HolidayPirates
Profile

We value your privacy

We use cookies to enhance your browsing experience, serve personalised content, and analyse our traffic. By clicking "Accept All" you accept this and consent that we share this information with third parties and that your data may be processed in the USA. For more information, please read our .

You can adjust your preferences at any time. If you deny, we will use only the essential cookies and unfortunately, you will not receive any personalised content. To deny, .

Data Protection Declaration

HolidayPirates GmbH Data Protection Declaration

Data protection is a matter of trust, and your trust is very important to us – we respect your privacy. Therefore, protecting personal data and collecting, processing and using them in conformity with the law is our number one concern. We want you to feel safe with us; we strictly comply with the legal provisions for the processing of your data and would like to provide you with details concerning the data we collect and use on this page.

We take appropriate technical and organisational measures intended to prevent unlawful processing of personal data and their accidental loss, destruction or damage.

1. Responsible Body

HolidayPirates GmbH, Neue Grünstraße 18, 10179 Berlin, is the responsible body for the collection, processing and use of your personal data pursuant to the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG).

Should you object to the collection, processing and use of your personal data in part or full, you can send your objection by letter or email to the following contact:

HolidayPirates GmbH

Neue Grünstraße 18

10179 Berlin

[email protected]

You can also find our contact details in our legal notice.

2. Processed Data

HolidayPirates GmbH must receive or collect information to operate, provide, improve, understand, customise, support, and market our services. This takes place, for example, when you install, use or access our services. The types of information we receive and collect depend on how you use our services.

2.1. User Account

If you wish to make a user account on our website, the following information is required:

  • Email address

  • Username

  • Password

Provided by you voluntarily:

  • Profile picture

  • Name

  • Date of birth

  • Travel destination preferences for our Travel Alerts such as departure times, destinations, travel months, budgets and travel categories.

You also have the option to link your user account with your Facebook, Google or Apple account. In this case, you share the following information with us:

  • Name

  • Email address

  • Profile picture

  • Age range

  • Language

  • Country and further data visible to the public on your Facebook profile.

Purpose: To write comments on the website and receive personalised offers

Creating a user account is completely voluntary. These data are only used to design your profile based on your consent in accordance with Art. 6 para. 1 (a) GDPR.

These data are stored until you delete your user account from our website. You can delete the account you created at any time. To do so, log into our website and click on ‘Delete user account’ under ‘Account Settings’.

2.2. Newsletter Subscription

The technical service provider Iterable Inc., 71 Stevenson Street, 3rd Floor, San Francisco, CA 94105, USA are our processors for sending newsletters.

Purpose: For advertising campaigns and sending offers from our website

Processed data:

  • Email address (required)

  • First and last name (voluntary)

  • Subscription date (automatically collected)

  • The country selected for the subscription (automatically collected)

When you subscribe to the newsletter, your behaviour in our newsletter is recorded (tracking the opening of emails and clicks on links). As soon as you open, and/or click on a newsletter, pseudonymised data will be saved. In this case, we are using the data for the optimization of our website contents and offers. In order to be able to adapt our newsletter to your needs, we use cookies which track your links if necessary (retargeting). In this way, you will receive special offers and information that fit your actual interest. By subscribing to our newsletter, you agree to this procedure. Of course, you always have the opportunity to contradict this.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 (a) GDPR.

By registering, you also consent to your data being processed in the USA in accordance with Article 49 Paragraph 1 Sentence 1 Letter a GDPR. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without any legal remedy.

You can unsubscribe from our newsletter at any time; the link to do so is at the end of every newsletter. As soon as you have unsubscribed from the newsletter, you will no longer receive any offers from us. Your personal data will not be reused and are blocked immediately. Your data will be saved for another 3 years before it will be deleted. Legal basis for saving the data is our entitled interest of proving that the delivery of emails happened with your consent in order to ward off potential claims.

 

2.3. Contact using our Contact Form or Email:

Processed data:

  • First and last name

  • Email address

  • Messages that are sent to us

Purpose: The processing of personal data serves to facilitate contact, prevent misuse of the contact form and to ensure the safety of our information technology systems. The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 (a) GDPR.

Your messages and our replies are stored for a period of three years for the purpose of proving the provision of proper information.

2.4. Customer Service

Processed data:

  • Name

  • Messages

  • Phone number (if you contacted us by phone)

Purpose: The processing of the personal data facilitates contact, prevents misuse of the service and safeguards security. The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 (a) GDPR. Insofar as the data processing is necessary for completing a contract, Art. 6 para. 1 (b) GDPR shall serve as the permissive standard for the data processing.

2.5. Commentary Function on the Blog

Processed data:

  • Username (required)

  • Profile picture (if provided)

  • Time and date of your comment

  • Content of the comment

Writing comments is completely voluntary. The collection of the above-mentioned user data is intended to prevent misuse of the services. The legal basis for the data processing after a comment has been written by the user is based on our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR and ensures our security as a website operator.

