ads)
On our pages we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, Microsoft Advertising will store a cookie ("conversion cookie") on your computer if you have accessed our website via a Microsoft Advertising ad. These cookies lose their validity after 30 days and are not used for personal identification. In this way, Microsoft and we can recognise that someone has clicked on an advertisement, been redirected to our online offer and reached a previously determined target page (so-called conversion measurement). Each Microsoft Advertising customer receives a different cookie. Cookies cannot therefore be tracked across Microsoft Advertising customers' websites. The information collected using the conversion cookie is used to generate conversion statistics for Microsoft Advertising customers who have opted-in to conversion tracking. Microsoft Advertising clients will learn the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.
You can also disable this personalised advertising directly from Microsoft at:
https://about.ads.microsoft.com/en-gb/resources/policies/personalized-ads
As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
For more information on privacy and cookies used by Microsoft and Bing Ads, please visit Microsoft's website at https://privacy.microsoft.com/en-gb/privacystatement .
Microsoft Clarity
On our website we use Microsoft Clarity, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
“Microsoft Clarity" is a Microsoft procedure in which analysis is carried out on the basis of a pseudonymous user ID, such as the evaluation of performance data for certain designs and mouse movements on the website. The analysed data should be used to be able to send you personalised and interest-based advertising on the basis of the user profile created, as well as to carry out conversion and reach measurement.
The settings of Clarity are configured in such a way that the data collection by Microsoft already takes place via so-called IP-masking in pseudonymised form. The data processing is based on your consent in accordance with Art. 6 para. 1 a) GDPR.
The following data is processed in pseudonymised form:
• Usage data (page visited, time of access)
• Device information
• IP address
• Location data
• Movement data (mouse and scroll movements)
Since a transfer of personal data by Microsoft to affiliated companies and sub-service providers to countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with respect to companies certified under the EU-U.S. Data Privacy Framework. Microsoft Corp. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no EU Commission adequacy decision, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
For more information on data protection and the cookies used at Microsoft, please visit the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement.
Fullstory
On our website, we use the web analysis service "Fullstory" from the provider FullStory Inc, 1745 Peachtree St NE, Atlanta, GA, USA.
Through Fullstory, we aim to track the user behaviour of our website visitors by tracking and recording visitor sessions on the website. The recordings help us to improve our website presence. As far as possible, we try not to record any personal data, but only anonymised movements. However, it cannot be ruled out that Fullstory occasionally processes personal data provided by you within forms on our website. These are used solely for the purpose of tracking movements such as clicks or calls on the website. Processing for other purposes does not take place.
We use Fullstory based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR. This can be revoked at any time via the cookie settings.
Since a transfer of personal data to the USA may take place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
For further information on data protection at Fullstory, please visit
https://www.fullstory.com/legal/privacy-policy.
Hotjar
Our website uses the Hotjar web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe ("Hotjar").
Using Hotjar 's technology, we get a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, etc.). This helps us to tailor our offering to our users' feedback. Hotjar uses cookies and other technologies to collect information about the behaviour of our users and their devices, in particular the IP address of the device (only collected and stored anonymously during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile.
We take special care to protect your personal data when using this tool. For example, we can only track which buttons are clicked, mouse history, how far is scrolled, device screen size, device type and browser information, geographic location (country only) and preferred language used to display our website. Areas of the websites that display personally identifiable information about you or third parties are automatically hidden by Hotjar and are therefore not trackable at any time. The use of Hotjar and the associated processing of personal data takes place on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Hotjar generally stores customer data in the European Union. However, there may also be a transfer of personal data to third countries outside the EU and the EEA. In these cases, the adoption of further protective mechanisms is necessary to ensure the level of data protection in accordance with the requirements of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient in the third country to process the data in accordance with the level of protection in the EU.
Hotjar offers every user the option of using a "Do Not Track header" to prevent the use of the Hotjar tool so that no data is recorded about the visit to the respective website. This is a setting that is supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar with the information to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the "Do Not Track header" separately for each of these browsers/computers. You can prevent the use of Hotjar by going to the opt-out page
https://www.hotjar.com/policies/do-not-track/ and clicking "Disable Hotjar".
