Privacy Protection

For information: Translation is for information purposes only. In case of discrepancy with the German version, the German version shall prevail.

Dear visitors to our website,

Thank you for visiting our website. To ensure that you feel safe and comfortable when visiting our website, we would like to inform you how we handle your data. The following data protection regulations are intended to inform you about our handling of the collection, use and transfer of personal data.

DERTOUR Deutschland GmbH is responsible for data processing.

Handling of personal data

The protection of your privacy is very important to us. We use information that we receive and store during your visit to our website exclusively for internal purposes to ensure security and improve the functionality of the website. We only store the IP address transmitted by your web browser for a period of time in order to be able to recognise, limit and eliminate faults or errors (e.g. attacks on our servers). However, the storage ends after one month at the latest. After this period, we delete or anonymise the IP address.

Usage of Data/ Log files

When you visit our website, so-called usage data is temporarily stored on our web server as a log for security purposes and to improve the function.

This data record consists of:

  • the page from which the file was requested,
  • the name of the file,
  • the date and time of the request,
  • the amount of data transferred,
  • the access status,
  • the description of the type of web browser used,
  • the IP address of the requesting computer (see above, anonymised after the above-mentioned period).

We use this information to enable you to access our website, to control and administer our systems and to improve the function of the website. This is done on the basis of our predominantly legitimate interest in the security and functionality of our website Art. 6 para. 1 lit. f DSGVO.

1. Who is responsible for data processing and whom can you contact?

We process the following data pursuant to Art. 6 para. 1 lit. b DSGVO for the purpose of fulfilling the contract:

  • Title
  • Salutation
  • First name, last name
  • Address data (sending of invoice and travel documents)
  • Date of birth/age of all travellers
  • Telephone number of the main traveller/contact person (to contact at short notice in case of changes)
  • E-mail address (to send summary of booking details)
  • Credit card details (to guarantee your reservation)

The responsible party for data processing is DERTOUR Deutschland GmbH, Humboldtstraße 140, 51149 Köln, Amtsgericht Köln HRB 53152. If you have any questions about data protection, you can contact the following e-mail address: datenschutz@dertouristik.com.

2. What data and what sources do we use?

We process data that we receive while handling our contractual relationship with you and your travelers/participants. We receive the data directly from you when you access our services, through your company or external partners who may provide us with the data on your or your company’s behalf.

Where you provide us with personal data about other people (e.g. fellow travelers), you must ensure that they consent to this and that you are permitted to provide the data. You must ensure that these persons know how their personal data can be processed by us and what rights they have.

Where necessary, we process the following categories of data for the performance of our services:

  • Master data for the performance and fulfilment of the agreed services. (e.g. title, name, gender, date of birth or age of all travelers/participants as well as address, e-mail address, telephone number and customer/transaction number of the travel applicant/travel manager).
  • Health data for the prevention of accidents and for the protection of the traveler(s)/participant(s) (e.g. degree of physical disability, severely disabled ID, food intolerances, allergies, pregnancies)
  • Legitimation data for VISA applications (e.g. data from the identity card)
  • Data in connection with payment processing and, if applicable, as security for the deposit of services (e.g. bank data, credit card data)
  • Communication data (e.g. correspondence or e-mail correspondence with you)
  • Data of your past or previous bookings and stays as far as booked or arranged through us (e.g. travel history, personal preferences, ratings)
  • Advertising and sales data (e.g. about new potentially interesting offers)
  • Travel data (e.g. travel period, hotel)

 

3. On what legal basis and for what purpose is your data used?

3.1 For the implementation of pre-contractual measures and fulfilment of contractual obligations (Art. 6 para. 1 lit. b EU-DSGVO)

We process your data to implement our contracts with you and your travelers/participants, i.e. in particular to implement and process the contractual services booked. The purposes of the data processing depend in detail on the specific services and the contractual documents (e.g. accommodation, social program, transfers, restaurant bookings).

3.2 For the protection of legitimate interests (Art. 6 para. 1 lit. f EU-DSGVO)

Within the framework of a balancing of interests, to safeguard legitimate interests, your data may be used by us or by third parties. This is done for the following purposes:

  • Further development of services and additional products
  • Advertising, market and opinion research
  • Assertion of legal claims and defense in legal disputes
  • Prevention and investigation of criminal offences
  • Processing enquiries and providing necessary information
  • Ensuring IT security and availability of IT operations.

Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient fulfilment of tasks, sales, avoidance of legal risks).

