Data protection policy

Data Protection Policy for End Consumers, 24.05.2018

IMPORTANT NOTE: Only the original German-language version of this Data Protection Policy is legally binding. The English translation is provided for information purposes only.


The purpose of this privacy policy is to inform you of how we process your personal data. We are aware of the significance that the processing of personal data has for the user and we therefore adhere to all relevant legal requirements in this respect. Protecting your privacy is therefore of utmost significance to us. This is why we always adhere to legislation concerning data protection as a standard business practice.

1. Contact

bookingkit GmbH

represented by the Managing Directors Christoph Kruse and Lukas C.C. Hempel

Data protection department

Sonnenallee 223

12059 Berlin


2. Data protection officer


We have appointed ePrivacy GmbH to assume the role of data protection officer


ePrivacy GmbH

represented by Prof. Christoph Bauer

Gro├če Bleichen 21

20354 Hamburg


You can contact our data protection officer on


3. Personal data

Personal data is all information concerning personal and factual circumstances of a specific or identifiable person. This includes information and details such as your name, your address or other postal address, telephone number or email address.


We store the following data:


  • Name

  • Address

  • Date of Birth

  • Email address

  • Cookies

  • Time stamp

  • Payment method

  • Payment data for direct debits


4. Legal basis

The processing of your data takes place on the following legal basis:


  • Article 6, para 1 b) of the GDPR with regard to services which you use in order to execute a contract with you

  • Article 6, para 1 c) of the GDPR for the fulfilment of legal obligations

  • Article 6, para 1 f) of the GDPR (see below) for other aspects, particularly for statistical data and online identifiers on the basis of legitimate interests


5. Legitimate Interests

When processing your data, we are pursuing the following legitimate interests:

  • Improving our range of services

  • Analysis of user behaviour on the website (user data is not personalised and IP addresses are anonymised) for the purposes of improving the user experience on the website and for acquiring new customers

  • Protection from misuse



6. Data sources

We receive the data described above from you when you complete a booking. The online data is submitted from your browser while you create a booking.

7. Data transfer in third countries

Data transfer occurs to third countries outside the European Union. This takes place on the basis of legally defined contractual regulations which are intended to safeguard an appropriate level of protection for your data and which you are able to review upon request

8. Storage duration

We will save your data if

  • you have consented to your data being processed. It will be saved up until you revoke your consent.

  • we require the data to execute a contract. It will be saved for as long as the contractual relationship with you exists or the legal retention periods still apply.

  • we are using the data on the basis of a justified interest. It will be saved for as long as your interest in its deletion or anonymisation does not take precedence over the justified interest.

9. Purpose of use

We only gather data when and for the purpose for which you have provided us with the data and of the quantity required for this purpose, within the scope of a booking.


10. Data security

We have taken extensive technical and organisational measures to secure your data against possible risks, such as unauthorised access, unauthorised disclosure, modification or distribution as well as loss, destruction or misuse.

In order to protect your personal data from unauthorised access by third parties when it is being transferred, we safeguard data transfer using SSL encryption. This is a standardised encryption method for online services, specifically designed for the web.

11. Cookies

Cookies are small data files which your browser places on your device in a directory intended for this purpose. These cookies can determine if you have already visited a website. Most browsers accept cookies automatically. You can set up your browser in such a way that no cookies can be saved or so that your explicit agreement is required before a cookie is saved. In addition, you can also delete cookies which are already in place at any time. Please note that deactivating cookies may restrict the functionality of our website.

We use cookies that assure that in every step of the check out process the information of the last step is stored. Additionally, we use cookies for A/B testing to identify which version of a checkout a consumer has seen while booking. This allows us to anlyze for example which checkout design is preferred by consumers overall.


12. Webanalyse

We, along with almost all website operators, use analysis tools in the form of tracking software in order to determine the frequency of use and the number of users of our website.


In order to optimise this website and our services on offer, we use Google Analytics, a Web analysis service of Google Inc (“Google”). Google Analytics uses text files known as “cookies’, which are stored on your computer and which allow an analysis of your use of the website to be made. The information generated by the cookie about your use of this website (including your IP address) is sent to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities for the website operators and to provide other services related to website activity and internet usage to the website operator. The IP address provided as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved on your computer by selecting a corresponding setting on your browser software; however, we would like to point out that in this case you may not be able to fully use all of the functions of this website.

