Imprint
Terms and Conditions
Privacy Policy
0670 / 701 11 76
office@wienernimmerland.at

Data protection

Created on July 28, 2022
Last modified on 13.7.2024

Introduction and overall overview

We published this data protection declaration on July 28, 2022 and last updated it on March 10, 2024. The aim of this policy is to provide you with information based on the General Data Protection Regulation (EU) 2016/679 and applicable national laws, explain what types of personal information we collect and how it is processed by us and our service providers. We will also inform you about your legal rights in dealing with this data. The terms used in this policy are neutral and do not discriminate against gender.

Scope of the declaration

This privacy policy applies to all personal information collected in our operations and processed by us or companies acting on our behalf (processors). According to Article 4 paragraph 1 of the GDPR, personal information means data that makes a person identifiable, such as name, email address and telephone number. This information allows us to provide and bill for our services and products, both online and offline. The privacy policy covers the following areas:

  • all our online presences (website, TripAdvisor/Viator, Google)
  • Appearances via social media and communication via them
  • Communication via email, telephone and when booking via our website

In short, this policy applies to all activities in which personal information is systematically processed through the means mentioned.

Legal basis

In this policy we disclose the legal basis on which we process your personal data, in accordance with the General Data Protection Regulation (GDPR). Regarding EU law, we refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, available online at EUR Lex, is accessible.

Your data will be processed by us if one of the following points applies:

  1. consent (Art. 6 Para. 1 a GDPR): You have expressly agreed that we may use your data for specific purposes, e.g. if you leave data for a booking via our website.
  2. contract (Art. 6 Para. 1 b GDPR): To fulfill the contract, we need your data, for example when making a booking, personal data is processed.
  3. Legal Obligation (Art. 6 Para. 1 c GDPR): In some cases, data is required to fulfill legal requirements. In certain cases we are legally obliged to store data, for example for accounting purposes.
  4. Legitimate interest (Art. 6 Para. 1 f GDPR): If it is necessary to protect our legitimate interests without affecting your fundamental rights, e.g. to secure and economically manage our website.

In addition to the EU regulation, national laws also apply, such as the Austrian Federal Law on the Protection of Natural Persons with regard to the Processing of Personal Data, the Data Protection Act (DSG for short).

Contact details of those responsible

If you have any questions about data protection or the processing of your personal data, you can contact the person responsible:

Storage duration

We adhere to the principle of only retaining personal data for as long as is strictly necessary to provide our services. This means that we delete your data as soon as the purpose for processing it no longer applies. However, in certain cases we are legally obliged to continue to store data even if the original reason for processing no longer exists, for example for accounting purposes.

If you request deletion of your data or revoke your consent to data processing, we will delete your data immediately as long as there is no legal obligation to store it.

Rights under the General Data Protection Regulation (GDPR)

In accordance with Articles 13 and 14 of the GDPR, we would like to inform you of your data protection rights that ensure fair and transparent processing of your personal data:

  • According to Article 15 of the GDPR, you have the right to know whether and which personal data about you is stored by us. You are also entitled to a copy of this data and access to the following details:
  • the purpose of processing;
  • the categories of data processed;
  • the recipients of this data;
  • the intended storage period;
  • Your right to correction, deletion or restriction of processing as well as the right to object;
  • Your right to complain to a supervisory authority;
  • the data source if the data was not collected directly from you.
  • According to Article 16 of the GDPR, you have the right to have incorrect data corrected.
  • According to Article 17 GDPR, you have the right to request the deletion of your data, known as the “right to be forgotten”.
  • According to Article 18 GDPR, you have the right to have the processing of your data restricted so that it may only be stored but not further processed.
  • According to Article 19 GDPR, you have the right to data portability, which means that upon request we will provide you with your data in a common format.
  • According to Article 21 GDPR, you have a right to object, which, once enforced, changes the type of data processing.
  • According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing.
  • According to Article 77 GDPR, you have the right to lodge a complaint with the data protection authority if you believe that the processing of your data violates the GDPR.

Use your rights and do not hesitate to contact our responsible data protection officer, whose contact details you can provide above in this Privacy Policy can find.

If you have the impression that the processing of your data does not comply with data protection laws or that your data protection rights have otherwise been violated, you are free to lodge a complaint with the responsible supervisory authority. The complaint can be sent by email or post to the responsible data protection authority:

Austrian data protection authority

Line: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone number.: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
site: https://www.dsb.gv.at/

Security measures for data processing

General

To ensure the security of personal data, we have taken both technical and organizational security precautions. Wherever possible, we rely on encryption or pseudonymization of the data.

