Description of cookie types
Technical cookies are primarily relevant to the website’s functionality. There are navigational or session state cookies, which enable user-friendly navigation on our website. Furthermore, there are so-called analytics cookies, which collect information, for instance about the number of website visitors and the way they found the website. Also the preferences cookies are technical cookies; they allow the website to remember your selection (for instance your selected filter settings or the previously installed automatic language setting of a website).
In the following text we indicate which technologies are used on our website, for which purpose, to which extent and in which way. The use of so-called third party cookies (cookies by other advertisers) may occur. Further information is filed as link in the corresponding section. You can also block these third party cookies explicitly in the settings of your respective browser.
The website of the European Interactive Digital Advertising Alliance (www.youronlinechoices.eu) provides further information on cookies, a list of cookies installed in your computer, as well as the options for their deactivation. Please note that only the cookies of participating companies (most of them in the advertising sector) are listed and thus only these can be deactivated.
Profiling cookies – retargeting:
We indicate that no personal data will be saved by the profiling cookies and that no user profiles are matched with your personal data. Profiling cookies are not used to identify individuals, but the information is merely stored to provide anonymized information for a more selective interest-based marketing campaign.
If you would like to avoid profiling cookies, please follow the links above or block them directly in your browser settings (see descriptions below).
Webtracking – Google Analytics:
You can block cookies with a corresponding setting in your browser software; however, in this case and where applicable, you may not be able to use all website functions. Furthermore, you can prevent Google from capturing data related to your website usage (incl. your IP address) by means of cookies and from processing this data, if you download and install the available browser plugin on the link tools.google.com/dlpage/gaoptout.
You will find general information about Google Analytics and safeguarding your data at https://www.google.com/intl/de/analytics/learn/privacy.html.
By using this website you agree to the processing of the collected data by Google and/or other web analytics service providers in the above described way and mentioned purpose.
Webtracking – intelliAd:
This website uses the web analytics service of intelliAd Media GmbH, Sendlinger Str. 7, 80331 München. For the purpose of statistics, a user friendly design and website optimisation, anonymized user data are collected and recorded. Where applied, intelliAd Trackings saves cookies locally. You can block saving your (anonymously collected) visitor’s data for the future. Please use the intelliAd Opt-Out function for that purpose.
Using social plugins
Social plugins are integrated on this website via the so-called “2 click solution”. By default, these buttons do not transmit data to third parties. The user manually activates the transmission of data to the respective social network operator and the installation of third party cookies. However, this only applies to the particular site and to the selected service. Via the “cog wheel” icon, the user can save respective preferences and change them at any time.
Should you activate the social plugins, please read the following explanations about their function and about which data are transmitted.
Privacy notice for the use of Facebook plugins (Like button)
This website may have integrated plugins by the Facebook social network (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA). You can recognise the Facebook plugins by the Facebook logo or the Like button on our website. Please find here an overview of the Facebook plugins: https://developers.facebook.com/docs/plugins/
As already described above, the plugins are deactivated in a default state and no data are transmitted. Plugins are only activated when you activate them explicitly.
If you access one of our websites with Facebook plugins, the plugin creates a direct connection from your browser to the Facebook server. In this way, Facebook receives a notification that you have visited our site with your IP address. When using the plugin functions while being logged in to your Facebook account (e.g. by clicking the “Like” button or creating a comment), you can link the content of our site to your Facebook profile. In this way, Facebook can allocate your visit of our site to your user account. If you are not a Facebook member, there is, however, still a possibility that Facebook learns your IP address and saves it. Please note that we as the providers of the website have no knowledge about the data transmitted and its use by Facebook. The Facebook privacy notice provides further information concerning this issue at https://de-de.facebook.com/policy.php
Conversion measurement and Custom Audience with Facebook Pixel:
Conversion tracking allows following a user’s path on the website by means of a specific tracking code which is personalised on the basis of target indicators.
The Custom Audience is a targeting option by which the users who visited a website can be reached on Facebook. It is possible to automatically group these users through the specific actions on the website. Such information is forwarded to Facebook via tracking code.
