data protection holidaypiratesPin it

Data Protection Declaration

HolidayPirates GmbH Data Protection Declaration

Last updated: 23 October 2019 

Data protection is a matter of trust, and your trust is very important to us – we respect your privacy. Therefore, protecting personal data and collecting, processing and using them in conformity with the law is our number one concern. We want you to feel safe with us; we strictly comply with the legal provisions for the processing of your data and would like to provide you with details concerning the data we collect and use on this page.

We take appropriate technical and organisational measures intended to prevent unlawful processing of personal data and their accidental loss, destruction or damage.

1. Responsible Body

HolidayPirates GmbH, Wallstraße 59, 10179 Berlin is the responsible body for the collection, processing and use of your personal data pursuant to the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG).

Should you object to the collection, processing and use of your personal data in part or full, you can send your objection by letter or email to the following contact:

HolidayPirates GmbH
Wallstr. 59
10179 Berlin

[email protected]

You can also find our contact details in our legal notice.

2. Processed Data

HolidayPirates GmbH must receive or collect information to operate, provide, improve, understand, customise, support, and market our services. This takes place, for example, when you install, use or access our services. The types of information we receive and collect depend on how you use our services.

2.1. User Account

If you wish to make a user account on our website, the following information is required: 

  • Email address 
  • Username
  • Password 

Provided by you voluntarily:

  • Profile picture
  • Name 
  • Date of birth 
  • Travel destination preferences for our Travel Alerts such as departure times, destinations, travel months, budgets and travel categories. 

Registration using a Facebook account:

You also have the option to link your user account with your Facebook account. In this case, you share the following information with us: 

  • Name
  • Email address
  • Profile picture
  • Age range
  • Language
  • Country and further data visible to the public on your Facebook profile.
  • Purpose: To write comments on the website and receive personalised offers 
  • Registration using a Google account:

Creating a user account is completely voluntary. These data are only used to design your profile based on your consent in accordance with Art. 6 para. 1 (a) GDPR.

These data are stored until you delete your user account from our website. You can delete the account you created at any time. To do so, log into our website and click on ‘Delete user account’ under ‘Account Settings’.

2.2. Newsletter Subscription

The technical service provider Emarsys Interactive Services GmbH, Stralauer Allee 6, 10245 Berlin, Germany, is our processor for sending newsletters.

Purpose: For advertising campaigns and sending offers from our website

Processed data:

  • Email address (required)
  • First and last name (voluntary)
  • Subscription date (automatically collected)
  • The country selected for the subscription (automatically collected)

When you subscribe to the newsletter, your behaviour regarding our newsletter is recorded (tracking the opening of emails and clicks on links). 

The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 (a) GDPR.

These data are stored until you unsubscribe from the newsletter, which you may do at any time. You can find the link to do so at the end of every newsletter. As soon as you have unsubscribed from the newsletter, you shall no longer receive any offers from us, and your personal data will no longer be used and are deleted immediately.

2.3. Messenger Service

The technical service provider MessengerPeople GmbH, Otto-Lindenmeyer-Straße 28, 86153 Augsburg is our processor for sending offers via WhatsApp, Facebook Messenger, Telegram and Insta News.

Purpose: Direct communication and sending offers from our website

Processed data:

  • Phone number (required)
  • Profile photo (optional)
  • First and last name (optional)
  • Messages that are sent to us
  • Messenger ID (automatic)

By sending a start message to HolidayPirates, you consent to the sender using your personal data (see above) for direct communication and to the necessary data processing using the selected messenger in accordance with Art. 6 para. 1 (a) GDPR. 

To use this service, you must have an existing messaging account with the respective provider. 

The responsible provider for each messaging service is:

We would like to advise you that the respective provider receives personal data which are also processed on servers outside the EU (e.g. the USA) wherein no level of data protection can be guaranteed. WhatsApp Inc. and Facebook Ireland Ltd. are certified under the Privacy Shield and therefore guarantee that European data protection regulations are complied with. You can find further information by visiting the data protection regulations of the respective messenger services provided above. We have neither exact knowledge concerning nor influence on the data processing by the respective providers.

The legal basis for sending the WhatsApp newsletter is your consent in accordance with Art. 6 para. 1 (a) GDPR.

These data are only stored until you unsubscribe from the messenger service. Your consent to this data processing can be revoked at any time by entering ‘STOP’ in the respective messenger.

In order to delete all saved data stored by our service providers, please send a message with the statement ‘DELETE ALL DATA’ in your respective messenger.

2.4. Contact using our Contact Form or Email:

Processed data:

  • First and last name 
  • Email address
  • Messages that are sent to us 

Purpose: The processing of personal data serves to facilitate contact, prevent misuse of the contact form and to ensure the safety of our information technology systems. The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 (a) GDPR.

Your messages and our replies are stored for a period of three years for the purpose of proving the provision of proper information.

 2.5. Customer Service

Processed data:

  • Name
  • Messages 
  • Phone number (if you contacted us by phone)

Purpose: The processing of the personal data facilitates contact, prevents misuse of the service and safeguards security. The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 (a) GDPR. Insofar as the data processing is necessary for completing a contract, Art. 6 para. 1 (b) GDPR shall serve as the permissive standard for the data processing.

If you book a holiday package by phone, your data are stored for a period of 10 years by the Gesellschaft für Reisevertriebssysteme mbH. 

2.6. Commentary Function on the Blog

Processed data:

  • Username (required)
  • Profile picture (if provided) 
  • Time and date of your comment
  • Content of the comment

Writing comments is completely voluntary. The collection of the above-mentioned user data is intended to prevent misuse of the services. The legal basis for the data processing after a comment has been written by the user is based on our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR and ensures our security as a website operator.

If you delete your account on our website, the comments will no longer be marked with usernames or profile pictures; the comments themselves shall remain. 

3. Automatically Collected Information / Cookies

A cookie is a small text file that is stored on your computer or mobile device when you visit a website with your browser.

We use cookies to operate and provide our services, for example, to provide our web-based services, improve your user experience, analyse how our services are used and customise our services to simplify the login process, and customise our content to match your interests and preferences. 

We also use cookies to find out which questions are the most popular in our FAQ and to point you in the direction of relevant content in relation to our services. In addition, we may use cookies to store your settings – such as your language preferences – to guarantee you a safer user experience and to also individually customise our other services for you in this manner. 

If you book a holiday with one of our business partners using our website, the personal data in connection therewith are transmitted to the business partner. These include cookies which are used to record the booking process. The cookies allow our business partners to determine whether you booked the offer on our website. In order to improve their offer, our partners may use information concerning your booking.

