Data Security

The protection of personal data and the privacy of users is an integral part of Escapio’s corporate philosophy. Compliance with legal data protection regulations and the sensitive handling of our user’s information and data is therefore also important to Escapio. Please refer to our contact form for questions and/or suggestions.


Data Protection Declaration

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal information (hereafter referred to as “data”) with reference to our online services and the related websites, features and content associated with it, as well as external online sites, e.g. our social media profile (hereafter referred to collectively as “online services”). With regard to the meanings used, such as “personal data” or “processing” we refer to the definitions used in Article 4 of the General Data Protection Regulation (GDPR).

Address of the office responsible

Escapio GmbH
Pettenkoferstrasse 15
10247 Berlin / Germany
service@escapio.com
Authorized Managing Director: Brigitte Kraus
Register court: Amtsgericht Berlin Charlottenburg
Registration number: HRB 94491 B

Name and address of the data protection officer

You can contact our data protection team at datenschutz@escapio.com at any time for general questions about data protection and to enforce your rights.

For direct contact with our data protection officer, please send your request by post to the address below with the note “For the attention of the data protection officer”:

Escapio GmbH
Pettenkoferstrasse 15
10247 Berlin / Germany
datenschutz@escapio.com

Types of data processed:

  • Inventory data (e.g., names, addresses)
  • Contact information (e.g., e-mail, phone numbers)
  • Content data (e.g., text entries, photographs, videos)
  • Contract data (e.g., subject matter, duration, and customer category of the contract)
  • Payment data (e.g., bank details, payment history)
  • Usage data (e.g., accessed websites, interest in content, access times)
  • Meta and communication data (e.g., device information, IP addresses)

Processing of special categories of data (Article 9 (1) GDPR):

  • No special categories of data are processed.

Categories of processed data subjects:

  • Customers / Interested parties / Suppliers
  • Online visitors and online users of the online services

Hereafter referred to as “users”.

Purpose of processing:

  • Provision of the online service, its contents and functions
  • Provision of contractual services, provision of services and customer care
  • Answering contact requests and communicating with users
  • Marketing, advertising and market research
  • Security measures

Effective as of: July 15, 2020


1. Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 of the GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Article 6 (1) (b) GDPR, the legal basis for processing in order to fulfill our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as legal basis.

2. Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as and when changes to the data processing we make require it. We will notify you as soon as the changes require your participation (e.g. your consent) or any other individual notification is required from you.

3. Security measures

3.1. We take appropriate technical and organization measures in accordance with Article 32 GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity of the risk for the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, security, assurance of availability and separation. In addition, we have established procedures that ensure exercising the rights of the data subjects, data erasure, and data vulnerability. Furthermore, we consider the protection of personal data already in the development, for example through the selection of hardware, software and procedures, according to the principles of data protection by technology design and by privacy-friendly default settings as per Article 25 of the GDPR.

3.2. One of the security measures pertains, in particular, to the encrypted transfer of data between your browser and our server.

4. Cooperation with external contract processors and third parties

4.1. If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit data to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transmission of the data to third parties is required by payment service providers, pursuant to Article 6 (1) (b) GDPR for the performance of a contract), or if you have consented to a legal obligation, or based on our legitimate interests (e.g. the use of agents, web hosts / web hosting providers, etc.).

4.2. If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Article 28 GDPR.

5. Data Transfer for Bookings

5.1. Tour Operators and Agents

When making a booking using our product listing pages, it is necessary for the contract initiation and conclusion that you provide personal data such as your name, address and e-mail address. In the course of your booking or booking request, the booking information is also shared with the respective tour operator or agent, e.g. Hideaways AS, for the fulfillment or preparation of your contract, so that they can further process your booking. These Third Parties Providers will then use your personal data in accordance with their own privacy policies and on their own authority.

5.2. Transfers of data to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Article 44 et seq. GDPR. That is, the processing is based, for example, on particular guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with and based on the observance of the officially recognized special contractual obligations (so-called “standard contractual clauses”).

6. Rights of the persons concerned / data subjects

6.1. You have the right, upon request, to obtain confirmation as to whether or not the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Article 15 GDPR.

6.2. In accordance with Article 16 GDPR, you have the right to obtain the rectification of the data concerning you and you have the right to have incomplete personal data completed.

6.3. In accordance with Article 17 GDPR, you have the right to request that the data in question be erased without undue delay, or alternatively, in accordance with Article 18 GDPR, to demand a restriction of the processing of data.

