Data protection

Privacy Policy Travel Zeylan

1. Data protection briefly

1.1. General Information

www.travelzeylan.de , [email protected] , is a company based in Sri Lanka and applying the laws and regulations of the Democratic Socialist Republic of Sri Lanka.

Personal data are data with which you can be personally identified. This data protection declaration explains in detail what data we collect and what we use it for. It also explains how and for what purpose this is done.

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as described in this data protection declaration.

This data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

We would like to point out that data transmission over the Internet (e.g., when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

1.2. Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Note on the responsible body” in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you communicate it to us. This can be, for example, data that you enter in a contact form. Other data are recorded by our IT systems automatically or with your consent when you visit the website. This is mainly technical data (e.g., Internet browser, operating system or time of the page was viewed). This data is collected automatically as soon as you enter this website.

Data security

We use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

What do we use your data for?

Some of the data is collected in order to ensure that the website is error-free. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?

You always have the right to free information about the origin, recipient and purpose of your

to receive stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances.

You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time if you have any further questions about data protection: [email protected] .

Analysis tools and third-party tools

When you visit this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs. You can find detailed information on these analysis programs in the following data protection declaration.

2. Hosting and Content Delivery Networks (CDN)

External hosting

This website is hosted by an external service provider (hoster). The personal data recorded on this website are stored on the host’s servers. This can primarily involve IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para. 1 lit. f GDPR). Our host will only process your data to the extent that this is necessary to fulfill its performance obligations and follow our instructions regarding this data.

We use the following hosters:

Namecheap, Inc.

4600 East Washington Street

Suite 305

Phoenix, AZ 85034

USA

https://www.namecheap.com/legal/general/privacy-policy/  

In order to ensure data protection compliant processing, we have concluded an order processing contract with our hoster.

3 . General information and mandatory information

3.1 Note on the responsible body

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.). The responsible body for data processing on this website is:

Travel Zeylan

c / o Ocean Garden Luxury Villas

80500 Galle Road

Warahena

Bentota

Sri Lanka

Phone: +94 775 872 881

Email: [email protected]

3.2 Duration of storage

Unless a specific storage period is specified in this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies.

If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion takes place after these reasons no longer apply.

3.3 Note on data transfer to the USA and other third countries

Our website includes tools from companies based in the USA or other third countries that are not secure in terms of data protection law. If these tools are active, your personal data can be transferred to these third countries and processed there.

We would like to point out that no data protection level comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to surrender personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g., secret services) process, evaluate and permanently store your data on US servers for monitoring purposes. OGV has no influence on these processing activities.

3.4 Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

3.5 Right to object to data collection in special cases and against

Direct mail (Art. 21 GDPR)

If the data processing takes place based on Article 6 Paragraph 1 Letter E or f GDPR, you have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration.

If you object, we will no longer process your personal data concerned, unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (Objection according to Art. 21 Paragraph 1 GDPR).

If your personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct marketing purposes (objection according to Art. 21 Paragraph 2 GDPR).

3.6 Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in the member state of their habitual residence, their place of work or the place of the alleged violation, in accordance with Art. 77 GDPR. The right of appeal exists without prejudice to other administrative or judicial remedies.

3.7 Right to data portability

According to Art. 20 GDPR, you have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done if it is technically feasible.

3.8 SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

3.9 Information, deletion and correction

In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us at any time free of charge. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details.

In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect personal data, or the completion of your personal data stored by us.

According to Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required.

3.10 Right to restriction of processing

According to Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.

If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.

If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.

If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, your interests and ours must be weighed up. If it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.

3.11. Objection to advertising emails

We hereby object to the use of the contact data published as part of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.

4. Data collection on this website

4.1 Cookies

Cookies are text files that contain data from websites or domains visited and are stored on the user’s computer by a browser. Cookies do not cause any damage to your device. A cookie is primarily used to store information about a user during or after their visit to an online offer.

The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term cookies also include other technologies that fulfill the same functions as cookies (e.g. if user information is stored using pseudonymous online identifiers, also known as “user IDs”).

