data protection holidaypiratesPin it

Data Protection Declaration

HolidayPirates GmbH Data Protection Declaration

Data protection is a matter of trust, and your trust is very important to us – we respect your privacy. Therefore, protecting personal data and collecting, processing and using them in conformity with the law is our number one concern. We want you to feel safe with us; we strictly comply with the legal provisions for the processing of your data and would like to provide you with details concerning the data we collect and use on this page.

We take appropriate technical and organisational measures intended to prevent unlawful processing of personal data and their accidental loss, destruction or damage.

1. Responsible Body

HolidayPirates GmbH, Wallstraße 59, 10179 Berlin is the responsible body for the collection, processing and use of your personal data pursuant to the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG).

Should you object to the collection, processing and use of your personal data in part or full, you can send your objection by letter or email to the following contact:

HolidayPirates GmbH
Wallstr. 59
10179 Berlin

[email protected]

You can also find our contact details in our legal notice.

2. Processed Data

HolidayPirates GmbH must receive or collect information to operate, provide, improve, understand, customise, support, and market our services. This takes place, for example, when you install, use or access our services. The types of information we receive and collect depend on how you use our services.

2.1. User Account

If you wish to make a user account on our website, the following information is required: 

  • Email address 
  • Username
  • Password 

Provided by you voluntarily:

  • Profile picture
  • Name 
  • Date of birth 
  • Travel destination preferences for our Travel Alerts such as departure times, destinations, travel months, budgets and travel categories. 

Registration using a Facebook account:

You also have the option to link your user account with your Facebook account. In this case, you share the following information with us: 

  • Name
  • Email address
  • Profile picture
  • Age range
  • Language
  • Country and further data visible to the public on your Facebook profile.
  • Purpose: To write comments on the website and receive personalised offers 
  • Registration using a Google account:

Creating a user account is completely voluntary. These data are only used to design your profile based on your consent in accordance with Art. 6 para. 1 (a) GDPR.

These data are stored until you delete your user account from our website. You can delete the account you created at any time. To do so, log into our website and click on ‘Delete user account’ under ‘Account Settings’.

2.2. Newsletter Subscription

The technical service provider Emarsys Interactive Services GmbH, Stralauer Allee 6, 10245 Berlin, Germany, is our processor for sending newsletters.

Purpose: For advertising campaigns and sending offers from our website

Processed data:

  • Email address (required)
  • First and last name (voluntary)
  • Subscription date (automatically collected)
  • The country selected for the subscription (automatically collected)

When you subscribe to the newsletter, your behaviour regarding our newsletter is recorded (tracking the opening of emails and clicks on links). 

The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 (a) GDPR.

These data are stored until you unsubscribe from the newsletter, which you may do at any time. You can find the link to do so at the end of every newsletter. As soon as you have unsubscribed from the newsletter, you shall no longer receive any offers from us, and your personal data will no longer be used and are deleted immediately.

2.3. Contact using our Contact Form or Email:

Processed data:

  • First and last name 
  • Email address
  • Messages that are sent to us 

Purpose: The processing of personal data serves to facilitate contact, prevent misuse of the contact form and to ensure the safety of our information technology systems. The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 (a) GDPR.

Your messages and our replies are stored for a period of three years for the purpose of proving the provision of proper information.

 2.4. Customer Service

Processed data:

  • Name
  • Messages 
  • Phone number (if you contacted us by phone)

Purpose: The processing of the personal data facilitates contact, prevents misuse of the service and safeguards security. The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 (a) GDPR. Insofar as the data processing is necessary for completing a contract, Art. 6 para. 1 (b) GDPR shall serve as the permissive standard for the data processing.

If you book a holiday package by phone, your data are stored for a period of 10 years by the AIC Service & Call Center GmbH . 

2.5. Commentary Function on the Blog

Processed data:

  • Username (required)
  • Profile picture (if provided) 
  • Time and date of your comment
  • Content of the comment

Writing comments is completely voluntary. The collection of the above-mentioned user data is intended to prevent misuse of the services. The legal basis for the data processing after a comment has been written by the user is based on our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR and ensures our security as a website operator.

If you delete your account on our website, the comments will no longer be marked with usernames or profile pictures; the comments themselves shall remain. 

3. Automatically Collected Information / Cookies

A cookie is a small text file that is stored on your computer or mobile device when you visit a website with your browser.

We use cookies to operate and provide our services, for example, to provide our web-based services, improve your user experience, analyse how our services are used and customise our services to simplify the login process, and customise our content to match your interests and preferences. 

We also use cookies to find out which questions are the most popular in our FAQ and to point you in the direction of relevant content in relation to our services. In addition, we may use cookies to store your settings – such as your language preferences – to guarantee you a safer user experience and to also individually customise our other services for you in this manner. 