Important notice concerning the use of cookies:

  • You are informed about the use of cookies when you access our website and provide your consent to the processing of the personal data obtained in connection therewith; this includes the search terms entered and the frequency of site visits and clicks. There is also a notice concerning this data protection declaration in this context. You can either accept all cookies, or decide to reject some or all of our services. In this way, you have the best possible control over the processing of your data and use only the services that you really wish to avail of.
  • The legal basis for the processing of personal data using cookies for analysis purposes is your consent pursuant to Art. 6 para. 1 (a) GDPR. 
  • You can either fully or partially deactivate the collection of cookies and the use of the respective services by using the corresponding control element on the website, which we show at the very bottom as Manage Services. There you also have the option to deactivate the collection of all cookies, or only certain cookies you have selected. 
  • Cookies required for technical reasons are automatically collected (via Bugsnag, Inc., 939 Harrison St, San Francisco, CA 94107). You cannot deactivate these; they do not process any personal data. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in providing smooth operation of the Internet offering.
  • We integrate videos into our online presence from the YouTube video platform by the service provider Google Ireland Ltd. For the provision of the service, Google may save and process the user’s IP address. 
  • Our website may also contain content such as pictures, videos or texts from the Instagram service. If the user has an Instagram account, Instagram can assign access of the contents to the user’s profile. If Instagram is deactivated in Manage Services, no services from Instagram will load. To do this, you need only click on the Manage Services button on the website and reject the service there.

4. Usage and Log Information (HolidayPirates App)

We collect information concerning your activities in the HolidayPirates App. This includes service-specific information and information for diagnostic and performance purposes. Information about your activities is also stored, such as how you use our services, your preferences for each service, how you interact with others using our services and the time, frequency, and duration of your activities and interactions. In addition, log data such as diagnostic, crash, website and performance logs and reports are stored. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

We use so-called App notifications for the provision of the App and services. There are two categories of notifications which you can activate and deactivate in the App: spectacular deals and error fares. Spectacular deals are holiday offers of an exceptional quality or price found by our editors. Error fares are extremely affordable deals that show an unusually large deviation from the usual price range for a particular destination.

You can also receive Travel Alerts based on certain preferences (preferred travel destination, budget, departure airport). You can deactivate these by deleting the Travel Alerts.

The technical service provider Braze is our processor for sending push notifications. 

Address : Braze Inc., 318 West 39th Street, New York, NY 10018

Purpose: Advertising campaigns, sending offers from our website; onboarding tour and helpful tips for those who use our website to improve their user experience.

Processed data: 

  • Analysis of user behaviour in the App to receive personalised offers.
  • If you are a registered user, information about your profile is shared (email, username, profile picture and notification settings). 
  • Braze also only stores basic non-identifiable information from the device (country, language, time zone, operating system, App version and device ID).

In cases where the user is logged in – we can identify them as the same user (on the web and in the App) and correlate data across platforms to send more targeted messages.

Braze is only used when you have not declined its usage under ‘Notifications’ in the App settings. Our legitimate interest in data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in the economic operation of our online offers and the use of effective information and communication with you.

These data are stored until you unsubscribe from App notifications which you can do at any time in the App settings. As soon as you have unsubscribed, you shall no longer receive any offers from us, and your personal data will no longer be used and are deleted immediately.

In the App, ‘Usage and Log Information’ shall mean the use of services from Adjust and Firebase:

Firebase

Address : 188 King St., San Francisco, CA 94107, USA

Purpose of processing: Analyse user behaviour in the App to:

  • Develop new products and services
  • Optimise existing products or services
  • Find and fix error messages on the blog
  • Measure and plan marketing campaigns

Firebase is a sub-service from Google Analytics. When Firebase is used in the App, the data are forwarded to Google Analytics via Google Tag Manager. The data are then read through Adjust. You can find more information on the operating principle in the section entitled ‘Google Analytics’ and ‘Adjust’.

Firebase is only used when you have not declined its usage under ‘Usage and Log Information’ in the App settings. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

Personal data relating to the user are deleted after 38 months.

Adjust

Address : Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany

Purpose: Assisting in identifying behaviour in the mobile application to support decisions about targeted marketing; assisting in the efficient management and optimisation of mobile campaigns for social networks and elsewhere on the Internet.

Processed data:

  • Cookie ID, display ID and the device ID used by a specified person, events in the mobile App concerning the use of the mobile App by a particular user (especially login, successful completion of transaction, country, language, local settings, app version) but no payment or financial data.
  • The content of the advertising to be delivered to a particular user and the advertising group to which that person belongs.
  • HTTP headers, IP address, MAC address (Media Access Control address is  a hardware address of each individual network adapter, which serves as a unique identifier of device in a computer network),  user's device and web activity information.

Adjust is only used when you have not declined its usage under ‘Usage and Log Information’ in the App settings. Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

Personal data relating to the user are deleted after 28 days.

Insofar as you have accepted Adjust tracking in the App (under ‘Usage and Log Information’), certain data shall be sent to Facebook Ireland Ltd.:

Facebook App Tracking

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Purpose:

  • Advertising the HolidayPirates App on Facebook Ireland Ltd, including campaign retargeting (retargeting means a tracking process in which users are marked and tracked when they visit a website, the user can then be addressed on other websites again with suitable advertising).
  • Support in identifying whether users of the HolidayPirates App were gained through advertising on Facebook.

Processed data:

  • Attribution ID (attribution ID is a Facebook-specific ID that Adjust forwards to Facebook but is not used internally for tracking purposes).
  • Display ID (display ID is a device-specific identifier that can be reset by the user and on which Adjust tracking is based).
  • Events in the mobile App concerning the use of the mobile App (in particular tracking user behaviour, App version, time stamp and IP address).

Insofar as you have accepted Adjust tracking in the App (under ‘Usage and Log Information’), certain data shall be sent to Google Ireland Ltd.:

Google Ads App Tracking

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose: 

  •  Advertising for the HolidayPirates App and website on Google networks.
  •  Support in identifying whether users of the HolidayPirates App were gained through advertising on Google.

 Processed data:

  • Display ID (see explanation above)
  • IP address
  • Device ID
  • Events in the mobile App concerning the use of the mobile App (in particular the App version and time stamp)

5. Analysis of User Behaviour on our Website

5.1. HolidayPirates Website Tracking (Google Tag Manager)

HolidayPirates Website Tracking is our name for Google Tag Manager, a web analysis service from Google Ireland Ltd.

The Google Tag Manager itself does not collect any personal data but rather facilitates the integration and management of our tags. Tags are small pieces of code that can be used, among other things, to measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimise websites. Google Tag Manager does not access this data.

If you carried out a deactivation in Manage Services at the bottom of the web page, it will deactivate all tracking tags implemented with Google Tag Manager.

The following tracking services are integrated into Google Tag Manager:

  • Google Analytics
  • Google Ads 

Google Ads

If you have not rejected ‘HolidayPirates Website Tracking’ in Manage Services, Google Ads are used on our website. 

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose: Advertising of our website and App in Google web networks.

Processed data: Online designation, including cookie ID (for unique web browser identification), IP address, device ID, user ID.

Personal data relating to the user are deleted after 180 days.

Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in developing services.

Google Analytics

If you have not objected to ‘HolidayPirates Website Tracking’ in Manage Services, Google Analytics, a web analysis service of Google Ireland Limited, is used on our website. 

