Privacy and Cookie Statement

HolidayCheck AG / HC Touristik GmbH

zu Deutsch wechselnEffective: 2021-05-21 • 15:00

print this page


In this data protection declaration, we provide you with all relevant information on the processing of your personal data (hereinafter also referred to as ‘data’) by HolidayCheck. We place the greatest possible importance on transparency. If you have any questions or comments please contact us at datenschutz@holidaycheck.com.

Privacy Policy Table of Contents

  1. General information
    1. The scope of this data protection declaration
    2. The controllers for the processing of your data
    3. The data protection officer
  2. The data we process
  3. What we do with your data
    1. When you register with us
    2. When you book with us
    3. When you post a review or upload media
    4. In the course of our customer service
    5. When you book a journey with HC Touristik GmbH (HolidayCheck Reisen)
    6. When you become a HolidayCheck Premium member
    7. To prevent fraud/protect against any misuse of our services
    8. To develop and improve our services and processes
    9. To send you newsletters and other information
    10. When you access/use our website/application (tracking)
    11. On our Facebook fan page
    12. When you take part in a prize competition
    13. When you use the HolidayCheck Shop
    14. When you use the HolidayCheck Business Center
  4. When and how we transmit data
  5. How long we store data
  6. Your rights
  7. Changes to this data protection declaration

I. General information

The processing of your personal data is carried out in compliance with the Swiss and European data protection laws.

You have neither a contractual nor a legal obligation to provide personal data. However, if you do not provide personal data, we may not be able to render some of our services or not in the same form and quality.

1. The scope of this data protection declaration

In this data protection declaration, we inform you about how we process your data when you

  • access or use one of our websites which are available under holidaycheck.de / .at / .ch (including of all sub-domains operated under these domains) or our applications.
  • make use of our services and offers via one of our websites, an app or in any other way, e.g. by phone or chat.

2. The controllers for the processing of your data

HolidayCheck is not a single company. HolidayCheck consists of different companies which are combined under the umbrella of HolidayCheck Group AG and which render various services within the Group or for our customers.

The controllers for processing your personal data in the scope of this data protection declaration are:

  • - HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, Switzerland, as the operator of our review and booking portal.
  • - If you have booked a journey with HC Touristik GmbH (HolidayCheck Reisen), the controller is HC Touristik GmbH, Neumarkter Strasse 61, 81673, München, Germany.

    (HC Touristik GmbH offers hotel accommodation and package holidays as a tour operator under the brand name HolidayCheck Reisen via the booking portal HolidayCheck AG. The controllership of HC Touristik GmbH is limited to the data processing activities listed in Section III. 5.)

3. The data protection officer

We have designated as the data protection officer:

Dipl.-Kfm. Marc Althaus
DSEXTERN GmbH
Frapanweg 22
22589 Hamburg

If you have any questions for our data protection officer, please use the contact form under https://www.dsextern.de/anfragen.

II. The data we process

Depending on the services you use and the way you contact us, the collection and processing of different data is necessary. The necessary data are collected via online forms, by phone or in other ways, but only directly from you.

To help you to understand this data protection declaration, we classify the different types of data in the following categories:

  • Account data

    Data for the provision of your personal log-in area and data which you store in your log-in area. You must enter your email address and password. Mandatory data are your e-mail address and your password. Further data such as name, address or a profile picture can be stored in your login area on a voluntary basis.

    If you log in with your Facebook or Google account data, we exchange the necessary data with Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This means that Facebook/Google learns that you are active on HolidayCheck and that we will receive personal profile data from Facebook/Google.

  • Address data

    Street, house number, any additional address components, postal code, city/town, country

  • Sign-in data

    Information about the service through which you signed in. Dates, times and technical information about your signing in, confirmation and signing out; data given by you when you sign in.

  • Booking data

    Data on the products ordered, prices, payment and delivery information

    These data are not collected directly from you, they are created in the course of your use of our services.

  • Contact data

    Phone number(s), fax number(s), email address(es)

  • Personal master data

    Title, title, first name(s), surname, and date of birth

  • Usage data

    Information about the users' behaviour on our website and interaction with our services.

  • Payment data

    Bank account data, credit card data, data on other payment services such as PayPal

  • Access data

    Date and time when you visit our services, the website from which the accessing system came to our website, pages called up during use, session identification data (session ID) and the following information about the computer system which accesses our website: internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.

III. What we do with your data

We collect and process your data especially to be able to provide you with the desired services.