The encrypted data are used for matching purposes only, they are not shared with third parties or other advertisers and are deleted immediately upon completion of the matching process. If you wish to deny your consent to the use of Facebook Pixel, please visit: https://www.youronlinechoices.eu
Facebook Custom Audience with e-mail addresses
Facebook Custom Audiences are intended for remarketing campaigns, in which the advertiser encodes, using a particular algorithm, the e-mail addresses of its customers obtained and collected for this purpose and uploads that checksum (hash values) to the Facebook server. Facebook is able to match such uploaded data with their own list of hashed user IDs and remember the matching items in the advertiser’s customer account as “customer audiences” (= user-defined target group) and thus target the advertising activities. Once the matching process has been finished, all the uploaded hash values are deleted.
Please find further information on the scope of data collection and subsequent processing and use of the data by Facebook Custom Audiences in Facebook data privacy guidelines, e.g. at https://www.facebook.com/ads/website_custom_audiences/ and at www.facebook.com/privacy/explanation. Please find the terms for Custom Audiences at https://www.facebook.com/ads/manage/customaudiences/tos.php. On the following link, you will be able to deny the collection and use of information for online advertising oriented to particular target groups: https://www.facebook.com/ads/website_custom_audiences/
Google Custom Match with e-mail addresses
With Google Customer Match, the advertisers import their own lists of customer e-mail addresses into their own Google AdWords account; they are encoded based on a particular algorithm.
Customer Match then matches the anonymized e-mail lists in AdWords with their own database of registered users, and in that way Google is able to display targeted advertisements within Google search, YouTube and Gmail, and optimize advertising campaigns. Additionally, Google can also identify similar customers with similar interests based on the uploaded user lists.
With its Customer Match function, Google creates a central source of information for retargeting of customers (i.e. visitors are captured on a website and subsequently they are addressed with targeted advertising when visiting another website). The following guidelines apply for the data made available by the advertiser for the Customer Match function: https://support.google.com/adwordspolicy/answer/6299717?hl=de.
Please see the Google data privacy statement for additional information: https://www.google.com/intl/de/policies/privacy/. You can edit the settings for personal data and privacy within Google “My Account”: https://myaccount.google.com/intro?hl=de
Using the Google “+1” button
Our website uses the “+1” button of the Google Plus social network operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). You can recognize the button by the “+1” symbol on white or coloured background. As already described above, the plugins are deactivated in a default state and no data are transmitted. Plugins are only activated when you activate them explicitly.
Every time you visit one of our websites containing the “+1” button, your browser loads and displays the “+1” button graphics from the Google server. At the same time, the Google server learns which one of our websites you are visiting. When a “+1” button is displayed, Google protocols your browser history, for the duration of up to two weeks, for the purpose of system maintenance and error management. There is no further assessment of your visit on our website with a “+1” button. If you press the “+1” button when logged in on Google+ (Google Plus), Google captures your Google profile information via your recommended URL, your IP address and other browser-related information, in order to save your “+1” recommendation and make it publicly available. Your “+1” recommendations can be displayed as tips together with your profile name and your photo in Google services, such as in search results or in your Google profile (as “+1” tab in your Google profile), or in other places on websites and web advertisements. For more information about purpose and dimension of data collection, further processing and data use by Google as well as your respective rights and setting options to protect your privacy, please visit the Google data protection information about the “+1” button:
Data usage by Google when visiting our partner websites or using partner apps: https://www.google.com/policies/privacy/partners/?hl=de
Data protection when using the +1 button https://support.google.com/plus/answer/1319578?hl=de and about the +1 button https://support.google.com/plus/answer/1047397?rd=1
How to block cookies in your browser settings
- Click Menu and then Options.
- Go to the Privacy panel.
- In section “History” choose “Use custom settings for history“.
- Now remove the check mark from “Accept cookies” from displayed options.
- Click the “OK” button.
Please find detailed information at: https://support.mozilla.org/de/kb/Cookies-blockieren
- Click Menu and then Options.