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 

 Purpose: Analysing user behaviour on the website to:

  • Develop new products and services
  • Optimise existing products or services
  • Find and fix error messages on the blog
  • Measure and plan marketing campaigns

Processed data: Pseudonymised ID

Google Analytics uses ‘cookies’ – text files that are stored on your device and allow an analysis of the use of the website. The information collected by the cookies is generally sent to a Google server in the USA and stored there.

We have activated IP anonymisation. Your IP address will be shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. The IP address is only initially transferred unabridged to the United States to a Google server and shortened there in individual cases. Through this shortening, the personal reference to your IP address is omitted. The user’s IP address transmitted by the browser is not merged with other data stored by Google.

The information collected by Google on our behalf, as part of the contract processing agreement, is used to evaluate the use of the website by individual users, for example, to generate activity reports on the website in order to improve our website. This also makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user’s activities across devices.

Personal data relating to the user are either deleted or anonymised after 38 months. You also have the option to deactivate the use of Google Analytics in our tool on the website; simply reject HolidayPirates Website Tracking in the Manage Services section. 

Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in providing technical functionality and optimising and developing services.

5.2. Demographics:

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose:

  • Breaking down website visitors by age, gender and interests.
  • Better targeting of advertisements according to the target audience based on age, gender and dimensions of interests.

Processed data: Pseudonymised ID

Google Optimize is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in the Manage Services section on our website. 

Personal data relating to the user are either deleted or anonymised after 38 months.

5.3. Optimize:

If you have not rejected ‘Optimize’ in our Manage Services, our website uses Google Optimize, a website optimisation tool.

Address : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose:

  • Statistical analysis of changes and new functionalities on the website, analysis of the use of different variants of our website.
  • To improve the user experience and content of the website based on user behaviour, variations are displayed for a percentage of the users.

Processed data: Pseudonymised ID

Google Optimize is a sub-service of Google Analytics – more information on how it works can be found in the section entitled ‘Google Analytics’.

Data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our economic interest in developing services.

You have the option to deactivate the use of Google Optimize in our tool on the website at any time; simply reject the service by clicking below on the Manage Services button and rejecting it there.

Personal data relating to the user are either deleted or anonymised after 90 days.

5.4. Hotjar

Address : Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta 

Purpose: Collection of data and analysis of user behaviour on our website to provide users with better content and simplified operations.

Processed data: Browser type, operating system, device type, URL(s) visited and duration of the visit

Hotjar is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

5.5. Facebook Pixel

If you have not rejected ‘Facebook Pixel’ in Manage Services, Facebook Pixel is used on our website. As Facebook and Instagram are linked, the data are processed simultaneously by Instagram. 

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Address : Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Purpose:

  • Analysis of user behaviour to better understand the user and thus offer better content.
  • Use of Custom Audiences for advertising campaigns and personalised advertisements.

Processed data:

  • HTTP-Headers – everything that is present in HTTP-Headers (HTTP-Headers are standard web logs sent between every browser request and server on the Internet. HTTP headers include IP addresses, information about the web browser, page location, document, referrer and person using the site).
  • Pixel-specific data – this includes the pixel ID and the Facebook cookie (using Facebook Pixel, Facebook can identify you as a visitor to our website as a target group for displaying ads. Facebook Pixel allows us to check whether a user has been redirected to our website after clicking on our Facebook ads. Accordingly, we use Facebook Pixel to display Facebook ads placed by us only to Facebook users who have shown an interest in our online offers. The Facebook cookie provides information about your activities outside of Facebook – including information about your device, websites visited, purchases made, ads you have viewed, and the way in which you use Facebook services – regardless of whether you have a Facebook account or are signed in to Facebook).
  • Button Click Data – these include all buttons clicked by website visitors, the labels of those buttons and all pages that were called up as a result of the buttons (tracking user behaviour).

Our legitimate interest in data processing pursuant to Art. 6 para. 1 (f) GDPR is justified by our interest in the economic operation of our online offers.

Personal data relating to the user are either deleted or anonymised after 180 days. 

You have the option to deactivate the use of Facebook Pixel in our tool on the website; simply reject the service after clicking on the Manage Services button below.

5.6. Pinterest

Address : Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

Purpose:

  • Providing the ‘Note’ buttons on the website and images to ensure the use of Pinterest for users and to enable the saving of images.
  • Analysis of the user behaviour of Pinterest users on our website in order to understand interests and to improve and expand our products.
  • By using Pinterest features on our website, data are automatically forwarded to Pinterest so that they have a better understanding of your interests to ensure better advertising.

Processed data:

  • Information outlining how often the button was clicked by users on our website and the URL of the landing page.
  • Log data, such as IP address, landing page URL with Pinterest functions, and the activities performed on it (such as the ‘Note’ button), search history, browser type and settings, the date and time of your request, how you use Pinterest (tracking of user behaviour) and cookie and device data (including device type, operating system, settings, unique device identifiers as well as crash data, which are useful when correcting errors) are automatically shared with Pinterest. 
  • Cookie data for recording log data (if you use Pinterest, some information (log data, see above) is automatically stored, such as information that your browser automatically transmits when you visit a website, or information that your mobile App automatically sends when you use it. Cookies are also used to record log data, e.g. to save your language settings or other settings, so you do not have to set them every time you log in to Pinterest. Some cookies are associated with your Pinterest account (including your personal information such as the email address you provided), other cookies are not).
  • Device type

Pinterest is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Personal data relating to the user are deleted after 30 days.

5.7. Twitter (Twitter Social Plugins)

Address : Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Purpose: The user has the option to share our offers directly to Twitter. The data are used to improve Twitter products and services and to deliver relevant advertising, including personalised suggestions and personalised ads.

Processed data: Twitter may receive information such as the web pages you visit, your IP address, browser type, operating system and cookie information. 

Twitter is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Personal data relating to the user are either deleted or anonymised after 18 months.

​​​​​​​​​​​​​​5.8. Facebook (Facebook Social Plugins)

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Purpose: The data are used to improve Facebook products and services and to deliver relevant advertising.

Processed data: Facebook user ID, page URL, date and time and other browser information

Facebook Social Plugins are only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

The data are saved until they are no longer needed to provide Facebook services and products, or until the account is deleted, depending on which occurs first. The search history is deleted after 6 months.

5.9. Google AdSense

Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose: Advertising monetisation and content cross-promotion. Personalised advertisements that enable us to offer free services.

Processed data, all pseudonymised data: A user's web request, IP address, browser type, browser language, the date and time of the ad request, and one or more cookies or an advertising ID that may uniquely identify that user's browser or mobile device.

We anonymise IP addresses in logs by removing part of the address after 9 months. After 18 months, we further anonymise log data by removing cookie or advertising ID information in both logs and ad serving databases. User profile information associated with advertising cookies and advertising IDs is also stored in databases that can be accessed for ads serving in real-time. Data stored in these databases are either deleted or anonymised after 18 months.

5.10. HolidayPirates Campaign Tracking (Emarsys)

HolidayPirates Campaign Tracking is our name for Emarsys, a Web analyst service.

