General information and legal basis for data processing
The following notes provide a simple overview of what happens to your personal information when you visit our website. Personal data is all data with which you can be personally identified.
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. We maintain current technical measures to ensure data security, in particular to protect your personal data from the dangers of data transmission and from third parties gaining knowledge. These will be adapted to the current state of the art.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect and for what purpose we use it. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security vulnerabilities. A complete protection of the data against access by third parties is not possible. Detailed information on the subject of data protection can be found in our data protection declaration listed under this text.
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected by you communicating it to us. This can be data that you enter in a contact form, for example. We process the personal data provided by you in accordance with the European Data Protection Basic Regulation (DSGVO) and the Federal Data Protection Act (BDSG) to fulfill the travel contract or to implement pre-contractual measures on your request. In accordance with the legal regulations and in the interests of data economy, only data that is required for the provision of this particular service is generally collected for this purpose.
Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Some of the data is collected to ensure that the website is error-free. Other data may be used to analyze your user behavior. We also process your personal data to fulfil the travel contract or to prepare an offer.
To fulfill a travel contract we process the following personal data: Name, address/other contact details (telephone number, e-mail address), date of birth, gender, and, depending on destination, nationality and passport details.
The following data processing processes take place in our company: Customer data collection system, offer preparation, invoicing, visa application, customer service, newsletter dispatch (only with your consent) and complaints.
We use the personal data stored by us otherwise for the care of customer relations, for customer service (e.g. information on the expiry of your stay abroad), for the implementation of our own advertising and marketing measures and for order processing.
What rights do you have over your data?
You have the right at any time and free of charge to receive information about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of these data. You can contact us at any time at the address given in the imprint for this and other questions on the subject of data protection. Furthermore, you have the right to appeal to the competent supervisory authority.
Analysis tools and third-party tools
When you visit our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.
You can contradict this analysis. We will inform you about the possibilities of objection in this data protection declaration.
Share personal information with third parties
If we transfer personal data to a processor, you have the right to be informed of the appropriate guarantees in connection with the transfer.
A passing on of your personal data takes place exclusively within the relevant, in particular competition and data protection-juridical defaults. Insofar as this is necessary for the provision of the contractual service owed by us (accommodation, meals, leisure activities/excursions, support, possibly orientation days on site) or statutory obligations, your data will also be passed on to subcontractors or service providers (partly in third countries) for the provision of the service in our name or on our behalf (e.g. technical processing of postal and e-mail dispatch (unencrypted), payment processing, customer service).
We must transmit the data to the above-mentioned partners in order to be able to organize all the contractual services owed by us with the stay abroad. For the same purpose our partners may have to forward the data independently. Our partners work independently and do not belong to Consafarity and Natucate GmbH. For this reason, we have no influence on the data processing of third parties. Third countries are countries in which the DSGVO is not a directly applicable law. This basically includes all countries outside the EU or the European Economic Area.
Storing your data
In principle, we only store personal data for as long as is necessary to fulfil contractual or legal obligations for which we have collected the data. We shall then delete the data without delay, unless we need the data until the end of the statutory limitation period for purposes of proof for civil law claims or because of statutory storage obligations. Afterwards we have to store some of your data for accounting reasons. We are obliged to do this on the basis of legal documentation obligations which may arise from the Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The time limits for the retention of documents specified there are between two and ten years.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. All you need to do is send us an informal e-mail (email@example.com). The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the event of breaches of data protection law, the data subject shall have the right to lodge a complaint with the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found here.
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this and other questions on the subject of personal data.
Contradiction against advertising mails
We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.
Statutory data protection officer
Phone: +49 241 - 91 99 43 57
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Data collection on our website
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files which are stored on your computer by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for specific cases or generally exclude them and activate automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
Cookies, which are necessary for the execution of the electronic communication process or for the provision of certain functions desired by you (e.g. shopping basket function), are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a justified interest in the storage of cookies for the technically error-free and optimised provision of his services. As far as other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, these are treated separately in this data protection declaration.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Used operating system
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data will not be merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Contact and booking form
If you send us enquiries or bookings using the contact form, your details from the enquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact and/or booking form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data entered by you in the contact and/or booking form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after completion of processing your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
For the personalized answering of messages and questions, we need among other things the following data:
- First name and surname
- Email address
- Telephone number
- Street and house no.
- Postcode / City
To fulfill a travel contract, we process the following personal data: Name, address/other contact data (telephone number, e-mail address), date of birth, gender, and, depending on the destination, nationality and passport data.
The data of the travel participants collected in connection with the trip will be used exclusively for the execution of the stay abroad, all contractually owed services and for customer support. In addition, the data will be used to clarify the respective availability, the booking of separate services, means of transport if necessary and other optional services.
To integrate different tools, this page uses Zapier, a service of Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA ("Zapier Inc."). The use of Zapier is in the interest of efficient structuring of the tools we use. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the DS Block Exemption Regulation. In the event that personal data is transferred to the USA, Zapier Inc. has submitted to the EU-US Privacy Shield. Further information on data protection at Zapier can be found here. With Zapier Inc. we have concluded an order processing contract.
This website uses the ticket system Zendesk and the Zendesk Chat, a customer service platform of Zendesk Inc., to process and maintain enquiries. Necessary data such as surname, first name, postal address, telephone number, e-mail address are collected via our website in order to answer your enquiry. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the DS Block Exemption Regulation.
The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
If you would like to receive a newsletter offered by us, we need a valid e-mail address from you. If the data entered and made available on this page is to be used for other purposes, your consent is required, which can be clearly found in the appropriate places.
In order to address you personally, we also ask you to provide us with your salutation and your name. We use these data exclusively for the delivery of our newsletter. When registering for our newsletter, data is collected which allows us to verifiably design the registration processes.
