Data protection
Created on July 28, 2022
Last modified on March 1, 2025
Introduction and overall overview
We published this privacy policy on July 28, 2022 and last updated it on November 20, 2024. The aim of this policy is to provide you with the General Data Protection Regulation (EU) 2016/679 and applicable national laws, explain what types of personal information we collect and how it is processed by us and our service providers. We will also inform you about your legal rights in dealing with this data. The terms used in this policy are neutral and do not discriminate against gender.
Scope of the declaration
This privacy policy applies to all personal data processed by us or companies acting on our behalf (processors) as part of our tours, lectures, and online services. According to Article 4, Paragraph 1 of the GDPR, personal information refers to data that makes a person identifiable, such as name, email address, address, and telephone number. This information enables us to provide and bill for our services and products, both online and offline. This privacy policy covers the following areas:
Legal basis
In this policy we disclose the legal basis on which we process your personal data, in accordance with the General Data Protection Regulation (GDPR). Regarding EU law, we refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, available online at EUR Lex, is accessible.
Your data will be processed by us if one of the following points applies:
In addition to the EU regulation, national laws also apply, such as the Austrian Federal Law on the Protection of Natural Persons with regard to the Processing of Personal Data, the Data Protection Act (DSG for short).
Contact details of those responsible
If you have any questions about data protection or the processing of your personal data, you can contact the person responsible:
Person responsible for data processing:
Wiener Nimmerland
Venediger Au 4, 1020 Vienna
E-mail: postmaster@wienernimmerland.at
Phone number: +436707011176
Data Protection Officer & Contact Person for Data Protection:
Nadine Liebl
E-mail: backend@wienernimmerland.at
Phone number: +4369919227642
Storage duration
We adhere to the principle of only retaining personal data for as long as it is absolutely necessary to provide our services. This means that we delete your data as soon as the purpose for processing it no longer applies. In certain cases, however, we are legally obliged to continue storing data even if the original reason for processing no longer exists, e.g. invoice and payment data are retained for at least 7 years in accordance with tax and commercial law regulations.
If you request deletion of your data or revoke your consent to data processing, we will delete your data immediately as long as there is no legal obligation to store it.
Rights under the General Data Protection Regulation (GDPR)
In accordance with Articles 13 and 14 of the GDPR, we would like to inform you of your data protection rights that ensure fair and transparent processing of your personal data:
Use your rights and do not hesitate to contact our responsible data protection officer, whose contact details you can provide above in this Privacy Policy can find.
If you have the impression that the processing of your data does not comply with data protection laws or that your data protection rights have otherwise been violated, you are free to lodge a complaint with the responsible supervisory authority. The complaint can be sent by email or post to the responsible data protection authority:
Austrian data protection authority
Line: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone number.: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
site: https://www.dsb.gv.at/
Security measures for data processing
General
To ensure the security of personal data, we have taken both technical and organizational security precautions. Wherever possible, we rely on encryption or pseudonymization of the data.
In accordance with Art. 25 GDPR, which prescribes data protection through technical design and data protection-friendly default settings, we take security aspects into account when selecting our software and hardware. An example of this is the implementation of TLS encryption.
TLS encryption with HTTPS
To securely transmit data on the Internet, we use HTTPS, which ensures secure transmission of all data between your browser and our server. By using TLS, an encryption protocol, we ensure the protection of confidential information.
You can recognize the existence of this security measure by the lock symbol in the address bar of your browser and by the “https” prefix in the URL of our website.
Order processing contract (AVV)
Like many companies, we rely on the support of external service providers to make specific tasks and services more efficient. This occasionally includes passing on personal information to these service providers, for example as part of booking systems. Such external partners act for us as data processors with whom we conclude a formal data processing agreement (DVV). It is important to understand that this data will be processed exclusively according to our instructions and is strictly regulated by the DVV. According to the GDPR definition, we consider any natural or legal entity that processes personal data on our behalf to be our data processor. This includes service providers such as hosting companies, payment processors or other large companies.
Cookies
Our website uses HTTP cookies to store user-specific information and to ensure basic functionality. These small text files are stored in your browser and enable, among other things, the smooth use of our web shop. They store information such as shopping cart contents, session data or user preferences (e.g. language settings) to facilitate your navigation and enable the ordering process.
The cookies used are technically necessary and serve exclusively to ensure the functionality and user-friendliness of our website. The use of these cookies is therefore based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. no marketing or tracking cookies used.
