Vacation at Sea - uw privacy in veilige handen

Data protection declaration

Welcome to Vacation at Sea GmbH

We are pleased to have gained your interest in our offers and would like to be your partner for cruises. Protecting your privacy and your personal data is very important to us.

The collection and use of your data is therefore always in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). Below we will inform you about which data we collect and how we process this data.

1. Personal data

Personal data in the sense of the GDPR is any information that relates to an identified or identifiable natural person. An identifiable natural person is a natural person, who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data is only stored to the extent that  is necessary, to provide the booked service, to comply with legal requirements or for the purpose stated below.

2. Anonymized data / Log files

You can visit our websites without having to collect personal data. Every time you visit our website, certain anonymized data is stored, e.g. which page or offer was accessed. However, this data is not personal and is therefore not subject to the legal regulations of the GDPR or the BDSG.

The website operator or site provider collects data about access to the site and saves it as “server log files”. The following data is logged like this:

Website visited, time of access, amount of data sent in bytes, source/reference from which you came to the page, browser used, operating system used, IP address used.

The data collected is only used for statistical evaluations and to improve the website. However, the website operator reserves the right to subsequently check the server log files if there are concrete indications of illegal use.

Anonymous data is collected solely for statistical evaluation in order to improve our offering. Please note the point “Right to information / right of withdrawal”.

3. Purpose of collecting personal data

However, the collection of personal data becomes essential if you want to book a trip or other service via our portal, contact us, subscribe to our newsletter or use other offers on our site for which personal data is essential. This also includes voucher purchases and participation in competitions.

In accordance with legal regulations and in the spirit of data economy, only data that is required to provide this service is generally collected. If we ask you to provide further information in our forms, the information is always voluntary and marked as such.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To do this, the user's IP address must remain stored for the duration of the session. The data is also stored in log files to ensure the functionality of the website. The data also serves us to optimize the website and to ensure the security of our information technology systems. The data will not be evaluated for marketing purposes in this context. These purposes also include our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f of the GDPR.

If you book a trip or another service, the data collected will be used to process this booking, within the legal requirements, for advertising purposes and for statistical purposes.

The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 Paragraph 3 UWG.

If you subscribe to our newsletter, we will also store and use the data you provided pertaining to yourself and your cruise, based on Article 6 Paragraph 1 Letter f of the GDPR, in order to be able to provide you, as a newsletter subscriber, with the best possible support.

The legal basis for the processing of data upon registration for the newsletter and constent given by the user, is Art. 6 Para. 1 lit. a GDPR

We also use the personal data we store to maintain customer relationships, for customer support (e.g. information pertaining to your stay), to carry out our own advertising and marketing measures (e.g. sending catalogs or other advertising mail within the legally permissible framework, questions about customer satisfaction ) and for processing of the booking.

 

 

4. Legal basis for processing personal data

If we obtain the consent of the data subject for processing personal data, Article 6 Paragraph 1 Letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary to fulfill a contract to which the affected person is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c GDPR serves as the legal basis. In the event that the vital interests of the affected person or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing.

5. Disclosure of personal data to third parties

Your personal data will only be passed on within the relevant requirements, in particular data protection and competition law.

To the extent that it is necessary for the provision of the contractual service or legal obligations owed by us, your data will also be passed on to sub-contractors or service providers to provide the service in our name or on behalf of us (e.g. technical processing of mail and email communications, payment processing, customer service).

In addition, the data will be passed on to people or companies to process your booking, in particular to cruise lines, airlines, tour operators, hotels, travel agencies, rental car companies, authorities, etc. Please note that the data protection regulations at the location of these people and companies may vary from those in Germany.

Your data will also be disclosed and transmitted to third parties if we are obliged to do so by law or as a result of legally concluded legal proceedings.

You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided.

6. Storage and deletion of data

Your personal data will be stored for the purposes stated under “Purpose of collecting personal data”. The personal data of the affected person will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The legislature has enacted a variety of retention obligations and periods. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract

7. Use of Cookies

We use cookies (small computer files containing text information that the web server sends to your Internet browser) to improve your experience when visiting our online offers. For example, some notices will only appear once if you allow us to set a cookie. Our cookies also have an expiration date. If you delete your cookies manually before they expire, you will receive a new one the next time you visit the site, unless you block the storage of the cookie.

The technical specifications stipulate that the server can only read a cookie that was sent by it. We assure you that we will not store any personal data in cookies.