If you delete your account on our website, the comments will no longer be marked with usernames or profile pictures; the comments themselves shall remain.

2.6. WhatsApp Messenger Service

Messages are being sent and received using Cloud API hosted by Meta.

The WhatsApp newsletter is sent via the messenger service provider called Vonage B.V.

  • Address: Vonage B.V., Prins Bernhardplein 200, 1097 JB Amsterdam, Netherlands

  • GDPR Compliance: https://www.vonage.com/legal/privacy-policy/

  • Purpose: For direct communication and sending out offers from our website All pseudonymised data: Phone number, Profile Picture (optional), Name and Surname (optional), Messenger ID (automatically), Messages or Questions send to us

By sending a start message to HolidayPirates (hereinafter referred to as – Sender) I agree with respect to Art. 6 Abs.1 lit. a and Art. 7 GDPR that Sender has my permission to use my personal data for direct communication and the required data processing, based on the respective messenger. To use this service, an existing messenger account with the respective provider is required. This messenger service provider is:

  • WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA with its privacy policy described at https://www.whatsapp.com/legal/privacy-policy-eea

I acknowledge that the respective provider might receive personal data (including communication meta data) that might be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Additional information is described in the above privacy policies of the respective messengers. Sender has no detailed knowledge about or influence on the respective providers.

Your agreement to this data processing can be revoked at any time by sending “STOP” in the respective messenger. To delete all data that is stored by our technical service provider, please send a message with “DELETE“ through your messenger. This might take up to 24 hours.

2.7. Facebook Messenger Service

The Facebook Messenger newsletter is sent via the messenger service tool Jumper.ai provided by Vonage B.V.

  • Address: Vonage B.V., Prins Bernhardplein 200, 1097 JB Amsterdam, Netherlands

  • GDPR Compliance: https://www.vonage.com/legal/privacy-policy/

  • Purpose: For direct communication and sending out offers from our website All pseudonymised data: Phone number (optional), Profile Picture (optional), email address (optional), Name and Surname (optional), Messenger ID (automatically), Gender, Timezone (optional), Date of birth (optional), Locale, Messages or Questions sent to us.

You acknowledge that the provider might receive personal data (including communication metadata) that will be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Additional information is described in the above privacy policy of the respective messenger service provider. HolidayPirates (hereinafter referred to as – Sender) has no detailed knowledge about or influence on the respective providers.

By accepting the opt-in request, you give permission to Sender with respect to Art. 6 Abs.1 lit. a and Art. 7 GDPR to use your personal data for direct communication and the required data processing, based on the respective messenger. To use this service, an existing messenger account with the respective provider is required. This messenger service provider is:

Facebook Messenger

You acknowledge that the respective provider might receive personal data (including communication metadata) that will be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Additional information is described in the above privacy policy of the respective messenger service provider. Sender has no detailed knowledge about or influence on the respective providers.

Your agreement to this data processing can be revoked at any time by sending “UNSUBSCRIBE” in the respective messenger. To delete all data that is stored by our technical service provider, please send a message with “DELETE ALL DATA“ through your messenger. This might take up to 24 hours.

2.8. Instagram Messenger-Service

The Instagram Messenger newsletter is sent via the messenger service tool Jumper.ai provided by Vonage B.V.

  • Address: Vonage B.V., Prins Bernhardplein 200, 1097 JB Amsterdam, Netherlands

  • GDPR Compliance: https://www.vonage.com/legal/privacy-policy/

  • Purpose: For direct communication and sending out offers from our website All pseudonymised data: User ID (automatically), Profile Picture (optional), Name and Surname (optional), Messages or questions sent to us.

You acknowledge that the provider might receive personal data (including communication metadata) that will be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Additional information is described in the above privacy policy of the respective messenger service provider. HolidayPirates (hereinafter referred to as – Sender) has no detailed knowledge about or influence on the respective providers.

By accepting the opt-in request, you give permission to Sender with respect to Art. 6 Abs.1 lit. a and Art. 7 GDPR to use your personal data for direct communication and the required data processing, based on the respective messenger. To use this service, an existing messenger account with the respective provider is required. This messenger service provider is:

Instagram Messenger

  • Address: Meta Platforms Inc, 1 Hacker Way Menlo Park, California 94025

  • Privacy policy: https://www.facebook.com/about/privacy/

You acknowledge that the respective provider might receive personal data (including communication metadata) that will be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Additional information is described in the above privacy policy of the respective messenger service provider. Sender has no detailed knowledge about or influence on the respective providers.

Your agreement to this data processing can be revoked at any time by sending “UNSUBSCRIBE” in the respective messenger. To delete all data that is stored by our technical service provider, please send a message with “REMOVE“ through your messenger. This might take up to 24 hours.

3. Automatically Collected Information / Cookies

A cookie is a small text file that is stored on your computer or mobile device when you visit a website with your browser.