The storage period of these cookies varies: some are deleted when your session ends, others may remain on your device for a longer period to save your preferences for future visits. You have control over these cookies and can delete or block them at any time via your browser settings. Please note that this may limit the functionality of our webshop.
Communication
If you contact us using different methods such as telephone, WhatsApp, email or social media, your personal data will be processed. This processing serves the purpose of effectively managing your requests, including the associated booking processes and accounting requirements.
It is also possible that data such as your name and telephone number will be transmitted to you via email for the purpose of communication and stored to answer your inquiries. Such data will be deleted after completion of the business transaction and in accordance with legal requirements.
Legal bases
Your data will be processed on the basis of the following legal provisions:
WhatsApp Privacy Policy
On our website we offer the option of communicating directly with us via WhatsApp using an icon. The service is provided by WhatsApp Inc., a subsidiary of Meta Platforms Inc. (until October 2021, Facebook Inc.), whereby WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in Europe is responsible for the service.
Please note that we may not respond to certain requests, particularly those involving internal contractual details, via the Messenger Service. In such cases, we recommend alternative communication channels such as email or telephone. By clicking on the WhatsApp icon you will leave our website and be redirected to WhatsApp. WhatsApp also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the lawfulness and security of data processing. The WhatsApp data protection regulations apply to the use of WhatsApp.
WhatsApp uses so-called standard contractual clauses (= Art. 46 Para. 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WhatsApp undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the Order and the relevant Standard Contractual Clauses, among others here.
You will find information on data transmission at WhatsApp, which corresponds to the standard contractual clauses here.
The WhatsApp data protection regulations apply to the use of WhatsApp. We do not collect any personal data by providing this icon. Further information on data protection when using WhatsApp can be found in the WhatsApp privacy policy.
For further questions about WhatsApp's privacy policy, you can contact the company on-line contact or write directly to:
WhatsApp Ireland Limited
Attn: Privacy Policy
Merrion Rd
Dublin4, D04 X2K5
Ireland
Media reporting and media content creation
Wiener Nimmerland regularly creates photos and videos for public relations, social media, and educational purposes. The following principles apply:
1. Privacy & Consent
2. Use & Publication
3. Protection of identity
Legal bases
The creation and processing of media content is based on Art. 6 (1) (a) GDPR (consent), as media content such as photos, videos, or audio is only created with consent. The creation of this media serves to document Wiener Nimmerland's educational work and represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR (legitimate interest).
Web hosting – Helloly
Our website is stored and operated on a web server, a task that is usually carried out by professional providers to ensure smooth operation. The provider Helloly performs this service for us.
To provide its online offering, Helloly uses rented storage space, computing capacity and software from a corresponding server provider, as well as its own server hardware. These services ensure a stable and secure online presence.
Collection of access data and log files
While you visit our website, personal data is processed and stored by both your device and the web server in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP addresses and the requesting provider. These log files are used for security purposes (e.g. to prevent DDoS attacks) and to ensure server utilization and stability. Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.
Email sending and hosting
Web hosting services also include the sending, receiving, and storage of emails. For these purposes, recipient and sender addresses, as well as other information regarding email sending and the content of the respective emails, are processed. This data can also be used to detect spam. However, emails sent over the Internet are generally not encrypted.
Content Delivery Network (CDN)
Helloly also uses a CDN to deliver online content faster and more securely. This service is provided by Cloudflare, a US-based provider. For more information, see the Cloudflare Privacy Policy.
Legal bases
The legitimacy of this data processing is based on Art. 6 (1) (f) GDPR (legitimate interests), since the use of professional hosting services and appropriate security measures is essential to make our online presence secure and user-friendly.
There is a data processing agreement between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures data protection and data security, which here is visible.
Web hosting provider Helloly Privacy Policy
For further details on data processing by our hosting provider, you can contact Helloly, operated by helloly GmbH, directly:
Mag. Michael Neumann
helloly GmbH
Rainerstrasse 25
A-4020 Linz
Authorized representatives:
Johannes Kührer and Mag. Michael Neumann
Email address: office@helloly.com
You can find more comprehensive information on data processing in their privacy policy: Helloly Privacy Policy.
Content Management System – WordPress
Our website is built with the content management system WordPress.
We have a legitimate interest in using a content management system to provide a technically optimized and user-friendly online presence. The corresponding legal basis for this is Article 6 Paragraph 1 f GDPR (legitimate interests).