6.4. You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Article 20 GDPR and to request its transmission to another controller or persons responsible.

6.5. According to Article 77 GDPR, you also have the right to lodge a complaint with the relevant supervisory authority.

7. Right of withdrawal

You have the right to revoke granted consent in accordance with Article 7 (3) GDPR with immediate future effect.

8. Right of objection

You may object to the future processing of your data in accordance with Article 21 GDPR at any time. In particular, the objection may be made against processing for direct marketing purposes.

9. Cookies and the right to object to direct marketing

We use temporary and permanent cookies, i.e. small files stored on users’ devices (for an explanation of terms and functions with regards to cookies, please refer to the last section of this privacy policy). In part, the cookies are used for security measures or to operate our online services (for example, for the navigational structure or graphical presentation of the website or any content therein) or to save the user’s decision when confirming the acceptance of cookies via a cookie banner. In addition, we or our digital partners use cookies for measuring reach and marketing purposes, which users are informed about in the course of the privacy policy.
A general objection to the use of cookies used for online marketing purposes can be declared at a variety of sources, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, you can disable the storage of cookies by switching them off in the settings of your browser. Please note, however, that not all features of our online services may function or be used if you disable cookies.

10. Erasure of data

10.1. The data processed by us will be erased or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless otherwise explicitly stated in this privacy policy, the data stored by us is erased as soon as they are no longer necessary in relation to the purposes for which they are collected and the erasure does not conflict with any legal retention periods or requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted, that is, the data will be locked and not processed for other purposes. This applies, for example, to data that must be kept for commercial law or tax law reasons.

10.2. According to legal requirements, the storage takes place in particular for 6 years in accordance with 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with section 147 (1) AO (books, records, management reports , etc.)

11. Provision of contractual services

11.1. We process inventory data (e.g., names and addresses as well as contact information of users), contract data (e.g., services used, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 (1) (b) GDPR. The entries marked as obligatory in online forms are required for the completion and conclusion of the contract.

11.2. We process user data (e.g., the visited web pages of our online services, interest in our products) and content data (e.g., entries typed into contact forms or user profiles) for advertising purposes in a user profile to inform the user e.g. to display product instructions based on the user’s previous activities.

11.3. The erasure takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is checked every three years; in the case of legal archiving obligations, the erasure takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); information in the customer account remains until its erasure.

12. Contacting us

12.1. When contacting us (via contact form or e-mail), the information provided by the user is processed in order to process the contact request and its resolution in accordance with Article 6 (1) (b) GDPR.

12.2. User information is stored in our customer relationship management system (“CRM System”) or comparable system.

12.3. We erase contact requests, if and when they are no longer required. We check the necessity every two years; requests from users who have an account with us, we store permanently and refer to the erasure on the details of the user account. In the case of legal archiving obligations, the erasure takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

13. Comments and posts

13.1. If users leave comments or other contributions, their IP addresses, based on our legitimate interests within the meaning of Article 6 (1) (f) GDPR, are stored for seven (7) days.

13.2. This is for our own safety, in case someone shares illegal content in the form of comments and contributions (insults, prohibited political propaganda, etc.). In such a case, we may face prosecution for the comment or post and are, therefore, interested in the identity of the author.

14. Collection of access data and log files

14.1. Based on our legitimate interests in the legal sense within the meaning of Article 6 (1) (f) GDPR we collect data of every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

14.2. Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven (7) days after which it is then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion or erasure until final clarification of the incident.

15. Online presence in social media

15.1. We maintain an online presence within social networks and platforms in order to communicate with customers, prospective customers and users who are active there and to inform them about our services. By using the respective networks and platforms, the terms and conditions of their respective operators and the data processing guidelines apply.

15.2.
Unless otherwise stated in our privacy policy, users’ data will be processed as long as they communicate with us within social networks and platforms, e.g. write posts on our online platforms or send us messages.

16. Cookies and reach measurement

16.1. Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

16.2. We use “session cookies” that are only stored for the duration of the current visit to our online platform (for example, to enable the storage of your login status or the shopping cart function and to thus enable the use of our online services). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. This type of cookie contains information about its origin and its retention period. These cookies cannot save any other data. Session cookies will be erased when you have finished using our online service and you have, for example, logged out of your account or closed the browser window.

16.3. Users will be informed about the use of cookies with regards to pseudonymous range measurement within the scope of this privacy policy.