1. When you register with us

When you register with us, we particularly process your sign-in and account data to provide you with your personal log-in area. These data are defined by you when you register on our website, and you can change them at any time via your log-in area.

We use the data stored in the context of your bookings and reviews (see sections III. 2 and III. 3) in order for you to access your bookings and reviews via your login area.

It is up to you to decide what data you publish in postings on our forum. We only use such data to publish these postings in the forum.

Data processed:

Account data, booking data, additional data you choose to save in your profile or on the forum.

Legal basis:

The legal basis for the processing of your data for the purpose of providing a service requested by you is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

2. When you book with us

With HolidayCheck you can book package holidays, hotel accommodation and additional services such as rental cars, travel cancellation insurance or airport lounges.

Booking / support:

When you ask us about a booking via our booking form, by phone, email, chat or in other ways, we process the necessary data to prepare relevant offers for you.

When you make a booking with us, we collect and process the necessary data for the conclusion of the contract, the implementation of your booking and the provision of effective support. This also includes the transmission of your data to the relevant tour operator and the other suppliers of the booked services, such as insurance companies or lounge operators. Further information about the transmission of data can be found in Section IV.

If you wish to collect bonus points/miles in connection with your booking, we process the necessary data to ensure that the bonus points/miles can be credited.

If you wish to use a voucher in the course of your booking, or if you are entitled to a refund of part of the travel price for other reasons, we process the necessary data to carry out the refund.

In case of a complaint arising in the context of your booking, we process the necessary data to clarify the facts and to process the complaint or to support the respective tour operator in clarifying the facts and processing the complaint.

Data processed:

This generally involves personal master data, contact data, address data, payment data and booking data. Additional data may be stored and processed in individual cases in connection with your correspondence with us.

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Rental car:

If you ask us about the booking of a rental car via our website, by phone, email, chat or in any other way, we process the necessary data to prepare relevant offers for you.

If you book a rental car through us, we collect and process the necessary data for the conclusion of the contract, the implementation of your booking and the provision of effective support. This also includes transferring your data to the relevant rental car provider and the other suppliers of the of the booked services.

The preparation of the offers and the booking of your rental car are carried out by Driveboo AG, Bahnweg 8, 8598 Bottighofen, Switzerland (www.driveboo.de/datenschutz.html).

Further information about the transmission of data can be found in Section IV.

Quality assurance:

If you contact us by phone in connection with a booking or support request, we record some conversations for training purposes and to improve our service quality. However, such recordings are only made if you give us your explicit consent to do so.

Data processed:

Content of the conversation, especially but not only personal master data, contact data, address data, payment data and booking data.

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

3. When you post a review or upload media

HolidayCheck AG operates the largest German-speaking opinion portal on travel and holidays on the internet. Users have the opportunity to submit personal reviews and upload photos via our portal.

Publication:

If you submit a review via our online form or upload an image, we collect and process the necessary data to ensure the publication of the review/the image on our platform.

Data processed:

In the event of a review: first name(s), age, the country where you live, email address, information about the nature of your travel group, details on the reason for your journey, information about the duration and time of your trip and the content of your actual review.

In the event of an image: first name(s), email address and the data content of the uploaded image or file.

Legal basis:

The legal basis for the processing of your data for the purpose of providing a service requested by you is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Quality assurance:

In addition, we process the necessary data to assure the quality and authenticity of the content and compliance with our terms of use.

Data processed:

In the event of a review: IP address, first name(s), age range, the country where you live, email address, information about the nature of your travel group, information about the reason for your journey, information about the duration and time of your trip and your actual review.

In the event of an image: IP address, first name(s), email address and the data contained in the image or file.

In individual cases we may request additional proof of accommodation for further verification.

Legal basis:

The legal basis for the processing of the data are our legitimate interests in such processing pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in publishing only qualitatively verified and authentic reviews and images.

Hotel terminals:

If you enter your email address in a hotel using one of our terminals, we use this email address to send you a request to submit a review.

Processed data:

E-Mail-address

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

Partnerships:

We work together with various partners which offer you voucher codes or other privileges/benefits if you enter a review via our portal.

If you enter a review on our portal in the context of such a partnership, we use your email address to send you the voucher code or the necessary information about the other privileges/benefits. In cases where the sending is done by our partner, this includes the transfer of your e-mail address to the respective partner.