WordPress.com Privacy Policy
Our website is based on the content management system WordPress.
By default, WordPress collects non-personal information provided by web browsers and servers, such as browser type, language preferences, referring website, and date and time of request, to understand usage behavior on its platform. Such data helps WordPress analyze and publish trends in the use of its services without individually identifying visitors. In addition, IP addresses may be collected as potentially personally-identifying information, but will not be used to identify visitors or disclosed except in specific cases regulated by law.
Further details about data processing by WordPress and your data protection rights can be found in the WordPress Privacy Policy.
Use of plugins and tools
In order to expand the functionality of our website and offer you an optimal user experience, we use various WordPress plugins and tools. These can perform various functions, from improving user experience and website security to optimizing loading times and providing multimedia content. Below you will find information about the specific plugins and tools we use and how, if at all, they process personal data.
Legal bases
The data processing by these plugins is based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR in order to ensure the functionality and security of our website.
For the design and functionality of our website we use the WordPress theme GeneratePress Premium, offered by Tom Usborne, who runs the website https://generatepress.org/ is accessible. GeneratePress Premium is an advanced theme that allows us to customize the appearance, structure and behavior of our website to provide you with an improved user experience.
Using GeneratePress Premium does not directly lead to the collection of personal data by the theme itself. However, as with most websites, when you interact with our website, general data such as IP address, browser type, time of visit and pages viewed may be collected. to ensure and improve the functionality of the website. This data is not processed by GeneratePress Premium, but by our web hosting provider. In addition, GeneratePress Premium itself does not set any specific cookies for tracking or advertising purposes.
For further information about GeneratePress Premium and how it handles data, please refer to the GeneratePress Privacy Policy.
Reviews and Rating – Google My Business
In order to display authentic customer reviews on our website, we use the “Reviews and Rating – Google My Business” plugin. This plugin is GDPR compliant and displays reviews via the Google Cloud Places API without sharing or compromising customer data. Data transfer occurs directly between your web server and Google Cloud, meaning no customers' personal information is collected or shared during this process. The content processed by this plugin is publicly available information from reviews made via Google.
Stackable – Gutenberg Blocks
To design and optimize our website, we use the “Stackable – Page Builder Gutenberg Blocks” plugin, developed by Gambit Technologies Inc. This plugin allows us to make our website more user-friendly and visually appealing by using various Gutenberg blocks.
By using “Stackable”, no personal or technical data of our website visitors is collected by the plugin. Further details can be found in the Stackable's Privacy Policy.
The SEO Framework
Our website uses the SEO plugin "The SEO Framework" to improve search engine optimization. This plugin does not process any personal data and does not set cookies. It is characterized by its privacy-friendly design, does not share information with external services, and is 100% ad-free.
W3 Total Cache
We use the W3 Total Cache plugin to improve the loading speed of our website through caching. This plugin does not store any personal data. For more information, see the BoldGrid Privacy Policy.
UpdraftPlus – Backup/Restore
We use UpdraftPlus to back up and restore our website data. This includes storing backups that may contain personal data. For more information, see the UpdraftPlus Privacy Policy.
TranslatePress – Multilingual
TranslatePress is used to make our website multilingual. This plugin can process IP addresses and other personal data. For more information, see the TranslatePress Privacy Policy.
WooCommerce
We use the WooCommerce plugin to operate our web shop. This is an e-commerce system developed by Automattic Inc. WooCommerce does not process personal data directly, but serves as a platform on which the order data recorded in the web shop is managed and stored. All data is stored exclusively on the servers of our hosting provider and not by WooCommerce.
With WooCommerce, the following data is managed during orders in the webshop:
The processing of this data is based on Art. 6 Para. 1 lit. b GDPR (performance of the contract).
For further information on data processing by WooCommerce, please refer to the Automattic's privacy policy.
webshop
processing of order data
During the ordering process we collect and process the following personal data:
This data is used exclusively to process and handle the order. The legal basis for this processing is Art. 6 Para. 1 lit. b GDPR (performance of a contract).
payment processing
We use the external payment service provider Stripe to process payments in the web shop. For orders placed by email, payment is processed either by bank transfer or via PayPal. The data required for payment (e.g. credit card details, invoice amount) is transmitted to Stripe or PayPal. Both payment service providers may set their own cookies to ensure the security and functionality of the payment transactions.