For more information about Hotjar Ltd. and about the Hotjar tool, please visit:https://www.hotjar.com/.The privacy policy of Hotjar Ltd. can be found at:https://www.hotjar.com/privacy
Vimeo
Videos from "Vimeo" are embedded on this website. "Vimeo" is operated by Vimeo.com Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA.
If you have given us your consent to do so, the processing is carried out for the optimal marketing of our offer in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.
The Google Analytics tracking tool is automatically integrated into videos from "Vimeo" that are embedded on our website. We have no influence on the tracking settings and the analysis results collected via this and cannot view them. In addition, web beacons are set for website visitors via the embedding of "Vimeo videos".
To prevent the setting of Google Analytics tracking cookies, you can prevent the storage of cookies by selecting the appropriate settings on your browser software; however, please note that if you do this, you may not be able to use the full functionality of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
For the purpose and scope of the data collection and the further processing and use of the data by the providers, as well as your rights in this respect and setting options for protecting your privacy, please refer to the data protection information of "Vimeo": https://vimeo.com/privacy
Adyen
On our website, we offer you the option to complete your payment via Sofortüberweisung (Klarna) and PayPal. To do this, we work together with the payment service provider Adyen N.V. (hereinafter "Adyen"), Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, the Netherlands. Adyen is a payment service provider that handles the processing of payments for us.
Depending on the type of payment you have chosen, the data required for the type of payment will be transmitted to Adyen, unless this data is collected directly from the payment service. This is the following data:
• First and last name
• Address
• Payment data
• Invoice amount
• Transaction data
• Information about your order
This is necessary to verify your identity and process the payment. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR, the necessity of the payment for the conclusion of a contract with us, as well as Art. 6 para. 1 lit f GDPR, our legitimate interest in using a payment service provider for the easier administration of payments on our website.
In the context of an identity and credit check based on your data, Adyen and we have a legitimate interest in the transmission of the personal data of the user concerned. Adyen and we require this in order to obtain information from credit agencies for the purpose of the identity and credit check (Art. 6 para. 1 sentence 1 lit. f) GDPR). We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.
You have the right to object on grounds relating to your particular situation, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims (Art. 21para. 1 GDPR). However, Adyen remains entitled to process and transmit customer data if this is necessary for the contractual processing of payments or is required by law or by official or judicial authorities. Contact can be made with Adyen at https://www.adyen.com/contact.
For more information on how Adyen processes your data, please visit: https://www.adyen.com/policies-and-disclaimer/privacy-policy
External links
Social networks (Instagram, Facebook, LinkedIn, Google, Github) are only integrated on our website as links to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information is only transferred to the respective provider after the forwarding. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.
Data sharing and recipients
Your personal data will not be transferred to third parties unless
• if we have explicitly referred to this in the description of the respective data processing,
• if you have given your express consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR,
• the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
• insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 p. 1 lit. b GDPR.
In addition, we use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing agreements in accordance with Article 28 of the GDPR, if necessary. These are bound by our instructions and are regularly monitored by us. These are, among others, service providers for hosting, sending e-mails as well as maintenance and care of our IT systems, etc. The service providers will not pass this data on to third parties.
Data security
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account state-of-the-art technology, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Duration of the storage of personal data
The duration of the storage of personal data is determined by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required to fulfil or initiate a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes or you have exercised your right of revocation or objection.
Your rights
Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
The right to request the correction of inaccurate or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.
The right to revoke consent given in accordance with Art. 7 para. 3 GDPR: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of objection
Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation
If you wish to exercise your right of revocation or objection, simply send an e-mail to support@holidu.com .
Legal obligations
The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the performance of the contract or pre-contractual measures.
Automated decision making
Automated decision-making or profiling pursuant to Art. 22 GDPR does not take place.
Additional information for customers, interested parties, hosts and business partners
Purposes and legal bases of the processing of customer, prospective customer and business partner data
We process your personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or fulfillment of a contract or for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 para. 1 lit. b GDPR.