Processed data:

E-Mail-address

Legal basis:

The legal basis for the processing of your data for the purpose of providing a service requested by you is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Miles programmes:

If you want to collect bonus points/miles when you submit your review, we process the necessary data to ensure that the bonus points/miles are credited to you. To do this we only use the data which you have personally entered into the relevant form.

Processed data:
  • Miles & More: service card number, review ID, destination.
  • Eurowings: service card number, review ID, first name(s), surname.
Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

4. In the course of our customer service

As part of our general customer service, we process enquiries and complaints from customers, potential customers and hoteliers.

When you send us an enquiry, we process the necessary data to deal with and reply to your enquiry.

When a hotelier sends an enquiry or a complaint, we process the necessary data to clarify the relevant facts and to deal with and reply to the enquiry or complaint. If this enquiry relates to content which you have posted on our platform, it may also be necessary to process your data. However, we never pass on your data to hoteliers.

The necessary processing activities and data depend on the specific requirements of the individual case. Common examples include:

  • processing of access and erasure requests by data subjects within the meaning of the GDPR,
  • processing of enquiries related to posted reviews and the log-in area,
  • complaints by hoteliers in relation to individual reviews and images. In the event of a complaint relating to content submitted or uploaded by you, we may contact you to further clarify the respective facts.
Processed data:

Contact data, address data, personal master data, data in relation to content which you have posted to our platform, the content of the correspondence in relation to the enquiry.

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the provision of an efficient customer service, the processing of enquiries, the processing and defence of complaints and in ensuring the fulfilment of the rights of the data subjects.

Feedbacktool Mopinion

You can give us feedback by using the feedback tool on our website. The provision of data such as names or your email address, which would allow us to identify you, is completely voluntary and has no influence on your ability to give us feedback or on the way we deal with your feedback. However, we can only provide you a response to your feedback if you enter the necessary contact data in the feedback tool. The entered via the feedback tool will in no case be linked with any other data which may be available in relation to you.

If you use our feedback tool, we process the necessary data to deal with your feedback and take it into account in the further improvement of our services. If you enter your contact data in our feedback tool, we process the necessary data to give you a response to your feedback.

Processed data:

Contact data, information contained in your feedback

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the provision of effective customer services, the processing of enquiries and the improvement of our services.

5. When you book a journey with HC Touristik GmbH (HolidayCheck Reisen)

When you book a journey with HC Touristik GmbH (HolidayCheck Reisen), your data are transmitted to HC Touristik GmbH as the tour operator, as described in Section “III. 2. When you book with us” and processed by HC Touristik GmbH to carry out your booking and guarantee an efficient customer service.

Processed data:

This generally involves personal master data, contact data, address data, payment data and booking data. Additional data may be stored and processed in individual cases in connection with your correspondence with us.

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

6. When you become a HolidayCheck Premium member

HolidayCheck customers can benefit from a wide range of advantages (hereinafter referred to as "HolidayCheck Premium services") as part of a paid HolidayCheck Premium membership when booking journeys through HolidayCheck AG's various sales channels.

When you become a member of HolidayCheck Premium, we process the necessary data to ensure a functioning membership administration and proper billing of membership fees. This includes, for example, the maintenance of a member database as well as the sending of messages without promotional information, which are sent in the context of our contractual relationship with our customers.

When you make use of HolidayCheck Premium services, we process the necessary data to ensure that the service is provided properly. This may include, for example, passing on data to our tour operator, HC Touristik GmbH, if you make use of a HC Touristik GmbH discount.

Processed data:

Personal master data, booking data, address data, contact data, payment data as well as your membership number and other data relating to your membership and use of HolidayCheck Premium services.

Legal basis:

The legal basis for the processing of your data is the performance of a contract under pursuant to Article 6 paragraph 1 letter b of the GDPR.

7. To prevent fraud/protect against misuse of our services

We process the necessary data to prevent any cases of fraud, to clarify any suspected cases of fraud and to protect our website/services from misuse. To do this, we use special technologies which detect and indicate any irregularities.

To prevent any misuse of our website and to protected against any fraudulent activities, for example by automated bots, in some areas of our website we use reCAPTCHA, a Captcha service provided by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). reCAPTCHA captures data to determine whether a user is a natural person or another entity such as a bot. This evaluation is carried out by Google. HolidayCheck has no access to the data captured by reCAPTCHA.

Processed data:

Account data, personal master data, contact data, address data, registration data, booking data, log-in data, access data, use data

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the prevention and clarification of cases of fraud and in the protection of our websites from misuse.