Payment data is processed in accordance with the data protection guidelines of the respective providers. Detailed information on this can be found in our data protection provisions in the sections Stripe Privacy Policy or PayPal Privacy PolicyThe legal basis for the processing is Art. 6 Para. 1 lit. b GDPR (performance of the contract).
transfer to shipping service providers
In order to deliver the ordered goods, we transmit the necessary data (name and delivery address) to the shipping service provider commissioned by us. Shipping is usually carried out by Hermes Logistik GmbH, but in individual cases other providers such as the post office, DHL or DPD may also be used. The data is passed on exclusively to fulfill the contract in accordance with Art. 6 Paragraph 1 Letter b of GDPR.
Further information on the processing of data by Hermes can be found in the Hermes privacy policy.
Necessary cookies in the webshop
In the webshop we use cookies that are necessary for the technical functionality of the ordering process. They are essential to ensure smooth use of the webshop. These include:
For more information about the use of cookies, please see our privacy policy in the section Cookies.
Payment provider
To process online payments on our website, we use secure payment systems that enable efficient and secure payment for both us and you. In this context, personal data may be transmitted to the respective payment service provider, stored and processed there.
We only retain personal data for as long as necessary to provide our services and products, except where legal requirements, such as for accounting purposes, require longer retention. Accordingly, accounting documents that are part of a contract are stored for 10 years in accordance with Section 147 AO and other relevant business documents are stored for 6 years in accordance with Section 247 of the German Commercial Code (HGB).
You have the right to information, correction and deletion of your personal data. If you have any further questions, you can contact the responsible payment provider directly at any time.
In addition to traditional banking and credit institutions, we offer various payment service providers to process contractual or legal relationships, based on Art. 6 Para. 1 lit. b GDPR. Below you will find an overview of the data processing and data storage of these payment service providers.
Stripe Privacy Policy
We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe Limited is responsible, with its registered office at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data required for the payment process is forwarded to Stripe and stored.
The technology company Stripe offers payment solutions for online payments and allows us to offer various payment methods. Stripe handles the entire payment process. Through Stripe, credit card payments can be made directly on the website without redirection, allowing for quick payment processing. It is also possible to make payments with Klarna, EPS and credit cards via Stripe Checkout.
Stripe processes personal data necessary for payment processing that is required to carry out transactions. This includes information such as name, email address, billing address, payment method (credit card number), bank routing number, currency, amount and date of payment, and sometimes transaction history. In addition, Stripe may collect technical data such as IP address and device information for fraud prevention, financial reporting and to fully provide its services. Stripe may also transfer data to countries outside the EU/EEA, ensuring an adequate level of data protection through standard contractual clauses.
Personal data is generally stored for the duration of the service provision. This means that the data will be stored until we terminate the cooperation with Stripe.
You always have the right to information, correction and deletion of your personal data. To exercise your data protection rights or have further questions, you can either Privacy Center from Stripe or Stripe's data protection officer at dpo@stripe.com to contact. You can find out more information about the standard contractual clauses and the data processed through the use of Stripe in the Stripe Privacy Policy.
Legal basis
In addition to the conventional bank/credit institutions, we also offer the payment service provider Stripe for the processing of contractual or legal relationships (Art. 6 Para. 1 lit. b DSGVO). The successful use of the service also requires your consent (Art. 6 Para. 1 lit. a GDPR), insofar as the use of cookies is necessary for the use.
Stripe may also process data in the USA. Given the European Court of Justice's decision invalidating the EU-US Privacy Shield, there remains uncertainty about the appropriate level of protection for data transfers to the US. This can pose various risks to the lawfulness and security of data processing.
In order to ensure the protection of your data when transferred to third countries, especially to the USA, Stripe relies on the standard contractual clauses approved by the European Commission (Article 46 Para. 2 and 3 GDPR). These model contracts are designed to ensure that your personal data enjoys a level of protection comparable to European data protection law even outside the EU/EEA. By applying these clauses, Stripe undertakes to comply with European data protection standards, even if the data is processed in the USA. The application of these clauses is based on an implementing decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses, among other things here.
eps transfer privacy policy
We use eps transfer, a service for online transactions, on our website. The service provider is the Austrian company PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna.
PSA only collects personal data that is necessary for the implementation and processing of its services or that you have provided voluntarily. They process personal data of contractual partners as part of contract negotiations and processing as well as the development of payment solutions to fulfill contractual obligations. The data processed includes names, contact details and customer details. The legal basis for processing is the fulfillment of contractual obligations (Article 6 Paragraph 1 b GDPR) and legitimate interests (Article 6 Paragraph 1 f GDPR), in particular the maintenance of communication and the maintenance of business contacts.