A distinction is made between the following types of cookies and functions:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.

Permanent cookies: Permanent cookies are saved even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. The interests of users who are used to measure reach or for marketing purposes can also be stored in such a cookie.

First-party cookies: First-party cookies are set by us.

Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary cookies (also: essential or necessary): Cookies can on the one hand be technically essential for the operation of a website (e.g., to save logins or other user input or for security reasons).

Statistics, marketing and personalization cookies: In addition, cookies are usually also used in the context of range measurement and when the interests of a user or his behavior (e.g. viewing certain content, use of functions, etc.) on individual websites in a user profile get saved. Such profiles are used to show users, for example, content that corresponds to their potential interests. This process is also known as “tracking”, following up on the potential interests of users.

Notes on legal bases

The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you require (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) on the basis of Art. 6 Para. 1 lit.f GDPR, unless a different legal basis is given.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in the context of this data protection declaration and, if necessary, ask for your consent. If consent to the storage of cookies has been requested (opt-in procedure), the storage of the relevant cookies takes place exclusively based on this consent (Art. 6 Para. 1 lit. a GDPR); the consent can be withdrawn at any time.

Storage period

If we do not provide you with any explicit information on the storage duration of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage duration can be up to two years.

General information on revocation and objection (opt-out)

Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies (collectively referred to as “opt-out”).

You can first explain your objection using the settings of your browser, e.g. by deactivating the use of cookies (which can also restrict the functionality of our online offer). An objection to the use of cookies for the purposes of online marketing can also be by a variety of services, especially in the case of tracking through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ be explained .

In addition, you can receive further objection notices in the context of the information on the service providers and cookies used.

Processing of cookie data based on consent

We use a procedure for cookie consent management, in the context of which the consent of the user to the use of cookies or the processing and providers mentioned in the context of the cookie consent management procedure is obtained and administered and revoked by the users can be.

The declaration of consent is saved in order not to have to repeat the query and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and / or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device.

Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and information on the scope of the consent (e.g. which categories of cookies and / or service providers) as well as the browser, the system and the device used are stored at the time of consent.

4.2 Server log files

The provider of the pages automatically collects and stores information in so-called server log

Files that your browser automatically transmits to us. These are:

Browser type and browser version
operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data will not be merged with other data sources.

This data is recorded based on Art. 6 Paragraph 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – the server log files must be recorded for this.

4.3 contact form

If you send us inquiries using the contact form, your details will be taken from the

Inquiry form including the contact details you provided there for the purpose of processing the inquiry and in the event of follow-up questions stored by us. We do not pass on this data without your consent.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

We do not pass on this data without your consent.

This data is processed based on Article 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried.

4.4 Inquiries by email or phone

If you contact us by e-mail or telephone, your request, including all the resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

4.5 Opportunity to comment

We offer you the opportunity to leave comments on the individual contributions on our website.

The IP address of the author / subscriber is saved here. This storage takes place for our security if the author encroaches on the rights of third parties through his comment and / or unlawful content is deposited. Thus, there is a self-interest on our part in the stored data of the author, especially since we could possibly be prosecuted for such legal violations. It will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site is also not carried out.

For the comment function on this page, in addition to the comment, information about the time the comment was created and the username you selected are saved. The comments and the associated files (IP address) are saved and remain on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments). This is done based on our legitimate interests within the meaning of Art. 6 Para. 1 lit.f. GDPR.

4.6 Live Chat System

This website uses technologies from Tidio Ltd. 220C Blythe Road, W14 0HH, London, Great Britain ( www.tidiochat.com ) anonymized data for the operation of the live chat system, which is used to answer live support inquiries, is collected and stored. All inquiries / online chats are sent to the operator’s servers in Great Britain via this external online service and processed there.

The personal data provided by you as part of your chatbot request and your IP address will be processed for the purpose of answering your request. The legal basis for the processing of the collected personal data is the fulfillment of a contract or the implementation of pre-contractual measures with you.

