The protection of personal data and the privacy of users are a fundamental part of escapio’s corporate philosophy. Compliance with statutory data protection regulations and informing our users about how their data is handled are therefore a matter of course for escapio. Please use our contact form for questions or suggestions.
This privacy policy informs you about the nature, sTTcope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “personal data” or its “processing,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Name and Address of the Data Protection Officer
You can contact our data protection team at any time via datenschutz@escapio.com for general questions about data protection as well as to exercise your rights.
For direct contact with our Data Protection Officer, please send your request by post to the address below with the note “For the attention of the Data Protection Officer”:
Types of data processed:
Legal bases for processing
We process personal data on the following legal bases:
If consent is required, processing is carried out exclusively on this basis.
Processing of special categories of data (Art. 9 para. 1 GDPR):
Categories of data subjects:
Hereinafter, we collectively refer to the data subjects as “users”.
Purpose of processing:
Status: March 30, 2026
1. Relevant legal bases
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not stated in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
2. Changes and updates to the privacy policy
We ask you to keep yourself regularly informed about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or any other individual notification.
3. Security measures
3.1. In accordance with Art. 32 GDPR, and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the differing likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, securing the availability of, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data, and response to data risks. In addition, we already take the protection of personal data into account in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default settings (Art. 25 GDPR).
3.2. Security measures include, in particular, the encrypted transmission of data between your browser and our server.
4. Cooperation with processors and third parties
4.1. If, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g., if a transfer of data to third parties, such as payment service providers, is necessary for contract performance pursuant to Art. 6 para. 1 lit. b GDPR), if you have consented, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Art. 28 GDPR.
5. Data transfer in connection with bookings
5.1. Hotel partners or travel providers
If you make a booking on our offer pages, it is necessary for the initiation and conclusion of the contract that you provide personal data, such as your name, address, and email address. As part of your booking or booking inquiry, the booking information is also transmitted to the respective hotel partner or travel provider for the performance or preparation of the contract so that they can further process your booking. These third-party providers will then use your personal data under their own responsibility and in accordance with their respective privacy policies.
5.2. Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosure or transfer of data to third parties, this is done only if it is necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as an officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the USA through the “EU-U.S. Data Privacy Framework”) or compliance with officially recognized specific contractual obligations (so-called “Standard Contractual Clauses”).
6. Rights of data subjects
6.1. You have the right to request confirmation as to whether the data in question is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. In accordance with Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of inaccurate data concerning you.
6.3. In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted without undue delay or, alternatively, in accordance with Art. 18 GDPR, to request restriction of the processing of the data.
6.4. You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.
6.5. Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI), Friedrichstr. 219, 10969 Berlin, Tel.: +49 30 13889-0, Email: mailbox@datenschutz-berlin.de, Website: www.datenschutz-berlin.de
7. Right of withdrawal
You have the right to withdraw consent previously granted pursuant to Art. 7 para. 3 GDPR with effect for the future.
8. Right to object
You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.
9. Cookies and right to object in the case of direct advertising
Cookies and tracking technologies We use cookies and similar technologies. Technically necessary cookies are used on the basis of Section 25 para. 2 TDDDG. All other cookies and tracking technologies (in particular for analytics and marketing purposes) are used only with your consent pursuant to Section 25 para. 1 TDDDG and Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time with effect for the future.
10. Deletion of data
10.1. The data processed by us is deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us is deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
10.2. We store personal data only for as long as necessary for the respective purposes. Unless more specific information is provided, the following periods apply:
After the purpose ceases to apply or statutory periods expire, the data is deleted.
11. Provision of contractual services
11.1. We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services pursuant to Art. 6 para. 1 lit. b GDPR. Entries marked as mandatory in online forms are required for the conclusion of the contract.
11.2. We process usage data (e.g., the websites visited within our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order, for example, to display product information to the user based on services previously used by them.
11.3. Deletion takes place after the expiry of statutory warranty and comparable obligations; the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligations); information in the customer account remains until its deletion.
12. Contact
12.1. When contacting us (via contact form or email), the user’s information is processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b GDPR.
12.2. User information may be stored in our customer relationship management system (“CRM system”) or comparable inquiry organization.
12.3. We delete inquiries if they are no longer required. We review necessity every two years; inquiries from customers who have a customer account are stored permanently and we refer to the information on the customer account for deletion. In the case of statutory archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
13. Comments and contributions
13.1. If users leave comments or other contributions, their IP addresses are stored for 7 days on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.