8. To develop and improve our services and processes

Improvement of existing services and development of new services

We constantly work on the improvement of existing services and the development of new services. In this context we process the necessary data to find out how our services are used by our customers.

The goal of this data processing is not to analyse the behaviour of individual persons or to compile a profile, but to analyse the use of our services by all or large groups of our customers. This means that, in a first step, your data are combined/aggregated with the data of other customers. The analysis is then only carried out based on aggregated/anonymous data.

Processed data:

Personal master data, address data, booking data, payment data

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the development and improvement of our existing services, the development of new services and the preparation of evaluations and reports.

Improvement and development of internal processes

We process the necessary data to achieve continual improvements in our systems and internal processes. However, at no time is the focus on processing information about you as a person, therefore we pseudonymise and anonymise your data as far as this is possible in the individual case.

Processed data:

Data stored in the relevant systems.

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the improvement and development of internal processes.

Development of new technologies and improvement of existing technologies

We process the necessary data as part of the development of new technologies and the improvement of existing technologies to improve our services and set new standards in data protection and information security. This especially includes the areas of machine learning, artificial intelligence and deep learning. In this context, as far as is technically possible, we only use pseudonymised, anonymised or aggregated data.

Processed data:

Data stored in the relevant systems.

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the development of new technologies and the improvement of existing technologies.

9. To send you newsletters and other information

We send out newsletters and other announcements with advertising information based on your consent or our legitimate interests.

This does not include messages without any advertising information which are transmitted as part of our contractual or other business relationship with our customers.

Direct marketing

When you use our services, we process the necessary data to send you advertising about our own similar services (direct marketing). There is no personalisation of the advertising content.

You are entitled to object to this use of your data, with effect for the future. To do this, you can simply send an informal email to community@holidaycheck.de. In this case, we process your data to document your objection in our system.

Processed data:

Names, title, address data, contact data, log-out date and time

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the initiation of business transactions and increase in revenue.

Newsletters / personalised advertising

When you register to receive our newsletter and other advertising information, we process the necessary data to ask you to confirm your registration (the double opt-in procedure) and to document your registration.

If you confirm your registration to receive our newsletter and other advertising information, we process the necessary data to carry out the transmission and adapt the content to your interests. This includes, for example, also reminders about transactions which are not yet complete, the submission of customer satisfaction surveys and questionnaires about the use of our services. Your registration and confirmation constitute a consent within the meaning of the GDPR.

You may revoke your consent at any time. The revocation of your consent will not affect the lawfulness of the processing carried out based on the consent prior to the revocation. To revoke your consent, you can simply use the following link www.holidaycheck.de/newslettercancel or send an informal email to community@holidaycheck.de. In this case, we process your data to document your revocation in our system.

Processed data:

Email address, registration and confirmation date and time, revocation date and time, personal master data, contact data, address data, data concerning your bookings, reviews posted and any other use of our services (use data)

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

Messenger services

When you register via WhatsApp for communication via messenger services (WhatsApp) as explained on our website, we process the necessary data to document your registration and to carry out the sending of messages. Your registration constitutes a consent within the meaning of the GDPR.

You may to revoke your consent at any time. The revocation of your consent will not affect the lawfulness of the processing carried out based on the consent prior to the revocation. To revoke your consent, you can simply send a message with the text ‘Stop’ by WhatsApp to the number +4915792464558 if you wish to receive no more messages for a time, or ‘Delete all data’ if you no longer wish to use the WhatsApp service at all. In this case, we process your data to document your revocation in our system.

Processed data:

Phone number, registration and revocation date and time

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

Push notifications

On our website you can register to receive push notifications. After you have registered you will regularly receive information in the form of push notifications, for example about current offers or new entries in our forum, depending on which content you have registered for.

When you register to receive push notifications by using a query in your browser or terminal device, we process the necessary data to document your registration, to send the notifications and to adapt the content to your presumed interests. Your registration constitutes a consent within the meaning of the GDPR.

You may revoke your consent at any time. The revocation of your consent will not affect the lawfulness of the processing carried out based on the consent prior to the revocation. In this case, we process your data to document your revocation in our system.

You can revoke your consent via the link: https://www.holidaycheck.de?cleverPushUnsubscribe=true or in the relevant settings for receiving push notifications in your browser. If you use our push notifications on a desktop PC with a Windows operating system, you can cancel the push notifications by right clicking on the relevant push notification in the settings which appear on your screen. A detailed explanation of the cancellation process can be found under the following link: https://cleverpush.com/en/faq .

