Data protection information
Thank you for your interest in our online presence. The protection of your personal data is very important to us. We would therefore like to take this opportunity to inform you about data protection in our company. Compliance with the legal provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and other data protection regulations is a matter of course for us.
You can entrust us with your personal data! They are transmitted to us in encrypted form using state-of-the-art security systems. Our websites are protected against damage, destruction or unauthorised access by technical and organisational measures.
Rights of data subjects
You can obtain information about your data stored by us at any time without giving reasons.
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
- in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company.
Right of cancellation
You can have your data collected by us blocked, corrected or deleted at any time if your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and object to the pseudonymised collection and storage of data for the purpose of optimising our website. This objection is made in accordance with Art. 21 GDPR. You can also revoke your consent to data collection and use at any time without giving reasons. Please use the contact address provided for this purpose. We will be happy to answer any further questions you may have about our privacy policy and the processing of your personal data at any time.
Please note that data protection regulations and data protection practices, e.g. at Google, can change constantly. It is therefore advisable and necessary to keep up to date with changes to the legal provisions and the practices of companies such as Google.
Data security
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can recognise this by the key or lock symbol in your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We are constantly improving our security measures in line with technological developments.
Subject matter of data protection
The subject of data protection is personal data. According to Art. 4 para. 1 GDPR, these are individual details about personal or factual circumstances of an identified or identifiable natural person. This includes, for example, information such as name, postal address, email address or telephone number, but may also include usage data such as your IP address
Further definitions for improved understanding
It is important to us that you understand our privacy policy easily, which is why we would like to briefly explain important terms here:
Person concerned:
This is you as the owner of your own data. Within the scope of your rights as a data subject, you have a say in how your data is processed and may also revoke the processing.
Responsible person:
We are, as we are responsible for the proper processing of your data.
Processing:
This is the process or a series of processes in connection with personal data, from the collection of the data through its use to its erasure or destruction. We can carry this out ourselves or service providers commissioned directly by us are involved.
Pseudonymisation:
With pseudonymisation, the data is processed in such a way that it can no longer be assigned to a specific data subject without the use of additional information. In principle, however, pseudonymisation can always be reversed if the corresponding data is combined.
Anonymisation:
The personal data is deleted or anonymised in such a way that it is no longer possible to identify the individual person under normal circumstances. When we carry out evaluations or statistics, we try to work with anonymised data wherever possible.
Scope of data collection and storage
Calling up our website
Data subjects can generally use our website without having to provide any personal data. However, the processing of personal data may become necessary if the data subject wishes to receive certain services, such as our newsletter or further product information.
When you visit our website, we collect the following data that is technically necessary for us. We need the data to display our website to you and thus ensure stability and security:
- IP address of the requesting computer,
- Date and time of the enquiry
- Name and URL of the retrieved file,
- Website from which the request originates (referrer URL),
- the browser used and, if applicable, the operating system of your computer and the name of your access provider.
We process the aforementioned data for the following purposes:
- To ensure a comfortable use of our website,
- Ensuring a smooth connection to the website,
- Evaluation of system security and stability and
- for other administrative purposes as part of the fulfilment of the contract or to fulfil legal or regulatory requirements for us.
The processing is based on Art. 6 I lit. a GDPR if you have given us your consent to the processing of your personal data for one or more specific purposes.
The processing is based on Art. 6 I lit. b GDPR if the processing is necessary for the fulfilment of a contract to which the data subject is a party. This also applies to pre-contractual measures taken at the request of the data subject.
The processing is based on Art. 6 I lit. c GDPR if the processing is necessary to fulfil a legal obligation to which we are subject.
The processing is based on Art. 6 I lit. d GDPR if the processing is necessary to protect the vital interests of the data subject or another natural person. This may be a rare case if a data subject is seriously injured and their personal data is therefore passed on to a doctor, for example.
Processing is based on Art. 6 I lit. f GDPR if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Collection and storage of usage data
To optimise our website, we collect and store data such as the date and time of the page view, the page from which you accessed our site and similar for 30 days, unless you object to this data collection and storage.
This is done anonymously, without personally identifying the user of the site. User profiles may be created using a pseudonym. Here too, there is no connection between the natural person behind the pseudonym and the usage data collected. We also use cookies to collect and store usage data.
These are small text files that are stored on your computer and are used to store statistical information such as operating system, your internet usage programme (browser), IP address, the previously accessed website (referrer URL) and the time. We collect this data exclusively for statistical purposes in order to further optimise our Internet presence and to make our Internet offers even more attractive.
The data is collected and stored exclusively in anonymised or pseudonymised form and does not allow any conclusions to be drawn about you as a natural person.
contact form
If you have an enquiry for our company, you have the option of contacting us via a contact form provided on our website. A valid e-mail address is required so that we know who sent the enquiry and can respond to it. All other information is voluntary.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
Provision of services and delivery of goods
In order to provide our services, we may need your personal data. This applies to the sending of information material or ordered goods as well as for answering individual enquiries. We collect this data in order to fulfil your request. This data is only used for a specific purpose.
If you commission us to provide a service or send you goods, we will only collect and store your personal data to the extent necessary to provide the service or fulfil the contract and for legal reasons. For this purpose, it may be necessary to pass on your personal data to companies that we use to provide the service or fulfil the contract. These are, for example, transport companies or other service providers. These service providers are obliged by us to comply with data protection requirements within the framework of the legal conditions.
After the contract has been fully processed, your data will be blocked and deleted after expiry of the tax and commercial law regulations, unless you have expressly consented to any further use of your data.