Insofar as the specific purpose permits, we process your data pseudonymously or anonymously.

3.3 Based on your consent (Art. 6 para. 1 lit. a EU-DSGVO)

If you have given us consent to process your personal data, this respective consent is the legal basis for the processing referred to therein. In particular, you may have consented to being contacted by e-mail, telephone or messenger service. You can revoke your consent at any time with effect for the future. To do so, please contact us at our contact address. The revocation only applies to future processing, not to processing that has already taken place.

3.4 Due to legal requirements (Art. 6 para. 1 lit. c EU-DSGVO)

We are subject to various legal obligations and statutory requirements (e.g. German Civil Code (BGB), German Commercial Code (HGB), GoB, Passenger Data Act, EU Package Travel Directive, tax laws of the Federal Republic of Germany).

The purposes of the processing include identity and age verification, fraud prevention, the fulfilment of control and reporting obligations under tax law and the assessment and management of risks.

3.5 Data processing for the protection of vital interests (Art. 6 para. 1 lit. d EU-DSGVO)

We process your data in individual cases to protect your vital interests, e.g. in order to be able to provide emergency services with an evacuation list in emergency situations. The data will be deleted after the required retention periods have expired.

3.6 Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. Who receives my data?

Your personal data will only be passed on in compliance with the requirements of the EU-DSGVO and only insofar as this is permitted by a legal basis. Within our sales organisation, only those offices will receive your data that need them to fulfil our contractual and legal obligations or to perform their respective tasks (e.g. hotels, transfer companies, agencies, service providers for payment processing).

In addition, the following bodies may receive your data:

  • Order processors used by us (Art. 28 EU-DSGVO), in particular in the area of booking systems and IT services, logistics and printing services, who process your data on our behalf in accordance with your instructions
  • public bodies and institutions (tax authorities, embassies of the country of destination) in the event of a legal or official obligation (retention obligations, VISA procurement, obtaining entry requirements) as well as
  • other bodies for which you have given us your consent to the transfer of data.

 

5. How long will my personal data be stored?

 As far as necessary, we process your personal data and those of your travellers/participants for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations resulting from the German Civil Code (BGB), the German Commercial Code (HGB), the German Fiscal Code (AO) and the EU Package Travel Directive, among others. The retention and documentation periods specified there are three to a maximum of ten years.

  • Retention for 3 years according to §§ 195 ff. BGB
    • beginning with the conclusion of the transaction: for the purposes of advertising, market and opinion research as well as for processing enquiries and providing necessary information
    • beginning with the following year, after the claim has arisen, for the pursuit of legal claims
  • Retention for 6 years beginning with the end of the calendar year in which the commercial/business letter was received or sent: in accordance with statutory retention periods from § 257 HGB for commercial and business letters
  • Retention for 10 years begins at the end of the calendar year in which the last entry was made in the trading book, the inventory was drawn up, the opening balance sheet or the annual financial statements were adopted, the individual financial statements were drawn up in accordance with section 325 (2a) or the consolidated financial statements were drawn up, the commercial letter was received or dispatched or the accounting voucher was created in accordance with section 257 (54) HGB for commercial documents 54 HGB for transactions relevant under commercial law and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting document was created, furthermore the recording was made or the other documents were created pursuant to § 147 para. 4 AO for transactions relevant under tax law, in the case of other claims for damages pursuant to § 199 para. 3 BGB after ten years from their creation.

Your personal data will be deleted based on your consent as soon as the purpose has been fulfilled or until revocation.

6. Will my data be transferred to a third country?

We only transfer your data to recipients outside the scope of the regulation of the EU-DSGVO if this is necessary for the execution and processing of the services or is required by law or if you have given us your consent. This data processing is a permissible exception from Art. 49 EU-DSGVO.

Insofar as a third country transfer takes place when using processors, this is secured, among other things, with EU standard contractual clauses in accordance with Art. 46 Para. 2 lit. c EU-DSGVO. If necessary, the EU standard contractual clauses are supplemented by further contractual assurances.

7. Do I have certain rights in the handling of my data?

You have the right to information (Art. 15 EU-DSGVO, § 34 BDSG), to correction (Art. 16 EU-DSGVO), to deletion (Art. 17 EU-DSGVO, § 35 BDSG), to restriction of processing (Art. 18 EU-DSGVO) and to data portability (Art. 20 EU-DSGVO) under the respective legal conditions.