We use cookies to operate and provide our services, for example, to provide our web-based services, improve your user experience, analyse how our services are used and customise our services to simplify the login process, and customise our content to match your interests and preferences.

We also use cookies to find out which questions are the most popular in our FAQ and to point you in the direction of relevant content in relation to our services. In addition, we may use cookies to store your settings – such as your language preferences – to guarantee you a safer user experience and to also individually customise our other services for you in this manner.

If you book a holiday with one of our business partners using our website, the personal data in connection therewith are transmitted to the business partner. These include cookies which are used to record the booking process. The cookies allow our business partners to determine whether you booked the offer on our website. In order to improve their offer, our partners may use information concerning your booking.

Important notice concerning the use of cookies:

  1. You are informed about the use of cookies when you access our website and provide your consent to the processing of the personal data obtained in connection therewith; this includes the search terms entered and the frequency of site visits and clicks. There is also a notice concerning this data protection declaration in this context. You can either accept all cookies, or decide to reject some or all of our services. In this way, you have the best possible control over the processing of your data and use only the services that you really wish to avail of.

  2. The legal basis for the processing of personal data using cookies for analysis purposes is your consent pursuant to Art. 6 para. 1 (a) GDPR.

  3. You can either fully or partially deactivate the collection of cookies and the use of the respective services by using the corresponding control element on the website, which we show at the very bottom as Manage Services. There you also have the option to deactivate the collection of all cookies, or only certain cookies you have selected.

  4. Cookies required for technical reasons are automatically collected (via Bugsnag, Inc., 939 Harrison St, San Francisco, CA 94107). You cannot deactivate these; they do not process any personal data. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in providing smooth operation of the Internet offering.

  5. We integrate videos into our online presence from the YouTube video platform by the service provider Google Ireland Ltd. For the provision of the service, Google may save and process the user’s IP address.

  6. We integrate the videos of the platform Vimeo.com, Inc. within our online offer. To provide the service, the provider may store and process the IP address of the user. If you deactivate Vimeo on the cookie banner, no services from Vimeo will be loaded. To do this, simply click on the ‘Manage services" button at the bottom of the website and deny the service.

  7. Our website may also contain content such as pictures, videos or texts from the Instagram service. If the user has an Instagram account, Instagram can assign access of the contents to the user’s profile. If Instagram is deactivated in Manage Services, no services from Instagram will load. To do this, you need only click on the Manage Services button on the website and reject the service there.

4. HolidayPirates App

4.1. Notifications

We use so-called App notifications for the provision of the App and services.The legal basis for sending app notifications is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Consent can be revoked at any time in the device settings. 

The technical service provider Braze is our processor for sending push notifications.

Address : Braze Inc., 318 West 39th Street, New York, NY 10018

Purpose: Advertising campaigns, sending offers from our website; onboarding tour and helpful tips for those who use our website to improve their user experience.

Processed data:

  • Analysis of user behaviour in the App to receive personalised offers.

  • If you are a registered user, information about your profile is shared (email, username, profile picture and notification settings).

  • Braze also only stores basic non-identifiable information from the device (country, language, time zone, operating system, App version and device ID).

  • We also store and process information about the offers you have placed on the favourites list.

In cases where the user is logged in – we can identify them as the same user (on the web and in the App) and correlate data across platforms to send more targeted messages.

Braze is only used if you gave your consent when you opened the app for the first time, according to Art. 6 para. 1 (a) GDPR. Your consent can be revoked at any time in the app settings.

These data are stored until you unsubscribe from App notifications which you can do at any time in the App settings. As soon as you have unsubscribed, you shall no longer receive any offers from us, and your personal data will no longer be used and are deleted immediately.

4.2. Analytical & Performance Cookies

We collect user data to improve the performance of the app and perform business-related analytics. Analytical cookies are used to understand how customers use the app, to improve the website, apps and communications. The company uses information about previous actions and interactions to display personalised content and relevant advertising on third-party websites and apps. This data also helps to measure the effectiveness of ads and to facilitate the billing of advertising. Recent searches are stored to facilitate the use of the apps. The legal basis for the processing of the data is your consent pursuant to Art. 6 (1) a) GDPR. Your consent can be revoked at any time in the app settings.

a. Firebase and Google Analytics SDK

These services collect analytics data to track and monitor user behaviour during sessions.

Address : 188 King St., San Francisco, CA 94107, USA

Purpose of processing: Analyse user behaviour in the App to:

  • Develop new products and services

  • Optimise existing products or services

  • Find and fix error messages on the blog

  • Measure and plan marketing campaigns

Firebase is a sub-service from Google Analytics. When Firebase is used in the App, the data are forwarded to Google Analytics via Google Tag Manager. The data are then read through Adjust. You can find more information on the operating principle in the section entitled ‘Google Analytics’ and ‘Adjust’.