Integration of third-party content and services
Data collection through the use of Google Analytics and the use of cookies
Our website uses Google Analytics, a web analytics service provided by Google Inc. ( https://www.google.de/about ), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), hereinafter referred to as "Google". Google Analytics uses so-called "cookies" and pseudonymised user profiles are created in this context. Cookies are text files that are stored on your computer and enable your use of the website to be analysed. They are recorded, for example:
- Information on the operating system
- to the browser
- Your IP address (host name of the accessing computer)
- the website you visited previously (referrer URL)
- Date and time of the server request.
Online map service "Google Maps"
The website integrates the online map service "Google Maps" ("map service"). The service is provided and operated by "Google" Ireland Limited, Gordon House, Barrow Street, Dublin 4 ("Google"). Google is a company incorporated and operated under Irish law (registration number: 368047)
We integrate the map service for the purpose of displaying an interactive map directly on our website. The map service enables you to use the website conveniently. The map service enables us to offer you this helpful function and thus expand our website with an exciting and user-friendly function.
We integrate the map service on our website via an interface. The interface is a so-called inline frame ("iframe"). An iframe is a website element (HTML element) that is used to integrate web content, such as the map service, as an independent document on a website. To protect your data, the interface is only activated when you click on the map service (so-called two-click solution). The two-click solution works as follows: first click = you come to our site; second click = you click on the map service and activate it.
We implement the integration of the map service via the interface and the two-click solution because, although the map service is integrated by us on the website, it is only provided and executed by our cooperation partner Google. The map service is provided and executed as follows: Your browser sends a request (so-called HTTP request) to the Google server. Among other things, your browser transmits your IP address (including other connection data), the content of your search request and the coordinates (longitude and latitude) to the Google server via the Internet in order to establish the connection to the server and so that Google can then provide you with a correct response to your map service search request.
The legal basis for the integration of the map service on our website by us is Art. 6 para. 1 sentence 1 letter f GDPR. Our legitimate interest is to enable you to use the map service and thus add an exciting and user-friendly function to our website. The legal basis for storing and reading the cookie on your computer, which documents the activation of the map service, is Art. 6 para. 1 sentence 1 letter a GDPR (your consent). You declare this via our consent banner. We delete the cookie after 6 months. The period begins at the end of your visit to our website.
In order to map the embedding of the map service and the data protection responsibilities, we have concluded an agreement "Google Controller-Controller Data Protection Terms" ("Agreement") with Google. This agreement governs the processing of your data by Google and us. We have agreed with Google that each of us is responsible for our own part. For our part, we each determine the purposes and means of processing in accordance with the provisions of the GDPR and other applicable data protection laws. Furthermore, we have agreed that data can only be transferred to third countries on the basis of and in accordance with the GDPR, and as a data subject within the meaning of the GDPR, you can contact Google and us regarding all rights
Please note: Once the map service has been activated, Google is the data controller under data protection law for this data transfer and other associated data processing. If you are logged in to Google, Google can assign the processed data directly to your Google user account. If you do not want such an assignment by Google, you should log out of your Google user account beforehand. Even if you are not logged in, Google can assign an identification number ("ID") to you and recognise you as a user. Google may store this data in the form of user profiles and use it for the purposes of advertising, market research and/or customising the website, e.g. to offer you products tailored to your interests.
It is possible that your data could be transferred to the USA or another third country. According to section 5 of the agreement, such a transfer could only take place in accordance with the GDPR.
Further information on the processing of your data by Google can be found here:
https://policies.google.com/privacy (Privacy policy)
https://policies.google.com/terms (Terms of use)
The information generated by this text file about the use of our website is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage for the purposes of market research and customising the design of this website. If this is required by law or if third parties process this data on behalf of Google, Google will also pass this information on to these third parties. This use is anonymised or pseudonymised (IP masking).
You can prevent the installation of cookies by selecting the appropriate settings in your internet usage programme (browser). However, we would like to point out that this may mean that not all functions can be used. To do this, you must switch off the storage of cookies in your Internet browser. For more information on this, please refer to the instructions for use of your Internet browser. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on ( https://tools.google.com/dlpage/gaoptout?hl=de ).
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
You can find further data protection information from Google at: https://www.google.de/intl/de/policies/privacy
Storage period and routine erasure and blocking of personal data
We only store your personal data for the period of time that results from the purpose-related processing or other legal regulations. The duration of storage is based on the statutory retention periods. Your data will be routinely blocked or deleted if the purpose of storage no longer applies or the statutory retention period has expired.
The temporary storage of the IP addresses of website visitors can be justified, for example, by the protection of our own legitimate interests if this is necessary to ensure the security of the website against attacks.
Existence of automated decision-making
We do not use automated decision-making.
Earmarked use of data
We observe the principle of data utilisation for a specific purpose and only collect, process and store your personal data for the purposes for which you have provided it to us. Your personal data will not be passed on to third parties without your express consent, unless this is necessary for the provision of the service or the fulfilment of the contract. Data will also only be transferred to state institutions and authorities authorised to receive information within the scope of the statutory duty to provide information or if we are obliged to provide information by a court decision.
We also take data protection within the company very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.
Up-to-dateness and amendment of this privacy policy
This privacy policy is currently valid and is dated October 2022. The further development of our website and our offer as well as legal and regulatory requirements require the regular review and, if necessary, amendment of our privacy policy. The current version of our privacy policy can be accessed at any time on our website.
Booking tool from ILOCA Systems
All the data you enter about your journey will be processed on servers in Germany. Only necessary cookies are set to save your session and thus assign your booking to you.
During payment, the necessary data is forwarded to the payment service provider Stripe. The following personal data is transmitted to Stripe in order to ensure a smooth payment process:
- Tracker
- Usage data
- First name
- Last name
- e-mail address
Various types of data, as specified in the privacy policy of the Stripe service (https://stripe.com/at/privacy), are transmitted upon purchase, e.g. billing address, payment information, purchase history.