If you book a holiday with one of our business partners using our website, the personal data in connection therewith are transmitted to the business partner. These include cookies which are used to record the booking process. The cookies allow our business partners to determine whether you booked the offer on our website. In order to improve their offer, our partners may use information concerning your booking.

Important notice concerning the use of cookies:

  • You are informed about the use of cookies when you access our website and provide your consent to the processing of the personal data obtained in connection therewith; this includes the search terms entered and the frequency of site visits and clicks. There is also a notice concerning this data protection declaration in this context. You can either accept all cookies, or decide to reject some or all of our services. In this way, you have the best possible control over the processing of your data and use only the services that you really wish to avail of.
  • The legal basis for the processing of personal data using cookies for analysis purposes is your consent pursuant to Art. 6 para. 1 (a) GDPR. 
  • You can either fully or partially deactivate the collection of cookies and the use of the respective services by using the corresponding control element on the website, which we show at the very bottom as Manage Services. There you also have the option to deactivate the collection of all cookies, or only certain cookies you have selected. 
  • Cookies required for technical reasons are automatically collected (via Bugsnag, Inc., 939 Harrison St, San Francisco, CA 94107). You cannot deactivate these; they do not process any personal data. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in providing smooth operation of the Internet offering.
  • We integrate videos into our online presence from the YouTube video platform by the service provider Google Ireland Ltd. For the provision of the service, Google may save and process the user’s IP address. 
  • Our website may also contain content such as pictures, videos or texts from the Instagram service. If the user has an Instagram account, Instagram can assign access of the contents to the user’s profile. If Instagram is deactivated in Manage Services, no services from Instagram will load. To do this, you need only click on the Manage Services button on the website and reject the service there.

4. HolidayPirates App

4.1. Notifications

We use so-called App notifications for the provision of the App and services. There are two categories of notifications which you can activate and deactivate in the App: spectacular deals and error fares. Spectacular deals are holiday offers of an exceptional quality or price found by our editors. Error fares are extremely affordable deals that show an unusually large deviation from the usual price range for a particular destination.

You can also receive Travel Alerts based on certain preferences (preferred travel destination, budget, departure airport). You can deactivate these by deleting the Travel Alerts.

The technical service provider Braze is our processor for sending push notifications. 

Address : Braze Inc., 318 West 39th Street, New York, NY 10018

Purpose: Advertising campaigns, sending offers from our website; onboarding tour and helpful tips for those who use our website to improve their user experience.

Processed data: 

  • Analysis of user behaviour in the App to receive personalised offers.
  • If you are a registered user, information about your profile is shared (email, username, profile picture and notification settings). 
  • Braze also only stores basic non-identifiable information from the device (country, language, time zone, operating system, App version and device ID).

In cases where the user is logged in – we can identify them as the same user (on the web and in the App) and correlate data across platforms to send more targeted messages.

Braze is only used when you have not declined its usage under ‘Notifications’ in the App settings. Our legitimate interest in data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in the economic operation of our online offers and the use of effective information and communication with you.

These data are stored until you unsubscribe from App notifications which you can do at any time in the App settings. As soon as you have unsubscribed, you shall no longer receive any offers from us, and your personal data will no longer be used and are deleted immediately.

4.2. Usage and Log Information

We collect information concerning your activities in the HolidayPirates App. This includes service-specific information and information for diagnostic and performance purposes. Information about your activities is also stored, such as how you use our services, your preferences for each service, how you interact with others using our services and the time, frequency, and duration of your activities and interactions. In addition, log data such as diagnostic, crash, website and performance logs and reports are stored. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

In the App, ‘Usage and Log Information’ shall mean the use of services from Adjust and Firebase:

Firebase

Address : 188 King St., San Francisco, CA 94107, USA

Purpose of processing: Analyse user behaviour in the App to:

  • Develop new products and services
  • Optimise existing products or services
  • Find and fix error messages on the blog
  • Measure and plan marketing campaigns

Firebase is a sub-service from Google Analytics. When Firebase is used in the App, the data are forwarded to Google Analytics via Google Tag Manager. The data are then read through Adjust. You can find more information on the operating principle in the section entitled ‘Google Analytics’ and ‘Adjust’.

Firebase is only used when you have not declined its usage under ‘Usage and Log Information’ in the App settings. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

Personal data relating to the user are deleted after 38 months.

Adjust

Address : Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany

Purpose: Assisting in identifying behaviour in the mobile application to support decisions about targeted marketing; assisting in the efficient management and optimisation of mobile campaigns for social networks and elsewhere on the Internet.