- Click “Show advanced settings” at the bottom.
- In the “Privacy” section, click the “Content settings” button.
- In the “Cookies” section, select “Block sites from setting any data”.
- Click the “OK” button.
Please find detailed information at: https://support.google.com/chrome/answer/95647?hl=de
- Open “Internet options” under the “Extras” menu item or, when the menu bar is not displayed, click the menu symbol and then “Internet options”.
- Click the “Privacy” panel.
- Move the slider to choose, from several levels, the way cookies are handled. When the slider is all the way up, all cookies are blocked, when it is all the way down, all cookies are allowed.
- Click the “OK” button.
Please find detailed information at: https://windows.microsoft.com/de-de/windows7/block-enable-or-allow-cookies
- Click “Privacy“ within the settings.
- In the “Block cookies” section, specify whether and when Safari should accept cookies from websites. Please click the Help button (visualized by question mark) for additional information.
Please find detailed information at: https://support.apple.com/kb/PH5042?locale=en_US
Google Webfonts and Google Maps
In order to render our content correctly and graphically appealing across browsers, we use script libraries and font libraries on this website, such as Google Webfonts (https://www.google.com/webfonts/). Google web fonts are transferred to the cache of your browser to prevent multiple loading. in case the browser does not support Google Webfonts or prohibits access, content will be displayed in a standard font. A call of script libraries or font libraries automatically triggers a connection to the operator of the library. It might be possible that operators of such libraries collect data.
This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map features by visitors. Please refer to the Google Privacy Notice for more information about data processing by Google. There you can also change your personal privacy settings in the privacy centre. Please find detailed instructions on how to manage your own data related to Google products here: https://www.google.com/policies/privacy/.
4. Purpose of processing and legal basis
4.1 To perform on a contract and take steps prior to entering into a contract (art. 6 para 1 b of GDPR)
We process your data in order to perform on our contracts with you. In particular, the data processing is intended for delivery of services associated with holiday accommodation requested and, if applicable, booked by you, as well as for any related measures and activities, such as contractual communication, reservations, cancellations, billing and payment transactions.
4.2 For the purposes of legitimate interests pursued by us or a third party (art. 6 para 1 f of GDPR)
Your data can be used, based on a consideration of our legitimate interests and of legitimate interests of third parties, for example for the following purposes:
- General business management and development of services, systems and products
- IT security and IT operations
- Enforcement of legal claims and defence of legal disputes
- Statistical evaluations
- Customer history
- Collecting of information and data interchange with credit agencies
- Restricted storage of data, where a deletion is not possible or would involve a disproportionate effort due to a particular kind of storage
- Completion of data using publicly available data sources
- Building security and general security (e.g. access control, video surveillance)
- Exercise of householder's rights by appropriate measures such as video surveillance for protection of customers and employees, as well as for obtaining evidence in case of disputes and their prevention
- Advertising or market and opinion research, insofar you have not raised objection to the use of data for such purpose
4.3 Based on your consent (art. 6 para 1 a of GDPR)
Where you have given your consent with processing of your personal data, such consent is the legal basis for the processing as indicated therein.
In that way, you may have given your consent to promotional approach by e-mail or telephone.
You can withdraw your consent at any time, and such withdrawal will apply from that time on.
4.4 For compliance with a legal obligation (art. 6 para 1 c of GDPR)
We are subject to a number of legal obligations (e.g. commercial and tax legislation and regulatory provisions). The purposes of processing therefore also include compliance with tax control and reporting duties, data archiving for the purpose of data protection and data security, as well as inspection by fiscal and other authorities. Besides this, disclosure of personal data may be required by actions of public and legal authorities.
5. Processing of data categories not obtained from you and their origin
We may also process personal data that we have permissibly obtained from publicly accessible sources (e.g. telephone directories, public registers, debtor registers, press and internet). Moreover, we may process personal data that we have permissibly obtained from another enterprise or other third parties (e.g. credit agencies). Such processing is performed insofar it is required for the provision of our services.
This can include the following categories of personal data:
- Personal information (name, date of birth, place of birth, nationality, family status, profession, etc.)