Our data protection regulations are in accordance with the data protection basic regulation (DSGVO) and the Telemediengesetz (TMG). Users who no longer wish to receive our newsletter or promotional emails click a link called "Unsubscribe" that is included in all promotional emails we send. Alternatively, send an informal message to firstname.lastname@example.org .
Analysis tools and advertising
This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States. Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both his website and his advertising.
We have activated the IP anonymization function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Contradiction against data acquisition
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent your information from being collected on future visits to this website: Deactivate Google Analytics.
Order data processing
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics of Google Analytics
This website uses the function "demographic features" of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of the site visitors. This data comes from interest-related advertising by Google and from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described under "Objection to data collection".
This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Within the framework of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and do not serve the personal identification of the users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the ad and was directed to that page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in your Internet browser under User Settings. They will then not be included in the conversion tracking statistics.
Conversion cookies" are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Google tag manager
Use Microsoft Bing Ads
Within the online offer, this website is based on legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f.). DSGVO), the conversion and tracking tool "Bing Ads" of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft stores cookies on users' devices in order to enable an analysis of the use of our online services by users if users have reached our online services via a Microsoft Bing display (so-called "conversion measurement"). In this way, Microsoft and we can recognize that someone has clicked on an advertisement, has been redirected to our online service and has reached a predetermined target page ("conversion page"). We only get to know the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No IP addresses are stored. No personal information about the identity of the users will be communicated.
Using the Facebook pixel and Custom Audience
Due to our legitimate interests in the analysis, optimisation and economic operation of our online service, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used within our online service.
Facebook is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with European data protection law.
With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users who have shown an interest in our online services or who have certain features (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as "conversion").
Facebook processes the data in accordance with the Facebook Data Usage Policy. Accordingly, general notes on the presentation of Facebook ads in the Data Usage Policy of Facebook.
You may opt out of Facebook pixel collection and use of your information to display Facebook ads. To set what types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions on Settings usage-based ads. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Social networks and media
Natucate GmbH operates online presences within social networks and platforms in order to communicate with customers and users active there and to inform them about our services.
We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users' rights. With respect to US vendors certified under the Privacy Shield, we would like to point out that they are committed to complying with EU privacy standards.
Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users.
The processing of users' personal data is carried out on the basis of our legitimate interests in effective information for users and communication with users pursuant to Art. 6 Para. 1 lit. f. DSGVO. If the users are requested by the respective providers of the platforms to give their consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 DSGVO.
For a detailed representation of the respective processing and the possibilities of objection (Opt-Out), we refer to the following linked information of the providers.
Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland) – Datenschutzerklärung.
Our website uses plugins of the video portal Vimeo. The provider is Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo plug-in, a connection is established to the Vimeo servers. The Vimeo server will be informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged in to your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
LinkedIn marketing services
We use the marketing services of the social network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
With the help of LinkedIn's marketing services, we can display ads within LinkedIn's social network and advertising partners' offerings in a more targeted manner or present ads only to users that potentially match their interests. If, for example, a user is shown ads for products in which he is interested on other online offers, this is referred to as "remarketing". Furthermore, we can track the success of our ads (so-called "conversion measurement"). However, we only know the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive information that personally identifies users.
For the aforementioned purposes, when you visit our and other websites on which LinkedIn's marketing services are active, a LinkedIn code is executed and "Insights Tags" (invisible graphics or code, also known as "web beacons") are incorporated into the websites. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). In this file it is noted which websites the user visits, which contents he is interested in and which offers the user has clicked, furthermore technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer.
User data is processed pseudonymously within the framework of LinkedIn's marketing services. I.e. LinkedIn does not store and process the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from LinkedIn's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly permitted LinkedIn to process the data without this pseudonymisation. Even if you are registered with LinkedIn, it is possible for LinkedIn to associate your interaction with our online services with your user account.
If we ask the users for their consent (e.g. in the context of a cookie agreement), the legal basis for this processing is Art. 6 Para. 1 lit. a. DSGVO. Otherwise, the personal data of the user will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f. of the German Data Protection Act). DSGVO) are processed.
The information collected about users is transferred to LinkedIn and stored on Google's servers in the United States, where LinkedIn is certified under the Privacy Shield Agreement and thereby assures compliance with European data protection laws.
Our website uses Mapbox Tiles on some subpages to display interactive maps. The Mapbox Tiles API is a map service from Mapbox Inc. (Mapbox). By using the Mapbox Tiles API, information about your use of this Web site, including your IP address, may be transferred to Mapbox in the United States. When you access a page that contains Mapbox Tiles maps, your browser establishes a direct connection with Mapbox's servers. Mapbox transmits the map content directly to your browser and integrates it into the website. Therefore, we have no control over the extent of data collected by Mapbox in this way.
We process the applicant data only for the purpose and within the framework of the application procedure in accordance with the legal requirements. The processing of applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure as defined by Art. 6 Para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO if the data processing e.g. in the context of legal proceedings for us becomes necessary (in Germany applies additionally § 26 BDSG).
The application procedure requires that applicants provide us with the applicant data. If we offer an online form, the necessary applicant data are marked, otherwise they result from the job descriptions and basically include personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.
Where made available, applicants may submit their applications via an online form on our website. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and the applicants themselves must ensure that they are encrypted. We can therefore accept no responsibility for the transmission path of the application between the sender and the reception on our server. Applicants also have the option of sending their application to us by post.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, to which applicants are entitled at any time.
We will therefore treat your data in accordance with statutory retention and deletion periods. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
We reserve the right to amend the data protection declaration in order to adapt it to changed legal situations or in the event of changes to services or data processing. Users are therefore requested to inform themselves regularly about the content.(01/2019)