16.4. If you do not want cookies stored on your computer, you may disable the options in your browser’s system settings. Saved cookies can be deleted in the system settings of the browser. If you disable or refuse cookies, you may not be able to access some parts of our online website and services, or they may not function properly.

16.5. You may object to or disable the use of cookies for measuring the range and for promotional purposes through the Network Advertising Initiative’s opt-out page (https://optout.networkadvertising.org/?c=1) and the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

17. Google Analytics

17.1. Based on our legitimate interests (i.e., interest in the analysis, optimization, commercial, and economic operation of our online platform and services within the meaning and context of Article 6 (1) (f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookies about the use of the online services by the users are usually transmitted to a Google server in the USA and stored there.

17.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation and data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

17.3. Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within this online service and to provide us with further services related to the use of this online service and the internet usage. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

17.4. We use Google Analytics to display advertisements displayed within Google and its affiliate advertising services only to those users who have shown an interest in our online services or who have certain characteristics (e.g. interests in specific topics or products, which are determined by the web pages visited by them), which we submit to Google (so-called “remarketing” or “Google Analytics audiences”). With Remarketing Audiences, we also want to make sure that our advertisements are in line with the potential interest of our users and are not annoying.

17.5. We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

17.6. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; users may also prevent the collection by Google of the data generated from cookies and related to their use of online services as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

17.7.
For more information about Google’s data usage, settings, and opt-out options, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“How your ads are personalized”).

18. Google Re/Marketing Services

18.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization, commercial, and economic operation of our online services within the context and meaning of Article 6 (1) (f) GDPR) we use the marketing and remarketing services (“Google Marketing Services “) of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”).

18.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

18.3. Google Marketing Services allows us to better target advertisements for and on our website so that we only present advertisements that potentially match their interests to users. When a user is, for example, shown advertisements for products they have shown an interest in on other websites, this is called remarketing. For these purposes, when Google and our or other websites that are running Google Marketing Services are activated or directly accessed by Google, a code will be executed by Google and so-called (re) marketing tags (invisible graphics or code, etc., also called “web beacons”) are added and incorporated into the website. With their help, the user is provided with an individual cookie, viz. a small file is saved (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file is noted which web pages users visited, what content users are interested in and what offers users have clicked on, as well as technical information about the browser and operating system, referring web pages, visit time and other information with regards to the use of the online service. The IP address of the users is also recorded, whereby in the context of Google Analytics the IP address is shortened within member states of the European Union or other contracting states of the agreement on the European Economic Area. Only in exceptional cases data is transmitted to a Google server in the US and shortened there. The IP address will not be merged with data of the user within other offers from Google. The information mentioned above may also be linked by Google with information from other sources. If the user then visits other websites, they will be displayed according to the user’s interests with tailored, customized advertising.

18.4. The data of the users are pseudonymized and processed in the context of the Google marketing services. That is, Google does not store or process, for example, the name or e-mail address of the users, but rather the relevant data cookie-related within pseudonymous user profiles. That means, from the perspective of Google, the advertisements are not managed and displayed to a specifically identifiable person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States.

18.5.
Among the Google marketing services we use is the online advertising program, “Google AdWords”. In the case of Google AdWords, each advertiser receives a different “conversion cookie”. Cookies cannot be tracked through AdWords advertisers’ websites. The information collected by means of cookies is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their advertisements and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users.

18.6. We embed third-party advertisements based on Google’s DoubleClick marketing service. DoubleClick uses cookies, which allow Google and its affiliate websites to serve advertisements based on users’ visits to this site or other sites on the Internet.

18.7. We also engage third-party advertisements based on the Google AdSense marketing service. AdSense uses cookies, which allow Google and its affiliate websites to serve advertisements based on users’ visits to this site or other sites on the Internet.

18.8. Likewise, we use the service “Google Optimizer”. Google Optimizer allows us to understand how various changes to a website (such as changes to the input fields, the design, etc.) take place in so-called “A/B testings”. Cookies are stored on users’ devices for these purposes. We only process pseudonymous data.

18.9.
In addition, we use the “Google Tag Manager” to integrate and manage the Google analytics and marketing services on our website.

18.10. For more information about Google’s data usage for marketing purposes, please refer to their overview page: https://policies.google.com/technologies/ads, Google’s Privacy Policy is available at https://policies.google.com/privacy.