Processed data:

  • Cookie ID, display ID and the device ID used by a specified person, events in the mobile App concerning the use of the mobile App by a particular user (especially login, successful completion of transaction, country, language, local settings, app version) but no payment or financial data.
  • The content of the advertising to be delivered to a particular user and the advertising group to which that person belongs.
  • HTTP headers, IP address, MAC address (Media Access Control address is  a hardware address of each individual network adapter, which serves as a unique identifier of device in a computer network),  user's device and web activity information.

Adjust is only used when you have not declined its usage under ‘Usage and Log Information’ in the App settings. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

Personal data relating to the user are deleted after 28 days.

Insofar as you have accepted Adjust tracking in the App (under ‘Usage and Log Information’), certain data shall be sent to Facebook Ireland Ltd.:

Facebook App Tracking

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Purpose:

  • Advertising the HolidayPirates App on Facebook Ireland Ltd, including campaign retargeting (retargeting means a tracking process in which users are marked and tracked when they visit a website, the user can then be addressed on other websites again with suitable advertising).
  • Support in identifying whether users of the HolidayPirates App were gained through advertising on Facebook.

Processed data:

  • Attribution ID (attribution ID is a Facebook-specific ID that Adjust forwards to Facebook but is not used internally for tracking purposes).
  • Display ID (display ID is a device-specific identifier that can be reset by the user and on which Adjust tracking is based).
  • Events in the mobile App concerning the use of the mobile App (in particular tracking user behaviour, App version, time stamp and IP address).

Insofar as you have accepted Adjust tracking in the App (under ‘Usage and Log Information’), certain data shall be sent to Google Ireland Ltd.:

Google Ads App Tracking

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose: 

  •  Advertising for the HolidayPirates App and website on Google networks.
  •  Support in identifying whether users of the HolidayPirates App were gained through advertising on Google.

 Processed data:

  • Display ID (see explanation above)
  • IP address
  • Device ID
  • Events in the mobile App concerning the use of the mobile App (in particular the App version and time stamp)

4.3. Personalised ads (DoubleClick)

The App uses DoubleClick, a third-party advertising provider, to serve advertisements. Advertising providers are third parties that display advertisements based on your visits to the website and other websites you have visited, allowing targeted advertisements to be delivered to you for products and services in which you might be interested. The App also uses a third-party traffic measurement service to analyse the number of website visitors. 

Furthermore, these third parties may use cookies, web beacons or scripts or other similar mechanisms to automatically collect usage information. Third-party advertising providers and the advertisers may use this usage information, among other purposes, to help deliver advertisements to you that you might be interested in, to prevent you from seeing the same advertisements too many times. Please note that the privacy policies of the third-party providers (listed below) apply here. However, we do not share any personal information with these third parties. For more information about DoubleClick, including instructions on how to opt out of the advertising, please see: https://www.doubleclickbygoogle.com/

DoubleClick is only used when you have not declined its usage under ‘Personalised ads (DoubleClick)’ in the App settings. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

The data are either deleted or anonymised after 18 months.

5. Analysis of User Behaviour on our Website

5.1. HolidayPirates Website Tracking (Google Tag Manager)

HolidayPirates Website Tracking is our name for Google Tag Manager, a web analysis service from Google Ireland Ltd.

The Google Tag Manager itself does not collect any personal data but rather facilitates the integration and management of our tags. Tags are small pieces of code that can be used, among other things, to measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimise websites. Google Tag Manager does not access this data.

If you carried out a deactivation in Manage Services at the bottom of the web page, it will deactivate all tracking tags implemented with Google Tag Manager.

The following tracking services are integrated into Google Tag Manager:

  • Google Analytics
  • Google Ads 

Google Ads

If you have not rejected ‘HolidayPirates Website Tracking’ in Manage Services, Google Ads are used on our website. 

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose: Advertising of our website and App in Google web networks.

Processed data: Online designation, including cookie ID (for unique web browser identification), IP address, device ID, user ID.

Personal data relating to the user are deleted after 180 days.

Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in developing services.

Google Analytics

If you have not objected to ‘HolidayPirates Website Tracking’ in Manage Services, Google Analytics, a web analysis service of Google Ireland Limited, is used on our website. 

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 

 Purpose: Analysing user behaviour on the website to:

  • Develop new products and services
  • Optimise existing products or services
  • Find and fix error messages on the blog
  • Measure and plan marketing campaigns

Processed data: Pseudonymised ID

Google Analytics uses ‘cookies’ – text files that are stored on your device and allow an analysis of the use of the website. The information collected by the cookies is generally sent to a Google server in the USA and stored there.

We have activated IP anonymisation. Your IP address will be shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. The IP address is only initially transferred unabridged to the United States to a Google server and shortened there in individual cases. Through this shortening, the personal reference to your IP address is omitted. The user’s IP address transmitted by the browser is not merged with other data stored by Google.