In accordance with Art. 25 GDPR, which prescribes data protection through technical design and data protection-friendly default settings, we take security aspects into account when selecting our software and hardware. An example of this is the implementation of TLS encryption.

TLS encryption with HTTPS

To securely transmit data on the Internet, we use HTTPS, which ensures secure transmission of all data between your browser and our server. By using TLS, an encryption protocol, we ensure the protection of confidential information.

You can recognize the existence of this security measure by the lock symbol in the address bar of your browser and by the “https” prefix in the URL of our website.

Order processing contract (AVV)

Like many companies, we rely on the support of external service providers to make specific tasks and services more efficient. This occasionally includes passing on personal information to these service providers, for example as part of booking systems. Such external partners act for us as data processors with whom we conclude a formal data processing agreement (DVV). It is important to understand that this data will be processed exclusively according to our instructions and is strictly regulated by the DVV. According to the GDPR definition, we consider any natural or legal entity that processes personal data on our behalf to be our data processor. This includes service providers such as hosting companies, payment processors or other large companies.

Cookies

Our website uses HTTP cookies to store user-specific information. As is common on many websites, these small text files are stored in your browser to record certain user preferences such as language settings or page configurations.

Necessary cookies

These necessary cookies ensure the basic functionality of our website and make navigation easier for you. For example, they allow you to preserve your language settings even when you visit other sites and prevent your choices from being reset when you close the browser.

The storage period of these cookies varies; some are deleted after a short period of time, while others can remain on your device for years. You have control over these cookies and can delete them manually at any time via your browser settings.

Communication

If you contact us using different methods such as telephone, WhatsApp, email or social media, your personal data will be processed. This processing serves the purpose of effectively managing your requests, including the associated booking processes and accounting requirements.

It is also possible that data such as your name and telephone number will be transmitted to you via email for the purpose of communication and stored to answer your inquiries. Such data will be deleted after completion of the business transaction and in accordance with legal requirements.

Legal bases

Your data will be processed on the basis of the following legal provisions:

  • Art. 6 Para. 1 lit. a GDPR (consent): You give us your consent to store and use your data for specific purposes related to the business transaction.
  • Art. 6 Paragraph 1 Letter b GDPR (contract): Data processing is necessary to fulfill a contract with you or a processor, e.g. for the booking system.
  • Art. 6 Para. 1 lit. f GDPR (legitimate interest): In order to professionally handle customer inquiries and business communication, certain technical means are required, such as an email program and mobile phone provider. These enable us to ensure efficient communication.

WhatsApp Privacy Policy

On our website we offer the option of communicating directly with us via WhatsApp using an icon. The service is provided by WhatsApp Inc., a subsidiary of Meta Platforms Inc. (until October 2021, Facebook Inc.), whereby WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in Europe is responsible for the service.

Please note that we may not respond to certain requests, particularly those involving internal contractual details, via the Messenger Service. In such cases, we recommend alternative communication channels such as email or telephone. By clicking on the WhatsApp icon you will leave our website and be redirected to WhatsApp. WhatsApp also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the lawfulness and security of data processing. The WhatsApp data protection regulations apply to the use of WhatsApp.

WhatsApp uses so-called standard contractual clauses (= Art. 46 Para. 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WhatsApp undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the Order and the relevant Standard Contractual Clauses, among others here.

You will find information on data transmission at WhatsApp, which corresponds to the standard contractual clauses here.

The WhatsApp data protection regulations apply to the use of WhatsApp. We do not collect any personal data by providing this icon. Further information on data protection when using WhatsApp can be found in the WhatsApp privacy policy.

For further questions about WhatsApp's privacy policy, you can contact the company on-line contact or write directly to:

WhatsApp Ireland Limited
Attn: Privacy Policy
Merrion Rd
Dublin 4, D04 X2K5
Ireland

Web hosting – Helloly

Our website is stored and operated on a web server, a task that is usually carried out by professional providers to ensure smooth operation. The provider Helloly performs this service for us.

Provision of the online offer on rented storage space and dedicated server hardware

To provide its online offering, Helloly uses rented storage space, computing capacity and software from a corresponding server provider, as well as its own server hardware. These services ensure a stable and secure online presence.

