HolidayPirates Your map to hidden travel deals

Data protection declaration

Data Protection Declaration

Last modified: October 26th, 2018

Changes: 5.2 Affected rights, 7. Law and Protection, Whatsbroadcast - Messaging Services, 2.1 Information you provide, Name changes from Whatsbroadcast to MessengerPeople GmbH. 2.6 Comment function at Blog, 3. Services = Google Tag Manager & Google Analytics

On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

Data protection is a matter of trust and your trust is important to us. We respect your personal space and your privacy. Therefore, protecting personal data and collecting, processing and using them in conformity with the law is an important concern to us. So that you feel safe while visiting one of our web pages, we strictly adhere to legal provisions when we process you data and would like to inform you here about our data collection and use of data.

We take appropriate technical and organizational measures which are intended to prevent unauthorized or unlawful processing of personal data and accidental loss or destruction of, or damage to, personal data.


1. Responsible body

The body responsible for collecting, processing and using your personal data in terms of the Federal Data Protection Laws is HolidayPirates GmbH, Wallstraße 59, 10179 Berlin, Germany.

Should you not agree with collecting, processing and using your personal data in accordance with these data protection provisions in total or only to individual measures, you can send your objection by email, fax or letter to the following contacts:

HolidayPirates GmbH,
Wallstr. 59, 10179 Berlin
Phone: +49 30 34 655 0074
Email: [email protected]
Web: www.holidaypirates.com

2. Information we collect

HolidayPirates must receive or collect some information to operate, provide, improve, understand, customize, support, and market our Services, including when you install, access, or use our Services. The types of information we receive and collect depend on how you use our Services.

2.1 User Account:

Information you provide

  • E-Mail address
  • Username
  • Password

Provided by you (voluntary):

  • Profile picture
  • Name
  • Date of birth
  • Preferences for travel destinations such as departure time, destinations, travel months, travel budgets or travel categories.

Moreover, you have the possibility to log in with your Facebook account. If you do so, the following data will be stored:

  • Name
  • E-Mail address
  • Profile picture
  • Age
  • Language
  • Country
  • Further information which is visible for the public in your Facebook profile.

This data will only be provided on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR processed and used only to make your profile. You can delete your user account at any time, just click "delete user account" within your profile.


2.2 Newsletter-Subscribtion

Information you provide

  • Name (voluntary)
  • E-Mail
  • Date of registration
  • Registered market
  • User behavior tracking in website

The collection of the e-mail address serves to deliver the newsletter. Legal basis for sending the newsletter is your consent acc. Art. 6 para. 1 lit. a GDPR. The registration for the newsletter will be logged. Legal basis for logging the application is our legitimate interest in proving that the shipment was made with your consent. You can unsubscribe from our newsletter at any time. The link can be found at the end of each newsletter. As soon as you have unsubscribed from the newsletter, you will no longer receive any further offers from us. Also, your personal data will no longer be used and deleted immediately.


2.3 WhatsApp-Service:

    Information you provide

    • Phone number
    • Profile picture
    • Messages send to us

    Legal basis for sending the WhatsApp newsletter is your consent in accordance with. Art. 6 (1) lit. a GDPR. Your consent to this data processing is always revocable by entering "STOP" in the respective messenger. The registration for the WhatsApp newsletter is logged. Legal basis for logging the application is our legitimate interest in proving that the shipment was made with your consent.


    2.4 Contact via contactform or email:

      Information you provide

          • Name
          • E-Mail address
          • Messages send to us

          The processing of personal data serves to process the contact as well as to prevent misuse of the contact form and to ensure the security of our information technology systems. Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) lit. a GDPR.


          2.5 Customer support:

                Information you provide

                • Name
                • Messages send to us
                • Phone number, in case you call us

                2.6 Information you provide, if you leave a comment

                • Username
                  Profile picture (if provided)
                  Date and time of your comment

                The collection of the above-mentioned data of the user is intended to allow a commentary function and to prevent misuse of the services or the email address used. Legal basis for the processing of data after writing a comment by the user is due to our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR and serves the security of us as a website operator.