If you give us express consent to process personal data for certain purposes (e.g. forwarding to third parties, evaluation for marketing purposes or advertising by e-mail), the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future (see section 9 of this data protection information).
If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties and to defend and assert legal claims in accordance with Art. 6 para. 1 f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
Categories of data processed
We only process data that is related to the establishment of the contract or the pre-contractual measures. This can be general data about you or persons in your company (name, address, contact details, etc.) as well as any other data that you provide to us in the course of establishing the contract.
Data sources
We process personal data that we receive from you in the course of contacting you or establishing a contractual relationship or in the course of pre-contractual measures or that you provide via our website or forms. In some cases, we also process data from publicly accessible sources.
Recipient of the data
We only pass on your personal data within our company to those areas and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest.
We may transfer your personal data to our affiliates to the extent permitted by the purposes and legal bases set out in section 3 of this privacy notice.
Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are CRM system providers, telephony providers, newsletter dispatch service providers and check-in solutions for querying guest data.
Otherwise, data is only forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information. Under these conditions, recipients of personal data can be, for example:
• External tax consultant
• Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation,
• Recipients to whom the disclosure is directly necessary to establish or fulfil the contract, such as partners.
Transfer to a third country
A transfer to a third country is not intended. If one of our processors is located in a third country, we ensure that either an adequacy decision of the European Commission is in place or, in the case of transfers pursuant to Art. 46 et seq. appropriate safeguards such as standard contractual clauses are in place to ensure an essentially equivalent level of protection for your personal data.
Duration of data storage of customer, prospect and business partner data
As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed there for storage and documentation are two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
Your rights as a customer, interested party or business partner
You have a number of data protection rights that you can assert against us. You can find a detailed list in the section "Your rights" above in this data protection declaration.
Necessity of the provision of personal data
The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.
Automated decision-making in connection with customer, prospect and business partner data
For the establishment, fulfilment or implementation of the business relationship as well as for pre-contractual measures, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately or obtain your consent if this is required by law.
Property Management Platform
With your user account as a host, you are given the opportunity to use our property management platform.
When you make full use of our property management platform, the following data will be processed in addition to the data you provided during registration:
• Holiday home data (e.g. address, equipment, object pictures)
• Invoice address
• Bank details
• VAT number
The legal basis for data processing is Art. 6 para. 1 lit. a GDPR in the case of consent or Art. 6 para. 1 lit. b GDPR if processing is necessary to provide the requested services. Your data will be deleted as soon as the user account is deleted and insofar as no legal retention obligations exist.
Existing customer advertising
We reserve the right to process the e-mail address provided by you within the scope of the booking in accordance with the statutory provisions in order to send you the following content, among other things, by e-mail during or following the processing of the contract, provided that you have not already objected to this processing of your e-mail address:
- other interesting offers from our portfolio,
- Overview of possible leisure activities.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. We carry out the aforementioned processing for customer care and to increase our services. We delete your data when you terminate the newsletter subscription, but no later than two years after termination of the contract.
We would like to point out that you can object to receiving direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 para. 2 GDPR). To do so, click on the unsubscribe link in the newsletter or send us your objection to the contact details listed in the "Person responsible" section.
Trustpilot
We use the review portal Trustpilot (Trustpilot A/S, Trommesalen 5, 3rd sal, 1614 Copenhagen, Denmark) to publish reviews from our customers.
A user profile on Trustpilot is required to submit a rating or to record customer feedback. In addition to a rating for the inviting company, ratings for other companies can then also be recorded on the Trustpilot rating portal. If you voluntarily wish to leave a rating on Trustpilot, we will pass on your e-mail address, first name and an internal booking number to Trustpilot. Your rating will be published on the website of Trustpilot and possible partners in accordance with their own guidelines. The legal basis for the processing of your rating is Art. 6 para. 1 lit. a) GDPR, your consent.
For more information on the data protection conditions of the provider Trustpilot, please visit https://uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms and
https://uk.legal.trustpilot.com/for-reviewers/terms-of-use-for-consumers.
Subject to change
We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.
Status of this privacy policy: 01.09.2023