Collection of access data and log files

While you visit our website, personal data is processed and stored by both your device and the web server in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP addresses and the requesting provider. These log files are used for security purposes (e.g. to prevent DDoS attacks) and to ensure server utilization and stability. Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.

Email sending and hosting

The web hosting services also include the sending, receiving and storing of emails. For these purposes, addresses of recipients and senders as well as other information regarding the sending of emails and the contents of the respective emails are processed. This data can also be used to detect SPAM. Please note that emails are generally not sent encrypted on the Internet. We cannot accept responsibility for the transmission path of emails between the sender and the recipient on our server.

Content Delivery Network (CDN)

Helloly also uses a CDN to deliver content from its online offering faster and more securely. This service is provided by Cloudflare, a provider based in the USA. For more information, see the Cloudflare Privacy Policy.

Legal bases

The legitimacy of this data processing is based on Art. 6 (1) (f) GDPR (legitimate interests), since the use of professional hosting services and appropriate security measures is essential to make our online presence secure and user-friendly.

There is a data processing agreement between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures data protection and data security, which here is visible.

Web hosting provider Helloly Privacy Policy

For further details on data processing by our hosting provider, you can contact Helloly, operated by helloly GmbH, directly:

Mag. Michael Neumann
helloly GmbH
Rainerstrasse 25
A-4020 Linz

Authorized representatives:
Johannes Kührer and Mag. Michael Neumann
Email address: office@helloly.com

You can find more comprehensive information on data processing in their privacy policy: Helloly Privacy Policy.

Content Management System – WordPress

Our website is built with the content management system WordPress.

We have a legitimate interest in using a content management system to provide a technically optimized and user-friendly online presence. The corresponding legal basis for this is Article 6 Paragraph 1 f GDPR (legitimate interests).

WordPress.com Privacy Policy

Our website is based on the content management system WordPress.

By default, WordPress collects non-personal information provided by web browsers and servers, such as browser type, language preferences, referring website, and date and time of request, to understand usage behavior on its platform. Such data helps WordPress analyze and publish trends in the use of its services without individually identifying visitors. In addition, IP addresses may be collected as potentially personally-identifying information, but will not be used to identify visitors or disclosed except in specific cases regulated by law.

Further details about data processing by WordPress and your data protection rights can be found in the WordPress Privacy Policy.

Use of plugins and tools

In order to expand the functionality of our website and offer you an optimal user experience, we use various WordPress plugins and tools. These can perform various functions, from improving user experience and website security to optimizing loading times and providing multimedia content. Below you will find information about the specific plugins and tools we use and how, if at all, they process personal data.

Legal bases

The data processing by these plugins is based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR in order to ensure the functionality and security of our website.

GeneratePress Premium

For the design and functionality of our website we use the WordPress theme GeneratePress Premium, offered by Tom Usborne, who runs the website https://generatepress.org/ is accessible. GeneratePress Premium is an advanced theme that allows us to customize the appearance, structure and behavior of our website to provide you with an improved user experience.

Using GeneratePress Premium does not directly lead to the collection of personal data by the theme itself. However, as with most websites, when you interact with our website, general data such as IP address, browser type, time of visit and pages viewed may be collected. to ensure and improve the functionality of the website. This data is not processed by GeneratePress Premium, but by our web hosting provider. In addition, GeneratePress Premium itself does not set any specific cookies for tracking or advertising purposes.

For further information about GeneratePress Premium and how it handles data, please refer to the GeneratePress Privacy Policy.

Reviews and Rating – Google My Business

In order to display authentic customer reviews on our website, we use the “Reviews and Rating – Google My Business” plugin. This plugin is GDPR compliant and displays reviews via the Google Cloud Places API without sharing or compromising customer data. Data transfer occurs directly between your web server and Google Cloud, meaning no customers' personal information is collected or shared during this process. The content processed by this plugin is publicly available information from reviews made via Google.

Stackable – Gutenberg Blocks

To design and optimize our website, we use the “Stackable – Page Builder Gutenberg Blocks” plugin, developed by Gambit Technologies Inc. This plugin allows us to make our website more user-friendly and visually appealing by using various Gutenberg blocks.

By using “Stackable”, no personal or technical data of our website visitors is collected by the plugin. Further details can be found in the Stackable's Privacy Policy.

The SEO Framework

Our website uses the SEO plugin “The SEO Framework” to improve search engine optimization. This plugin is characterized by its data protection friendliness and does not pass on any information to external services. It is 100% ad-free and does not use cookies.