                2.7 Automatically Collected Information

                • Cookies. We use cookies to operate and provide our Services, including to provide our Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services. For example, we use cookies to provide HolidayPirates for web and desktop and other web-based services. We may also use cookies to understand which of our FAQs are most popular and to show you relevant content related to our Services. Additionally, we may use cookies to remember your choices, like your language preferences, to provide a safer experience, and otherwise to customize our Services for you.Learn moreabout how we use cookies to provide you our Services.
                • Usage And Log Information.We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services, and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.

                3. Services

                Google LLC

                Google Tag Manager

                As far as you have given your consent, Art. 6 (1) lit. a., Article 7 GDPR on our Google Tag Manager page, a web analytics service provided by Google LLC will be applied. The Google Tag Manager does not collect personally identifiable information but facilitates the integration and management of our tags. Tags are small pieces of code that can be used, among other things, to measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites. Google Tag Manager does not access this data. If you deactivated the domain level, it will, however, remain in effect for all tracking tags implemented with Google Tag Manager.

                • Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
                • GDPR Compliance:https://privacy.google.com/businesses/compliance/#...
                • Purpose: Analysis of user behaviour on the website to
                  • develop new products and services
                  • optimize existing products and services
                  • find and fix bugs
                  • planning and measuring marketing campaigns
                • Data: Pseuydomised ID generated by first party cookies

                Following trackers are implemented within the Google Tag Manager

                • Google Analytics
                • Facebook Pixel

                Google Analytics

                As far as you have your consent, Art. 6 (1) lit. a., Art. 7 GDPR on our website Google Analytics, a web analysis service of Google LLC.

                • Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
                • GDPR Compliance: https://www.privacyshield.gov/participant?id=a2zt0...
                • Purpose:
                  • Analysis of user behavior on the website to develop new products and services to optimize existing products or services to find and fix error messages on the blog
                  • planning and measuring marketing campaigns
                • Data: Pseudonymous ID generated by first party cookies

                Google Analytics uses "cookies" - text files that are stored on your device and allow an analysis of the use of the website. The information collected by the cookies is usually sent to a Google server in the US and stored there. We have activated IP anonymization. Your IP address will be shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. Only in individual cases, the IP address is initially transferred unabridged to the United States to a Google server and shortened there.

                The information collected by Google on our behalf, as part of the Order Data Agreement, is used to evaluate the use of the Website by individual users, such as: For example, to generate activity reports on the website to improve our website. This also makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze the activities of a user across devices.

                The personal data of users will be deleted or anonymized after 14 months. You may revoke your consent at any time with future effect by preventing the storage of cookies by setting your browser software accordingly. However, we point out that in this case you may not be able to use all the features of this website in full. Alternatively, you also have the option to refuse the use of Google Analytics in our tool on the website by simply rejecting the service in the tool.

                Furthermore, you can prevent by a browser plugin (https://tools.google.com/dlpage/gaoptout?hl=de), that the information collected by cookies (including your IP address) is sent to Google Inc. and used by Google Inc.


                Firebase (Apps)

                • Address: 188 King StSan Francisco, CA 94107, USA
                • GDPR Compliance: https://firebase.google.com/support/privacy/
                • Purpose:
                  • Analysis of user behavior on the website
                  • to develop new products and services
                  • optimize existing products or services
                  • Find and fix error messages on the blog
                  • Measure and plan marketing campaigns
                • All pseudonymised data:
                  • Pseudonymous ID generated by first party cookies

                    HolidayPirates Website Tracking

                    • Address: HolidayPirates GmbH, Wallstr. 59, 10179 Berlin, Germany
                    • Purpose:
                      • Personilize inventory for users.
                      • Enhance user experience.
                      • Improve our service.
                    • All pseudonymised data:
                      • Pseudonymous ID and userID from website if they are logged in.
                      • Actions and website.
                      • Usage of website.

                    Facebook Pixel

                    • Address: Facebook Inc.,1 Hacker Way, Menlo Park, California, US
                    • GDPR Compliance: https://www.facebook.com/business/gdpr
                    • Purpose:
                      • Measurement and analytics to better understand our users and provide better content.
                      • Custom Audiences are used for advertising campaigns, which allows us to serve more relevant advertising.
                    • All pseudonymised data:
                      • Http headers - Anything present in HTTP headers
                      • Pixel-specific data - This includes the pixel ID and Facebook cookie.
                      • Button click data - This includes any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks.
                      • Other values - Additional information about the visit through custom data events, for example the destination or hotel-name someone checked.