The PSA acts as a central service provider for Austrian credit institutions by providing technical systems to issue cards, set up payment media on mobile phones and process transactions. If EPS is selected for payment, you will be redirected to the website of the selected bank and the payment process will be processed there. Therefore, if you have any questions about the processing of personal data in connection with debit/ATM cards or credit cards, it is recommended that you contact the relevant bank. You can find out more in the PSA privacy policy.
If you have any questions about data protection or if you would like to assert your data subject rights, please contact privacy@psa.at or by post to PSA Payment Services Austria GmbH, attnH Datenschutz, Handelskai 92, Gate 2, 1200 Vienna.
The responsible data protection officer can be reached at the following email address: datenschutz@psa.at.
Klarna privacy policy
We use the Klarna online payment system on our website, provided by the Swedish company Klarna Bank AB. Klarna Bank has its headquarters at Sveavägen 46, 111 34 Stockholm, Sweden. Using Klarna allows you to pay for your orders immediately online. If you choose Klarna as your payment option, the payment process will take place via Klarna and you will be redirected to our website after the payment has been completed.
During this process, Klarna collects technical data such as browser type, operating system, date and time of your order, language and time zone, IP address and other relevant information. This data is also recorded if a booking has not yet been finalized.
As soon as you decide to use the Klarna payment service and pay using Klarna's instant payment method or Klarna's pay in 30 days method, you also transmit personal data to the company. When you book a tour through our website, you must enter information about yourself in the fields provided. This data is processed by Klarna for payment processing. For creditworthiness and identity checks, data such as contact information (name, email address, telephone number or nationality), payment information (credit card details or account number) or information about the respective tour (booking number and costs) can be stored and processed by Klarna:
Klarna endeavors to store data primarily within the EU or EEA. Data transfers to countries outside these regions only take place if an adequate level of data protection is ensured.
You can revoke your consent to data processing at any time. You can also request information, correction and deletion of your data. Please direct inquiries about this directly to Klarna datenschutz@klarna.de or use the contact options on the Klarna website "My privacy request".
Further detailed information about data protection at Klarna and your rights can be found in the Klarna privacy policy.
PayPal Privacy Policy
We also offer the online payment service PayPal on our website. The service provider is the American company PayPal Inc. In Europe the company is represented by PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg).
PayPal processes personal data such as name, address, email address and payment information to carry out payment transactions. This data processing is necessary to fulfill the contract between you and us regarding the payment services (Art. 6 Para. 1 lit. b GDPR). PayPal may also collect technical information such as IP address, device type and browser information to ensure the security of transactions and prevent fraud.
In certain cases, PayPal data may also be transferred to the USA and processed there. To ensure an adequate level of data protection for these data transfers, PayPal uses standard contractual clauses as required by the European Commission. These oblige PayPal to maintain the European level of data protection even when processing data in the USA. The use of standard contractual clauses follows an implementing decision of the EU Commission, which ensures that your personal data is adequately protected even outside the EU/EEA.
You can find the resolution and the corresponding standard contractual clauses, among other things here.
Legal basis
Please note that the use of PayPal is based on your consent (Art. 6 Para. 1 lit. a GDPR), especially when it comes to the processing of data that is not directly necessary to carry out the payment process. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.
For detailed information about PayPal's use of standard contractual clauses and further details on data processing, we recommend viewing the PayPal Privacy Policy. There you will find comprehensive information about your rights, including the right to access, rectify, delete your data and how you can exercise these rights.
You can contact the responsible data protection officer on-line or offline at “PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg”.
Rating platforms
You can rate our tours and leave feedback on the TripAdvisor and Google Customer Reviews review platforms, some of which may be displayed on our website. Please note that if you leave a review via one of these platforms, the privacy policy and general terms and conditions of the respective provider apply.
The integration of these rating platforms on our website is carried out using widgets or similar technologies that establish direct communication between your browser and the rating platform provider. This allows data such as your IP address or browser information to be transferred to the provider and processed there.
The use of rating platforms allows us to receive valuable feedback on our tours and to continually improve them. At the same time, the reviews provide future customers with guidance and insight into the quality of our offering.