The information collected by Google on our behalf, as part of the contract processing agreement, is used to evaluate the use of the website by individual users, for example, to generate activity reports on the website in order to improve our website. This also makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user’s activities across devices.

Personal data relating to the user are either deleted or anonymised after 38 months. You also have the option to deactivate the use of Google Analytics in our tool on the website; simply reject HolidayPirates Website Tracking in the Manage Services section. 

Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

5.2. Demographics:

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose:

  • Breaking down website visitors by age, gender and interests.
  • Better targeting of advertisements according to the target audience based on age, gender and dimensions of interests.

Processed data: Pseudonymised ID

Google Optimize is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in the Manage Services section on our website. 

Personal data relating to the user are either deleted or anonymised after 38 months.

5.3. Optimize:

If you have not rejected ‘Optimize’ in our Manage Services, our website uses Google Optimize, a website optimisation tool.

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose:

  • Statistical analysis of changes and new functionalities on the website, analysis of the use of different variants of our website.
  • To improve the user experience and content of the website based on user behaviour, variations are displayed for a percentage of the users.

Processed data: Pseudonymised ID

Google Optimize is a sub-service of Google Analytics – more information on how it works can be found in the section entitled ‘Google Analytics’.

Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in developing services.

You have the option to deactivate the use of Google Optimize in our tool on the website at any time; simply reject the service by clicking below on the Manage Services button and rejecting it there.

Personal data relating to the user are either deleted or anonymised after 90 days.

5.4. Hotjar

Address : Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta 

Purpose: Collection of data and analysis of user behaviour on our website to provide users with better content and simplified operations.

Processed data: Browser type, operating system, device type, URL(s) visited and duration of the visit

Hotjar is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

5.5. Facebook Pixel

If you have not rejected ‘Facebook Pixel’ in Manage Services, Facebook Pixel is used on our website. As Facebook and Instagram are linked, the data are processed simultaneously by Instagram. 

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Address : Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Purpose:

  • Analysis of user behaviour to better understand the user and thus offer better content.
  • Use of Custom Audiences for advertising campaigns and personalised advertisements.

Processed data:

  • HTTP-Headers – everything that is present in HTTP-Headers (HTTP-Headers are standard web logs sent between every browser request and server on the Internet. HTTP headers include IP addresses, information about the web browser, page location, document, referrer and person using the site).
  • Pixel-specific data – this includes the pixel ID and the Facebook cookie (using Facebook Pixel, Facebook can identify you as a visitor to our website as a target group for displaying ads. Facebook Pixel allows us to check whether a user has been redirected to our website after clicking on our Facebook ads. Accordingly, we use Facebook Pixel to display Facebook ads placed by us only to Facebook users who have shown an interest in our online offers. The Facebook cookie provides information about your activities outside of Facebook – including information about your device, websites visited, purchases made, ads you have viewed, and the way in which you use Facebook services – regardless of whether you have a Facebook account or are signed in to Facebook).
  • Button Click Data – these include all buttons clicked by website visitors, the labels of those buttons and all pages that were called up as a result of the buttons (tracking user behaviour).

Our legitimate interest in data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in the economic operation of our online offers.

Personal data relating to the user are either deleted or anonymised after 180 days. 

You have the option to deactivate the use of Facebook Pixel in our tool on the website; simply reject the service after clicking on the Manage Services button below.

5.6. Pinterest

Address : Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

Purpose:

  • Providing the ‘Note’ buttons on the website and images to ensure the use of Pinterest for users and to enable the saving of images.
  • Analysis of the user behaviour of Pinterest users on our website in order to understand interests and to improve and expand our products.
  • By using Pinterest features on our website, data are automatically forwarded to Pinterest so that they have a better understanding of your interests to ensure better advertising.

Processed data:

  • Information outlining how often the button was clicked by users on our website and the URL of the landing page.
  • Log data, such as IP address, landing page URL with Pinterest functions, and the activities performed on it (such as the ‘Note’ button), search history, browser type and settings, the date and time of your request, how you use Pinterest (tracking of user behaviour) and cookie and device data (including device type, operating system, settings, unique device identifiers as well as crash data, which are useful when correcting errors) are automatically shared with Pinterest. 
  • Cookie data for recording log data (if you use Pinterest, some information (log data, see above) is automatically stored, such as information that your browser automatically transmits when you visit a website, or information that your mobile App automatically sends when you use it. Cookies are also used to record log data, e.g. to save your language settings or other settings, so you do not have to set them every time you log in to Pinterest. Some cookies are associated with your Pinterest account (including your personal information such as the email address you provided), other cookies are not).
  • Device type

Pinterest is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Personal data relating to the user are deleted after 30 days.

5.7. Twitter (Twitter Social Plugins)

Address : Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Purpose: The user has the option to share our offers directly to Twitter. The data are used to improve Twitter products and services and to deliver relevant advertising, including personalised suggestions and personalised ads.