                    Pinterest

                    • Address: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
                    • GDPR Compliance: https://policy.pinterest.com/de/privacy-policy
                    • Purpose:
                      • Providing the "note" buttons on the website and on images to ensure the use of Pinterest for users and to make the saving of images possible.
                      • Analysis of the user behavior of Pinterest users on our website in order to understand interests, to improve and expand our products.
                      • By using Pinterest features on our website, data is automatically forwarded to Pinterest so that they have a better understanding of your interests in order to ensure better advertising
                    • All pseudonymised data:
                      • "Note "-Button collects data on how often the button was clicked by users on our website or the landing page itself.
                      • Log data, such as IP address, landing page URL with Pinterest functions, and the activities performed on it (such as the "Note" button), search history, browser type and settings, the date and time of your request, how you use it Pinterest and cookie and device data automatically shared with Pinterest.
                      • Cookie data
                      • Device information

                    Outbrain Pixel

                    • All pseudonymised data:
                      • Outbrain UUID (unique user ID).
                      • Time stamp, pages visited, referring source, conversion events.
                      • Browser, device, and operating system information. An estimate of geographic location associated with IP address, and other information normally transmitted in HTTP requests.
                      • Internet protocol (“IP“) address or other unique identifier (“Device Identifier“) for each computer, mobile device, technology or other device (collectively, “Device“) used to access the site. A Device Identifier is a number that is automatically assigned to a Device and is completely anonymous.

                    Hotjar

                    • Address: Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta
                    • GDPR Compliance: https://www.hotjar.com/legal/compliance/gdpr-commitment
                    • Purpose:
                      • Measurement and analytics to better understand our users and provide better content. Heatmaps, click maps, screen recordings help us to better organise and structure the content of our website to provide a seamless and easy user experience.

                    • All pseudonymised data:
                    • The following are all collected and completely pseudonymised: Browser type, Operating system, device Type, page URL(s) visited, and duration of visit

                      Emarsys

                      • Data:
                        • Capturing surfing behaviour of our users through an Pseudonymous Cookie ID, to track behaviour on each blogpost and sending this data to our newsletter database.
                        • Tracking the behaviour in our newsletters newsletters including tracking of opens of emails and clicks on links.

                      MessengerPeople

                      • Address: MessengerPeople GmbH, Herzog-Heinrich-Straße 9, 80336 München
                      • GDPR Compliance: https://www.messengerpeople.com/privacy/
                      • Purpose:
                        • For direct communication and sending out offers from our website
                      • All pseudonymised data:
                        • Phone number, Profile Picture, Messages or Questions send to us.

                      Messaging Services

                      By sending a start message to HolidayPirates (hereinafter referred to as – Sender) I agree with respect to Art. 6 Abs.1 lit. a GDPR that Sender has my permission to use my personal data (e.g. first and last name, phone number, messenger ID, profile image, messages) for direct communication and the required data processing, based on the respective messenger. To use this service, an existing messenger account with the respective provider is required.

                      The possible messenger service providers are:

                      Whatsapp: WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA with its privacy policy described at https://www.whatsapp.com/legal/#privacy-policy

                      Facebook Messenger: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA with its privacy policy described at https://www.facebook.com/about/privacy

                      Telegram: Telegram Messenger LLP 71-75 Shelton Street, Covent Garden, London, United Kingdom with its privacy policy described at https://telegram.org/privacy.

                      Insta News: Pylba Inc., 314 27th Avenue, San Mateo, CA, 94403, USA with its privacy policy described at http://apps.pylba.com/privacy.

                      I acknowledge that the respective provider might receive personal data (including communication meta data) that might be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Whatsapp Inc and Facebook Inc are certified under the Privacy Shield Agreement and thus guarantee compliance with European data protection regulations. Additional information is described in the above privacy policies of the respective messengers. Sender has no detailed knowledge about or influence on the respective providers.