In addition, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) EU GDPR, in accordance with Art. 21 EU GDPR. This also applies to so-called “profiling” based on this provision within the meaning of Art. 4 No. 4 EU-DSGVO. If a justified objection is made, we will no longer process this personal data for these purposes. An objection can be made informally to our contact address. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU-DSGVO, § 19 BDSG).

8. Is there an obligation for me to provide my data?

Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.

9. Is there an automated decision-making in individual cases?

In principle, we do not use automated decision-making pursuant to Art. 22 EU-DSGVO for the establishment and implementation of the business relationship. Should we use such procedures in individual cases, you will be informed of this separately if this is required by law.

10. Will my data be used for profiling in any way? 

 

“Profiling” according to Art. 4 No. 4 EU-DSGVO does not take place.

11.Competent supervisory authority

 

 You can find an up-to-date list of the competent supervisory authorities at https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html .

All information is valid as of July 2022, subject to change.

12.Contact details of the Data protection officer

For queries about the subject of data protection, please contact our Data Protection Officer:

DERTOUR Deutschland GmbH
Data Protection Officer
Emil-von-Behring-Straße 6
60424 Frankfurt am Main
Germany

e-mail: datenschutz@dertouristik.com.

 

Website analysis and Tracking 

Use of cookies

When you visit our website, information may be stored on your computer in the form of cookies in order, for example, to recognize visitors’ preferences and to be able to optimally design the website accordingly. This helps us, for example, to make navigation easier and to achieve a high level of user-friendliness.

Cookies are text files that are stored on the user’s hard drive when they visit a website. They are harmless to your computer and cannot be seen by third parties. They allow information to be retained for a certain period of time and identify the user’s computer.

If you accept our cookies, they remain on your computer for the duration of the session (of the open browser window); only the language setting remains on your computer for 360 days, unless you delete it beforehand.

You can object to the collection and storage of your data via this service at any time. If you want to avoid the activation of cookies, deactivate them in your browser. Please note, however, that switching off cookies may restrict the use of the website and the services offered.

User Login

On our website, you will receive a user login as part of the contract negotiations. This login offers you the possibility to submit information about your negotiations.

To register, you need to set a user name and password and enter an e-mail address.

In the customer account you can maintain your personal data and keep them up to date.

The following personal data is recorded here:

  • Salutation
  • Title
  • First name
  • Last name
  • Email address

In addition, further contact information such as telephone and fax numbers of the associated company.

The collection of this data serves to establish contact for potential contractual partners on the hotel and corporate client side for contract and rate negotiations.

The legal basis is Art. 6 para. 1 lit. f DSGVO.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”). Google Analytics uses cookies, which are stored on your computer and allow analysis of your use of this website. The information generated by the cookie about your use of this website is generally transmitted to a server of Google in the USA and saved there. We would like to point out that the code “gat._anonymizeIp();” has been added to Google Analytics on this website to guarantee anonymised collection of IP addresses (so-called IP masking). In the case of activation of IP anonymisation on our websites, your IP address is truncated in advance by Google within member states of the European Union or other contracting states of the agreement on the European Economic Area.

Only in exceptional cases is the complete IP address transmitted to a server of Google in the USA and truncated there. Google will use the said information to analyse your use of our website, to compile reports for us about the website activities and to provide us with further services associated with the website use and internet use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data by Google.

Transmission of these data to third parties by Google takes place only on the basis of statutory regulations or as part of order data processing. Under no circumstances will Google bring together your data with other data collected by Google.

By using this website you declare your consent to the processing of the data collected about you by Google and to the manner of data processing described above as well as to the designated purpose. You can prevent the storage of cookies by using a corresponding setting in your browser software. Furthermore you can prevent collection and processing by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout

Further information about usage conditions and data protection can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/gb/policies/.

Contact forms

On our website there is also the possibility to get in contact with us on various topics. Examples of this are forms for booking enquiries, callback requests, feedback, special customer requests etc.

Depending on the background of the contact, various data are requested in the form. Personal data such as title, first name, surname and e-mail address are usually mandatory for the purpose of establishing contact and personal address. If you use a form for a callback or appointment enquiry, additional data such as telephone number can also be requested. For travel enquiries or questions about existing processes, you can also enter your booking or invoice number.

Data Security

To protect your data from unwanted access, we use an encryption procedure on our pages. Your data is then transmitted from your computer to our server and vice versa via the Internet using TLS 1.0, TLS 1.1 or TLS 1.3 encryption. You can recognize this by the fact that the lock symbol on the status bar of your browser is closed and the address line begins with https://.