Unfortunately without accepting cookies, using our offers is only possible to a limited extent. We therefore recommend permanently activating cookies for our website. Most internet browsers are set to automatically accept cookies. However, you can deactivate the storage of cookies and set your internet browser to notify you when cookies are sent.

The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes, if the user has given his consent, is Article 6 (1) (a) GDPR.

8. Consent with Borlabs Cookie

Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.

The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

We use the Borlabs cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is Art. 6(1)(c) GDPR.
Borlabs Einstellungen bearbeiten

9. Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymization

Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your location, the progression of your search and YouTube progression as well as demographic data (site visitor data). This data may be used for customized advertising with the assistance of Google Signal. If you have a Google account, your site visitor information will be linked to your Google account by Google Signal and used to send you customized promotional messages. The data is also used to compile anonymized statistics of our users’ online patterns.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Google Analytics E-Commerce-Tracking

This website uses the “E-Commerce Tracking” function of Google Analytics. With the assistance of E-Commerce Tracking, the website operator is in a position to analyze the purchasing patterns of website visitors with the aim of improving the operator’s online marketing campaigns. In this context, information, such as the orders placed, the average order values, shipping costs and the time from viewing the product to making the purchasing decision are tracked. These data may be consolidated by Google under a transaction ID, which is allocated to the respective user or the user’s device.

Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

10. Safety, questions and suggestions, person responsible

Last but not least, security also depends on your system. You should always keep your access information confidential, never allow the web browser to save passwords and close the internet browser window when you finish your visit of our website. By doing this, you can make it more difficult for third parties to access your personal data.

Use an operating system that can manage user rights. Set up multiple users on your system, even within the family, and never use the Internet with administrator rights. Use security software such as virus scanners and firewalls and keep your system up to date.

The person responsible for this online presence within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

 

Vacation at Sea GmbH
Jörg A. Boeckmann – Managing Partner

Friedrich-Ebert-Str. 48
64342 Seeheim
Duitsland
Telephone 0049-6257-507970
vas@vacationatsea.de

11. Right to information / Rigth of withdrawel

You are entitled to receive information about your personal data stored by us for processing at any time, free of charge.

If such processing occurs, you can request information from the person responsible about the following information:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that is processed;

(3) the recipients or the categories of recipients to whom the personal data concerning you have been, or will be disclosed;

(4) the planned duration of storage of the personal data concerning you, or, if specific information is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing;

(6) the existence of a right to file a complaint with a supervisory authority;

(7) all available information about the origin of the data, if the personal data is not collected from the person concerned;

(8) the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

In addition, you can request the deletion or blocking or correction of your data free of charge at any time. However, deletion may be contrary to legal regulations, particularly relating to billing and accounting purposes.

To revoke your consent to data use, request information or correction, blocking or deletion, please contact:

 

Vacation at Sea GmbH
Jörg A. Boeckmann – Managing Partner

Friedrich-Ebert-Str. 48
64342 Seeheim
Duitsland
Telephone 0049-6257-507970
datenschutz@vacationatsea.de

 

Apart from any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you believe that it is the case that the processing of the Personal data concerning you violates the GDPR.

12. Unsubscribing from Newsletter

If you no longer wish to receive our newsletter or promotional emails, click on the "unsubscribe" link included at the bottom of all emails sent by us.

13. Messaging Services

By sending a start message to the company specified in the legal notice (hereinafter referred to as the sender), I agree in accordance with Art. 6 Para. 1 lit. a GDPR that the sender may use my personal data (e.g. last name and first name, telephone number, messenger ID, profile picture, Messages) are used for direct communication and the data processing required for this using the selected messenger. To use this service, an existing messaging account with the respective provider is required.

The responsible provider of the messenger for Whatsapp is WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA with the data protection declaration available at https://www.whatsapp.com/legal/#privacy-policy

I am aware that the respective provider receives personal data (in particular communication metadata) which is also processed on servers in countries outside the EU (e.g. USA) where an adequate level of data protection cannot be guaranteed. However, Whatsapp Inc and Facebook Inc are certified under the Privacy Shield Agreement and thereby offer a guarantee that they will comply with European data protection law. Further information can be found in the data protection guidelines of the respective messenger above. The sender has neither precise knowledge nor influence on the data processing by the respective provider.

Your consent to this data processing can be freely revoked at any time by entering “STOP” in the respective messenger.

To have all data stored by you with our service provider removed, send a message with the text “DELETE ALL DATA” via your messenger.