Usage profiles can be created from the anonymized data under a pseudonym. Cookies can be used. If the information collected in this way is related to a person, it is processed in accordance with Article 6 (1) (f) GDPR based on our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes. The data collected with the TidioChat technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately given consent of the person concerned.

We would like to point out that when you visit our website, a connection to the TidioChat servers is established and information about the browser, location and operating system you are using can be sent. To avoid the storage of TidioChat cookies, you can set your internet browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored are deleted. Switching off all cookies can, however, mean that some functions on our website can no longer be carried out.

You can object to the collection and storage of data for the purpose of creating a pseudonymised user profile at any time with future effect by sending us your objection informally by email to [email protected] . You can find Tidio’s data protection provisions here:  https://www.tidiochat.com/en/privacy-policy

4.7 Booking

If you would like to register for a trip or rent a holiday accommodation, we collect personal data for the fulfillment of the contract as well as for pre-contractual measures and for the implementation of the trip (Art. 6 Para. 1 lit b GDPR).

First name
last name
address
Phone number
E-mail address
birth date
gender
Passport number and expiry date
Copy of the passport

Please note that personal data can also be collected from fellow travelers. You should therefore ensure that any information relating to third parties is provided by you with the consent of those persons.

To carry out and process the trip you have booked, we will only forward your personal data to the service providers who are involved in the execution of the trip you have booked (accommodation, tour guides, private drivers, event agencies, train, etc.) within the legally permissible framework.

If necessary, we will also forward your data to companies (banks) involved in the payment process. The collection or transmission of personal data to state institutions or authorities only takes place within the framework of mandatory legal provisions. The sale of personal data, especially addresses, to third parties expressly does not take place.

We also use your personal data for advertising purposes such as sending an advertising email. You can object to the use for advertising purposes at any time by email (Art. 21 Paragraph 2 GDPR).

4.8 Registration on our website

If you register on our website to use personalized services, personal data will be collected. This includes the name, address, telephone number and email address as contact and communication data.

Registration enables access to services and content that are only available to registered users. If necessary, registered users have the option of changing or deleting the data provided during registration at any time. If you wish, we will of course inform you which personal data has been collected and stored. In addition, we correct or delete the data on request, provided that the request does not conflict with any statutory retention requirements. If you have any questions or if you want to correct or delete the data, please use the contact details given in this data protection declaration.

4.9 Pay Here

We offer the option of processing the payment process via the payment service provider Pay Here (Pay Here Private Limited, # 46 Galle Road, Kalutara, Sri Lanka, https://www.payhere.lk/privacy ). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Pay Here, insofar as it is necessary for the fulfillment of the contract (Art. 6 Paragraph 1 lit b GDPR).

First name
last name
address
E-mail address
Phone number

The processing of the data given in this section is not required by law or by contract. Without submitting your personal data, we cannot make a payment via Pay Here. You have the option of choosing a different payment method. You must bear the costs of any payment service other than Pay Here.

Pay Here carries out a credit check for various services such as payment by direct debit in order to ensure that you are willing and able to pay. This corresponds to the legitimate interest of Pay Here (according to Art. 6 Para. 1 lit. f GDPR) and serves the execution of the contract (according to Art. 6 Para. 1 lit. b GDPR). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made, whether the payment has been declined or whether a check is pending.

You can find more information on the options for objection and removal from Pay Here at:  https://www.payhere.lk/privacy

Your data will be saved until the payment process has been completed. This also includes the time required to process refunds, claims management and fraud prevention.

5. Analysis tools / tracking tools

The tracking measures we use listed below are carried out on the basis of Art. 6 Para. 1 S. 1 lit. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use tracking measures to statistically record and evaluate the use of our website so that we can continuously optimize our offer for you. These interests are to be seen as legitimate within the meaning of the regulation. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

5.1 Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. https://about.google/intl/de/ (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google “). In this context, anonymized usage profiles are created, and cookies (as under section 4) are used.

The information generated by the cookie about your use of our website such as

Browser type / version
Operating system used
Referrer URL (the previously visited page)
Host name of the accessing computer (IP address)
Time of the server request

are transmitted to and stored by Google on servers in the United States. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us.

Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking). You can prevent the installation of cookies by setting the browser software accordingly.

However, we would like to point out that in this case not all information on this website can be used in full.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on: http: //tools.google.com/dlpage/gaoptout?hl=de

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help ( http://support.google.com/analytics/answer/6004245?hl=de ).

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help ( http://support.google.com/analytics/answer/6004245?hl=de ).

5.2 Google Ads Conversion Tracking

We use Google Conversion Tracking to statistically record and evaluate the use of our website and to optimize our website. Google Ads is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).

Google Ads will place a cookie (see section 4) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customer and the cookie has not yet expired, Google and the customer can see that the user clicked on the ad and was redirected to this page.

Each Ads customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking.

Ads customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the www.googleadservices.com domain . You can find Google’s data protection information on conversion tracking at http://services.google.com/sitestats/de.html

5.3 Google Tag Manager

This website uses Google Tag Manager. The Tag Manager is a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and does not collect any personal data.

The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags. The legal basis is Article 6, Paragraph 1, Clause 1, Letter f of the GDPR. https://policies.google.com/privacy?hl=en

5.4 Google Remarketing

This website uses the remarketing function of Google Inc. (“Google”). This function is used to present interest-based advertisements to visitors to the website as part of the Google advertising network. The website visitor’s browser saves so-called cookies (see Section 4), text files that are saved on your computer and that make it possible to recognize the visitor when he visits websites that belong to the Google advertising network. On these pages, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s remarketing function.

According to its own information, Google does not collect any personal data during this process. If you still do not want Google’s remarketing function, you can always deactivate it by making the appropriate settings at http://www.google.com/settings/ads . Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp .

6. Social media

We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because, for example, the enforcement of the users’ rights could be made more difficult.

Furthermore, the data of the users within social networks are usually processed for market research and advertising purposes. For example, usage profiles can be created on the basis of user behavior and the interests of the users resulting therefrom. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and the information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

6.1 Facebook plugins (like & share button)

Plugins of the social network Facebook are integrated on this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries.

You can recognize the Facebook plugins by the Facebook logo or the “Like” button on this website. You can find an overview of the Facebook plugins here:

https://developers.facebook.com/docs/plugins/?locale=de_DE .

When you visit this website, a direct connection is established between your browser and the Facebook server via the plug-in. Facebook receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This enables Facebook to assign your visit to this website to your user account.

We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by Facebook. You can find more information on this in Facebook’s data protection declaration at: https://de-de.facebook.com/privacy/explanation . If you do not want Facebook to be able to assign your visit to this website to your Facebook user account , please log out of your Facebook user account .

The Facebook plugins are used on the basis of Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be withdrawn at any time. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR ).

The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the forwarding is not part of the shared responsibility. The obligations we have jointly have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook products.

You can assert rights of data subjects (e.g. requests for information) with regard to the data processed on Facebook directly on Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

We have concluded an agreement on joint processing (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page, post articles or otherwise interact with our Facebook page (page insights). You can view this agreement under the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum ,

https://de-de.facebook.com/help/566994660333381 and

https://www.facebook.com/policy.php .

6.2 Instagram plugin

Functions of the Instagram service are integrated on this website. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to this website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram.

The storage and analysis of the data takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be withdrawn at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland are jointly responsible for this data processing (Art . 26 GDPR). You can find more information on this in Instagram’s privacy policy :  https://instagram.com/about/legal/privacy .

The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after the forwarding is not part of the joint responsibility. The obligations we have jointly have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum .

According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the implementation of the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert rights of data subjects (e.g. requests for information) with regard to the data processed on Facebook or Instagram directly on Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum ,

https://help.instagram.com/519522125107875 and

https://de-de.facebook.com/help/566994660333381 .

7. Plugins and Tools

7.1 YouTube

This website integrates videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the extended data protection mode. According to YouTube, the domain  https://www.youtube-nocookie.com means that YouTube does not store any information about visitors to this website before they watch the video.