W3 Total Cache

We use the W3 Total Cache plugin to improve the loading speed of our website through caching. This plugin does not store any personal data. For more information, see the BoldGrid Privacy Policy.

UpdraftPlus – Backup/Restore

We use UpdraftPlus to back up and restore our website data. This includes storing backups that may contain personal data. For more information, see the UpdraftPlus Privacy Policy.

TranslatePress – Multilingual

TranslatePress is used to make our website multilingual. This plugin can process IP addresses and other personal data. For more information, see the TranslatePress Privacy Policy.

Payment provider

To process online payments on our website, we use secure payment systems that enable efficient and secure payment for both us and you. In this context, personal data may be transmitted to the respective payment service provider, stored and processed there.

We only retain personal data for as long as necessary to provide our services and products, except where legal requirements, such as for accounting purposes, require longer retention. Accordingly, accounting documents that are part of a contract are stored for 10 years in accordance with Section 147 AO and other relevant business documents are stored for 6 years in accordance with Section 247 of the German Commercial Code (HGB).

You have the right to information, correction and deletion of your personal data. If you have any further questions, you can contact the responsible payment provider directly at any time.

In addition to traditional banking and credit institutions, we offer various payment service providers to process contractual or legal relationships, based on Art. 6 Para. 1 lit. b GDPR. Below you will find an overview of the data processing and data storage of these payment service providers.

Stripe Privacy Policy

We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe Limited is responsible, with its registered office at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data required for the payment process is forwarded to Stripe and stored.

The technology company Stripe offers payment solutions for online payments and allows us to offer various payment methods. Stripe handles the entire payment process. Through Stripe, credit card payments can be made directly on the website without redirection, allowing for quick payment processing. It is also possible to make payments with Klarna, EPS and credit cards via Stripe Checkout.

Stripe processes personal data necessary for payment processing that is required to carry out transactions. This includes information such as name, email address, billing address, payment method (credit card number), bank routing number, currency, amount and date of payment, and sometimes transaction history. In addition, Stripe may collect technical data such as IP address and device information for fraud prevention, financial reporting and to fully provide its services. Stripe may also transfer data to countries outside the EU/EEA, ensuring an adequate level of data protection through standard contractual clauses.

Personal data is generally stored for the duration of the service provision. This means that the data will be stored until we terminate the cooperation with Stripe.

You always have the right to information, correction and deletion of your personal data. To exercise your data protection rights or have further questions, you can either Privacy Center from Stripe or Stripe's data protection officer at dpo@stripe.com to contact. You can find out more information about the standard contractual clauses and the data processed through the use of Stripe in the Stripe Privacy Policy.

Legal basis

In addition to the conventional bank/credit institutions, we also offer the payment service provider Stripe for the processing of contractual or legal relationships (Art. 6 Para. 1 lit. b DSGVO). The successful use of the service also requires your consent (Art. 6 Para. 1 lit. a GDPR), insofar as the use of cookies is necessary for the use.

Stripe may also process data in the USA. Given the European Court of Justice's decision invalidating the EU-US Privacy Shield, there remains uncertainty about the appropriate level of protection for data transfers to the US. This can pose various risks to the lawfulness and security of data processing.

In order to ensure the protection of your data when transferred to third countries, especially to the USA, Stripe relies on the standard contractual clauses approved by the European Commission (Article 46 Para. 2 and 3 GDPR). These model contracts are designed to ensure that your personal data enjoys a level of protection comparable to European data protection law even outside the EU/EEA. By applying these clauses, Stripe undertakes to comply with European data protection standards, even if the data is processed in the USA. The application of these clauses is based on an implementing decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses, among other things here.

eps transfer privacy policy

We use eps transfer, a service for online transactions, on our website. The service provider is the Austrian company PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna.

PSA only collects personal data that is necessary for the implementation and processing of its services or that you have provided voluntarily. They process personal data of contractual partners as part of contract negotiations and processing as well as the development of payment solutions to fulfill contractual obligations. The data processed includes names, contact details and customer details. The legal basis for processing is the fulfillment of contractual obligations (Article 6 Paragraph 1 b GDPR) and legitimate interests (Article 6 Paragraph 1 f GDPR), in particular the maintenance of communication and the maintenance of business contacts.