Address : Emarsys Interactive Services GmbH, Stralauer Allee 6, 10245 Berlin

Purpose: For advertising campaigns and sending offers from our website.

Processed data:

  • Collection of user behaviour via a pseudonymised cookie ID, tracking behaviour on our website and sending these data to our newsletter data bank.
  • Tracking of user behaviour in our newsletter (opening of emails and clicks on links).

HolidayPirates Campaign Tracking is only used if you are subscribed to the newsletter and have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

Personal data relating to the user are deleted or anonymised from our databank 30 days after the user has unsubscribed and after another 7 days by Emarsys.

5.11. JotForm

Address : JotForm Inc., 111 Pine St. #1815, San Francisco, CA 94111

Purpose: Form for uploading user videos in connection with competitions. 

Processed data:

  • Contact data (name, email address)
  • Tracking user behaviour on the website and in the registration form

JotForm will only be used if you participate in our Video Award and accept the service according to Art. 6 para. 1 (a) GDPR in Manage Services. You can find further information in our data protection declaration for the competition: https://media.holidaypirates.com/docs/privacy-policy-for-prize-competition-uk-egtq.pdf.

Personal data relating to the user are deleted 30 days after the account has been deleted.

​​​​​​​5.12. HelpHero 

Address : Help Hero Co., Suite 9429, 17B Farnham Street Parnell, Auckland 1052, New Zealand

Purpose: Introductory tour and helpful tips for users of our website to provide them with a better user experience.

Processed data: Pseudonymised ID

HelpHero is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Personal data relating to the user are either deleted or anonymised after 30 days.

​​​​​​​​​​​​​​5.13. SurveyMonkey 

Address : SurveyMonkey Inc., San Mateo, One Curiosity Way, California 94403

Purpose: 

  • To implement online surveys and to better understand the user.
  • To reward users who wish to take part with a prize.

 Processed data: 

  • Email address (optional)
  • Demographic data (including age, gender, status; mandatory)
  • Psychographic data (including interests; mandatory)
  • Answers to questions based on opinions, tendencies and experiences depending on the survey (mandatory)

SurveyMonkey is only used when you take part in a survey pursuant to Art. 6 para. 1 (a) GDPR. 

Personal data relating to the user are either deleted or anonymised after 90 days.

5.14. WisePops

Address : WisePops, Inc., 49 rue Jean De La Fontaine, 75016 Paris

Purpose: Pop-up for subscribing to the newsletter.

Processed data: 

  • Email address
  • First and last name
  • IP address and country

The data shall only be transmitted to WisePops if you subscribe to the newsletter via WisePops pursuant to Art. 6 para. 1 (a) GDPR.

The data are deleted by WisePops after 3 months.

5.15. Outbrain

Address : Outbrain UK Limited, 5 New Bridge Street, London, EC4V 6JA, UK

Purpose:

  • Data collection from users on our website to display more targeted advertising.
  • Better understanding of reactions to ads allows us to offer more relevant advertising and not bother users with the same ads continuously.
  • To do or collect analyses about those users who interact with Outbrain's technology on Outbrain's partners' websites. If you do not want to see interest-based advertising, you can disable this feature here: my.outbrain.com/recommendations-settings/home.

Processed data:

  • Outbrain UUID (unique user ID)
  • Visited sites, reference source, time stamp, page visits
  • Browser, device and operating system information. An estimate of the geographic location associated with the IP address and other information normally transmitted in HTTP requests.
  • IP address or other unique identifier for any computer, mobile device, or other technology used to access the site.

To provide personalised recommendations, Outbrain collects certain information, such as the unique user ID (UUID) that it assigns to users when they see it on Outbrain's publisher website. Outbrain Pixel on our site only recognises the UUID and reports it to us.

Outbrain Pixel is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website.

5.16. Braze 

Address : Braze Inc., 318 West 39th Street, New York, NY 10018 

Purpose: Onboarding tour and helpful tips for website users to provide them with a better user experience; to personalise the Web Push Notifications.

Processed data:

  • Analysis of user behaviour on the website via a pseudonymised ID 
  • If you are registered as a user, information about your profile is shared (email, username, profile picture and notification settings)
  • Braze also does not store identifiable basic information from the device (country, language, time zone, operating system, browser version and device ID)

In cases where the user is logged in – we can identify them as the same user (on the web and in the App) and correlate data across platforms to send more targeted messages. 

Braze is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Your data will only be saved until you deactivate Web Push Notifications in your browser or object to the tracking in Manage Services. 

6. Application as a Tester for HolidayPirates GmbH

If you apply as a Tester for HolidayPirates, the following data are collecting in accordance with Art. 6 para. 1 (a) GDPR: 

  • Email address and name (required)
  • Browser type, operating system, device type, web URL(s) visited and duration of the visit
  • Demographic data (including age, gender, status, marital status; mandatory)
  • Psychographic data (including interests; mandatory)
  • Answers to questions based on opinions, tendencies and experiences depending on the survey (mandatory)

Purpose: 

  • To implement surveys and to better understand the user.
  • To reward users who wish to participate with a prize.

After completion of the survey, these data will be blocked from further use and deleted after 12 months.

7. Applying to HolidayPirates GmbH

If you apply for a job position at HolidayPirates, the following personal data are collected for the purpose of the evaluation process in accordance with Section 26 BDSG. The data you provide in your application are exclusively used for filling the advertised position and the review and processing. After completion of the application process, these data will be blocked for further use and deleted after 6 months, unless you consent to any further or other processing. 

Personio

To process your data we cooperate with the service provider Personio GmbH. The service provider Personio GmbH is used as our order processor pursuant to Art. 28 GDPR. Personio is used for the implementation of a fast and effective application process. The legal grounds for this are in particular Art. 6 para. 1 (b) GDPR and Section 26 BDSG.

Address : Personio GmbH, Buttermelcherstr. 16, 80469 Munich Germany

Purpose: Storage and processing of applicant data for the purpose of the application.

Processed data: Contact data, master data, data related to the position (e.g. from the CV)

We would like to inform you that some data on the Personio recruiting page are collected for its own purposes as the responsible body:

1.) Server Logs

When accessing the recruiting site, general log data – so-called sever logs – are automatically collected. These data are generally pseudonymous and therefore cannot be associated with any natural person. Without these data, it would not be completely possible to deliver and present the contents of the software for technical reasons. In addition, the processing of these data is absolutely necessary for security reasons, in particular to control access, input, transfer and storage. In addition, the anonymous information can be used for statistical purposes as well as for optimising the offer and technology. In addition, the log files can be subsequently checked and evaluated if there is a suspicion of illegal use of the software. The legal grounds for this can be found in Section 15 para. 1 of the German Telemedia Act (TMG) and Art. 6 para. 1 (f) GDPR. The data collected are general, such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp of the access to the software. The scope of this logging does not go beyond the usual scope of any other website on the Internet. The storage of this access log may be up to 7 days. There is no right of objection.