                      Your agreement to this data processing can be revoked at any time by sending “stop” in the respective messenger.

                      To delete all data that is stored by our technical service provider, please send a message with „delete all data“ through your messenger.

                      Sender uses the technical service provider MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany as data processor for this messenger service.

                        Adjust GmbH (Apps only)

                        • Address: adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany
                        • GDPR Compliance: https://www.adjust.com/gdpr/
                        • Purpose:
                          • Unterstützung bei der Identifizierung des Verhaltens in der mobilen Anwendung, um Entscheidungen über gezieltes Marketing vorzubereiten; Unterstützung bei der effizienten Handhabung und Optimierung der mobilen Kampagnen für soziale Netzwerke und anderswo im Internet.
                        • All pseudonymised data:
                          • Pseudonymous cookie ID, ad ID and device ID used by a particular person, events in the mobile app about the use of the mobile app by a particular user (in particular login, successful completion of the transaction), but no payment and financial data.
                          • Content of the advertisement to be delivered to a particular user and, as appropriate, classified advertising group to which that person belongs.


                        3. Data collection when applying for a job


                        If you apply for a job position at HolidayPirates, personal data will be used for the purpose of carrying out the evaluation process in accordance with Art. 6. 1 sentence 1 lit. b) GDPR. The data you provide will be used only for the purpose of filling the vacancy, examining and processing your application in this context.

                        After finalization of the application process, these data will be blocked for further use and deleted after expiry of any retention obligations, unless you expressly consent to any other processing.


                        4. How we use Information

                        We use the information we have (subject to choices you make) to operate, provide, improve, understand, customize, support, and market our Services. Here's how:


                        • Our Services.We use the information we have to operate and provide our Services, including providing customer support, and improving, fixing, and customizing our Services. We understand how people use our Services and analyze and use the information we have to evaluate and improve our Services, research, develop, and test new services and features, and conduct troubleshooting activities. We also use your information to respond to you when you contact us.
                        • Safety And Security.We verify accounts and activity, and promote safety and security on and off our Services, such as by investigating suspicious activity or violations of our Terms, and to ensure our Services are being used legally.
                        • Third-Party Banner Ads. The Site uses DoubleClick, a third party advertising provider, to serve advertisements on the Site. Advertising providers are third parties that display advertisements based on your visits to the Site and other web sites you have visited, allowing targeted advertisements to be delivered to you for products and services in which you might be interested. The Site also uses a third party traffic measurement service to analyse how visitors use the Site. Third party advertising providers, advertisers (whose ads are displayed via the advertising provider) and the traffic measurement services used on the Site may use cookies, web beacons or embedded scripts (described above) or other similar mechanisms to automatically collect web site usage information. Third party advertising providers and the advertisers may use this web site usage information for, among other purposes, helping deliver advertisements to you that you might be interested in, to prevent you from seeing the same advertisements too many times and to conduct research regarding the usefulness of certain advertisements are to you. Traffic measurement services used on the Site may use the collected web site usage information for, among other purposes, gathering information about users' interactions with the Site, such as which links are clicked on. Cookies, web beacons and embedded scripts and other similar mechanisms used to collect web site usage information from advertising providers, advertisers and traffic measurement services are governed by their respective privacy policies and not this Privacy Policy. However, we do not share any Personal Information with these third parties in connection with their performing these services on the Web Site.For more information about DoubleClick, including instructions on how to opt out of DoubleClick's targeted advertising, please see http://www.doubleclick.com/pri... . For additional information about how to opt out of targeted advertising from DoubleClick and other members of the Network Advertising Initiative, please see http://www.networkadvertising.... .The following paragraph is a template for an opt-out statement, the properties may feature Nielsen proprietary measurement software, which will allow users to contribute to market research, such as Nielsen TV Ratings. To learn more about the information that Nielsen software may collect and your choices with regard to it, please see the Nielsen Digital Measurement Privacy Policy at http://www.nielsen.com/digitalprivacy.