Processed data: Twitter may receive information such as the web pages you visit, your IP address, browser type, operating system and cookie information. 

Twitter is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Personal data relating to the user are either deleted or anonymised after 18 months.

5.8. Facebook (Facebook Social Plugins)

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Purpose: The data are used to improve Facebook products and services and to deliver relevant advertising.

Processed data: Facebook user ID, page URL, date and time and other browser information

Facebook Social Plugins are only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

The data are saved until they are no longer needed to provide Facebook services and products, or until the account is deleted, depending on which occurs first. The search history is deleted after 6 months.

5.9. Google AdSense

Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose: Advertising monetisation and content cross-promotion. Personalised advertisements that enable us to offer free services.

Processed data, all pseudonymised data: A user's web request, IP address, browser type, browser language, the date and time of the ad request, and one or more cookies or an advertising ID that may uniquely identify that user's browser or mobile device.

We anonymise IP addresses in logs by removing part of the address after 9 months. After 18 months, we further anonymise log data by removing cookie or advertising ID information in both logs and ad serving databases. User profile information associated with advertising cookies and advertising IDs is also stored in databases that can be accessed for ads serving in real-time. Data stored in these databases are either deleted or anonymised after 18 months.

5.10. HolidayPirates Campaign Tracking (Emarsys)

HolidayPirates Campaign Tracking is our name for Emarsys, a Web analyst service.

Address : Emarsys Interactive Services GmbH, Stralauer Allee 6, 10245 Berlin

Purpose: For advertising campaigns and sending offers from our website.

Processed data:

  • Collection of user behaviour via a pseudonymised cookie ID, tracking behaviour on our website and sending these data to our newsletter data bank.
  • Tracking of user behaviour in our newsletter (opening of emails and clicks on links).

HolidayPirates Campaign Tracking is only used if you are subscribed to the newsletter and have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Personal data relating to the user are deleted or anonymised from our databank 30 days after the user has unsubscribed and after another 7 days by Emarsys.

5.11. JotForm

Address : JotForm Inc., 111 Pine St. #1815, San Francisco, CA 94111

Purpose: Form for uploading user videos in connection with competitions. 

Processed data:

  • Contact data (name, email address)
  • Tracking user behaviour on the website and in the registration form

JotForm will only be used if you participate in our Video Award and accept the service according to Art. 6 para. 1 (a) GDPR in Manage Services. You can find further information in our data protection declaration for the competition: https://media.holidaypirates.com/docs/privacy-policy-for-prize-competition-uk-egtq.pdf.

Personal data relating to the user are deleted 30 days after the account has been deleted.

5.12. HelpHero 

Address : Help Hero Co., Suite 9429, 17B Farnham Street Parnell, Auckland 1052, New Zealand

Purpose: Introductory tour and helpful tips for users of our website to provide them with a better user experience.

Processed data: Pseudonymised ID

HelpHero is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Personal data relating to the user are either deleted or anonymised after 30 days.

5.13. SurveyMonkey 

Address : SurveyMonkey Inc., San Mateo, One Curiosity Way, California 94403

Purpose: 

  • To implement online surveys and to better understand the user.
  • To reward users who wish to take part with a prize.

 Processed data: 

  • Email address (optional)
  • Demographic data (including age, gender, status; mandatory)
  • Psychographic data (including interests; mandatory)
  • Answers to questions based on opinions, tendencies and experiences depending on the survey (mandatory)

SurveyMonkey is only used when you take part in a survey pursuant to Art. 6 para. 1 (a) GDPR. 

Personal data relating to the user are either deleted or anonymised after 90 days.

5.14. WisePops

Address : WisePops, Inc., 49 rue Jean De La Fontaine, 75016 Paris

Purpose: Pop-up for subscribing to the newsletter.

Processed data: 

  • Email address
  • First and last name
  • IP address and country

The data shall only be transmitted to WisePops if you subscribe to the newsletter via WisePops pursuant to Art. 6 para. 1 (a) GDPR.

The data are deleted by WisePops after 3 months.

5.15. Outbrain

Address : Outbrain UK Limited, 5 New Bridge Street, London, EC4V 6JA, UK

Purpose:

  • Data collection from users on our website to display more targeted advertising.
  • Better understanding of reactions to ads allows us to offer more relevant advertising and not bother users with the same ads continuously.
  • To do or collect analyses about those users who interact with Outbrain's technology on Outbrain's partners' websites. If you do not want to see interest-based advertising, you can disable this feature here: my.outbrain.com/recommendations-settings/home.

