Privacy Protection

The protection of your privacy is very important to us. We use information that we receive and store during your visit to our website exclusively for internal purposes to ensure security and improve the functionality of the website. We only store the IP address transmitted by your web browser for a period of time in order to be able to recognise, limit and eliminate faults or errors (e.g. attacks on our servers). However, the storage ends after one month at the latest. After this period, we delete or anonymise the IP address.

When you visit our website, so-called usage data is temporarily stored on our web server as a log for security purposes and to improve the function.

This data record consists of:

• the page from which the file was requested,
• the name of the file,
• the date and time of the request,
• the amount of data transferred,
• the access status,
• the description of the type of web browser used,
• the IP address of the requesting computer (see above, anonymised after the above-mentioned period).

We use this information to enable you to access our website, to control and administer our systems and to improve the function of the website. This is done on the basis of our predominantly legitimate interest in the security and functionality of our website Art. 6 para. 1 lit. f DSGVO.

1. Who is responsible for data processing and whom can you contact?

The responsible party for data processing is DERTOUR Deutschland GmbH, Humboldtstraße 140, 51149 Köln, Amtsgericht Köln HRB 53152. If you have any questions about data protection, you can contact the following e-mail address: datenschutz@dertouristik.com.

2. What data and what sources do we use?

We process data that we receive while handling our contractual relationship with you and your travelers/participants. We receive the data directly from you when you access our services, through your company or external partners who may provide us with the data on your or your company's behalf.

Where you provide us with personal data about other people (e.g. fellow travelers), you must ensure that they consent to this and that you are permitted to provide the data. You must ensure that these persons know how their personal data can be processed by us and what rights they have.

Where necessary, we process the following categories of data for the performance of our services:

• Master data for the performance and fulfilment of the agreed services. (e.g. title, name, gender, as well as address, e-mail address, telephone number and customer number).
• Communication data (e.g. correspondence or e-mail correspondence with you)

3. On what legal basis and for what purpose is your data used?

3.1 For the implementation of pre-contractual measures and fulfilment of contractual obligations (Art. 6 para. 1 lit. b EU-DSGVO)

We process your data to implement our contracts with you and your travelers/participants, i.e. in particular to implement and process the contractual services booked. The purposes of the data processing depend in detail on the specific services and the contractual documents (e.g. hotel rate negotiations and their evaluations)

3.2 For the protection of legitimate interests (Art. 6 para. 1 lit. f EU-DSGVO)

Within the framework of a balancing of interests, to safeguard legitimate interests, your data may be used by us or by third parties. This is done for the following purposes:

• Further development of services and additional products
• Advertising, market and opinion research
• Assertion of legal claims and defense in legal disputes
• Processing enquiries and providing necessary information
• Ensuring IT security and availability of IT operations.

Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient fulfilment of tasks, sales, avoidance of legal risks).

Insofar as the specific purpose permits, we process your data pseudonymously or anonymously.

3.3 Based on your consent (Art. 6 para. 1 lit. a EU-DSGVO)

If you have given us consent to process your personal data, this respective consent is the legal basis for the processing referred to therein. In particular, you may have consented to being contacted by e-mail, telephone or messenger service. You can revoke your consent at any time with effect for the future. To do so, please contact us at our contact address. The revocation only applies to future processing, not to processing that has already taken place.

Separate consents can be granted for the following services:

• Newsletter dispatch

You have the option of registering for our free newsletter on some of our websites. The newsletter contains current offers on services, attractive specials and competitions. When you order the newsletter, we process the data listed below. We only process this data insofar as it accrues to us and is covered by the consent.

• Data that you provide to us when ordering the newsletter (e-mail address, title, first name, last name, date of birth, content preferences).
• Data proving your consent to receive the newsletter (IP address, time stamp of consent).
• Data on the use of the newsletter (openings, clicks on contained links, accessibility of the e-mail address, data of the terminal device used).
• Data that accrues during the use of our website, after clicking on offers in the newsletter (e.g. pages called up, booking of a service).