- Address information (registration data, etc.)
- Contact information (address, telephone and fax number, e-mail address, etc.)
- Payment/coverage confirmation for bank and credit cards
- Information on your financial situation
- Data on the use of telemedia offered by us
- Video data
6. Recipients of personal data
Our employees store your data, insofar this is required in order to exercise our contractual and legal obligations or within the scope of our legitimate interest, for example for the purposes of accounting, marketing, IT and legal departments, reception desk personnel, etc.
Disclosure of your data to external entities takes place exclusively
- In connection with performance on a contract
- For the purpose of compliance with legal obligations (see item 4.4)
- Based on our legitimate interest or a legitimate interest pursued by a third party for the purposes indicated under item 4.2 (e.g. authorities, collection of payments, lawyers, auditors, tax advisers, appraisers, courts of law, etc.)
- Insofar external entities process your data based on our instructions as processors (art. 28 of GDPR, e.g. IT service providers, printing services, logistics, data purging providers, credit institutions, archiving, telephony, website management, etc.)
7. Are data transferred to a third county or an international organisation?
Your data are only transferred to countries outside the European Economic Area – EEA (third countries), insofar this is required in order to perform on the contract or to pursue a legal obligation.
8. Storage period
We store and process your data during our business relationship. This also includes preparation and establishment of a contract. Apart from this, we are subject to various storage and documentation duties, in particular from the Commercial Code and the Fiscal Code. The periods stipulated there are up to ten years. Finally, the storage period is also determined based on the legally imposed limitation periods, which are, for instance, pursuant to the Civil Code, usually three years, however, they can extend up to thirty years in certain cases.
9. Your data privacy rights
Based on the relevant legal conditions, you have:
- Right to be provided information to art. 15 of GDPR and section 34 of BDSG (Federal Data Protection Act)
- Right to rectification to art. 16 of GDPR
- Right to erasure to art. 17 of GDPR
- Right to restriction of processing to art. 18 of GDPR
- Right to data portability to art. 20 of GDPR
- Right to object to art. 21 of GDPR
- Right to withdraw consent (see item 4.3) The lawfulness of processing performed based on a consent during the time before withdrawal remains unaffected.
- Right to lodge a complaint with a supervisory authority to art. 77 of GDPR
When you wish to exercise your rights, please use, if possible in writing, our address indicated in item 2 or directly contact the data protection officer. Please attach the data required for your identification (e.g. a copy of your identification document).
We commit ourselves to responding within one month. If, for any reason, we are unable to satisfy your request, we will inform you accordingly.
10. Do you have an obligation to make your data available?
During our contractual relationship or during the pre-contractual period with us, you only need to provide such personal data, which are required to establish, pursue and terminate the relationship, or which we are legally obliged to collect. Without such data, we are generally not able to conclude and pursue the contract.
11. Does automated individual decision making, including profiling, take place?
In general, we use no automated decision making pursuant to art. 22 of GDPR.
In some cases, we may process your data with the aim of evaluating certain personal aspects (profiling) in order to determine your potential interest in particular products and services (e.g. special offers). Such evaluation is based on statistical procedures using current customer data, as well as those from the past. We use the results to be able to better address your needs and preferences.
This privacy notice is effective from 25 May 2018. The data controller reserves the right to amend or update its content, in part or in full, especially in the case of changes in the applicable law. For this reason, the data controller recommends you to visit this section regularly in order to be informed on the latest and up to date version of this privacy notice.
Information on your right to object to art. 21 of GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data that may concern you, which is based on point (e) or (f) of article 6 para 1 of GDPR. This also applies to profiling based on those provisions.
When you object, your personal data will no longer be processed, unless compelling legitimate grounds are demonstrated for the processing, which override your interests, and unless the processing is intended for establishment, exercise or defence of legal claims. Within the framework of statutory provisions, we may also process your data for direct marketing purposes. You have the right to object at any time to processing of personal data that may concern you for the purpose of such marketing. This also applies to profiling to the extent that it is related to such direct marketing.