Processed data:

  • Outbrain UUID (unique user ID)
  • Visited sites, reference source, time stamp, page visits
  • Browser, device and operating system information. An estimate of the geographic location associated with the IP address and other information normally transmitted in HTTP requests.
  • IP address or other unique identifier for any computer, mobile device, or other technology used to access the site.

To provide personalised recommendations, Outbrain collects certain information, such as the unique user ID (UUID) that it assigns to users when they see it on Outbrain's publisher website. Outbrain Pixel on our site only recognises the UUID and reports it to us.

Outbrain Pixel is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

5.16. Braze 

Address : Braze Inc., 318 West 39th Street, New York, NY 10018 

Purpose: Onboarding tour and helpful tips for website users to provide them with a better user experience; to personalise the Web Push Notifications.

Processed data:

  • Analysis of user behaviour on the website via a pseudonymised ID 
  • If you are registered as a user, information about your profile is shared (email, username, profile picture and notification settings)
  • Braze also does not store identifiable basic information from the device (country, language, time zone, operating system, browser version and device ID)

In cases where the user is logged in – we can identify them as the same user (on the web and in the App) and correlate data across platforms to send more targeted messages. 

Braze is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Your data will only be saved until you deactivate Web Push Notifications in your browser or object to the tracking in Manage Services. 

6. Application as a Tester for HolidayPirates GmbH

If you apply as a Tester for HolidayPirates, the following data are collecting in accordance with Art. 6 para. 1 (a) GDPR: 

  • Email address and name (required)
  • Browser type, operating system, device type, web URL(s) visited and duration of the visit
  • Demographic data (including age, gender, status, marital status; mandatory)
  • Psychographic data (including interests; mandatory)
  • Answers to questions based on opinions, tendencies and experiences depending on the survey (mandatory)

Purpose: 

  • To implement surveys and to better understand the user.
  • To reward users who wish to participate with a prize.

After completion of the survey, these data will be blocked from further use and deleted after 12 months.

7. Applying to HolidayPirates GmbH

If you apply for a job position at HolidayPirates, the following personal data are collected for the purpose of the evaluation process in accordance with Section 26 BDSG. The data you provide in your application are exclusively used for filling the advertised position and the review and processing. After completion of the application process, these data will be blocked for further use and deleted after 6 months, unless you consent to any further or other processing. 

Personio

To process your data we cooperate with the service provider Personio GmbH. The service provider Personio GmbH is used as our order processor pursuant to Art. 28 GDPR. Personio is used for the implementation of a fast and effective application process. The legal grounds for this are in particular Art. 6 para. 1 (b) GDPR and Section 26 BDSG.

Address : Personio GmbH, Buttermelcherstr. 16, 80469 Munich Germany

Purpose: Storage and processing of applicant data for the purpose of the application.

Processed data: Contact data, master data, data related to the position (e.g. from the CV)

We would like to inform you that some data on the Personio recruiting page are collected for its own purposes as the responsible body:

1.) Server Logs

When accessing the recruiting site, general log data – so-called sever logs – are automatically collected. These data are generally pseudonymous and therefore cannot be associated with any natural person. Without these data, it would not be completely possible to deliver and present the contents of the software for technical reasons. In addition, the processing of these data is absolutely necessary for security reasons, in particular to control access, input, transfer and storage. In addition, the anonymous information can be used for statistical purposes as well as for optimising the offer and technology. In addition, the log files can be subsequently checked and evaluated if there is a suspicion of illegal use of the software. The legal grounds for this can be found in Section 15 para. 1 of the German Telemedia Act (TMG) and Art. 6 para. 1 (f) GDPR. The data collected are general, such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp of the access to the software. The scope of this logging does not go beyond the usual scope of any other website on the Internet. The storage of this access log may be up to 7 days. There is no right of objection.

2.) Error Logs 

For the purpose of error identification and correction, so-called error logs are created. This is absolutely necessary in order to be able to react as quickly as possible to potential problems in the presentation and implementation of content (legitimate interest). These data are generally pseudonymous and therefore cannot be associated with any natural person. The legal grounds for this are grounded in Section 15 para. 1 TMG and Art. 6 para. 1 (f) GDPR. When an error report appears, general data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp for when the corresponding error message/specification occurred are collected. The storage of the error log may be up to 7 days. There is no right of objection.

3.) Cookies 

On the recruiting site, it is generally only absolutely necessary, functional and performance cookies that are used. These are particularly used to implement certain default settings such as language, to identify the application channel, or to analyse the performance of a job position that a user used to access the recruiting side. The use of cookies is mandatory for the provision of our services and thus for the fulfilment of the contract (Art. 6 para. 1 (b) GDPR). Period of storage: You have the right to object for up to 1 month or until the end of the browser session: you can determine for yourself via your browser settings whether you want to allow or refuse the use of cookies. Please note that deactivating cookies can lead to limited or completely inhibited functionality of the recruiting page.

