Personal data (usually referred to as "data" in the following) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly Internet presence, including its contents and the services offered there. "Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Responsible provider of this website in the data protection sense is:
Go-Tours GmbH, Managing Director: Mrs. Barbara Goller, Daimlerstr. 9, 41564 Kaarst, Germany, Tel.: 02131/4067900, E-Mail: firstname.lastname@example.org
the provider's data protection officer is:
Go-Tours GmbH, Mr. Sascha Schmidtlein, Daimlerstr. 9, 41564 Kaarst, Germany, Tel.: 02131/4067919, E-Mail: daten email@example.com
With a view to the data processing described in more detail below, users and persons concerned have the right to
Furthermore, the Provider is obliged to inform all recipients to whom data have been disclosed by the Provider of any correction or deletion of data or the restriction of the processing which takes place on the basis of Articles 16, 17 para. 1, 18 GDPR. However, this obligation shall not apply if such notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Additionally, users and affected persons have, according to Art. 22 GDPR shall not be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against them or significantly affects them in a similar manner, unless this is necessary for the conclusion or performance of a contract between the users and data subjects and the person responsible, is admissible under Union or Member State legislation to which the person responsible is subject and which contains appropriate measures to safeguard the rights, freedoms and legitimate interests of users and data subjects, or with the express consent of users and data subjects.Users and data subjects also have the right to object to the future processing of data concerning them under Article 21 GDPR, provided that the data are processed by the provider in accordance with Article 6(1)(f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage ceases to apply, the deletion of the data does not conflict with any legal storage obligations and no other information on individual processing procedures is provided below.
For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted by your Internet browser to us or to our web space provider. With these so-called server log files, the type and version of your Internet browser, the operating system, the website from which you switched to our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of the respective access as well as the IP address of the Internet connection from which our Internet presence is used are collected.This data collected in this way is temporarily stored, but not together with other data from you. This storage is based on Article 6(1)(f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our Internet presence. The data will be deleted after ninety days at the latest, unless further storage is required for evidential purposes. Otherwise, all or part of the data will be excluded from deletion until an incident is finally resolved.
We use so-called cookies with our Internet presence. Cookies are small text files or other storage technologies that are stored on your end device by the Internet browser you use. These cookies process certain information about you, such as your browser or location data or your IP address, to an individual extent.This processing makes our website more user-friendly, effective and secure. The legal basis for this processing is Art. 6 Para. 1 lit b.) GDPR, insofar as these cookies are used to initiate or process contracts.
If processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our Internet presence. The legal basis is then Art. 6 para. 1 lit. f) GDPR.
Close your Internet browser to delete these session cookies.
Please refer to the following information for details, in particular for the purposes and the legal basis of processing such third-party cookies.
You can prevent or restrict the installation of cookies by setting your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required depend on the Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. With so-called flash cookies, however, processing cannot be prevented via the browser settings. Instead, you need to change the setting of your Flash player. The steps and measures required for this also depend on the flash player you are using. If you have any questions, please also use the help function or documentation of your Flash Player or contact the manufacturer or user support.
However, if you should prevent or restrict the installation of cookies, this may lead to the fact that not all functions of our Internet presence are fully usable.
For the hosting of our Internet presence (website, e-mails) we use the services of 1&1 Internet SE, Eigendorfer Str. 57, 56410 Montabaur, Germany (contractor). Since this is a pure order management in which the contractor may process the data solely for the purposes specified by us, may not use the data itself for his own purposes and has contractually undertaken to observe and comply with the legal requirements of the Basic Data Protection Ordinance, i.e. only as an "extended arm" of our company within the scope of his activities, separate consent by the person concerned is not required for this, but - if necessary - the consents given to us or other legal reasons are sufficient.
No bookings are made on our website itself. Rather, this is done via Ctouvert GmbH, 10 Place Alfonse Jourdain 31000 Toulouse, France, hereinafter only referred to as "Ctouvert". For this purpose, the Internet page of Ctouvert hosted under the domain secureholiday.net is displayed on this Internet presence by means of a frameset. This is comparable to a picture-in-picture function of a television. From a purely technical point of view, the pages are completely separate from each other, so that we do not collect or process any of this data even when the person concerned enters it into Ctouvert's iFrame. Technically speaking, the data are entered and processed directly at Ctouvert. Only after a successful booking we receive corresponding data from Ctouvert for information and further use.
The legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest here is to enable the customer to make appropriate bookings by extending the functionality of our site and thus to give the website an added value that forms the basis of our business.
Ctouvert also collects server data and cookies via the page hosted under the secureholiday.net domain. Our above-mentioned details apply accordingly.
The data transmitted by you for the use of the offer will - subject to availability - be processed for the purpose of contract processing and are required in this respect. Conclusion and processing of the contract are not possible without the provision of your data.
The legal basis for processing is Article 6(1)(b) GDPR.
We delete the data with complete contract processing, but must observe the tax and commercial law retention periods.
The EU-US Privacy Shield ("EU-US Privacy Shield") certification guarantees Google that EU data protection requirements are also met when processing data in the USA.
To enable the display of certain fonts on the Internet presence, a connection to the Google server in the USA is established when the Ctouvert Internet presence is called up.
The legal basis is Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the uniform presentation on all end devices as well as the optimization and economic operation of the Internet presence.
By connecting to Google when you visit the website, Google can determine from which website your request has been sent and to which IP address the display of the font is to be transmitted.
For the website Ctouvert uses a CDN from the Microsoft Azure program. A CDN is a network of regionally distributed servers connected via the Internet, with which content - especially large media files - is delivered. A CDN provides scalable storage and delivery capacities and ensures optimum data throughput even at high load peaks. The use of a CDN speeds up the delivery of website content.
The Azure CDN is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, hereinafter referred to as "Microsoft".
Microsoft guarantees that EU-US Privacy Shield by certification according to the EU-US privacy shield ("EU-US Privacy Shield") that the EU data protection regulations are also observed when processing data in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. The justified interest lies in the fast delivery of the contents to the customer for a positive usability experience as well as the optimization and economic operation of the Internet presence.
Microsoft expressly undertakes to comply with the GDPR under https://www.microsoft.com/de-de/trustcenter/privacy/gdpr. In addition, Microsoft offers further information on data security for the Azure program at https://docs.microsoft.com/de-de/azure/security/ and at https://privacy.microsoft.com/de-DE/privacystatement for more information.
If you contact us by e-mail, the data you provide will be used to process your request. Providing the data is necessary for processing and answering your inquiry - without their provision we cannot answer your inquiry or, if necessary, only to a limited extent.
The legal basis for such processing is Article 6(1)(b) of the GDPR.
Your data will be deleted if your request has been finally answered and there are no legal obligations to keep your data safe, e.g. in the case of a possible subsequent contract processing.
We offer you the opportunity to take part in competitions via our website. If you participate in one of our competitions, the data entered by you during your participation will be processed without your further consent, but of course only for the execution and handling of the respective competition.
As part of the competition, we will share your information with the carrier or financial services provider responsible for the delivery of goods where such sharing is necessary to deliver or pay your winnings. If your data is published in the event of a prize, you will be informed of this in the declaration of consent.
The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.
You can revoke your consent to the processing of your data for participation in our competitions at any time with future effect in accordance with Art. 7 Para. 3 GDPR. All you have to do is inform us of your revocation.
We offer you the opportunity to apply to us electronically. In the case of these digital applications, we collect and process your applicant and application data electronically in order to process the application process.
The legal basis for this processing is § 26 Paragraph 1 Sentence 1 BDSG in conjunction with Art. 88 para. 1 GDPR.
If an employment contract is concluded after the application procedure, we will store the data you provided during the application in your personnel file for the purpose of the usual organisational and administrative process - naturally in compliance with further legal obligations.
The legal basis for this processing is also § 26 Paragraph 1 Sentence 1 BDSG in conjunction with Art. 88 para. 1 GDPR.
If an application is rejected, we will automatically delete the data sent to us two months after the notification of rejection. The data will not be deleted, however, if the data require a longer storage period of up to four months or until the conclusion of legal proceedings due to statutory provisions, e.g. due to the obligation to provide evidence in accordance with the AGG.
In this case, the legal basis is Art. 6 para. 1 lit. f) GDPR and § 24 para. 1 no. 2 BDSG. Our legitimate interest lies in legal defence and enforcement.
If you expressly consent to a longer storage of your data, e.g. for your inclusion in an applicant or prospective customer database, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 para. 1 lit. a) GDPR. However, you can, of course, revoke your consent at any time pursuant to Art. 7 Para. 3 GDPR by declaration to us with effect for the future.