2.) Error Logs 

For the purpose of error identification and correction, so-called error logs are created. This is absolutely necessary in order to be able to react as quickly as possible to potential problems in the presentation and implementation of content (legitimate interest). These data are generally pseudonymous and therefore cannot be associated with any natural person. The legal grounds for this are grounded in Section 15 para. 1 TMG and Art. 6 para. 1 (f) GDPR. When an error report appears, general data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp for when the corresponding error message/specification occurred are collected. The storage of the error log may be up to 7 days. There is no right of objection.

3.) Cookies 

On the recruiting site, it is generally only absolutely necessary, functional and performance cookies that are used. These are particularly used to implement certain default settings such as language, to identify the application channel, or to analyse the performance of a job position that a user used to access the recruiting side. The use of cookies is mandatory for the provision of our services and thus for the fulfilment of the contract (Art. 6 para. 1 (b) GDPR). Period of storage: You have the right to object for up to 1 month or until the end of the browser session: you can determine for yourself via your browser settings whether you want to allow or refuse the use of cookies. Please note that deactivating cookies can lead to limited or completely inhibited functionality of the recruiting page.

These data will only be processed in accordance with Art. 6 para. 1 (a) GDPR based on the consent you provided during the application process. You may revoke your consent at any time (see Section 11 Rights of Data Subjects).

8. Social Media Fan Pages

We present online offers on different social media platforms to provide information and to facilitate contact with you.

We have no influence on the processing of personal data by the respective platform operator in their capacity as the responsible body. As a rule, when you visit our social media services, the platform operator stores cookies in your browser, in which your usage behaviour or interests are stored for market research and advertising purposes. The (mostly cross-device) user profiles are used by the platform operators to display personalised advertising. Under certain circumstances, you have also given a platform operator consent to data processing, for which case Art. 6 para. 1 (a) GDPR is the legal basis.

Data processing may also affect those who are not registered as users with the respective social media platform. In some instances, your data may be processed outside the territory of the European Union, which may complicate enforcement of your rights.

If we process your personal data ourselves, we do so under our own responsibility. In this case, the processing is performed based on our legitimate interests (pursuant to Art. 6 para. 1 (f) GDPR) in a diverse external presentation of our company and the use of an effective information opportunity and communication with you.

Detailed information regarding data processing in the data protection area the platform operator is responsible for, opt-out options and the assertion of data subjects' rights can be found in the data protection policy of the relevant platform operator.

Facebook and Instagram Fan Pages

Address : Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Data processing is based on an agreement on the joint processing of personal data pursuant to Art. 26 GDPR(https://www.facebook.com/legal/terms/page_controller_addendum).

9. Third-party Banner Advertising

9.1. DoubleClick

The website uses DoubleClick, a third-party advertising provider, to serve advertisements on the website. Advertising providers are third parties that display advertisements based on your visits to the website and other websites you have visited, allowing targeted advertisements to be delivered to you for products and services in which you might be interested. The website also uses a third-party traffic measurement service to analyse the number of website visitors. 

Furthermore, these third parties may use cookies, web beacons or scripts or other similar mechanisms to automatically collect website usage information. Third-party advertising providers and the advertisers may use this usage information, among other purposes, to help deliver advertisements to you that you might be interested in, to prevent you from seeing the same advertisements too many times. Please note that the privacy policies of the third-party providers (listed below) apply here. However, we do not share any personal information with these third parties. For more information about DoubleClick, including instructions on how to opt out of the advertising, please see: https://www.doubleclickbygoogle.com/

DoubleClick is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

The data are either deleted or anonymised after 18 months.

​​​​​​​​​​​​​​9.2. Ad Up 

The tracking of Ad Up, a technology and service provider of Axel Springer Teaser Ad GmbH (Axel-Springer-Strasse 65, 10969 Berlin), is integrated on our websites. By collecting anonymised and/or pseudonymous data, Ad Up will then be able to display interest-orientated advertisements for a specific time on websites. Ad Up uses cookies to provide advertisers with conversion tracking that determines the effectiveness of their ads and keywords. You can find more information on the data protection policy of Axel Springer Teaser Ad GmbH here: https://www.adup-tech.com/datenschutz/.

Ad Up is only used if you have provided your consent pursuant to Art. 6 para. 1 (a) GDPR in Manage Services on our website. 

Personal data relating to the user are either deleted or anonymised after 12 months.

10. How we use information

We use the information provided to us (subject to the decisions made by you, e.g. in the context of Manage Services on our website) to provide and improve our services. This helps us understand how our users avail of our services and in turn, we use this information to improve our services and perform troubleshooting activities.

We verify accounts and activities and promote security within and outside our services. This is achieved, for example, by investigating suspicious activities or violations of our terms and conditions and ensuring that our services are used in compliance with the law.

For all those who conclude a contract with us, we process information which is necessary for the fulfilment of such contracts. The core data are used:

  • To provide, improve and adjust our services. Please also see ‘Our Services’ below.
  • To maintain the IT security and operational reliability of our services.
  • To communicate with you in relation to service problems.

For the collection and use of information that you provide to us when activating the device-based settings (e.g. access to your camera or photos if, for example, you upload a photo to your user account), we may provide the features and services described when activating the settings.

In addition, all information is processed for the following:

  • For analytical data collection and other services where we use data for control and improvement.
  • To provide reports showing our partners the usage of our broad range of services.
  • In the interest of companies and other partners, so that they can better understand their customers and, if necessary, improve their business model. This concerns, for example, price models to be adjusted or user interactions.
  • To send you the best and newest offers.

You have the right to object to or restrict such processing at any time. To do this, please read the paragraph entitled ‘Rights of Data Subjects’.

We only store your personal data only for as long as it is necessary to fulfil the purposes for which they were collected. Personal data are deleted as soon as they are no longer required and once there are no legal retention periods in force.

Our website is delivered using Secure HTTP Protocol. This SSL encryption ensures that no third party can read or change transmitted data according to the current state of technology. This applies both to the content of the site and to data transmitted through the use of forms.

We would like to advise you that your personal data will be processed in our office in Serbia, where part of our technical infrastructure is located. As a suitable guarantee for the legality of the data transmission, we have concluded corresponding standard contract clauses in accordance with Art. 46 para. 2 (c) GDPR. We therefore guarantee an appropriate level of data protection.

11. Rights of Data Subjects

In accordance with the Basic Data Protection Regulation and other applicable laws, you have the right to access, rectify, transfer or delete your information and the right to restrict or object to certain processing of your information. This also includes the right to object to our processing of your information for direct marketing purposes.

  • Revocation and Opposition Rights

"Regardless of the explanations above, you may object to the use of your information at any time and revoke any consent to the use of your information at any time.” Here, the right of objection under Art. 21 para. 1 and 2 GDPR applies to the processing of your data in connection with direct advertisement, if this is performed on the basis of a balance of interests.

If you revoke your consent to data processing or object to the use of the data, this does not affect the lawfulness of the data processing until the time of the revocation. 