Firebase is only used if you gave your consent when you opened the app for the first time, according to Art. 6 para. 1(a) GDPR. Your consent can be revoked at any time in the app settings.

Personal data relating to the user are deleted after 38 months.

b. Braze Analytics SDK

This is a mobile engagement and messaging system. It collects analytics data to track and monitor the behaviour of user sessions in our mobile app.

4.3. Essential Cookies 

The data collected through these services is used to ensure the technical performance of the application and to provide the most basic content to users. Functional cookies enable a smooth use of our application by allowing the creation of an account, logging in and viewing content. These cookies must always be enabled in order to use our mobile app and therefore cannot be disabled.  The data processing according to Art. 6 (1) lit. f) DSGVO is justified by our economic interest in providing technical functionality, optimisation and development of services.

a. Facebook Login SDK

This integration allows you to log in to your account using your Facebook account details. 

b. Google SignIn SDK

This integration allows you to log in to your account using your Google account details. 

c. Firebase AuthSDK

This integration allows you to offer login options to users and store their login information in Firebase.

d. Firebase Crashlytics SDK

This service collects error messages and crash reports in the app.

e. Braze SDK

This is a mobile engagement and messaging system that collects mobile app usage data to enable targeting and delivery of push notifications and in-app messages to our mobile app users. For technical reasons, we need to enable the tool when you launch the app, but no personal data is collected until you give us your consent. 

f. Adjust

Address : Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany

Purpose: Assisting in identifying behaviour in the mobile application to support decisions about targeted marketing; assisting in the efficient management and optimisation of mobile campaigns for social networks and elsewhere on the Internet.

Processed data:

  • Cookie ID, display ID and the device ID used by a specified person, events in the mobile App concerning the use of the mobile App by a particular user (especially login, successful completion of transaction, country, language, local settings, app version) but no payment or financial data.

  • The content of the advertising to be delivered to a particular user and the advertising group to which that person belongs.

  • HTTP headers, IP address, MAC address (Media Access Control address is a hardware address of each individual network adapter, which serves as a unique identifier of device in a computer network), user's device and web activity information.

5. Analysis of User Behaviour on our Website

5.1. HolidayPirates Website Tracking (Google Tag Manager)

HolidayPirates Website Tracking is our name for Google Tag Manager, a web analysis service from Google Ireland Ltd.

The Google Tag Manager itself does not collect any personal data but rather facilitates the integration and management of our tags. Tags are small pieces of code that can be used, among other things, to measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimise websites. Google Tag Manager does not access this data.

If you carried out a deactivation in Manage Services at the bottom of the web page, it will deactivate all tracking tags implemented with Google Tag Manager.

The following tracking services are integrated into Google Tag Manager:

  • Google Analytics

Google Analytics

If you have not objected to ‘HolidayPirates Website Tracking’ in Manage Services, Google Analytics, a web analysis service of Google Ireland Limited, is used on our website.

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Purpose: Analysing user behaviour on the website to:

  • Develop new products and services

  • Optimise existing products or services

  • Find and fix error messages on the blog

  • Measure and plan marketing campaigns

Processed data: Pseudonymised ID

Google Analytics uses ‘cookies’ – text files that are stored on your device and allow an analysis of the use of the website. The information collected by the cookies is generally sent to a Google server in the USA and stored there.

We have activated IP anonymisation. Your IP address will be shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. The IP address is only initially transferred unabridged to the United States to a Google server and shortened there in individual cases. Through this shortening, the personal reference to your IP address is omitted. The user’s IP address transmitted by the browser is not merged with other data stored by Google.

The information collected by Google on our behalf, as part of the contract processing agreement, is used to evaluate the use of the website by individual users, for example, to generate activity reports on the website in order to improve our website. This also makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user’s activities across devices.

Personal data relating to the user are either deleted or anonymised after 38 months. You also have the option to deactivate the use of Google Analytics in our tool on the website; simply reject HolidayPirates Website Tracking in the Manage Services section.

Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

5.2. Demographics:

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose:

  • Breaking down website visitors by age, gender and interests.

  • Better targeting of advertisements according to the target audience based on age, gender and dimensions of interests.

Processed data: Pseudonymised ID

Google Optimize is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in the Manage Services section on our website.

Personal data relating to the user are either deleted or anonymised after 38 months.

5.3. Optimize:

If you have not rejected ‘Optimize’ in our Manage Services, our website uses Google Optimize, a website optimisation tool.

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose:

  • Statistical analysis of changes and new functionalities on the website, analysis of the use of different variants of our website.

  • To improve the user experience and content of the website based on user behaviour, variations are displayed for a percentage of the users.

Processed data: Pseudonymised ID

Google Optimize is a sub-service of Google Analytics – more information on how it works can be found in the section entitled ‘Google Analytics’.

Optimize is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in the Manage Services section on our website.

You have the option to deactivate the use of Google Optimize in our tool on the website at any time; simply reject the service by clicking below on the Manage Services button and rejecting it there.

