Data Protection at Traveller Sedona GmbH
1 Information on the collection of personal data
(1) In the following we inform you about the collection of personal data when using our website. Personal data are all data that can be personally related to you, for example your name, address, e-mail addresses, and user behaviour.
(2) The controller pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (EU GDPR) is
Traveller Sedona GmbH
63456 Hanau Steinheim
Phone: +49 (0)6181 98276 0
Website: https://traveller-sedona.com/ (see our Legal Notice).
(3) If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory retention obligations exist.
(4) If we make use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the retention period.
2 Legal basis for the processing of personal data
(1) Insofar as we obtain the consent of the data subject for the processing of personal data, the legal basis is Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR).
(2) Art. 6 para. 1 lit. b GDPR is the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.
(3) Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, the legal basis is Art. 6 para. 1 lit. c GDPR.
(4) In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 para. 1 lit. d GDPR.
(5) If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, the legal basis for processing is Art. 6 para. 1 lit. f GDPR.
3 Your rights
(1) You have the following rights towards us with regard to your personal data:
– right to information,
– right to rectification or erasure,
– right to restrict processing,
– right to object to the processing,
– right to data portability.
(2) If you consider that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint to a supervisory authority.
The supervisory authority responsible for us is:
Hessian Data Protection Commissioner
PO Box 3163
Phone: +49 611 1408 - 0
Telefax: +49 611 1408 - 900
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
4 Collection of personal data when visiting our website
(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
– IP address;
– date and time of the request;
– time zone difference to Greenwich Mean Time (GMT);
– content of the request (specific page);
– access status/HTTP status code;
– amount of data transferred in each case;
– website, together with the sub-site from which the request comes;
– operating system and interface;
– language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the website more user-friendly and effective overall.
- a) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c).
- b) Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
- c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
- d) You can configure your browser settings according to your wishes and for example refuse the acceptance of third party cookies or all cookies. Please note that you may not be able to use all functions of this website.
5 More functions and offers on our website
(1) In addition to the purely informational use of our website, we offer various services which you can use if you are interested. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, conclusion of contracts or similar services together with partners. For more information, please provide your personal data or see the description of the offer below.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
6 Objection to the processing of data or revocation of consent
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
(3) You are of course entitled to object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection to the use of your data for advertising purposes under the following address:
Traveller Sedona GmbH
63456 Hanau Steinheim
Phone: +49 (0)6181 98276 0
7 Use of blog features
(1) You can leave public comments on our blog, in which we publish various articles on topics connected with our activities. Your comment will be published under the article, along with the user name you gave. We recommend using a pseudonym rather than your real name. Giving your user name and email address is necessary; all other information is voluntary. If you leave a comment, we will continue to store your IP address, which we will delete after one week. This storage is necessary for us in order to defend ourselves against liability claims in the event of possible publication of unlawful contents. We need your email address in order to contact you if a third party should claim that your comment is unlawful. The legal basis is Article 6 (1) sentence 1 lit. b and f GDPR. Comments are not monitored before publication. We retain the right to delete comments that are denounced as unlawful by a third party.
(2) When writing your comment, you can check the box to activate our e-mail service. This will inform you when other users leave a comment on the post. We use the double opt-in procedure for this service, i.e. you will receive an e-mail in which you must confirm that you are the owner of this e-mail address and wish to receive the notifications. You can unsubscribe from the notifications at any time by clicking on the link contained in the e-mail. Your personal data, including your e-mail address, the time of registration for the service and your IP address will be stored by us until you log out of the notification service.
(1) You can consent to subscribe to our newsletter, with which we inform you about current offers of interest. The advertised goods and services are named in the declaration of consent.
(2) We use the double opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) Your email address is the only mandatory information we require for sending you the newsletter. Providing further data is voluntary and this data is only used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a DS-GMO.
(4) When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration assigned by the Internet Service Provider (ISP) as well as the date and time of registration. The collection of this data is necessary in order to understand the possible misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
(5) You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can cancel your subscription by clicking on the link provided in each newsletter e-mail, via this form on the website, by e-mail to firstname.lastname@example.org or by sending a message to the contact details given in the Legal Notice.
(6) We would like to point out that we evaluate your user behaviour in the context of the newsletter distribution. For this evaluation, the e-mails sent contain so-called web beacons, also known as tracking pixels. These are one-pixel image files that link to our website and enable us to evaluate your user behaviour. For the evaluations we link the data mentioned under section 4 and the web beacons with your e-mail address and an individual ID. The data is collected exclusively pseudonymised, meaning the IDs are not linked to your other personal data, and a direct personal reference is excluded. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation, we store the data anonymously and for statistical purposes only. Tracking is not possible if you have disabled the display of images in your e-mail program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above tracking takes place.
9 Contact via the website
Due to legal regulations, our website contains information that enables quick electronic contact to our company and to communicate directly with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the data controller via e-mail or a contact form, the personal data transmitted by the data subject will be stored automatically.
A valid e-mail address is required so that we know who sent the request and are able to answer it. Further information can be provided voluntarily. In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, the data will be processed for the purpose of contacting us on the basis of your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.
10 Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Google+, Pinterest.
We use the so-called two-click solution. This means that when you visit our site, no personal data is initially transferred to the plug-in providers. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under section 4 of this declaration will be transmitted. In the case of Facebook, according to the provider in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and stored there (for U.S. providers in the U.S.A.). Since the plug-in provider collects data via cookies in particular, we recommend that you delete all cookies before clicking through your browser’s security settings.
(2) We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the retention periods. We also have no information on the deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. The evaluation of data is carried out in particular (also for not logged-in users) to display needs-based advertisement and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. However, you have to contact the respective operator to exercise such right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.
(4) The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection information:
- a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
11 Data erasure and retention period
The personal data of the data subject shall be deleted or blocked if the purpose for which they were stored no longer applies. The data may be stored beyond this period if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be deleted or blocked when a storage period specified in the mentioned laws and regulations expires, except where further retention of the data is necessary for the conclusion of a contract or for fulfilling a contractual obligation.
12 Use of automated decision making
As a responsible company, we do not use automated decision-making or profiling.