Legal basis: 

Right of withdrawal (Art. 7 para. 3 GDPR ‘Conditions for consent’),Right to object (Art. 21 GDPR ‘Right of opposition’) 

  • Right to Rectification, Deletion, Blocking and Restriction 

Furthermore, you have the right to rectify, block or delete the data which are collected and stored by us at any time. We expressly point out that there may be legal obligations or practical considerations to further store data. In this case, the data can only be blocked. 

Legal basis: 

  • Right to data rectification (Art. 16 GDPR ‘Right to rectification’)
  • Right to erasure (Art. 17 GDPR ‘Right to be forgotten’)
  • Right to restriction (Art. 18 GDPR ‘Right to restriction of processing’) 
  • Right to Data Transferability and Complaining to a Supervisory Authority

If you suspect that the processing of your data violates data protection law or that your data protection claims have otherwise been violated in any way, you can lodge a complaint with the responsible supervisory authority. 

In the case of HolidayPirates GmbH, this is the responsible supervisory authority: 

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin

Phone: +49 30/13889-406

Email: [email protected]

Legal basis: 

Right to data transferability (Art. 20 GDPR ‘Right to Data Transferability’) Right to appeal to a supervisory authority (Art. 77 GDPR ‘Right to Data Portability’)

  • Right to Information 

You have the right to know which data we store about you (right to information). 

Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving your identity.

Legal basis:
Right to information (Art. 15 GDPR ‘Right of access of the data subject’) 

Contact Person for Asserting the Rights of Data Subjects:

To assert the rights outlined above, please contact:

HolidayPirates GmbH
Wallstr. 59
10179 Berlin
Email: [email protected]

12. Managing and Deleting your Data

If you would like to manage, change, restrict or delete your information and data, we provide the following features:

  • User Account: You can manage all information concerning your profile in your account. This may include your travel preferences, username, profile picture, or email address.
  • Delete Account: You can delete your profile on the website or in the App via your user account.
  • Unsubscribing from the Newsletter: You can unsubscribe from our newsletter at any time; the link to do so is at the end of every newsletter. As soon as you have unsubscribed from the newsletter, you will no longer receive any offers from us. Your personal data will not be reused and are deleted immediately.
  • Unsubscribing from the Messenger Service: You can unsubscribe from our messenger service at any time, to do so, simply send a message with ‘STOP’ via our channel in the respective messenger. 
  • Data Analysis: You can deactivate tracking in the App settings. Please note, however, that deactivation may result in service limitations on your travel preferences. You can deactivate the collection of cookies on the website by clicking below on the Manage Services button.

13. Legal Basis for the Processing

Art. 6 para. 1 (a) GDPR serves as the legal basis for the processing operations of our company for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which the data subject is a party (as is the case, for example, with processing operations which are necessary for the provision of another service or consideration), the processing is based on Art. 6 para. 1 (b) GDPR. 

The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation which makes the processing of personal data necessary, for example to fulfil tax obligations, the processing is based on Art. 6 para. 1 (c) GDPR.

We collect, use, retain and share your information when it is necessary from our point of view:

(a) to comply with any applicable law or regulation, legal process or government request; 

(b) to enforce our terms and conditions and applicable policies;

(c) to detect, investigate, prevent and combat fraud and other illegal activities, security issues or technical problems; 

(d) to enforce rights that protect the property and safety of our users of HolidayPirates GmbH or others.

14. Data Protection Officer and Contact Information

If you have any questions about our privacy policy, please contact our Data Protection Officer, Mr Roman Maczkowsky: [email protected].

Or write to us at:

HolidayPirates GmbH
Wallstr. 59
10179 Berlin
Email: [email protected]

You can also reach us using the contact form on our website.

Hotjar

As far as you have given your consent according to Art. 6. 1 lit. a. GDPR we are using Hotjar on our website.

  • Address: Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta
  • GDPR Compliancehttps://www.hotjar.com/legal/compliance/gdpr-commitment
  • Purpose:
    • Measurement and analytics to better understand our users and provide better content. Heatmaps, click maps, screen recordings help us to better organise and structure the content of our website to provide a seamless and easy user experience.
  • All pseudonymised data:
  • The following are all collected and completely pseudonymised: Browser type, Operating system, device Type, page URL(s) visited, and duration of visit

    You may object to the use of your information at any time and revoke any consent to use your information at any time. You can revoke your consent at any time with effect for the future and disable the tracking. You can switch off the recording of cookies by clicking the "service control" button on the website below. There you have the possibility to deactivate all cookies or only cookies you have selected.

    Moreover, you have the right to correct, delete or restrict the processing of your information, as well as the right to object to processing and the right to transfer your data.

     

    Holidaypirates Campaign Tracking (Emarsys)

    • Data:
      • Capturing surfing behaviour of our users through an Pseudonymous Cookie ID, to track behaviour on each blogpost and sending this data to our newsletter database.
      • Tracking the behaviour in our newsletters newsletters including tracking of opens of emails and clicks on links.

     

    MessengerPeople

    • Address: MessengerPeople GmbH, Herzog-Heinrich-Straße 9, 80336 München
    • GDPR Compliancehttps://www.messengerpeople.com/privacy/
    • Purpose: 
      • For direct communication and sending out offers from our website
    • All pseudonymised data:
      • Phone number, Profile Picture, Messages or Questions send to us.

    Messaging Services

    By sending a start message to HolidayPirates (hereinafter referred to as – Sender) I agree with respect to Art. 6 Abs.1 lit. a GDPR that Sender has my permission to use my personal data (e.g. first and last name, phone number, messenger ID, profile image, messages) for direct communication and the required data processing, based on the respective messenger. To use this service, an existing messenger account with the respective provider is required.

    The possible messenger service providers are:

    Whatsapp: WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA with its privacy policy described at https://www.whatsapp.com/legal/#privacy-policy

    Facebook Messenger: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA with its privacy policy described at https://www.facebook.com/about/privacy

    Telegram: Telegram Messenger LLP 71-75 Shelton Street, Covent Garden, London, United Kingdom with its privacy policy described at https://telegram.org/privacy.

    Insta News: Pylba Inc., 314 27th Avenue, San Mateo, CA, 94403, USA with its privacy policy described at http://apps.pylba.com/privacy.

    I acknowledge that the respective provider might receive personal data (including communication meta data) that might be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Whatsapp Inc and Facebook Inc are certified under the Privacy Shield Agreement and thus guarantee compliance with European data protection regulations. Additional information is described in the above privacy policies of the respective messengers. Sender has no detailed knowledge about or influence on the respective providers.

    Your agreement to this data processing can be revoked at any time by sending “stop” in the respective messenger.

    To delete all data that is stored by our technical service provider, please send a message with „delete all data“ through your messenger.

    Sender uses the technical service provider MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany as data processor for this messenger service.

