2. Name and Contact Information for the Person Responsible for Data Processing and of the Company’s Data Privacy Officer
3. Purposes of Data Collection, Legal Basis and Legitimate Interests Pursued by Us or a Third Party, and Categories of Recipients
3.1. Accessing our Service
If you access our Services, especially by visiting our website or app, the app or the browser used on your device automatically sends information to our server and temporarily stores it in a log file. The following information is collected without your intervention and stored until it is automatically or manually deleted in the log file:
3.2. Concluding, Performing or Terminating an Agreement
Data Collected when concluding an agreement
We primarily define our Services as those of a trip designer: Based on your likes, age and days of trip, a local expert will design your trip plan day by day, suggested places and a broad variety of other information about the city you are going to travel. To do this, we collect the information required to conclude, perform or terminate an agreement. This includes:
3.3 Data Processing for Customer Support or Customer Service
3.3.1 Informational purposes
If you have signed up for our Services, we manage you as an existing customer. In this case, we process your contact information in order to send you information about new, enhanced or improved features, products and services, etc.
3.3.2. Personalized ads
To ensure that you receive only information that corresponds to your interests, we classify and add information to your customer profile. For this purpose, both statistical information as well as information about you (such as basic or historical data from your customer profile) are used. The goal is to optimize our Services by adapting them to your actual or perceived interests and/or needs, and to send you the appropriate recommendations and not bother you with useless ads. The legal basis for each of the aforementioned data uses is Art. 6(1) b) and f) of the GDPR and Art. 9(2) a) of the GDPR. The use of existing customer data for the company’s own advertising purpose is recognized as a legitimate interest under Recital 47 of the GDPR.
4. Data Processing for the Provision of our Services
In this section, we inform you about the data processing necessary for the provision of our Services:
4.1. Online Presence and Website Optimization
We will not sell or lease your information to third parties for their marketing purposes without your explicit consent. We only disclose certain information to third parties from time to time to be able to offer the best possible product to our customers, improve the quality of our Services and protect the interests of our customers. However, this disclosure will always be subject to strict limitations, which are described in more detail below.
4.1.1. Cookies – General Information
If you already have a customer account and are logged on, the information stored in the cookies are associated with that account.
4.1.2. Facebook Pixel
To set up, continuously improve, and track the conversion of our Facebook campaigns as required, in compliance with Art. 6(1) f) of the GDPR, we use the individual visitor action pixel of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”). This pixel is integrated into our website’s code. This helps us ensure that the Facebook ads we initiate are only displayed to Facebook users who have shown interest in our Services. In this way we know that our Facebook ads correspond to the potential interest of the respective users and not bothering them. It also allows us to track the actions of Facebook users after they have viewed or clicked on one of our Facebook ads. At the same time, it helps us track the conversion of the respective campaign for statistical, market-research and billing purposes. The following information is collected during its use:
Information collected in this way is anonymous to us and therefore does not provide us with any information about the identity of the respective user. Such processing for behavioural and interest-based advertising purposes is recognized as in our legitimate interest under Recital 47 of the GDPR. The data is stored in accordance with the legally established retention periods and then automatically deleted.
4.1.3 Facebook Lookalike Audiences
To optimize targeting and track the conversion of our Facebook campaigns, in compliance with Art. 6(1) a) of the GDPR, we use the option of developing Facebook lookalike audiences offered to us by Facebook. You can find more information about the Facebook Lookalike Audiences at: https://www.facebook.com/business/help/365463786964246.
The data processing for advertising on the basis of behaviour and interests is recognized as in our legitimate interest under Recital 47 of the GDPR. If you belong to the Facebook Lookalike Audience, we send your email address and your device’s ID to Facebook. You can object to this special data processing at any time by changing your Facebook settings at https://www.facebook.com/settings/?tab=ads or simply inform us that you no longer want this processing in the future. Please use the contact options for our company’s data privacy officer for this purpose.
4.1.3 Facebook Login
We allow you to sign up for and log on to our Services via the Login with Facebook feature. This replaces the otherwise necessary registration. To log in you are redirected to the Facebook server, where you sign on using your user information. This links your Facebook profile to our Services. By using this simplified login feature, you give us your consent to use the following information from your publicly visible profile:
The legal basis of the aforementioned data processing is Art. 6(1) a) of the GDPR and Art. 9(2) a) of the GDPR. The purpose of the data collection above is the simplified login and the establishment and fulfilment of an agreement. This information is required for the conclusion of the agreement in order to be able to identify it. For the purpose and scope of Facebook’s data collection and the further processing and use of the information, as well as the associated rights and setting options to protect your privacy, please consult the Facebook privacy information.
4.1.4 Google Login
We allow you to sign up for and log on to our Services via the Login with Google feature. This replaces the otherwise necessary registration. To log in you are redirected to the Google server, where you sign on using your user information. This links your Google profile to our Services. By using this simplified login feature, you give us your consent to use the following information from your publicly visible profile:
4.1.5 Google Analytics
For the custom design and continuous improvement of our Services, in compliance with Art. 6(1) f) of the GDPR, we use the web analytics service of Google Analytics of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Using cookies, Google creates pseudonymised user profiles. The information generated by the cookies for users includes:
This information is sent to a Google server in the U.S. and stored there. The information is used to evaluate the use of our Services, to compile reports on the activities, and to provide other related services for purposes of market research and customized design. This information may also be sent to third parties if required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be merged with any other Google data. The IP addresses are anonymised so that assignment is not possible (IP masking).
You can prevent the installation of the cookies in advance by configuring your browser software accordingly or object to the continued processing of your data with the cookies by clicking on the opt-out link. Please note that if you disable cookies, it will not be possible to fully take advantage of all of the features of our Services. You can also prevent Google from collecting and processing the data generated by the cookies and related to your usage (including your IP address) by downloading and installing this browser add-on. On mobile devices, we recommend using private mode. You can find more information on protecting your privacy in relation to Google Analytics on the Google Analytics website.
4.1.6 Google Tag Manager
4.1.7 Stripe Payment Service
6. Your rights
In addition to the right at any time to withdraw any consent you have given us, you are also entitled to the following if the respective legal conditions are met:
6.2. Right to Object
Under the provisions of Art. 21(1) GDPR, the data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data.
7. Data Security
We apply the highest standards to data security for our infrastructure and the processing of your data. For example, we use protection mechanisms for computers such as firewalls and data encryption. Our buildings and data are subject to physical access controls. Access to the personal information of our customers is only possible for those employees who need them to carry out their activities.
All personal data sent by you, including your payment information, is also transmitted using the generally accepted and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. it is also used for online banking. You will recognize a secure SSL connection with the placement of an “s” at the end of http (i.e. https: // …) in the address bar of your browser, or with the lock icon at the bottom of the browser.
We also apply suitable technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously monitored using the latest technology, and regularly adapted to the relevant risk, and improved if necessary.
8. Children’s Privacy
Protecting the privacy of young children is especially important. For that reason, we do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register. If you are under 16, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 is allowed to provide any personal information to or on the Services. In the event that we learn that we have collected personal information from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org.
9. Notification Procedures