13.2. This is done for our security in case someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves may be held liable for the comment or contribution and are therefore interested in the identity of the author.
14. Collection of access data and log files
14.1. On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
14.2. Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
15. Online presences in social media
15.1. We maintain online presences within social networks and platforms in order to communicate with customers, prospective customers, and users active there and to inform them about our services there. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
15.2. Unless otherwise stated within our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g., by writing posts on our online presences or sending us messages.
16. Cookies & audience measurement
16.1. Cookies are pieces of information transferred from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.
16.2. We use “session cookies” that are stored only for the duration of the current visit to our online presence (e.g., in order to enable the storage of your login status or the shopping cart function and thus the use of our online offering at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offering and, for example, log out or close the browser.
16.3. Users are informed about the use of cookies in the context of pseudonymous audience measurement within this privacy policy.
16.4. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may result in functional restrictions of this online offering.
16.5. You can revoke or adjust your consent to the use of cookies at any time via our consent management tool. In addition, you can prevent the storage of cookies by adjusting your browser settings accordingly.
16.6. To obtain, document, and manage your cookie consents, we use the Consent Management Platform of Ströer Digital Group GmbH, Ströer-Allee 1, 50999 Cologne. The technical provision is carried out by the processor Sourcepoint Technologies Inc., 228 Park Ave S #87903, New York, NY 10003, USA. Sourcepoint is registered in the IAB Europe Transparency & Consent Framework (TCF 2.2) under ID 6. The date and time of your visit, browser and device information, your anonymized IP address, and your consent decisions are stored. This serves the fulfillment of our accountability obligation pursuant to Art. 7 para. 1 GDPR (legal basis: Art. 6 para. 1 lit. c GDPR). The transfer to Sourcepoint in the USA takes place on the basis of Standard Contractual Clauses pursuant to Art. 46 para. 2 lit. c GDPR. The data is deleted after 13 months. You may revoke your consent at any time via the cookie settings in our footer. Ströer’s privacy policy: https://www.stroeer.de/datenschutz
17. Google re/marketing services
17.1. We use the marketing and remarketing services (hereinafter “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Use is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.
17.2. Google also processes your personal data in the USA and has certified itself under the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov
17.3. Google Marketing Services allow us to display ads for and on our website in a more targeted manner in order to present users only with advertisements that potentially match their interests. If, for example, a user is shown ads for products they were interested in on other websites, this is referred to as “remarketing.” For these purposes, when our and other websites on which Google Marketing Services are active are accessed, Google directly executes code from Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user’s device (comparable technologies may be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites the user has visited, which content they are interested in, and which offers they clicked on, as well as technical information about the browser and operating system, referring websites, time of visit, and other information on the use of the online offering. Users’ IP addresses are also collected, whereby within the framework of Google Analytics we inform that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is fully transferred to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offerings. The aforementioned information may also be combined by Google with such information from other sources. If the user subsequently visits other websites, ads tailored to their interests may be displayed to them.
17.4. User data is processed pseudonymously within the framework of Google Marketing Services. This means that Google does not store and process, for example, the name or email address of users, but processes the relevant cookie-related data within pseudonymous user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the USA.
17.5. The Google Marketing Services we use include, among others, the online advertising program “Google Ads.” In the case of Google Ads, each Ads customer receives a different “conversion cookie.” Cookies can therefore not be tracked across the websites of Ads customers. The information obtained with the help of the cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.
17.6. We integrate advertisements via Google AdSense from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. AdSense enables the display of interest-based advertisements on our website based on user behavior. Cookies and similar technologies are used to collect information such as visited pages, interactions with ads, and device and browser information. Google also processes this data in the USA and has certified itself under the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. You may revoke your consent at any time via the cookie settings in our footer. Further information and the opt-out option can be found at: https://adssettings.google.com/authenticated
17.7. Furthermore, we may use the “Google Tag Manager” in order to integrate and manage Google analysis and marketing services on our website.
17.8. Further information on data use by Google for marketing purposes can be found on the overview page: https://policies.google.com/technologies/ads, and Google’s privacy policy is available at https://policies.google.com/privacy.
17.9. If you wish to object to interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
18. Meta Pixel, Custom Audiences, and Facebook marketing services
18.1. We use the Meta Pixel of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta”), on our website. The Meta Pixel makes it possible to record website visitors as a target group for the display of advertisements on Facebook and Instagram (so-called “Custom Audiences”), to measure the effectiveness of advertisements via conversion tracking, and to build remarketing target groups. The data processed includes, among other things, IP address, browser information, visited pages, interactions on the website, and conversion data. Meta may link this data with your Facebook profile, provided that you are logged in there.
