Data Protection Policy for End Consumers, 24.05.2018
IMPORTANT NOTE: Only the original German-language version of this Data Protection Policy is legally binding. The English translation is provided for information purposes only.
represented by the Managing Directors Christoph Kruse and Lukas C.C. Hempel
Data protection department
2. Data protection officer
We have appointed ePrivacy GmbH to assume the role of data protection officer
represented by Prof. Christoph Bauer
Große Bleichen 21
You can contact our data protection officer on email@example.com
3. Personal data
Personal data is all information concerning personal and factual circumstances of a specific or identifiable person. This includes information and details such as your name, your address or other postal address, telephone number or email address.
We store the following data:
Date of Birth
Payment data for direct debits
4. Legal basis
The processing of your data takes place on the following legal basis:
Article 6, para 1 b) of the GDPR with regard to services which you use in order to execute a contract with you
Article 6, para 1 c) of the GDPR for the fulfilment of legal obligations
Article 6, para 1 f) of the GDPR (see below) for other aspects, particularly for statistical data and online identifiers on the basis of legitimate interests
5. Legitimate Interests
When processing your data, we are pursuing the following legitimate interests:
Improving our range of services
Analysis of user behaviour on the website (user data is not personalised and IP addresses are anonymised) for the purposes of improving the user experience on the website and for acquiring new customers
Protection from misuse
6. Data sources
We receive the data described above from you when you complete a booking. The online data is submitted from your browser while you create a booking.
7. Data transfer in third countries
Data transfer occurs to third countries outside the European Union. This takes place on the basis of legally defined contractual regulations which are intended to safeguard an appropriate level of protection for your data and which you are able to review upon request
8. Storage duration
We will save your data if
you have consented to your data being processed. It will be saved up until you revoke your consent.
we require the data to execute a contract. It will be saved for as long as the contractual relationship with you exists or the legal retention periods still apply.
we are using the data on the basis of a justified interest. It will be saved for as long as your interest in its deletion or anonymisation does not take precedence over the justified interest.
9. Purpose of use
We only gather data when and for the purpose for which you have provided us with the data and of the quantity required for this purpose, within the scope of a booking.
10. Data security
We have taken extensive technical and organisational measures to secure your data against possible risks, such as unauthorised access, unauthorised disclosure, modification or distribution as well as loss, destruction or misuse.
In order to protect your personal data from unauthorised access by third parties when it is being transferred, we safeguard data transfer using SSL encryption. This is a standardised encryption method for online services, specifically designed for the web.
Cookies are small data files which your browser places on your device in a directory intended for this purpose. These cookies can determine if you have already visited a website. Most browsers accept cookies automatically. You can set up your browser in such a way that no cookies can be saved or so that your explicit agreement is required before a cookie is saved. In addition, you can also delete cookies which are already in place at any time. Please note that deactivating cookies may restrict the functionality of our website.
We, along with almost all website operators, use analysis tools in the form of tracking software in order to determine the frequency of use and the number of users of our website.
In order to optimise this website and our services on offer, we use Google Analytics, a Web analysis service of Google Inc (“Google”). Google Analytics uses text files known as “cookies’, which are stored on your computer and which allow an analysis of your use of the website to be made. The information generated by the cookie about your use of this website (including your IP address) is sent to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities for the website operators and to provide other services related to website activity and internet usage to the website operator. The IP address provided as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved on your computer by selecting a corresponding setting on your browser software; however, we would like to point out that in this case you may not be able to fully use all of the functions of this website.
In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and can prevent Google from processing this data by going to the following link and downloading and installing the browser plug-in: tools.google.com/dlpage/gaoptout? hl = en. As an alternative to the browser add-on or to use with browsers on mobile devices, please click this link to prevent Google Analytics from recording your information when you visit this website in the future(the opt-out will only work in this browser and only for this domain). An opt-out cookie will then be stored on your device. If you delete your cookies in this browser, you will have to click on this link once again. You can find further information on this topic at tools.google.com/dlpage/gaoptout?hl=de and underwww.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection).
13. Third Party Services
We do not disclose any personal data to third parties. An exception to this policy is when we share information with the service partners of bookingkit GmbH who require data to be transferred and internal tools to process orders:
10 boulevard Royal
We use the Customer Relationship Management tool Salesforce and the service tool desk.com. Both programmes are products of the company Salesforce.com Inc. In these systems, we store and process information about your company, the contact partners within your company and their contact information, the correspondence with you that has taken place, and internal notes.
Salesforce.com Inc. is certified as part of the US-EU data protection agreement known as “Privacy Shield” and is therefore obliged to adhere to EU data protection regulations. We have also concluded a “Data-Processing-Agreement” with Salesforce.com Inc. This is a contract which obliges Salesforce.com Inc. to protect the data of our users, and accordingly, to process data protection instructions on our behalf; in particular, it also obliges Salesforce.com Inc. not to pass on any data to third parties.
The Rocket Science Group, LLC (Mailchimp)
Sending automated email communication takes place using “MailChimp” a newsletter distribution platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our customers and their names are saved on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate automated email communication on our behalf. In addition, MailChimp indicates that it can use this information to optimise or improve its own services, e.g. for technical optimisation of sending and presentation of the newsletter, or for financial purposes in order to determine which countries recipients come from. However, MailChimp does not use the data from our newsletter recipients in order to write to them directly, nor does it pass on any data on to third parties.
Amazon Web Services (AWS)
All of bookingkit’s services are hosted on Amazon Web Services, a service of Amazon Web Services Inc. The company is headquartered in the USA.
The parent company is Amazon.com Inc., which is certified according to the EU-US Privacy Shield, and AWS is included in this certification. AWS adheres to the CISPE Data Protection Code of Conduct. CISPE is an association of cloud infrastructure providers (also called “infrastructure-as-a-service). These providers offer customers in Europe cloud services. The CISPE Code of Conduct allows customers to ensure that their cloud infrastructure provider fulfils the required data protection standards to protect its data pursuant to GDPR.
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle WA 98109
14. Rights of affected individuals
Right to information, correction, cancellation, complaints, deletion and blocking.
You have the right to ask us for information on how and why your personal data is processed by us. You also have the right to request that your personal data be corrected or completed.
Under certain circumstances, you have the right to demand that your personal data be deleted.
Under certain circumstances, you have the right to demand that your personal data be deleted.
You can retract your consent for your data to be processed and used completely or partially at all times with future effect.
You have the right to receive your personal data in a commonplace, structural and machine-readable format.
If questions, comments and complaints and requests for information arise in connection with our data protection statement and the processing of your personal data, you may also write to our Data Protection Officer.
You also have the right to make a complaint at the relevant supervisory body if you are of the opinion that personal data affecting you is being handled in a manner which breaches legal provisions.
15. Contact options
You can contact us in the following ways:
16. Requirement or obligation to make data available
Provided this is not expressly indicated when the data is collected, it is not necessary or obligatory to provide data.
17. Version of this data protection policy
We reserve the right to amend this data protection policy at any time with future effect.