In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and can prevent Google from processing this data by going to the following link and downloading and installing the browser plug-in: hl = en. As an alternative to the browser add-on or to use with browsers on mobile devices, please click this link to prevent Google Analytics from recording your information when you visit this website in the future(the opt-out will only work in this browser and only for this domain). An opt-out cookie will then be stored on your device. If you delete your cookies in this browser, you will have to click on this link once again. You can find further information on this topic at and (general information on Google Analytics and data protection).

13. Third Party Services

We do not disclose any personal data to third parties. An exception to this policy is when we share information with the service partners of bookingkit GmbH who require data to be transferred and internal tools to process orders:



The payment service known as MANGOPAY is provided by MANGOPAY SA. For the creation of an escrow account we transfer your data to MANGOPAY. For the use of this service, MANGOPAY collects, saves and processes your personal data, such as your name, address, telephone number and email address, as well as your credit card or bank account details. MANGOPAY has sole responsibility for the protection and handling of data collected by MANGOPAY. MANGOPAY’s conditions of use apply, which you can review on their website: You can find more information on how your data is handled in MANGOPAY’s privacy policy, which can be downloaded from the following link:


10 boulevard Royal

L-2449 Luxembourg, Inc.

We use the Customer Relationship Management tool Salesforce and the service tool Both programmes are products of the company Inc. In these systems, we store and process information about your company, the contact partners within your company and their contact information, the correspondence with you that has taken place, and internal notes. Inc. is certified as part of the US-EU data protection agreement known as “Privacy Shield” and is therefore obliged to adhere to EU data protection regulations. We have also concluded a “Data-Processing-Agreement” with Inc. This is a contract which obliges Inc. to protect the data of our users, and accordingly, to process data protection instructions on our behalf; in particular, it also obliges Inc. not to pass on any data to third parties.

You can find more information on protecting your data in the privacy policy of, Inc.:


The Rocket Science Group, LLC (Mailchimp)

Sending automated email communication takes place using “MailChimp” a newsletter distribution platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our customers and their names are saved on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate automated email communication on our behalf. In addition, MailChimp indicates that it can use this information to optimise or improve its own services, e.g. for technical optimisation of sending and presentation of the newsletter, or for financial purposes in order to determine which countries recipients come from. However, MailChimp does not use the data from our newsletter recipients in order to write to them directly, nor does it pass on any data on to third parties.

We depend upon the reliability, IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and is therefore obliged to adhere to EU data protection regulations. We have also concluded a “Data-Processing-Agreement” with MailChimp. This is a contract which obliges MailChimp to protect the data of our users, to process the data according to provisions in its privacy policy on our behalf, and particularly not to pass data on to third parties. You can review MailChimp’s privacy policy here.


Amazon Web Services (AWS)

All of bookingkit’s services are hosted on Amazon Web Services, a service of Amazon Web Services Inc. The company is headquartered in the USA.

The parent company is Inc., which is certified according to the EU-US Privacy Shield, and AWS is included in this certification. AWS adheres to the CISPE Data Protection Code of Conduct. CISPE is an association of cloud infrastructure providers (also called “infrastructure-as-a-service). These providers offer customers in Europe cloud services. The CISPE Code of Conduct allows customers to ensure that their cloud infrastructure provider fulfils the required data protection standards to protect its data pursuant to GDPR.

You can find more information on how your data is handled in Inc.’s privacy policy:

Amazon Web Services, Inc.

410 Terry Avenue North

Seattle WA 98109

United States

14. Rights of affected individuals

Right to information, correction, cancellation, complaints, deletion and blocking.

  • You have the right to ask us for information on how and why your personal data is processed by us. You also have the right to request that your personal data be corrected or completed.

  • Under certain circumstances, you have the right to demand that your personal data be deleted.

  • Under certain circumstances, you have the right to demand that your personal data be deleted.

  • You can retract your consent for your data to be processed and used completely or partially at all times with future effect.

  • You have the right to receive your personal data in a commonplace, structural and machine-readable format.

  • If questions, comments and complaints and requests for information arise in connection with our data protection statement and the processing of your personal data, you may also write to our Data Protection Officer.

  • You also have the right to make a complaint at the relevant supervisory body if you are of the opinion that personal data affecting you is being handled in a manner which breaches legal provisions.


15. Contact options

You can contact us in the following ways:


bookingkit GmbH

Abteilung Datenschutz

Sonnenallee 223

12059 Berlin


16. Requirement or obligation to make data available

Provided this is not expressly indicated when the data is collected, it is not necessary or obligatory to provide data.

17. Version of this data protection policy


We reserve the right to amend this data protection policy at any time with future effect.

We will check for the best tours & activities...