Personal data relating to the user are either deleted or anonymised after 90 days.

5.4. Meta Pixel

If you have not rejected ‘Meta Pixel’ in Manage Services, Facebook Pixel is used on our website. As Facebook and Instagram are linked, the data are processed simultaneously by Instagram.

Address: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

Address : Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Purpose:

  • Analysis of user behaviour to better understand the user and thus offer better content.

  • Use of Custom Audiences for advertising campaigns and personalised advertisements.

Processed data:

  • HTTP-Headers – everything that is present in HTTP-Headers (HTTP-Headers are standard web logs sent between every browser request and server on the Internet. HTTP headers include IP addresses, information about the web browser, page location, document, referrer and person using the site).

  • Pixel-specific data – this includes the pixel ID and the Facebook cookie (using Facebook Pixel, Facebook can identify you as a visitor to our website as a target group for displaying ads. Facebook Pixel allows us to check whether a user has been redirected to our website after clicking on our Facebook ads. Accordingly, we use Facebook Pixel to display Facebook ads placed by us only to Facebook users who have shown an interest in our online offers. The Facebook cookie provides information about your activities outside of Facebook – including information about your device, websites visited, purchases made, ads you have viewed, and the way in which you use Facebook services – regardless of whether you have a Facebook account or are signed in to Facebook).

  • Button Click Data – these include all buttons clicked by website visitors, the labels of those buttons and all pages that were called up as a result of the buttons (tracking user behaviour).

Our legitimate interest in data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in the economic operation of our online offers.

Personal data relating to the user are either deleted or anonymised after 180 days.

You have the option to deactivate the use of Facebook Pixel in our tool on the website; simply reject the service after clicking on the Manage Services button below.

5.5. Google Ads

If you have not rejected ‘Google Ads’ in Manage Services, Google Ads Tags are used on our website. 

Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose:

  • Analysis of user behavior to better understand the user and thus offer better content.Use of Custom Audiences for advertising campaigns and personalized advertisements.

Processed data:

  • HTTP-Headers – everything that is present in HTTP-Headers (HTTP-Headers are standard web logs sent between every browser request and server on the Internet. HTTP headers include IP addresses, information about the web browser, page location, document, referrer and person using the site).

  • Tag-specific data – this includes the tag ID and the Google cookie (using Google Ads Tags, Google can identify you as a visitor to our website as a target group for displaying ads. Google Ads Tags allow us to check whether a user has been redirected to our website after clicking on our Google ads. Accordingly, we use Google Ads Tags to display Google ads placed by us only to users who have shown an interest in our online offers.

  • Button Click Data – these include all buttons clicked by website visitors, the labels of those buttons and all pages that were called up as a result of the buttons (tracking user behavior).

Our legitimate interest in data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in the economic operation of our online offers. Personal data relating to the user are either deleted or anonymised after 180 days. You have the option to deactivate the use of Google Ads Tags in our tool on the website; simply reject the service after clicking on the Manage Services button below.

The following tracking services are integrated into Google Ads:

  • Google Analytics 4

It means that Google Analytics audience lists will be published to the linked Google Ads accounts. Read more above under 5.1. Google Analytics. 

5.6. Pinterest

Address : Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

Purpose:

  • Providing the ‘Note’ buttons on the website and images to ensure the use of Pinterest for users and to enable the saving of images.

  • Analysis of the user behaviour of Pinterest users on our website in order to understand interests and to improve and expand our products.

  • By using Pinterest features on our website, data are automatically forwarded to Pinterest so that they have a better understanding of your interests to ensure better advertising.

Processed data:

  • Information outlining how often the button was clicked by users on our website and the URL of the landing page.

  • Log data, such as IP address, landing page URL with Pinterest functions, and the activities performed on it (such as the ‘Note’ button), search history, browser type and settings, the date and time of your request, how you use Pinterest (tracking of user behaviour) and cookie and device data (including device type, operating system, settings, unique device identifiers as well as crash data, which are useful when correcting errors) are automatically shared with Pinterest.

  • Cookie data for recording log data (if you use Pinterest, some information (log data, see above) is automatically stored, such as information that your browser automatically transmits when you visit a website, or information that your mobile App automatically sends when you use it. Cookies are also used to record log data, e.g. to save your language settings or other settings, so you do not have to set them every time you log in to Pinterest. Some cookies are associated with your Pinterest account (including your personal information such as the email address you provided), other cookies are not).

  • Device type

Pinterest is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Personal data relating to the user are deleted after 30 days.

5.7. Twitter (Twitter Social Plugins)

Address : Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Purpose: The user has the option to share our offers directly to Twitter. The data are used to improve Twitter products and services and to deliver relevant advertising, including personalised suggestions and personalised ads.

Processed data: Twitter may receive information such as the web pages you visit, your IP address, browser type, operating system and cookie information.

Twitter is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Personal data relating to the user are either deleted or anonymised after 18 months.