       

      Adjust GmbH (Apps only)

      • Address: adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany
      • GDPR Compliancehttps://www.adjust.com/gdpr/
      • Purpose: 
        • Unterstützung bei der Identifizierung des Verhaltens in der mobilen Anwendung, um Entscheidungen über gezieltes Marketing vorzubereiten; Unterstützung bei der effizienten Handhabung und Optimierung der mobilen Kampagnen für soziale Netzwerke und anderswo im Internet.
      • All pseudonymised data:
        • Pseudonymous cookie ID, ad ID and device ID used by a particular person, events in the mobile app about the use of the mobile app by a particular user (in particular login, successful completion of the transaction), but no payment and financial data.
        • Content of the advertisement to be delivered to a particular user and, as appropriate, classified advertising group to which that person belongs.

       

      If you accept Adjust-Tracking in the App (in "Usage And Log Information"), some pseudonymous data will be sent to Facebook Inc. 

      Facebook App tracking

      • Address: Facebook Inc.,1 Hacker Way, Menlo Park, California, US
      • GDPR Compliance: https://www.facebook.com/business/gdpr
      • Purpose: 
        • Advertising the HolidayPirates app through Facebook and its network, including retargeting campaigns
        • Knowing which users of the HolidayPirates app were acquired by advertising on Facebook
      • All pseudonymised data:
        • Attribution ID
        • Advertising ID
        • Tracking enabled information - advertiser tracking_enabled, application_tracking_enabled
        • App event data : event name, app version, log time

       

      If you accept Adjust-Tracking in the App (in "Usage And Log Information"), some data will be sent to Google Ireland Limited. 

      Google Ads App tracking

        • Address: Google Ireland Limited -Gordon House, Barrow Street, Dublin 4, Irland
        • GDPR Compliance:https://privacy.google.com/businesses/compliance/#!?modal_active=none
        • Purpose:
          • Advertising the HolidayPirates app and website through Google and its network
          • Knowing which users of the HolidayPirates app were acquired by advertising on Google
        • Data: 
          • Advertising ID
          • IP-Address
          • Device ID 
          • App event data 

      4. Data collection when applying for a job

      If you apply for a job position at HolidayPirates, personal data will be used for the purpose of carrying out the evaluation process in accordance with § 26 BDSG, Art. 6 (1) lit. a) GDPR. The data you provide will be used only for the purpose of filling the vacancy, examining and processing your application in this context.

      After finalization of the application process, these data will be blocked for further use and deleted after expiry of any retention obligations, unless you expressly consent to any other processing. You can revoke your consent at any time by writing to [email protected].

      Personio

      To process your data we cooperate with the provider Personio GmbH. The service provider Personio is used as our data processor. Personio is used for the implementation of a fast and effective application process and based on § 26 BDSG. 

      • Adress: Personio GmbH, Buttermelcherstr. 16, 80469 Munich, Germany
      • GDPR Compliancehttps://www.personio.de/ueber-uns/datenschutz/
      • Purpose: Storage and processing of applicant data for the purpose of application
      • Information you provide by submitting the Personio application:

        • Name

        • Email adress

        • Telefon number (if provided)

        • Date of entry 

        • Salary expectation

        • All data that you provide in your application documents (CV, cover letter, certificates, etc.).

      5. How we use Information

      We use the information we have (subject to choices you make) to operate, provide, improve, understand, customize, support, and market our Services. Here's how:

      • Our Services. We use the information we have to operate and provide our Services, including providing customer support, and improving, fixing, and customizing our Services. We understand how people use our Services and analyze and use the information we have to evaluate and improve our Services, research, develop, and test new services and features, and conduct troubleshooting activities. We also use your information to respond to you when you contact us.
      • Safety And Security. We verify accounts and activity, and promote safety and security on and off our Services, such as by investigating suspicious activity or violations of our Terms, and to ensure our Services are being used legally.
      • Third-Party Banner Ads. The Site uses DoubleClick, a third party advertising provider, to serve advertisements on the Site. Advertising providers are third parties that display advertisements based on your visits to the Site and other web sites you have visited, allowing targeted advertisements to be delivered to you for products and services in which you might be interested. The Site also uses a third party traffic measurement service to analyse how visitors use the Site. Third party advertising providers, advertisers (whose ads are displayed via the advertising provider) and the traffic measurement services used on the Site may use cookies, web beacons or embedded scripts (described above) or other similar mechanisms to automatically collect web site usage information. Third party advertising providers and the advertisers may use this web site usage information for, among other purposes, helping deliver advertisements to you that you might be interested in, to prevent you from seeing the same advertisements too many times and to conduct research regarding the usefulness of certain advertisements are to you. Traffic measurement services used on the Site may use the collected web site usage information for, among other purposes, gathering information about users' interactions with the Site, such as which links are clicked on. Cookies, web beacons and embedded scripts and other similar mechanisms used to collect web site usage information from advertising providers, advertisers and traffic measurement services are governed by their respective privacy policies and not this Privacy Policy. However, we do not share any Personal Information with these third parties in connection with their performing these services on the Web Site.For more information about DoubleClick, including instructions on how to opt out of DoubleClick's targeted advertising, please see http://www.doubleclick.com/pri... . For additional information about how to opt out of targeted advertising from DoubleClick and other members of the Network Advertising Initiative, please see http://www.networkadvertising.... .The following paragraph is a template for an opt-out statement, the properties may feature Nielsen proprietary measurement software, which will allow users to contribute to market research, such as Nielsen TV Ratings. To learn more about the information that Nielsen software may collect and your choices with regard to it, please see the Nielsen Digital Measurement Privacy Policy at http://www.nielsen.com/digitalprivacy.

      The tracking of Ad Up, a technology and service provider of Axel Springer Teaser Ad GmbH (Axel-Springer-Strasse 65, 10969 Berlin), is integrated on our websites. By collecting anonymised and / or pseudonymous data, Ad Up will then be able to display advertisements for a 
      specific time on websites. Ad Up uses cookies to provide advertisers with conversion tracking that determines the effectiveness of their ads and keywords. More information about the data protection of Axel Springer Teaser Ad GmbH is available at https://www.adup-tech.com/datenschutz/. Via the button "Activate opt-out cookie" you also have the possibility to set an opt-out-cookie in your browser and deactivate Ad Up in this browser.

       

      6. How We Process Information

      Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we've explained these below. You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, and erasure of your data under the General Data Protection Regulation (the "GDPR"). To exercise your rights, see our Privacy Policy under How You Exercise Your Rights.

      For all people who have legal capacity to enter into an enforceable contract, we process data as necessary to perform our contracts with you (the Terms of Service, the "Terms"). The core data uses necessary to provide our contractual services are:

      • To provide, improve, customize, and support our Services as described in "Our Services";
      • To promote safety and security;
      • To store, or process your data outside the EEA, including to within the United States and other countries; and
      • To communicate with you, for example, on Service-related issues.

      When we process data you provide to us as necessary to perform our contracts with you, you have the right to port it under the GDPR. To exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.

      The other legal bases we rely on in certain instances when processing your data are:

      Your Consent:

      For collecting and using information you allow us to receive through the device-based settings when you enable them (such as access to your camera, or photos), so we can provide the features and services described when you enable the settings.

      When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time and to port that data you provide to us, under the GDPR. To exercise your rights, visit your device-based settings How You Exercise Your Rights section of the Privacy Policy.