18.2. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. The Meta Pixel is loaded only after you have given your consent via our consent tool. You may revoke your consent at any time via the cookie settings in our footer.
18.3. Meta Platforms Ireland Ltd. belongs to Meta Platforms Inc. and also processes your personal data in the USA. Meta has certified itself under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov. Further information on data processing by Meta can be found in Meta’s privacy policy: https://www.facebook.com/privacy/policy and in the information on the Meta Pixel: https://www.facebook.com/business/help/651294705016616.
18.4. You can make settings for interest-based advertising within Facebook and Instagram in your Meta account settings at https://www.facebook.com/settings?tab=ads. These settings apply across all devices.
19. Meta social plugins
19.1. We integrate social plugins (“plugins”) of the social network Facebook on our website, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta”). The plugins may display interaction elements or content (e.g., videos, graphics, or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the words “Like,” “Gefällt mir,” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin.” An overview of the available plugins can be found at: https://developers.facebook.com/docs/plugins/
19.2. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. The plugins are loaded only after you have given your consent via our consent tool. You may revoke your consent at any time via the cookie settings in our footer.
19.3. If a plugin is loaded on our website, your browser establishes a direct connection to Meta’s servers. The content of the plugin is transmitted directly by Meta to your device and integrated into the website. Meta may thereby receive information that you have visited the corresponding page. If the user is logged in to Facebook, Meta can assign the visit to the respective Facebook account. Interactions with the plugins (e.g., clicking the Like button) are also transmitted directly to Meta and stored there. We have no influence on the scope of the data that Meta collects with the help of the plugins.
19.4. Meta Platforms Ireland Ltd. belongs to Meta Platforms Inc. and also processes your personal data in the USA. Meta has certified itself under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov. Further information on data processing by Meta can be found in Meta’s privacy policy: https://www.facebook.com/privacy/policy and in your Meta account settings for advertising: https://www.facebook.com/settings?tab=ads
20. Newsletter
20.1. With the following information, we inform you about the contents of our newsletter as well as the subscription, dispatch, and statistical evaluation procedures and your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.
20.2. Newsletter content: We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter “newsletter”) only with the consent of the recipients or legal permission. If the content of the newsletter is specifically described when registering for the newsletter, this is decisive for the users’ consent. Otherwise, our newsletters contain information about our products, offers, promotions, and our company.
20.3. Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using third-party email addresses. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.
20.4. Newsletters are sent using “MailChimp,” a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the mailing service provider’s privacy policy here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp also processes your personal data in the USA and has certified itself under the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov
20.5. Furthermore, according to its own information, the mailing service provider may use this data in pseudonymous form, i.e., without assignment to a user, to optimize or improve its own services, e.g., for the technical optimization of the dispatch and presentation of the newsletters or for statistical purposes in order to determine the countries from which the recipients come. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.
20.6. Registration data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for the purpose of addressing you personally in the newsletter.
20.7. Performance measurement – The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from the mailing service provider’s server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is first collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the mailing service provider to monitor individual users. Rather, the evaluations serve us much more to recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users.
20.8. The newsletter is sent and performance measured on the basis of the recipients’ consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG or on the basis of legal permission pursuant to Section 7 para. 3 UWG.
20.9. Logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.
20.10. Cancellation/withdrawal – You can cancel receipt of our newsletter at any time, i.e., withdraw your consent. A link to cancel the newsletter can be found at the end of each newsletter.
21. Web analytics tool Matomo
21.1. We use Matomo, a web analytics service that we operate exclusively on our own servers. No data collected is disclosed to third parties. The data processed includes anonymized IP address, pages and files accessed, duration of stay, referrer URL, browser and operating system, screen resolution, approximate location data, and time of page access. The IP address is shortened before storage and does not allow any conclusions to be drawn about individual persons.
21.2. Since Matomo uses cookies, processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. Matomo is loaded only after you have given your consent via our consent tool. You may revoke your consent at any time via the cookie settings in our footer. Without consent, Matomo is not executed; in this case, no analysis of your usage behavior takes place.
22. Payment processing via Stripe (B2C and B2B)
22.1. For payment processing, we use Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”). For payments, you are redirected to Stripe and enter your payment data directly there. Escapio receives only transaction information (e.g., name, email, amount, status, billing address), not complete payment data.