5.8. Facebook Social Plugins (Facebook, Instagram)

Address: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

Purpose: The data are used to improve Facebook products and services and to deliver relevant advertising.

Processed data: Facebook user ID, page URL, date and time and other browser information

Facebook Social Plugins are only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

The data are saved until they are no longer needed to provide Facebook services and products, or until the account is deleted, depending on which occurs first. The search history is deleted after 6 months.

5.9 HolidayPirates Newsletter (Iterable)

Address: Iterable Inc., 71 Stevenson Street, 3rd Floor, San Francisco, CA 94105, USA

Purpose: For advertising campaigns and sending offers from our website.

Processed data:

Collection of user behaviour via a pseudonymised cookie ID, tracking behaviour on our website and sending these data to our newsletter data bank.

Tracking of user behaviour in our newsletter (opening of emails and clicks on links).

Iterable tracking is only used if you are subscribed to the newsletter and have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. Personal data relating to the user are deleted or anonymised within 30 days after the user has unsubscribed from our Newsletter.

5.10. HelpHero

Address : Help Hero Co., Suite 9429, 17B Farnham Street Parnell, Auckland 1052, New Zealand

Purpose: Introductory tour and helpful tips for users of our website to provide them with a better user experience.

Processed data: Pseudonymised ID

HelpHero is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Personal data relating to the user are either deleted or anonymised after 30 days.

5.11. SurveyMonkey

Address : SurveyMonkey Inc., San Mateo, One Curiosity Way, California 94403

Purpose:

  • To implement online surveys and to better understand the user.

  • To reward users who wish to take part with a prize.

Processed data:

  • Email address (optional)

  • Demographic data (including age, gender, status; mandatory)

  • Psychographic data (including interests; mandatory)

  • Answers to questions based on opinions, tendencies and experiences depending on the survey (mandatory)

SurveyMonkey is only used when you take part in a survey pursuant to Art. 6 para. 1 (a) GDPR.

Personal data relating to the user are either deleted or anonymised after 90 days.

5.12. Braze

Address : Braze Inc., 318 West 39th Street, New York, NY 10018

Purpose: Onboarding tour and helpful tips for website users to provide them with a better user experience; to personalise the Web Push Notifications.

Processed data:

  • Analysis of user behaviour on the website via a pseudonymised ID

  • If you are registered as a user, information about your profile is shared (email, username, profile picture and notification settings)

  • Braze also does not store identifiable basic information from the device (country, language, time zone, operating system, browser version and device ID)

In cases where the user is logged in – we can identify them as the same user (on the web and in the App) and correlate data across platforms to send more targeted messages.

Braze is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Your data will only be saved until you deactivate Web Push Notifications in your browser or object to the tracking in Manage Services.

5.13. HotJar

Address : Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta 

Purpose: Collection of data and analysis of user behaviour on our website to provide users with better content and simplified operations.

Processed data:

  • Browser type

  • Operating system

  • Device type,

  • URL(s) visited and duration of the visit

Hotjar is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

5.14.GetYourGuide Activity Widget

GetYourGuide Activity Widget is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in the Cookie Banner on our website. If you do so, your personal data will be collected by our partner GetYourGuide.

Address: GetYourGuide Deutschland GmbH, Sonnenburger Strasse 71-75, 10437 Berlin

Purpose and collected data: When you interact with GetYourGuide’s widget, GetYourGuide may collect information about you including personal data such as IP addresses, browsing activity, or other identifiers to provide you GetYourGuide’s services and to monitor the effectiveness of GetYourGuides marketing campaigns.

GetYourGuide is solely responsible for processing this data. You can read more in GetYourGuide’s privacy policy: https://www.getyourguide.de/c/privacy-policy

5.15. ReferralHero

Address: ReferralHero by LD Innovations LLC, 8 Rocky Hill Rd. Chadds Ford, PA 19317 USA

Purpose: This supports the purpose to fulfill campaign obligations created by HolidayPirates GmbH, to detect fraudulent activity in campaigns and invalidate entries, to send out campaign emails

Processed Data: Email-address, Name, Cookie-ID, IP-address, general location, Browser Identification

ReferralHero is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

6. Application as a Tester for HolidayPirates GmbH

If you apply as a Tester for HolidayPirates, the following data are collecting in accordance with Art. 6 para. 1 (a) GDPR:

  • Email address and name (required)

  • Browser type, operating system, device type, web URL(s) visited and duration of the visit

  • Demographic data (including age, gender, status, marital status; mandatory)

  • Psychographic data (including interests; mandatory)

  • Answers to questions based on opinions, tendencies and experiences depending on the survey (mandatory)

Purpose:

  • To implement surveys and to better understand the user.

  • To reward users who wish to participate with a prize.

After completion of the survey, these data will be blocked from further use and deleted after 12 months.