      Legitimate Interest :

      Based on the GDPR art. 6/1f, we will not request nor require consent from a user in order to display advertisements. After having conducted a legitimate interest assessment, we believe that our legitimate interest is appropriate given the value we bring to our users, discovering great travel deals for bargain price. Based on data collected, we will show ads to users that deliver the best user experience. By doing so, we allow users to enjoy the inspiration and the free of charge site browsing while driving revenue for the company to maintain and develop the product. Moreover, we are fully supportive of the digital ad industry consent mechanisms and will continue to test consent mechanisms as potential alternative legal basis for processing.

      For all people, including those under the age of majority:

      • For providing measurement, analytics, and other business services where we are processing data as a controller. The legitimate interests we rely on for this processing are:
        • To provide accurate and reliable reporting to businesses and other partners, to ensure accurate pricing and statistics on performance, and to demonstrate the value our partners realise using our Services; and
        • In the interests of businesses and other partners to help them understand their customers and improve their businesses, validate their pricing models, and evaluate the effectiveness and distribution of their services and messages, and understand how people interact with them on our Services.
      • For providing marketing communications to you. The legitimate interests we rely on for this processing are:
        • To promote and send you, as customer, our last offers.

      You have the right to object to, and seek restriction of, such processing; to exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.

      We will consider several factors when assessing an objection including: our users' reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

       

      7. How The General Data Protection Regulation Applies To Our Users

      7.1 How You Exercise Your Rights

      Under the General Data Protection Regulation (GDPR) or other applicable local laws, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can access or port your information using our in-app Request Account Info feature (to be developed). You can access tools to rectify, update, and erase your information directly in-app as described in the Managing and Deleting Your Information section. Where we use your information for direct marketing for our own Services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications (Newsletter), or by removing your Travel Preferences and turning off the Spectacular Deals and Error fares switches.

       

      7.2 Affected rights (revocation and opposition rights)

      "Regardless of the explanations above, you may object to the use of your information at any time and revoke any consent to use your information at any time."

      Here, the right of objection under Art. 21 para. 1 and 2 GDPR applies to the processing of your data in connection with direct advertisement, if this is done on the basis of a balance of interests.

      Moreover, you have the right to correct, delete or restrict the processing of your information, as well as the right to object to processing and the right to transfer your data. Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving that you are the person you are spending yourself on.

      If you revoke your consent to data processing or object to the use of the data, this does not affect the lawfulness of the data processing until the time of the revocation.

      Legal basis

      • Right of withdrawal (Art. 7 (3) GDPR "Conditions for consent")
      • Right to object (Art. 21 GDPR "Right of opposition")

      Right to rectification, deletion, suspension and restriction

      Further, you have the right to correct, block or delete the data which is collected and stored by us, at any time. We expressly point out that there may be legal obligations to store data.

      Legal basis

      • Right to data correction (Article 16 GDPR "Right to rectification")
      • Right to cancellation (Article 17 GDPR "Right to be forgotten")
      • Right to limitation (Art. 18 GDPR "Right to restriction of processing")

      Right to data transferability and complaint to a supervisory authority

      As of 25.05.2018, you are also entitled to data transferability under Art. 20 GDPR and have the right to complain to the competent supervisory authority within the meaning of Art. 77 GDPR.

      Legal basis

      • Right to data transferability (Art. 20 DSGVO "Right to Data Transferability")
      • Right to appeal to a supervisory authority (Article 77 GDPR "Right to Data Portability)

      If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in a way, you can complain to the relevant regulatory authority.

      In the case of HolidayPirates GmbH, this is the responsible supervisory authority:

      Berlin Commissioner for Data Protection and Freedom of Information
      Friedrichstr. 219, 10969 Berlin
      Phone: +49 30 / 13889-406
      E-Mail: [email protected]

      Right to information

      You have the right to know which data we store about you (right to information). Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving that you are the person for whom you spend yourself.

      Legal basis

      • Right to information (Art. 15 GDPR "Right of access of the data subject")

      Contact person:

      HolidayPirates GmbH
      Wallstr. 59
      10179 Berlin
      Email: [email protected]

       

      8. Managing and deleting Your Information

      We store information until your account is deleted.

      If you would like to manage, change, or delete your information, we allow you to do that through the following features:

      • User Profile. Under User Profile you can manage all the information related to your profile. You can create, edit and delete your Travel Preferences. You can change your username, your profile picture, your email and your password.
      • Delete Account. Under the User Profile (in-app) you have the right to be forgotten by removing your account from our systems.
      • Unsubscribe from Newsletter: You can unsubscribe from our newsletter at any time. The link can be found at the end of each newsletter. As soon as you have unsubscribed from the newsletter, you will no longer receive any further offers from us and your personal data will be deleted immediately.
      • Unsubscribe from our WhatsApp-Service: You can unsubscribe from our WhatsApp service at any time. Simply send a message with "STOP" to our number.
      • Data-analytics: Under the Settings in-app you can stop being tracked. Notice that turning off the Analytics will restrict how we customize our Services to better suit your preferences. You can turn off the tracking at the website by clicking the button "service control" below.
         

      9. Law and Protection

      Art. 6 I lit. a GDPR is the legal basis for our company to processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the provision of any other service or consideration, the processing is based on Art. 6 I lit , b GDPR. Same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. We collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to: (a) respond pursuant to applicable law or regulations, to legal process, or to government requests; (b) enforce our Terms and any other applicable terms and policies; (c) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our users, HolidayPirates GmbH, or others.

       

      10. Updates To Our Policy

      We will notify you before we make changes to this Privacy Policy and give you the opportunity to review the revised Privacy Policy before you choose to continue using our Services.

       

      11. Contact Information

      The Data Protection Officer for HolidayPirates GmbH can be contacted here ([email protected]).

      If you have questions about our Privacy Policy, please write us here:

      HolidayPirates GmbH

      Wallstr. 59

      10179 Berlin

      Phone: +49 30 34 655 0074

       

      12. Cookies

      12.1 About Cookies

      A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device.

      12.2 How we use cookies

      We use cookies to understand, secure, operate, and provide our Services. For example, we use cookies:

      • to provide HolidayPirates for web and other Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services;
      • to simplify the log-in process or to customize our content in line with your interests and preferences.
      • If you book a trip with one of our business partners via our site, appropriate personal data will be passed to the business partner. This includes cookies used to record the booking process. The cookies enable our business partner to ascertain that you have taken advantage of the offer presented via our website. Our partners may use information about your booking to improve your/their offering.

      Following data can be transmitted in this way:


      When you visit our website, you are informed about the use of cookies, in this context, there is also a reference to this privacy policy.

      The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR. Our legitimate interest in data processing is justified by our economic interest in providing technical functionality. The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. (1) lit. a GDPR.

       

        12.3 How to control Cookies

        You can follow the instructions provided by your browser or device (usually located under "Settings" or "Preferences") to modify your cookie settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.

        Should you have questions about your personal data, you can contact us via the contact form on our website. 

         

        March 28th, 2019