Typically, the following types of personal information may be collected by TripAdvisor and Google customer reviews: contact information (name, phone number, email address), username and password, photos and videos you share, review texts, forum and social media posts, geolocation data as well as information about your device and your use of the platform (e.g. pages visited, browser used).
Legal basis
The processing of your data by rating platforms is based on your consent in accordance with Article 6 (1) (a) GDPR, provided you have agreed to the use of the platform and the associated data processing. In addition, by integrating rating platforms, we pursue the legitimate interest of optimizing our services and presenting transparent customer feedback (Art. 6 Para. 1 lit. f GDPR). However, these platforms can only be used if you have given your explicit consent.
For detailed information on data processing by TripAdvisor and Google Customer Reviews, we refer to the data protection declarations of the respective platforms, which you can find in the next paragraphs.
Tripadvisor Privacy Policy
We use the TripAdvisor platform to evaluate our services. TripAdvisor, LLC, an American company, is responsible for processing your personal data. For matters relating to data protection within the European Union, TripAdvisor Ireland Limited, with its registered office at “70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland”, acts as the contact point for European citizens and supervisory authorities. It is important to note that TripAdvisor Ireland Limited may also act on behalf of TripAdvisor, LLC for other communications or legal proceedings.
As a user, you have various rights regarding your personal data under the General Data Protection Regulation (GDPR), including the rights of access, rectification, deletion, restriction of processing, objection and data portability. Detailed information about your rights can be found in TripAdvisor's privacy policy, which can be found at the end of this part.
TripAdvisor processes your personal data on the basis of various legal bases: to fulfill a contract, to protect the legitimate interests of TripAdvisor or third parties, to comply with legal or regulatory obligations and/or with your consent.
Your data may be transferred to and stored in countries outside the European Economic Area (EEA). TripAdvisor and Viator always take the necessary measures to ensure an adequate level of protection of your data, including the application of standard contractual clauses and other safeguards in accordance with applicable laws. The use of TripAdvisor implies your consent to the possible transfer of your data to TripAdvisor entities and third parties.
For further information about TripAdvisor's processing of your data, including specific details for users in the European Economic Area, please see the TripAdvisor privacy policy, which also contains information about the GDPR, which is listed at the bottom.
Google Customer Reviews Privacy Policy
We use Google customer reviews, a service provided by Google LLC, to evaluate our services. Google Ireland Limited, with its registered office in “Gordon House, Barrow Street, Dublin 4, Ireland”, is responsible for the European area. Google Customer Reviews allows us to collect and present feedback from users of our services.
As part of this program, Google processes personal data that may be transferred to the USA and processed there. Given the decisions of the European Court of Justice regarding data transfers to the USA, we would like to inform you that there are concerns about the level of protection for personal data transferred to the USA. In order to ensure the protection of your data and achieve an appropriate level of data protection, Google uses standard contractual clauses in accordance with Article 46 Paragraphs 2 and 3 GDPR. These oblige Google to comply with European data protection standards, even if data is processed in the USA. The application of these standard contractual clauses by Google ensures that your personal data will be treated in accordance with European data protection regulations, even when processed in third countries such as the USA. These clauses are based on an implementing decision of the EU Commission. You will find the resolution and the corresponding standard contractual clauses, among others here.
For comprehensive information about how Google processes your data and your data protection rights, we recommend viewing the Google privacy policy.
External media and content
In order to provide our website with additional information and interactive content, we integrate external services such as Google Maps, OpenStreetMap and Vimeo. Instead of embedding Google Maps directly, we use map images created with OpenStreetMap. If necessary, a button takes you to the desired location or route on Google Maps. Vimeo videos will only be displayed after you agree to Vimeo's data processing and use of cookies. This method allows us to provide you with a user-friendly and informative online experience while still ensuring your privacy.
Online map service: OpenStreetMap data protection declaration
We use the OpenStreetMap (OSM) map service on our website to visually display geographical information. OpenStreetMap is provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, based on the Open Data Commons Open Database License (ODbL).
When you visit pages on our website that contain OpenStreetMap maps, data is transferred to OpenStreetMap servers. This data may include, but is not limited to, your IP address and other information about your device, such as browser type, operating system and technical device information. This data transfer occurs regardless of whether you have a user account with OpenStreetMap or are logged in. If you are logged in to OpenStreetMap, your data can be assigned directly to your account. If you do not want to be associated with your OpenStreetMap profile, you must log out before visiting our website.