These data will only be processed in accordance with Art. 6 para. 1 (a) GDPR based on the consent you provided during the application process. You may revoke your consent at any time (see Section 11 Rights of Data Subjects).

8. Social Media Fan Pages

We present online offers on different social media platforms to provide information and to facilitate contact with you.

We have no influence on the processing of personal data by the respective platform operator in their capacity as the responsible body. As a rule, when you visit our social media services, the platform operator stores cookies in your browser, in which your usage behaviour or interests are stored for market research and advertising purposes. The (mostly cross-device) user profiles are used by the platform operators to display personalised advertising. Under certain circumstances, you have also given a platform operator consent to data processing, for which case Art. 6 para. 1 (a) GDPR is the legal basis.

Data processing may also affect those who are not registered as users with the respective social media platform. In some instances, your data may be processed outside the territory of the European Union, which may complicate enforcement of your rights.

If we process your personal data ourselves, we do so under our own responsibility. In this case, the processing is performed based on our legitimate interests (pursuant to Art. 6 para. 1 (f) GDPR) in a diverse external presentation of our company and the use of an effective information opportunity and communication with you.

Detailed information regarding data processing in the data protection area the platform operator is responsible for, opt-out options and the assertion of data subjects' rights can be found in the data protection policy of the relevant platform operator.

Facebook and Instagram Fan Pages

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Data processing is based on an agreement on the joint processing of personal data pursuant to Art. 26 GDPR(https://www.facebook.com/legal/terms/page_controller_addendum).

9. Third-party Banner Advertising

9.1. DoubleClick

The website uses DoubleClick, a third-party advertising provider, to serve advertisements on the website. Advertising providers are third parties that display advertisements based on your visits to the website and other websites you have visited, allowing targeted advertisements to be delivered to you for products and services in which you might be interested. The website also uses a third-party traffic measurement service to analyse the number of website visitors. 

Furthermore, these third parties may use cookies, web beacons or scripts or other similar mechanisms to automatically collect website usage information. Third-party advertising providers and the advertisers may use this usage information, among other purposes, to help deliver advertisements to you that you might be interested in, to prevent you from seeing the same advertisements too many times. Please note that the privacy policies of the third-party providers (listed below) apply here. However, we do not share any personal information with these third parties. For more information about DoubleClick, including instructions on how to opt out of the advertising, please see: https://www.doubleclickbygoogle.com/

DoubleClick is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

The data are either deleted or anonymised after 18 months.

​​​​​​​​​​​​​​9.2. Ad Up 

The tracking of Ad Up, a technology and service provider of Axel Springer Teaser Ad GmbH (Axel-Springer-Strasse 65, 10969 Berlin), is integrated on our websites. By collecting anonymised and/or pseudonymous data, Ad Up will then be able to display interest-orientated advertisements for a specific time on websites. Ad Up uses cookies to provide advertisers with conversion tracking that determines the effectiveness of their ads and keywords. You can find more information on the data protection policy of Axel Springer Teaser Ad GmbH here: https://www.adup-tech.com/datenschutz/.

Ad Up is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Personal data relating to the user are either deleted or anonymised after 12 months.

10. How we use information

We use the information provided to us (subject to the decisions made by you, e.g. in the context of Manage Services on our website) to provide and improve our services. This helps us understand how our users avail of our services and in turn, we use this information to improve our services and perform troubleshooting activities.

We verify accounts and activities and promote security within and outside our services. This is achieved, for example, by investigating suspicious activities or violations of our terms and conditions and ensuring that our services are used in compliance with the law.

For all those who conclude a contract with us, we process information which is necessary for the fulfilment of such contracts. The core data are used:

  • To provide, improve and adjust our services. Please also see ‘Our Services’ below.
  • To maintain the IT security and operational reliability of our services.
  • To communicate with you in relation to service problems.

For the collection and use of information that you provide to us when activating the device-based settings (e.g. access to your camera or photos if, for example, you upload a photo to your user account), we may provide the features and services described when activating the settings.

In addition, all information is processed for the following:

  • For analytical data collection and other services where we use data for control and improvement.
  • To provide reports showing our partners the usage of our broad range of services.
  • In the interest of companies and other partners, so that they can better understand their customers and, if necessary, improve their business model. This concerns, for example, price models to be adjusted or user interactions.
  • To send you the best and newest offers.

You have the right to object to or restrict such processing at any time. To do this, please read the paragraph entitled ‘Rights of Data Subjects’.

We only store your personal data only for as long as it is necessary to fulfil the purposes for which they were collected. Personal data are deleted as soon as they are no longer required and once there are no legal retention periods in force.

Our website is delivered using Secure HTTP Protocol. This SSL encryption ensures that no third party can read or change transmitted data according to the current state of technology. This applies both to the content of the site and to data transmitted through the use of forms.