22.2. Stripe processes the data for payment processing, fraud prevention, and invoicing and acts as an independent controller within the meaning of the GDPR. The legal basis is Art. 6 para. 1 lit. b and lit. f GDPR. Data transfers to the USA take place on the basis of EU Standard Contractual Clauses or the EU-US Data Privacy Framework. Payment and invoice data are stored for 6–10 years in accordance with statutory retention obligations. Privacy policy: stripe.com/privacy
23. Advertising
23.1. We integrate advertisements from Ströer Digital Media GmbH, Kehrwieder 8–9, 20457 Hamburg. Cookies and similar technologies are used for the delivery, control, and performance measurement of advertising. The data processed includes, among other things, IP address, device and browser information, visited pages, date and time, and interactions with advertising materials.
23.2. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you may revoke at any time via the cookie settings. Data transfers to third countries take place on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR. Privacy policy: stroeer.de/datenschutz
24. Pinterest Tag
24.1. We use the Pinterest Tag of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, to measure the success of Pinterest ads and to display interest-based advertising (remarketing). The data processed includes, among other things, IP address, device and browser information, visited pages, and conversion data. Pinterest may link this data with the respective user profile.
24.2. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. Data transfers to the USA take place on the basis of EU Standard Contractual Clauses. Consents can be revoked at any time via the cookie settings. Privacy policy: policy.pinterest.com/de/privacy-policy
25. Microsoft Advertising (Bing Ads) and Universal Event Tracking (UET)
25.1. We use conversion tracking and remarketing from Microsoft Advertising (Microsoft Ireland Operations Limited, One Microsoft Place, Leopardstown, Dublin 18, Ireland) including Universal Event Tracking (UET). The data processed includes, among other things, IP address, device and browser information, visited pages, and conversion data.
25.2. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. Data transfers to the USA take place on the basis of EU Standard Contractual Clauses. Consents can be revoked at any time via the cookie settings. Privacy policy: privacy.microsoft.com
26. Mattermost
We use Mattermost for internal communication and project collaboration. Names, contact data, communication content, files, and metadata are processed in this context. The legal basis is Art. 6 para. 1 lit. f GDPR; for processing customer or partner data additionally Art. 6 para. 1 lit. b GDPR. In the case of external hosting, processing takes place within the framework of data processing pursuant to Art. 28 GDPR.
27. Use of OptiMonk
27.1. We use OptiMonk (OptiMonk International Zrt., Rákóczi út 42, 1072 Budapest, Hungary) for behavioral analysis and the display of personalized pop-ups and overlays. The data processed includes, among other things, pages accessed, click and scroll behavior, dwell time, and device information. A data processing agreement pursuant to Art. 28 GDPR is in place.
27.2. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you may revoke at any time via our consent tool. Privacy policy: optimonk.com/privacy-policy
28. Microsoft Clarity
28.1. We use Microsoft Clarity (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) for behavioral analysis using session replays and heatmaps. The data processed includes, among other things, IP address, device and browser information, visited pages, and interactions on the website. Microsoft Clarity uses cookies and comparable technologies for this purpose.
28.2. Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. Data transfers to the USA take place on the basis of EU Standard Contractual Clauses or the EU-US Data Privacy Framework https://www.dataprivacyframework.gov. Consents may be revoked at any time. Privacy policy: privacy.microsoft.com
29. Use of the subdomain and the “Lovable” service
29.1. We use the subdomain https://partner.escapio.com/fuer-hotels to provide certain content and information. The technical implementation and provision of this content takes place via the “Lovable” service. Provider: Lovable Labs Incorporated, 1111B South Governors Avenue, Dover, Delaware 19904, United States. When the subdomain is accessed, information is automatically collected and processed by Lovable or the technical systems. This includes in particular:
This data is technically necessary in order to correctly deliver the content of the website and to ensure stability and security. Processing takes place on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the secure, stable, and efficient provision of our online offering. We have concluded a data processing agreement with Lovable, where required, in accordance with Art. 28 GDPR.
29.2. Lovable is a provider based in the United States. It therefore cannot be ruled out that personal data may be transferred to the USA. The transfer takes place on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular by using the Standard Contractual Clauses of the European Commission. There is a risk that US authorities may access the transferred data without a level of data protection comparable to that of the EU being guaranteed.
30. Integration of third-party services and content
30.1. Within our online offering, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”). This always requires that the third-party providers of this content perceive the users’ IP address, since without the IP address they could not send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit, and other details about the use of our online offering, and may also be combined with such information from other sources.
30.2. The following presentation provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, options to object (so-called opt-out):