18.11. If you wish to opt-out of interest-based advertising through Google Marketing Services, you may take advantage of Google’s settings and opt-out options: https://adssettings.google.com/authenticated.

19. Facebook, Custom Audiences and Facebook Marketing Services

19.1. Based on our legitimate interests in the analysis, optimization, commercial, and economic operation of our online service, we use the so-called “Facebook pixel” of the social network Facebook, which is owned by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”) on our website and online service.

19.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

19.3. With the help of the Facebook pixel, it is on the one hand possible for Facebook to determine the visitors to our online service as a target group for the presentation and display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook Pixel to display the Facebook Ads we have been sent only to those Facebook users who have shown an interest in our online service or who have certain features (e.g. interests in certain topics or products determined by the web pages visited by them), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook pixel we can also determine the effectiveness of the Facebook ads for statistical and market research purposes, in which we can determine whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

19.4. The processing of the data by Facebook is part of Facebook’s data usage policy. Accordingly, general notes on how to display Facebook Ads, can be found in Facebook’s Data Usage Policy: https://www.facebook.com/policy.php. For specific information and more details about the Facebook Pixel and how it works, please refer to the help section on Facebook: https://www.facebook.com/business/help/651294705016616.

19.5. You may object to the capture by the Facebook Pixel and use of your data to display Facebook ads. In order to change the settings with regards to which types of ads you see on Facebook, you can go to the page set up by Facebook and follow the instructions for the usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform independent, which means they will be implemented across all devices, such as desktop computers or mobile devices.

19.6. You may also deactivate the use the cookies for distance measurement and promotional purposes via the deactivation page of the Network Advertising Initiative (https://optout.networkadvertising.org/?c=1) via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

20. Facebook social plugins

20.1. Based on our legitimate interests (i.e. interest in the analysis, optimization, commercial, and economic operation of our online service within the meaning of Article 6 (1) (f) GDPR) we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins may be interactive elements or content (e.g. videos, graphics, copy, or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, or a “thumbs up” sign) or are clearly marked with the add-on “Facebook Social Plugin”. A list and the appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

20.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

20.3.
When a user visits our webpages or online services and / or calls up a feature of the online services that includes a plugin, the plugin establishes a direct connection between their browser and the Facebook server. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated into the online service. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of these plugins and therefore inform the users according to our knowledge.

20.4. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online service. If the user is logged in to a Facebook account, Facebook can assign the visit to their (the user’s) Facebook account. If users interact with the plugins, for example, by pressing the Like button or leaving a comment, the information is transmitted from the user’s device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will identify and save the user’s IP address. According to Facebook, only an anonymous IP address is stored in Germany.

20.5. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options for protecting the privacy of users, can be viewed in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

20.6. If a user is a Facebook member and does not want Facebook to collect data about them via our online service and link it to their member data stored on Facebook, the user must log out of their Facebook account and delete their cookies before using our online service. Other settings and revocations regarding the use of data for advertising purposes can be found and viewed on the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform independent, which means they are adopted for and implemented across all devices, such as desktop computers or mobile devices.

21. Newsletter

21.1. In the following information, we inform you about the contents of our newsletter as well as the registration process, the mailing and the statistical evaluation procedures, as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.

21.2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing promotional or advertising information (hereafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described in detail, the description of the content is authoritative for the consent of the users. Furthermore, our newsletters contain information about our products, offers, promotions and our company.

21.3. Double opt-in and logging: The registration for our newsletter takes place in a so-called double-opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. The registration for the newsletter will be logged in order to prove the registration process according to legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Similarly, changes to your data stored with the mailing service provider will be logged.

21.4. Mailing Service Provider: The newsletter is distributed via “MailChimp”, a mailing list platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA. The privacy policy of the shipping service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

21.5. Mailing service provider: The newsletter sent via Whatsapp is distributed via “Whatsbroadcast”. You can view the privacy policy of the shipping service provider here: https://www.whatsbroadcast.com/de/datenschutz/.

21.6. Furthermore, the mailing service provider may, according to its own information, transmit these data in pseudonymous form, i.e. without assignment to a user, to optimize or improve their own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletters or for statistical purposes, to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to contact them or to pass them or their information on to third parties.

21.7. Credentials: To subscribe to the newsletter, providing your valid e-mail address is sufficient. We ask you to provide a name in the newsletter in order to address you personally, but this is optional.