You can unsubscribe from the newsletter at any time. This can be done by contacting us directly, via the newsletter website and via the "Unsubscribe" link contained in every newsletter or, if applicable, via a link in the e-mail for existing customers' e-mailings, without incurring any costs other than the transmission costs according to the basic rates.

• Participation in sweepstakes, contests or similar promotions

From time to time, we offer you the opportunity to participate in prize draws or competitions and similar promotions. Personal data such as title, name, address, e-mail address and, where applicable, other data required for the promotion may be collected and processed to carry out these promotions. All personal data provided in the context of such a promotion will be used exclusively for the purpose of processing the promotion, e.g. for determining the prize, notifying the winner or sending the prize. The data will be deleted after the end of the promotion, if there are no retention obligations.

3.4 Due to legal requirements (Art. 6 para. 1 lit. c EU-DSGVO)

We are subject to various legal obligations and statutory requirements (e.g. German Civil Code (BGB), German Commercial Code (HGB), GoB, Passenger Data Act, EU Package Travel Directive, tax laws of the Federal Republic of Germany).

The purposes of the processing include identity and age verification, fraud prevention, the fulfilment of control and reporting obligations under tax law and the assessment and management of risks.

3.5 Data processing for the protection of vital interests (Art. 6 para. 1 lit. d EU-DSGVO)

We process your data in individual cases to protect your vital interests, e.g. in order to be able to provide emergency services with an evacuation list in emergency situations. The data will be deleted after the required retention periods have expired.

 3.6 Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. Who receives my data?

Your personal data will only be passed on in compliance with the requirements of the EU-DSGVO and only insofar as this is permitted by a legal basis. Within our sales organisation, only those offices will receive your data that need them to fulfil our contractual and legal obligations or to perform their respective tasks (e.g. hotels, transfer companies, agencies, service providers for payment processing).

In addition, the following bodies may receive your data:

• Order processors used by us (Art. 28 EU-DSGVO), in particular in the area of booking systems and IT services, logistics and printing services, who process your data on our behalf in accordance with your instructions
• other bodies for which you have given us your consent to the transfer of data.

5. How long will my personal data be stored?

 As far as necessary, we process your personal data and those of your travellers/participants for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations resulting from the German Civil Code (BGB), the German Commercial Code (HGB), the German Fiscal Code (AO) and the EU Package Travel Directive, among others. The retention and documentation periods specified there are three to a maximum of ten years.

Finally, the storage period is also assessed according to the statutory limitation periods (e.g. according to §§ 195 ff. BGB (German Civil Code) usually three years). Your personal data will be deleted on the basis of your consent as soon as the purpose has been fulfilled or until revocation.

6. Will my data be transferred to a third country?

We only transfer your data to recipients outside the scope of the regulation of the EU-DSGVO if this is necessary for the execution and processing of the services or is required by law or if you have given us your consent. This data processing is a permissible exception from Art. 49 EU-DSGVO.

Insofar as a third country transfer takes place when using processors, this is secured, among other things, with EU standard contractual clauses in accordance with Art. 46 Para. 2 lit. c EU-DSGVO. If necessary, the EU standard contractual clauses are supplemented by further contractual assurances.

7. Do I have certain rights in the handling of my data?

You have the right to information (Art. 15 EU-DSGVO, § 34 BDSG), to correction (Art. 16 EU-DSGVO), to deletion (Art. 17 EU-DSGVO, § 35 BDSG), to restriction of processing (Art. 18 EU-DSGVO) and to data portability (Art. 20 EU-DSGVO) under the respective legal conditions.

In addition, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) EU GDPR, in accordance with Art. 21 EU GDPR. This also applies to so-called "profiling" based on this provision within the meaning of Art. 4 No. 4 EU-DSGVO. If a justified objection is made, we will no longer process this personal data for these purposes. An objection can be made informally to our contact address. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU-DSGVO, § 19 BDSG).  

A current list of the competent supervisory authorities can be found at https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

All information is valid as of June 2020, subject to change.