The PSA acts as a central service provider for Austrian credit institutions by providing technical systems to issue cards, set up payment media on mobile phones and process transactions. If EPS is selected for payment, you will be redirected to the website of the selected bank and the payment process will be processed there. Therefore, if you have any questions about the processing of personal data in connection with debit/ATM cards or credit cards, it is recommended that you contact the relevant bank. You can find out more in the PSA privacy policy.

If you have any questions about data protection or if you would like to assert your data subject rights, please contact privacy@psa.at or by post to PSA Payment Services Austria GmbH, attnH Datenschutz, Handelskai 92, Gate 2, 1200 Vienna.
The responsible data protection officer can be reached at the following email address: datenschutz@psa.at.

Klarna privacy policy

We use the Klarna online payment system on our website, provided by the Swedish company Klarna Bank AB. Klarna Bank has its headquarters at Sveavägen 46, 111 34 Stockholm, Sweden. Using Klarna allows you to pay for your orders immediately online. If you choose Klarna as your payment option, the payment process will take place via Klarna and you will be redirected to our website after the payment has been completed.

During this process, Klarna collects technical data such as browser type, operating system, date and time of your order, language and time zone, IP address and other relevant information. This data is also recorded if a booking has not yet been finalized.

As soon as you decide to use the Klarna payment service and pay using Klarna's instant payment method or Klarna's pay in 30 days method, you also transmit personal data to the company. When you book a tour through our website, you must enter information about yourself in the fields provided. This data is processed by Klarna for payment processing. For creditworthiness and identity checks, data such as contact information (name, email address, telephone number or nationality), payment information (credit card details or account number) or information about the respective tour (booking number and costs) can be stored and processed by Klarna:

Klarna endeavors to store data primarily within the EU or EEA. Data transfers to countries outside these regions only take place if an adequate level of data protection is ensured.

You can revoke your consent to data processing at any time. You can also request information, correction and deletion of your data. Please direct inquiries about this directly to Klarna datenschutz@klarna.de or use the contact options on the Klarna website "My privacy request".

Further detailed information about data protection at Klarna and your rights can be found in the Klarna privacy policy.

PayPal Privacy Policy

We also offer the online payment service PayPal on our website. The service provider is the American company PayPal Inc. In Europe the company is represented by PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg).

PayPal processes personal data such as name, address, email address and payment information to carry out payment transactions. This data processing is necessary to fulfill the contract between you and us regarding the payment services (Art. 6 Para. 1 lit. b GDPR). PayPal may also collect technical information such as IP address, device type and browser information to ensure the security of transactions and prevent fraud.

In certain cases, PayPal data may also be transferred to the USA and processed there. To ensure an adequate level of data protection for these data transfers, PayPal uses standard contractual clauses as required by the European Commission. These oblige PayPal to maintain the European level of data protection even when processing data in the USA. The use of standard contractual clauses follows an implementing decision of the EU Commission, which ensures that your personal data is adequately protected even outside the EU/EEA.
You can find the resolution and the corresponding standard contractual clauses, among other things here.

Legal basis

Please note that the use of PayPal is based on your consent (Art. 6 Para. 1 lit. a GDPR), especially when it comes to the processing of data that is not directly necessary to carry out the payment process. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.

For detailed information about PayPal's use of standard contractual clauses and further details on data processing, we recommend viewing the PayPal Privacy Policy. There you will find comprehensive information about your rights, including the right to access, rectify, delete your data and how you can exercise these rights.
You can contact the responsible data protection officer on-line or offline at “PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg”.

Rating platforms

You can rate our tours and leave feedback on the TripAdvisor and Google Customer Reviews review platforms, some of which may be displayed on our website. Please note that if you leave a review via one of these platforms, the privacy policy and general terms and conditions of the respective provider apply.

The integration of these rating platforms on our website is carried out using widgets or similar technologies that establish direct communication between your browser and the rating platform provider. This allows data such as your IP address or browser information to be transferred to the provider and processed there.

The use of rating platforms allows us to receive valuable feedback on our tours and to continually improve them. At the same time, the reviews provide future customers with guidance and insight into the quality of our offering.

Typically, the following types of personal information may be collected by TripAdvisor and Google customer reviews: contact information (name, phone number, email address), username and password, photos and videos you share, review texts, forum and social media posts, geolocation data as well as information about your device and your use of the platform (e.g. pages visited, browser used).