21.8. Measuring success – The newsletters contain a so-called “web beacon”, that is to say, a pixel-sized file that is retrieved from the mailing service provider’s server when the newsletter is opened. This will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters were opened, when they were opened and which links were clicked. This information can be allocated to individual newsletter recipients for technical reasons. However, it is neither our endeavor nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

21.9. The dispatch of the newsletter and the performance measurement are based on the consent of the recipient(s) in accordance with Article 6 (1) (a), Article 7 GDPR in connection with Section 7 (2) Nr. 3 Act Against Unfair Competition (AAUC) or on the basis of the statutory permission pursuant to Article 7 (3) AAUC.

21.10. The logging of the registration process is based on our legitimate interests in accordance with Article 6 (1) (f) GDPR and serves as proof of consent to the receipt of the newsletter.

21.11. Termination / Revocation – You may terminate the receipt of our newsletter at any time, i.e. revoke your consent to receive our newsletter. A link to cancel the newsletter can be found at the end of each newsletter.

22. Integration of services and content of third parties

22.1. Based on our legitimate interests (i.e. interest in the analysis, optimization, commercial, and economic operation of our online service within the meaning of Article 6 (1) (f) GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as videos or fonts (hereafter collectively referred to as “content”). The inclusion of content from third-party providers always requires that the third-party providers of this content perceive the IP address of the users, since they need these IP addresses in order to send content to the users’ browser. The IP address is therefore required for the presentation of this content. We strive towards only using content whose respective providers use the IP address, solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website and online services. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web sites, visit times, and other information regarding the use of our online service.

22.2.
The following presentation provides an overview of third-party providers and their contents, as well as links to their data protection statements, which contain further details on the processing of data and, as already mentioned here, revocation possibilities (so-called opt-out):

  • External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). The integration of Google fonts is done by a server call on Google (usually in the US). Privacy Policy: https://policies.google.com/privacy , opt-out: https://adssettings.google.com/authenticated.
  • Maps provided by the third-party “Google Maps” service, Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
  • Third-party Google LLC’s YouTube Platforms, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
  • Our online service includes features of the Google+ service. These features are offered through third party Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. If you’re logged in to your Google+ account, you can link the content of our pages to your Google+ profile by clicking the Google+ button. This allows Google to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Google+. Privacy policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
  • Features of Instagram are integrated in our online service. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that we as the provider of the pages do not receive knowledge of the content of the transmitted data and their use by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/.
  • We use social plugins from the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you visit a page containing such a plugin, your browser connects directly to the servers of Pinterest. The plugin transmits protocol data to the server of Pinterest in the USA. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies. Privacy Policy: https://about.pinterest.com/en/privacy-policy.
  • Within our online service, functions of the service, or rather, the platform Twitter is included (hereafter referred to as “Twitter”). Twitter is an offer from Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Features include displaying our posts within Twitter within our online services, linking our profile to Twitter, including the ability to interact with Twitter’s posts and features, as well as to measure whether users are accessing our online service through the advertisements we’ve posted on Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/privacy, opt-out: https://twitter.com/settings/account/personalization.
  • External code of the JavaScript framework “jQuery”, provided by the third-party jQuery Foundation, https://jquery.org.
  • Within our online service functions of the service, or rather the platform, Zapier is included (hereafter referred to as “Zapier”). Zapier is an offer from Zapier Inc. A Delaware corporation, 548 Market Street, San Francisco, CA 94104-5401, USA. The functions include the processing of data such as e-mail addresses, names and date of birth between Facebook, Instagram and Mailchimp. Zapier is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TNk2AAG&status=Active). Privacy Policy: https://zapier.com/privacy/.
  • Within our online service prices of the service, or rather the platform, Hotelscombined is included (hereafter referred to as “Hotelscombined”). Hotelscombined is an offer by HotelsCombined Pty Ltd, Suite 1, Level 1, 7 Kelly Street, Ultimo, 2007, NSW Sydney, Australia.
    The integration of the prices takes place by means of a server call with Hotelscombined (usually in Australia). Privacy Policy: https://www.hotelscombined.de/AboutUs/Privacy
  • We include the feature to detect bots, e.g. when entering data into comment fields (“ReCaptcha”) of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
  • Within our online service functions of the service Clicktripz are included. These features are provided by Clicktripz LLC, 1112 Ocean Drive, Suite 200, Manhattan Beach, CA 90266, USA. Clicktripz uses data-driven technology to run travel-specific campaigns on Escapio. Privacy Policy: http://www.clicktripz.com/privacy_policy.php