7. Applying to HolidayPirates GmbH

If you apply for a job position at HolidayPirates, the following personal data are collected for the purpose of the evaluation process in accordance with Section 26 BDSG. The data you provide in your application are exclusively used for filling the advertised position and the review and processing. After completion of the application process, these data will be blocked for further use and deleted after 6 months, unless you consent to any further or other processing.

Personio

To process your data we cooperate with the service provider Personio GmbH. The service provider Personio GmbH is used as our order processor pursuant to Art. 28 GDPR. Personio is used for the implementation of a fast and effective application process. The legal grounds for this are in particular Art. 6 para. 1 (b) GDPR and Section 26 BDSG.

Address : Personio GmbH, Buttermelcherstr. 16, 80469 Munich Germany

Purpose: Storage and processing of applicant data for the purpose of the application.

Processed data: Contact data, master data, data related to the position (e.g. from the CV)

We would like to inform you that some data on the Personio recruiting page are collected for its own purposes as the responsible body:

1.) Server Logs

When accessing the recruiting site, general log data – so-called sever logs – are automatically collected. These data are generally pseudonymous and therefore cannot be associated with any natural person. Without these data, it would not be completely possible to deliver and present the contents of the software for technical reasons. In addition, the processing of these data is absolutely necessary for security reasons, in particular to control access, input, transfer and storage. In addition, the anonymous information can be used for statistical purposes as well as for optimising the offer and technology. In addition, the log files can be subsequently checked and evaluated if there is a suspicion of illegal use of the software. The legal grounds for this can be found in Section 15 para. 1 of the German Telemedia Act (TMG) and Art. 6 para. 1 (f) GDPR. The data collected are general, such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp of the access to the software. The scope of this logging does not go beyond the usual scope of any other website on the Internet. The storage of this access log may be up to 7 days. There is no right of objection.

2.) Error Logs

For the purpose of error identification and correction, so-called error logs are created. This is absolutely necessary in order to be able to react as quickly as possible to potential problems in the presentation and implementation of content (legitimate interest). These data are generally pseudonymous and therefore cannot be associated with any natural person. The legal grounds for this are grounded in Section 15 para. 1 TMG and Art. 6 para. 1 (f) GDPR. When an error report appears, general data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp for when the corresponding error message/specification occurred are collected. The storage of the error log may be up to 7 days. There is no right of objection.

3.) Cookies

On the recruiting site, it is generally only absolutely necessary, functional and performance cookies that are used. These are particularly used to implement certain default settings such as language, to identify the application channel, or to analyse the performance of a job position that a user used to access the recruiting side. The use of cookies is mandatory for the provision of our services and thus for the fulfilment of the contract (Art. 6 para. 1 (b) GDPR). Period of storage: You have the right to object for up to 1 month or until the end of the browser session: you can determine for yourself via your browser settings whether you want to allow or refuse the use of cookies. Please note that deactivating cookies can lead to limited or completely inhibited functionality of the recruiting page.

These data will only be processed in accordance with Art. 6 para. 1 (a) GDPR based on the consent you provided during the application process. You may revoke your consent at any time (see Section 11 Rights of Data Subjects).

8. Social Media Fan Pages

We present online offers on different social media platforms to provide information and to facilitate contact with you.

We have no influence on the processing of personal data by the respective platform operator in their capacity as the responsible body. As a rule, when you visit our social media services, the platform operator stores cookies in your browser, in which your usage behaviour or interests are stored for market research and advertising purposes. The (mostly cross-device) user profiles are used by the platform operators to display personalised advertising. Under certain circumstances, you have also given a platform operator consent to data processing, for which case Art. 6 para. 1 (a) GDPR is the legal basis.

Data processing may also affect those who are not registered as users with the respective social media platform. In some instances, your data may be processed outside the territory of the European Union, which may complicate enforcement of your rights.

Facebook and Instagram Fan Pages

Address: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

Data processing is based on an agreement on the joint processing of personal data pursuant to Art. 26 GDPR(https://www.facebook.com/legal/terms/page_controller_addendum).

If we process your personal data ourselves, we do so under our own responsibility. In this case, the processing is performed based on our legitimate interests (pursuant to Art. 6 para. 1 (f) GDPR) in a diverse external presentation of our company and the use of an effective information opportunity and communication with you.

Detailed information regarding data processing in the data protection area the platform operator is responsible for, opt-out options and the assertion of data subjects' rights can be found in the data protection policy of the relevant platform operator.

9. How we use information

We use the information provided to us (subject to the decisions made by you, e.g. in the context of Manage Services on our website) to provide and improve our services. This helps us understand how our users avail of our services and in turn, we use this information to improve our services and perform troubleshooting activities.

We verify accounts and activities and promote security within and outside our services. This is achieved, for example, by investigating suspicious activities or violations of our terms and conditions and ensuring that our services are used in compliance with the law.