We would like to advise you that your personal data will be processed in our office in Serbia, where part of our technical infrastructure is located. As a suitable guarantee for the legality of the data transmission, we have concluded corresponding standard contract clauses in accordance with Art. 46 para. 2 (c) GDPR. We therefore guarantee an appropriate level of data protection.

11. Rights of Data Subjects

In accordance with the Basic Data Protection Regulation and other applicable laws, you have the right to access, rectify, transfer or delete your information and the right to restrict or object to certain processing of your information. This also includes the right to object to our processing of your information for direct marketing purposes.

  • Revocation and Opposition Rights

"Regardless of the explanations above, you may object to the use of your information at any time and revoke any consent to the use of your information at any time.” Here, the right of objection under Art. 21 para. 1 and 2 GDPR applies to the processing of your data in connection with direct advertisement, if this is performed on the basis of a balance of interests.

If you revoke your consent to data processing or object to the use of the data, this does not affect the lawfulness of the data processing until the time of the revocation. 

Legal basis: 

Right of withdrawal (Art. 7 para. 3 GDPR ‘Conditions for consent’),Right to object (Art. 21 GDPR ‘Right of opposition’) 

  • Right to Rectification, Deletion, Blocking and Restriction 

Furthermore, you have the right to rectify, block or delete the data which are collected and stored by us at any time. We expressly point out that there may be legal obligations or practical considerations to further store data. In this case, the data can only be blocked. 

Legal basis: 

  • Right to data rectification (Art. 16 GDPR ‘Right to rectification’)
  • Right to erasure (Art. 17 GDPR ‘Right to be forgotten’)
  • Right to restriction (Art. 18 GDPR ‘Right to restriction of processing’) 
  • Right to Data Transferability and Complaining to a Supervisory Authority

If you suspect that the processing of your data violates data protection law or that your data protection claims have otherwise been violated in any way, you can lodge a complaint with the responsible supervisory authority. 

In the case of HolidayPirates GmbH, this is the responsible supervisory authority: 

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin

Phone: +49 30/13889-406

Email: [email protected]

Legal basis: 

Right to data transferability (Art. 20 GDPR ‘Right to Data Transferability’) Right to appeal to a supervisory authority (Art. 77 GDPR ‘Right to Data Portability’)

  • Right to Information 

You have the right to know which data we store about you (right to information). 

Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving your identity.

Legal basis:
Right to information (Art. 15 GDPR ‘Right of access of the data subject’) 

Contact Person for Asserting the Rights of Data Subjects:

To assert the rights outlined above, please contact:

HolidayPirates GmbH
Wallstr. 59
10179 Berlin
Email: [email protected]

12. Managing and Deleting your Data

If you would like to manage, change, restrict or delete your information and data, we provide the following features:

  • User Account: You can manage all information concerning your profile in your account. This may include your travel preferences, username, profile picture, or email address.
  • Delete Account: You can delete your profile on the website or in the App via your user account.
  • Unsubscribing from the Newsletter: You can unsubscribe from our newsletter at any time; the link to do so is at the end of every newsletter. As soon as you have unsubscribed from the newsletter, you will no longer receive any offers from us. Your personal data will not be reused and are deleted immediately.
  • Unsubscribing from the Messenger Service: You can unsubscribe from our messenger service at any time, to do so, simply send a message with ‘STOP’ via our channel in the respective messenger. 
  • Data Analysis: You can deactivate tracking in the App settings. Please note, however, that deactivation may result in service limitations on your travel preferences. You can deactivate the collection of cookies on the website by clicking below on the Manage Services button.

13. Legal Basis for the Processing

Art. 6 para. 1 (a) GDPR serves as the legal basis for the processing operations of our company for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which the data subject is a party (as is the case, for example, with processing operations which are necessary for the provision of another service or consideration), the processing is based on Art. 6 para. 1 (b) GDPR. 

The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation which makes the processing of personal data necessary, for example to fulfil tax obligations, the processing is based on Art. 6 para. 1 (c) GDPR.

We collect, use, retain and share your information when it is necessary from our point of view:

(a) to comply with any applicable law or regulation, legal process or government request; 

(b) to enforce our terms and conditions and applicable policies;

(c) to detect, investigate, prevent and combat fraud and other illegal activities, security issues or technical problems; 

(d) to enforce rights that protect the property and safety of our users of HolidayPirates GmbH or others.

14. Data Protection Officer and Contact Information

If you have any questions about our privacy policy, please contact our Data Protection Officer, Mr Roman Maczkowsky: [email protected].

Or write to us at:

HolidayPirates GmbH
Wallstr. 59
10179 Berlin
Email: [email protected]

You can also reach us using the contact form on our website.