Legal basis

The processing of your data by rating platforms is based on your consent in accordance with Article 6 (1) (a) GDPR, provided you have agreed to the use of the platform and the associated data processing. In addition, by integrating rating platforms, we pursue the legitimate interest of optimizing our services and presenting transparent customer feedback (Art. 6 Para. 1 lit. f GDPR). However, these platforms can only be used if you have given your explicit consent.

For detailed information on data processing by TripAdvisor and Google Customer Reviews, we refer to the data protection declarations of the respective platforms, which you can find in the next paragraphs.

Tripadvisor Privacy Policy

We use the TripAdvisor platform to evaluate our services. TripAdvisor, LLC, an American company, is responsible for processing your personal data. For matters relating to data protection within the European Union, TripAdvisor Ireland Limited, with its registered office at “70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland”, acts as the contact point for European citizens and supervisory authorities. It is important to note that TripAdvisor Ireland Limited may also act on behalf of TripAdvisor, LLC for other communications or legal proceedings.

As a user, you have various rights regarding your personal data under the General Data Protection Regulation (GDPR), including the rights of access, rectification, deletion, restriction of processing, objection and data portability. Detailed information about your rights can be found in TripAdvisor's privacy policy, which can be found at the end of this part.

TripAdvisor processes your personal data on the basis of various legal bases: to fulfill a contract, to protect the legitimate interests of TripAdvisor or third parties, to comply with legal or regulatory obligations and/or with your consent.

Your data may be transferred to and stored in countries outside the European Economic Area (EEA). TripAdvisor and Viator always take the necessary measures to ensure an adequate level of protection of your data, including the application of standard contractual clauses and other safeguards in accordance with applicable laws. The use of TripAdvisor implies your consent to the possible transfer of your data to TripAdvisor entities and third parties.

For further information about TripAdvisor's processing of your data, including specific details for users in the European Economic Area, please see the TripAdvisor privacy policy, which also contains information about the GDPR, which is listed at the bottom.

Google Customer Reviews Privacy Policy

We use Google customer reviews, a service provided by Google LLC, to evaluate our services. Google Ireland Limited, with its registered office in “Gordon House, Barrow Street, Dublin 4, Ireland”, is responsible for the European area. Google Customer Reviews allows us to collect and present feedback from users of our services.

As part of this program, Google processes personal data that may be transferred to the USA and processed there. Given the decisions of the European Court of Justice regarding data transfers to the USA, we would like to inform you that there are concerns about the level of protection for personal data transferred to the USA. In order to ensure the protection of your data and achieve an appropriate level of data protection, Google uses standard contractual clauses in accordance with Article 46 Paragraphs 2 and 3 GDPR. These oblige Google to comply with European data protection standards, even if data is processed in the USA. The application of these standard contractual clauses by Google ensures that your personal data will be treated in accordance with European data protection regulations, even when processed in third countries such as the USA. These clauses are based on an implementing decision of the EU Commission. You will find the resolution and the corresponding standard contractual clauses, among others here.

For comprehensive information about how Google processes your data and your data protection rights, we recommend viewing the Google privacy policy.

External media and content

In order to provide our website with additional information and interactive content, we integrate external services such as Google Maps, OpenStreetMap and Vimeo. Instead of embedding Google Maps directly, we use map images created with OpenStreetMap. If necessary, a button takes you to the desired location or route on Google Maps. Vimeo videos will only be displayed after you agree to Vimeo's data processing and use of cookies. This method allows us to provide you with a user-friendly and informative online experience while still ensuring your privacy.

Online map service: OpenStreetMap data protection declaration

We use the OpenStreetMap (OSM) map service on our website to visually display geographical information. OpenStreetMap is provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, based on the Open Data Commons Open Database License (ODbL).

When you visit pages on our website that contain OpenStreetMap maps, data is transferred to OpenStreetMap servers. This data may include, but is not limited to, your IP address and other information about your device, such as browser type, operating system and technical device information. This data transfer occurs regardless of whether you have a user account with OpenStreetMap or are logged in. If you are logged in to OpenStreetMap, your data can be assigned directly to your account. If you do not want to be associated with your OpenStreetMap profile, you must log out before visiting our website.

The use of OpenStreetMap is in the interest of an attractive presentation of our online offerings and to make it easy to find the locations we indicate on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 f GDPR.

Legal basis

The legal basis for the integration of OpenStreetMap and the associated data processing is Art. 6 Para. 1 f GDPR, based on our interest in offering you a visually appealing presentation of our online services and making it easier to find the locations indicated on our website.