However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube connects to the Google DoubleClick network regardless of whether you are watching a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established.

The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can save various cookies on your device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud. If necessary, further data processing operations can be triggered after the start of a YouTube video, over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 lit. The consent can be revoked at any time https://tools.google.com/dlpage/gaoptout?hl=de .

You can find more information about data protection at YouTube in their data protection declaration at: https://policies.google.com/privacy?hl=de .

7.2 Rating Widgets

We integrate so-called “evaluation widgets” into our online offer. A widget is a functional and content element that is integrated into our online offering and that displays variable information. It can be displayed, for example, in the form of a seal or a comparable element, sometimes also called a “badge”. The corresponding content of the widget is displayed within our online offer, but it is retrieved at this moment from the servers of the respective widget provider. This is the only way to always show the current content, especially the current rating.

For this, a data connection must be established from the website called up within our online offer to the server of the widget provider and the widget provider receives certain technical data (access data, including IP address) that is necessary for the content of the widget to be sent to the browser of the user can be delivered.

Furthermore, the widget provider receives information that users have visited our online offer. This information can be stored in a cookie and used by the widget provider to recognize which online offers that take part in the evaluation process have been visited by the user. The information can be saved in a user profile and used for advertising or market research purposes.

Processed data types: contract data (e.g. subject of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: customers, users (e.g. website visitors, users of online services).
Purposes of processing: feedback (e.g. collecting feedback via online form), marketing.
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

7.3 Tripadvisor

This page integrates a widget from TripAdvisor for displaying ratings. The provider is TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494 USA ( https://tripadvisor.mediaroom.com/DE-contact-us ).

To use the functions of the TripAdvisor widget, it is necessary to save your IP address. This information is usually transmitted to a TripAdvisor server in the USA and stored there. The provider of this site has no influence on this data transfer.

The TripAdvisor widget is used in the interest of presenting the reviews of our tours given on TripAdvisor. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 lit.f GDPR.

You can find more information about the handling of user data at TripAdvisor in the privacy policy of TripAdvisor:  https://tripadvisor.mediaroom.com/us-privacy-policy

7.4 Google Web Fonts (local hosting)

This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers. For more information on Google Web Fonts, see

https://developers.google.com/fonts/faq and in Google’s privacy policy:

https://policies.google.com/privacy?hl=de .

7.5 Google Maps

We integrate the maps from the “Google Maps” service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland https://cloud.google.com/maps-platform .

The processed data can include, in particular, IP addresses and location data of the users. This information is usually transmitted to and stored by Google on servers in the United States. The provider of this site has no influence on this data transfer.

If Google Maps is activated, Google can use Google Web Fonts for the purpose of uniformly displaying the fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 lit. the consent can be withdrawn at any time. Opt-out plug-in:  https://tools.google.com/dlpage/gaoptout?hl=de .

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .

You can find more information on handling user data in Google’s data protection declaration: https://policies.google.com/privacy?hl=de .

8. Own services

OneDrive

We have integrated OneDrive on this website. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “OneDrive”). OneDrive enables us to include an upload area on our website where you can upload content. When you upload content, it is stored on the OneDrive servers.

When you enter our website, a connection to OneDrive is also established so that OneDrive can determine that you have visited our website. OneDrive is used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in a reliable upload area on his website. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR. The consent can be withdrawn at any time.

 9. Disclosure of data

A transfer of your personal data to third parties for purposes other than those listed below does not take place: We only pass on personal data to third parties if:

You have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit.
the transfer according to Art. 6 Para. 1 S. 1 lit.
in the event that there is a legal obligation for disclosure in accordance with Art. 6 Paragraph 1 Clause 1 lit.
this is legally permissible and required according to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.

10. Up-to-dateness and changes to this data protection declaration

This data protection declaration is currently valid from October 1st, 2021. Due to the further development of our website and our offers or due to changed legal framework conditions or official requirements, it may be necessary to change this data protection declaration. You can view and print out the current data protection declaration on our website at any time.

1.10.2021