                        The tracking of Ad Up, a technology and service provider of Axel Springer Teaser Ad GmbH (Axel-Springer-Strasse 65, 10969 Berlin), is integrated on our websites. By collecting anonymised and / or pseudonymous data, Ad Up will then be able to display advertisements for a
                        specific time on websites. Ad Up uses cookies to provide advertisers with conversion tracking that determines the effectiveness of their ads and keywords. More information about the data protection of Axel Springer Teaser Ad GmbH is available at https://www.adup-tech.com/datenschutz/. Via the button "Activate opt-out cookie" you also have the possibility to set an opt-out-cookie in your browser and deactivate Ad Up in this browser.


                        5. How We Process Information

                        Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we've explained these below. You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, and erasure of your data under the General Data Protection Regulation (the "GDPR"). To exercise your rights, see our Privacy Policy under How You Exercise Your Rights.

                        For all people who have legal capacity to enter into an enforceable contract, we process data as necessary to perform our contracts with you (the Terms of Service, the "Terms"). The core data uses necessary to provide our contractual services are:

                        • To provide, improve, customize, and support our Services as described in "Our Services";
                        • To promote safety and security;
                        • To store, or process your data outside the EEA, including to within the United States and other countries; and
                        • To communicate with you, for example, on Service-related issues.

                        When we process data you provide to us as necessary to perform our contracts with you, you have the right to port it under the GDPR. To exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.

                        The other legal bases we rely on in certain instances when processing your data are:

                        Your Consent:

                        For collecting and using information you allow us to receive through the device-based settings when you enable them (such as access to your camera, or photos), so we can provide the features and services described when you enable the settings.

                        When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time and to port that data you provide to us, under the GDPR. To exercise your rights, visit your device-based settings How You Exercise Your Rights section of the Privacy Policy.

                        Legitimate Interest :

                        Based on the GDPR art. 6/1f, we will not request nor require consent from a user in order to display advertisements. After having conducted a legitimate interest assessment, we believe that our legitimate interest is appropriate given the value we bring to our users, discovering great travel deals for bargain price. Based on data collected, we will show ads to users that deliver the best user experience. By doing so, we allow users to enjoy the inspiration and the free of charge site browsing while driving revenue for the company to maintain and develop the product. Moreover, we are fully supportive of the digital ad industry consent mechanisms and will continue to test consent mechanisms as potential alternative legal basis for processing.

                        For all people, including those under the age of majority:

                        • For providing measurement, analytics, and other business services where we are processing data as a controller. The legitimate interests we rely on for this processing are:
                          • To provide accurate and reliable reporting to businesses and other partners, to ensure accurate pricing and statistics on performance, and to demonstrate the value our partners realise using our Services; and
                          • In the interests of businesses and other partners to help them understand their customers and improve their businesses, validate their pricing models, and evaluate the effectiveness and distribution of their services and messages, and understand how people interact with them on our Services.
                        • For providing marketing communications to you. The legitimate interests we rely on for this processing are:
                          • To promote and send you, as customer, our last offers.


                        You have the right to object to, and seek restriction of, such processing; to exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.


                        We will consider several factors when assessing an objection including: our users' reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.


                        6. How The General Data Protection Regulation Applies To Our Users

                        6.1 How You Exercise Your Rights

                        Under the General Data Protection Regulation (GDPR) or other applicable local laws, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can access or port your information using our in-app Request Account Info feature (to be developed). You can access tools to rectify, update, and erase your information directly in-app as described in the Managing and Deleting Your Information section. Where we use your information for direct marketing for our own Services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications (Newsletter), or by removing your Travel Preferences and turning off the Spectacular Deals and Error fares switches.


                        6.2 Affected rights (revocation and opposition rights)

                        "Regardless of the explanations above, you may object to the use of your information at any time and revoke any consent to use your information at any time."

                        Here, the right of objection under Art. 21 para. 1 and 2 GDPR applies to the processing of your data in connection with direct advertisement, if this is done on the basis of a balance of interests.

                        Moreover, you have the right to correct, delete or restrict the processing of your information, as well as the right to object to processing and the right to transfer your data. Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving that you are the person you are spending yourself on.

                        If you revoke your consent to data processing or object to the use of the data, this does not affect the lawfulness of the data processing until the time of the revocation.