Further information on how to handle user data can be found in the OpenStreetMap privacy policy.

Online map service: Google Maps data protection declaration

In order to give you an idea of locations and routes, we use references on our website to the online map service Google Maps, operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), a subsidiary of Google LLC, USA . Instead of directly embedding, we use self-created images of the respective maps and connect them with a button that redirects to the desired location or route on Google Maps.

This method ensures that no personal data is automatically transmitted to Google when you simply visit our website. As soon as you actively use the button to access Google Maps, Google may collect data about this interaction, including your IP address and information about the use of the map service. The use of Google Maps after leaving our website is therefore subject to Google's data protection regulations and terms of use.

Legal basis

The provision of a redirect to Google Maps on our website is based on our legitimate interest in offering you detailed information about the company's location and tour routes (Art. 6 Para. 1 f GDPR). A direct data transfer to Google only takes place after your consent (Art. 6 Para. 1 a GDPR) by pressing the button. This actively selects redirection to Google Maps.

Please note that Google may process data in the USA. When transferring data to third countries such as the USA, Google uses standard contractual clauses as a guarantee of an adequate level of data protection. These clauses are based on an implementing decision of the EU Commission, which you can read including the corresponding standard contractual clauses, among other things here find.

Further information on data processing by Google, including the transfer and protection of your data, can be found in the Google privacy policy.

Video platform: Vimeo

We integrate videos from the provider Vimeo LLC, headquartered at 555 West 18th Street, New York, New York 10011, USA, on our website to provide you with multimedia content. When you visit certain subpages of our website that contain Vimeo videos, a connection is established to Vimeo's servers. The Vimeo server is informed which of our pages you have visited. Vimeo also receives your IP address, even if you do not have a Vimeo account or are not logged in to Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

Vimeo processes user data, among other things, through automatically collected information such as your IP address and technical information about your device. This data collection occurs regardless of whether you have a Vimeo account. Vimeo may track your activities using cookies and similar technologies. By using Vimeo services on our website, you agree to the use of these methods in accordance with Vimeo's Cookie Policy.

Legal basis

The processing of your data in connection with Vimeo videos takes place exclusively on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. This consent is obtained via a consent manager before the Vimeo videos are loaded and can be revoked by you at any time. Revoking your consent will not affect the lawfulness of the processing carried out based on your consent before its revocation.

Further information on how to handle user data can be found in the Vimeo privacy policy.

Online booking system – Bookeo

For online bookings on our website we use Bookeo, a booking system from Bookeo Pty Ltd, based at 18/30 Denison Street, Bondi Junction NSW 2022, Australia. Bookeo allows you to check availability, make bookings and make payments online. When using Bookeo, personal data such as name, email address, telephone number and optionally your nationality are collected and stored by Bookeo.

Bookeo offers a variety of features including an integrated online payment system that supports various payment methods (credit card, PayPal, Klarna and EPS). While credit card details and billing addresses are securely transmitted to a payment gateway for payment processing, we or Bookeo do not store complete credit card details. In addition, technical data is processed to optimize our service and make your booking easier.

Bookeo stores data necessary for booking processing such as names, email addresses, telephone numbers, nations and general booking information such as booking number, number of participants, prices, etc. In addition, publicly available information is stored, as well as school addresses for class bookings. This data is automatically deleted from the booking system after 2 years

You can revoke your consent to data processing by Bookeo at any time. A revocation does not affect the lawfulness of the processing of your data prior to the revocation.

Legal basis

The processing of your data by Bookeo is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR, which you give by actively using the booking system. In addition, we have a legitimate interest in using Bookeo to improve our customer service and internal booking organization in accordance with Article 6 (1) (f) GDPR.

You can find specific information about the data protection regulations here Bookeo privacy policy. Bookeo has implemented measures to ensure an adequate level of data protection for your data, including for transfers to countries outside the EEA.

For questions about data protection or to exercise your rights regarding your personal data, please contact Bookeo directly:

Data protection team: privacy@bookeo.com
Data protection officer: dpo@bookeo.com

Alternatively, you can contact the GDPR representative for European affairs straight away. The EU representative according to 27 GDPR is:

Rickert Rechtsanwaltsgesellschaft mbH
Colmantstrasse 15
53225 Bonn, Germany

All texts in the data protection declaration are of course protected by copyright.