The use of OpenStreetMap is in the interest of an attractive presentation of our online offerings and to make it easy to find the locations we indicate on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 f GDPR.
Legal basis
The legal basis for the integration of OpenStreetMap and the associated data processing is Art. 6 Para. 1 f GDPR, based on our interest in offering you a visually appealing presentation of our online services and making it easier to find the locations indicated on our website.
Further information on how to handle user data can be found in the OpenStreetMap privacy policy.
Online map service: Google Maps data protection declaration
In order to give you an idea of locations and routes, we use references on our website to the online map service Google Maps, operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), a subsidiary of Google LLC, USA . Instead of directly embedding, we use self-created images of the respective maps and connect them with a button that redirects to the desired location or route on Google Maps.
This method ensures that no personal data is automatically transmitted to Google when you simply visit our website. As soon as you actively use the button to access Google Maps, Google may collect data about this interaction, including your IP address and information about the use of the map service. The use of Google Maps after leaving our website is therefore subject to Google's data protection regulations and terms of use.
Legal basis
The provision of a redirect to Google Maps on our website is based on our legitimate interest in offering you detailed information about the company's location and tour routes (Art. 6 Para. 1 f GDPR). A direct data transfer to Google only takes place after your consent (Art. 6 Para. 1 a GDPR) by pressing the button. This actively selects redirection to Google Maps.
Please note that Google may process data in the USA. When transferring data to third countries such as the USA, Google uses standard contractual clauses as a guarantee of an adequate level of data protection. These clauses are based on an implementing decision of the EU Commission, which you can read including the corresponding standard contractual clauses, among other things here find.
Further information on data processing by Google, including the transfer and protection of your data, can be found in the Google privacy policy.
Video platform: Vimeo
We integrate videos from the provider Vimeo LLC, headquartered at 555 West 18th Street, New York, New York 10011, USA, on our website to provide you with multimedia content. When you visit certain subpages of our website that contain Vimeo videos, a connection is established to Vimeo's servers. The Vimeo server is informed which of our pages you have visited. Vimeo also receives your IP address, even if you do not have a Vimeo account or are not logged in to Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
Vimeo processes user data, among other things, through automatically collected information such as your IP address and technical information about your device. This data collection occurs regardless of whether you have a Vimeo account. Vimeo may track your activities using cookies and similar technologies. By using Vimeo services on our website, you agree to the use of these methods in accordance with Vimeo's Cookie Policy.
Online booking system – Bookeo
For online bookings on our website we use Bookeo, a booking system from Bookeo Pty Ltd, based at 18/30 Denison Street, Bondi Junction NSW 2022, Australia. Bookeo allows you to check availability, make bookings and make payments online. When using Bookeo, personal data such as name, email address, telephone number and optionally your nationality are collected and stored by Bookeo.
Bookeo offers a variety of features including an integrated online payment system that supports various payment methods (credit card, PayPal, Klarna and EPS). While credit card details and billing addresses are securely transmitted to a payment gateway for payment processing, we or Bookeo do not store complete credit card details. In addition, technical data is processed to optimize our service and make your booking easier.
Bookeo stores data necessary for booking processing, such as names, email addresses, telephone numbers, nationality, and booking details such as booking number, number of participants, and prices. For school bookings, publicly available information such as school addresses is also stored. This data is automatically deleted from the booking system after two years, but is stored in separate lists for a further seven years due to legal retention requirements.
You can revoke your consent to data processing by Bookeo at any time. A revocation does not affect the lawfulness of the processing of your data prior to the revocation.
Legal basis
The processing of your data by Bookeo is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR, which you give by actively using the booking system. In addition, we have a legitimate interest in using Bookeo to improve our customer service and internal booking organization in accordance with Article 6 (1) (f) GDPR.
You can find specific information about the data protection regulations here Bookeo privacy policy. Bookeo has implemented measures to ensure an adequate level of data protection for your data, including for transfers to countries outside the EEA.
If you have any questions about data protection or wish to exercise your rights regarding your personal data, please contact Bookeo directly:
Data protection team: privacy@bookeo.com
Data protection officer: dpo@bookeo.com
Alternatively, you can contact the GDPR representative for European affairs straight away. The EU representative according to 27 GDPR is:
Rickert Rechtsanwaltsgesellschaft mbH
Colmantstrasse 15
53225 Bonn, Germany
All texts in this privacy policy are protected by copyright. Some passages were created, revised, and individually adapted using ChatGPT.
Deutsch 