                        Legal basis

                        • Right of withdrawal (Art. 7 (3) GDPR "Conditions for consent")
                        • Right to object (Art. 21 GDPR "Right of opposition")

                        Right to rectification, deletion, suspension and restriction

                        Further, you have the right to correct, block or delete the data which is collected and stored by us, at any time. We expressly point out that there may be legal obligations to store data.

                        Legal basis

                        • Right to data correction (Article 16 GDPR "Right to rectification")
                        • Right to cancellation (Article 17 GDPR "Right to be forgotten")
                        • Right to limitation (Art. 18 GDPR "Right to restriction of processing")

                        Right to data transferability and complaint to a supervisory authority

                        As of 25.05.2018, you are also entitled to data transferability under Art. 20 GDPR and have the right to complain to the competent supervisory authority within the meaning of Art. 77 GDPR.

                        Legal basis

                        • Right to data transferability (Art. 20 DSGVO "Right to Data Transferability")
                        • Right to appeal to a supervisory authority (Article 77 GDPR "Right to Data Portability)

                        If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in a way, you can complain to the relevant regulatory authority.

                        In the case of HolidayPirates GmbH, this is the responsible supervisory authority:

                        Berlin Commissioner for Data Protection and Freedom of Information
                        Friedrichstr. 219, 10969 Berlin
                        Phone: +49 30 / 13889-406
                        E-Mail: [email protected]


                        Right to information

                        You have the right to know which data we store about you (right to information). Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving that you are the person for whom you spend yourself.

                        Legal basis

                        • Right to information (Art. 15 GDPR "Right of access of the data subject")

                        Contact person:

                        HolidayPirates GmbH
                        Wallstr. 59
                        10179 Berlin
                        Email: [email protected]


                        7. Managing and deleting Your Information

                        We store information until your account is deleted.

                        If you would like to manage, change, or delete your information, we allow you to do that through the following features:

                        • User Profile. Under User Profile you can manage all the information related to your profile. You can create, edit and delete your Travel Preferences. You can change your username, your profile picture, your email and your password.
                        • Delete Account. Under the User Profile (in-app) you have the right to be forgotten by removing your account from our systems.
                        • Analytics: Under the Settings in-app you can stop being tracked. Notice that by turning off the Analytics will restrict how we customize our Services to better suit your preferences.

                        8. Law and Protection

                        Art. 6 I lit. a GDPR is the legal basis for our company to processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the provision of any other service or consideration, the processing is based on Art. 6 I lit , b GDPR. Same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. We collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to: (a) respond pursuant to applicable law or regulations, to legal process, or to government requests; (b) enforce our Terms and any other applicable terms and policies; (c) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our users, HolidayPirates GmbH, or others.

                        9. Updates To Our Policy

                        We will notify you before we make changes to this Privacy Policy and give you the opportunity to review the revised Privacy Policy before you choose to continue using our Services.

                        10. Contact Information

                        The Data Protection Officer for HolidayPirates GmbH can be contacted here ([email protected]).

                        If you have questions about our Privacy Policy, please write us here:

                        HolidayPirates GmbH

                        Wallstr. 59

                        10179 Berlin

                        Phone: +49 30 34 655 0074

                        11. Cookies

                        11.1 About Cookies

                        A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device.

                        11.2 Wie wir Cookies verwenden

                        We use cookies to understand, secure, operate, and provide our Services. For example, we use cookies:

                        • to provide HolidayPirates for web and other Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services;
                        • to simplify the log-in process or to customize our content in line with your interests and preferences.
                        • If you book a trip with one of our business partners via our site, appropriate personal data will be passed to the business partner. This includes cookies used to record the booking process. The cookies enable our business partner to ascertain that you have taken advantage of the offer presented via our website. Our partners may use information about your booking to improve your/their offering.

                        Following data can be transmitted in this way:
                        When you visit our website, you are informed about the use of cookies, in this context, there is also a reference to this privacy policy. The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. (1) lit. a GDPR.

                          11.3 How to control Cookies

                          You can follow the instructions provided by your browser or device (usually located under "Settings" or "Preferences") to modify your cookie settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.


                          Should you have questions about your personal data, you can contact us via the contact form on our website.

                          26. October 2018