For all those who conclude a contract with us, we process information which is necessary for the fulfilment of such contracts. The core data are used:

  • To provide, improve and adjust our services. Please also see ‘Our Services’ below.

  • To maintain the IT security and operational reliability of our services.

  • To communicate with you in relation to service problems.

For the collection and use of information that you provide to us when activating the device-based settings (e.g. access to your camera or photos if, for example, you upload a photo to your user account), we may provide the features and services described when activating the settings.

In addition, all information is processed for the following:

  • For analytical data collection and other services where we use data for control and improvement.

  • To provide reports showing our partners the usage of our broad range of services.

  • In the interest of companies and other partners, so that they can better understand their customers and, if necessary, improve their business model. This concerns, for example, price models to be adjusted or user interactions.

  • To send you the best and newest offers.

You have the right to object to or restrict such processing at any time. To do this, please read the paragraph entitled ‘Rights of Data Subjects’.

We only store your personal data only for as long as it is necessary to fulfil the purposes for which they were collected. Personal data are deleted as soon as they are no longer required and once there are no legal retention periods in force.

Our website is delivered using Secure HTTP Protocol. This SSL encryption ensures that no third party can read or change transmitted data according to the current state of technology. This applies both to the content of the site and to data transmitted through the use of forms.

By giving your consent, you also accept in accordance with Art. 49 para. 1 lit. a GDPR that your data may be processed in the USA, with the risk of access by US authorities and use for monitoring purposes, possibly without any legal remedies.

10. Rights of Data Subjects

In accordance with the Basic Data Protection Regulation and other applicable laws, you have the right to access, rectify, transfer or delete your information and the right to restrict or object to certain processing of your information. This also includes the right to object to our processing of your information for direct marketing purposes.

Revocation and Opposition Rights

"Regardless of the explanations above, you may object to the use of your information at any time and revoke any consent to the use of your information at any time.” Here, the right of objection under Art. 21 para. 1 and 2 GDPR applies to the processing of your data in connection with direct advertisement, if this is performed on the basis of a balance of interests.

If you revoke your consent to data processing or object to the use of the data, this does not affect the lawfulness of the data processing until the time of the revocation.

Legal basis:

Right of withdrawal (Art. 7 para. 3 GDPR ‘Conditions for consent’),Right to object (Art. 21 GDPR ‘Right of opposition’)

Right to Rectification, Deletion, Blocking and Restriction

Furthermore, you have the right to rectify, block or delete the data which are collected and stored by us at any time. We expressly point out that there may be legal obligations or practical considerations to further store data. In this case, the data can only be blocked.

Legal basis:

Right to data rectification (Art. 16 GDPR ‘Right to rectification’)

Right to erasure (Art. 17 GDPR ‘Right to be forgotten’)

Right to restriction (Art. 18 GDPR ‘Right to restriction of processing’)

Right to Data Transferability and Complaining to a Supervisory Authority

If you suspect that the processing of your data violates data protection law or that your data protection claims have otherwise been violated in any way, you can lodge a complaint with the responsible supervisory authority.

In the case of HolidayPirates GmbH, this is the responsible supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

Phone: +49 30/13889-406

Email: [email protected]

Legal basis:

Right to data transferability (Art. 20 GDPR ‘Right to Data Transferability’) Right to appeal to a supervisory authority (Art. 77 GDPR ‘Right to Data Portability’)

Right to Information

You have the right to know which data we store about you (right to information).

Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving your identity.

Legal basis:

Right to information (Art. 15 GDPR ‘Right of access of the data subject’)

Contact Person for Asserting the Rights of Data Subjects:

To assert the rights outlined above, please contact:

HolidayPirates GmbH

Neue Grünstraße 18

10179 Berlin

Email: [email protected]

11. Managing and Deleting your Data

If you would like to manage, change, restrict or delete your information and data, we provide the following features:

  • User Account: You can manage all information concerning your profile in your account. This may include your travel preferences, username, profile picture, or email address.

  • Delete Account: You can delete your profile on the website or in the App via your user account.

  • Unsubscribing from the Newsletter: You can unsubscribe from our newsletter at any time; the link to do so is at the end of every newsletter. As soon as you have unsubscribed from the newsletter, you will no longer receive any offers from us. Your personal data will not be reused and are deleted immediately.

  • Unsubscribing from the Messenger Service: You can unsubscribe from our messenger service at any time, to do so, simply send a message with ‘STOP’ via our channel in the respective messenger.

  • Data Analysis: You can deactivate tracking in the App settings. Please note, however, that deactivation may result in service limitations on your travel preferences. You can deactivate the collection of cookies on the website by clicking below on the Manage Services button.

13. Data Protection Officer and Contact Information

If you have any questions about our privacy policy, please contact our Data Protection Officer, Mr Roman Maczkowsky: [email protected].

Or write to us at:

HolidayPirates GmbH

Neue Grünstraße 18

10179 Berlin

Email: [email protected]

You can also reach us using the contact form on our website.