8. Is there an obligation for me to provide my data?

Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.

9. Is there an automated decision-making in individual cases?

In principle, we do not use automated decision-making pursuant to Art. 22 EU-DSGVO for the establishment and implementation of the business relationship. Should we use such procedures in individual cases, you will be informed of this separately if this is required by law.

10. Will my data be used in any way for profiling?

If a travel or service is booked through us, we process the data in part automatically with the aim of evaluating potential interest in certain products, offers and services ("profiling" pursuant to Art. 4 No. 4 EU-DSGVO).

The evaluation is carried out using statistical methods, taking into account the trips and services previously booked with us. We use the results of these analyses for a targeted and needs-based customer approach.

Use of Cookies 

When you visit our website, information may be stored on your computer in the form of cookies in order, for example, to recognize visitors' preferences and to be able to optimally design the website accordingly. This helps us, for example, to make navigation easier and to achieve a high level of user-friendliness.

Cookies are text files that are stored on the user's hard drive when they visit a website. They are harmless to your computer and cannot be seen by third parties. They allow information to be retained for a certain period of time and identify the user's computer.

If you accept our cookies, they remain on your computer for the duration of the session (of the open browser window); only the language setting remains on your computer for 360 days, unless you delete it beforehand.

You can object to the collection and storage of your data via this service at any time. If you want to avoid the activation of cookies, deactivate them in your browser. Please note, however, that switching off cookies may restrict the use of the website and the services offered.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”). Google Analytics uses cookies, which are stored on your computer and allow analysis of your use of this website. The information generated by the cookie about your use of this website is generally transmitted to a server of Google in the USA and saved there. We would like to point out that the code “gat._anonymizeIp();” has been added to Google Analytics on this website to guarantee anonymised collection of IP addresses (so-called IP masking). In the case of activation of IP anonymisation on our websites, your IP address is truncated in advance by Google within member states of the European Union or other contracting states of the agreement on the European Economic Area.

Only in exceptional cases is the complete IP address transmitted to a server of Google in the USA and truncated there. Google will use the said information to analyse your use of our website, to compile reports for us about the website activities and to provide us with further services associated with the website use and internet use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data by Google.

Transmission of these data to third parties by Google takes place only on the basis of statutory regulations or as part of order data processing. Under no circumstances will Google bring together your data with other data collected by Google.

By using this website you declare your consent to the processing of the data collected about you by Google and to the manner of data processing described above as well as to the designated purpose. You can prevent the storage of cookies by using a corresponding setting in your browser software. Furthermore you can prevent collection and processing by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Further information about usage conditions and data protection can be found at http://www.google.com/analytics/terms/gb.html or at https://policies.google.com/?hl=en&gl=de.

On our website, you will receive a user login as part of the contract negotiations. This login offers you the possibility to submit information about your negotiations.

To register, you need to set a user name and password and enter an e-mail address.

In the customer account you can maintain your personal data and keep them up to date.

The following personal data is recorded here:

• Salutation
• Title
• First name
• Last name
• Email address

In addition, further contact information such as telephone and fax numbers of the associated company.

The collection of this data serves to establish contact for potential contractual partners on the hotel and corporate client side for contract and rate negotiations. The legal basis is Art. 6 para. 1 lit. f DSGVO.

On our website there is also the possibility to get in contact with us on various topics. Examples of this are forms for booking enquiries, callback requests, feedback, special customer requests etc.

Depending on the background of the contact, various data are requested in the form. Personal data such as title, first name, surname and e-mail address are usually mandatory for the purpose of establishing contact and personal address. If you use a form for a callback or appointment enquiry, additional data such as telephone number can also be requested. For travel enquiries or questions about existing processes, you can also enter your booking or invoice number.

To protect your data from unwanted access, we use an encryption procedure on our pages. Your data is then transmitted from your computer to our server and vice versa via the Internet using TLS 1.0, TLS 1.1 or TLS 1.3 encryption. You can recognize this by the fact that the lock symbol on the status bar of your browser is closed and the address line begins with https://.