Processed data:

Browser or device ID, registration and revocation time and date, information about the topic of the page where the push notifications were activated, information about whether and when our push notifications have been displayed and clicked on.

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

10. When you access/use our website/applications (tracking)

When you access/use one of our websites which are available under holidaycheck.de / .at / .ch (including all sub-domains operated under these domains) or applications, we collect and process the necessary data, especially but not only by means of cookies, to ensure and optimise the functionality of our websites / applications, to find out how customers and interested persons use our websites / applications and to adapt our websites / applications as well as our content to your presumed interests. We pass on the collected data to our partners and tracking service providers to the extent necessary in the context of the respective purposes.

The data collected and processed when you access/use our websites / applications are not assigned to any natural person but are exclusively processed in a pseudonymised form using cookie IDs or other identifiers. Any link with other data, for example your booking data, is only carried out after and based on your explicit consent.

Further information is provided in the following sub-sections and in connection with our privacy settings.

Purposes of the data processing

Reach measurement, statistical analysis, optimisation of the web content

We process the necessary data to analyse how all and/or large groups of our customers and interested persons use our websites/applications. This is necessary to prepare internal evaluations and reports, to adapt our web content and to ensure the best possible user experience at all times.

In this context we process data about how you access our websites/applications (access data) and data about how you interact with our website/our services (usage data).

Display of interest-based offers

As an online travel agency, we want to help you find a holiday which perfectly matches your wishes and interests also via the internet. Therefore, we process the necessary data to be able to display the appropriate offers to you.

In this context we process data about how you interact with our website/our services (usage data).

Display of interest-based content/advertising

We process the necessary data to display targeted advertising on our own websites and the websites of other providers.

In this context we process data about how you interact with our website/our services (usage data).

Documentation / processing of payments with business partners

We process the necessary data to ensure correct billing of commissions with our partners. This is necessary, for example, if you come to us via an offer on another website and then book with us, or to detect when users become aware of a hotel through us but then book it via another channel.

In this context, we process the necessary data for the commission settlement, for example the booking revenue (booking data).

Integration of a chat service

On our website we use a chat service provided by iAdvize GmbH, Erkrather Strasse 401, 40231 Düsseldorf, Germany, to offer you an additional option for communication where this is needed. iAdvize stores cookies on your computer to ensure the functionality of the chat.

For more information, please visit privacy.iadvize.com/en/partners.

Legal basis

The processing of your data in connection with the use of tracking technologies is based on various legal bases.

Legal basis contract, Article 6 paragraph 1 letter b of the GDPR:

Insofar as the data processing is carried out to provide a service which you have requested, it is based on Article 6 paragraph 1 letter b of the GDPR.

Legal basis legitimate interests, Article 6 paragraph 1 letter f of the GDPR:

Insofar as the data processing is carried out to guarantee the functionality of our website, to optimise our services, to determine indicators on the use of the website and to enable correct commission accounting, this data processing is based on our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR.

The legitimate interests which are relevant in this context are:

  • to statistically determine indicators about the use of our services (reach, intensity of use, surfing behaviour of users),
  • to ensure that our websites and services match your interests and are economically viable,
  • to guarantee the functionality of our website,
  • to ensure correct invoicing of commission payments between us and our partners whose services you have used in connection with your booking.

Any profiling and/or personalisation of advertising and other content is carried out exclusively based on your consent, not in the framework of our legitimate interests.

Legal basis consent, Article 6 paragraph 1 letter a of the GDPR:

Insofar as the data processing is carried out to show you optimised and personalised advertising and content, this is based on your prior consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

Your consent

At any time, you are entitled to grant your full or partial consent to the processing of your data for the above purposes, or to revoke your previously granted consent and object to any further processing of your data. To do so, simply use the link to the privacy settings in the footer. The revocation of your consent will not affect the lawfulness of the processing of the data based on your consent prior to the revocation.

To manage your consent and other privacy settings, we use a consent management platform which complies with the IAB Europe Transparency & Consent Framework.

You can also use our websites/applications without granting any consent. In this case, however, we may be unable to provide you with the full functionality of our websites/applications for technical reasons.

Other possibilities of objection / opt-out possibilities

You can also deactivate/delete the above cookies in the settings of your browser and block the creation of new cookies or set an opt-out cookie for each individual provider, which will mean that this provider will not be able to save and process any data about you in future. Please note that your preferences will be lost if you delete the opt-out cookie.

You can use the following button to opt out of the setting of cookies in general.

11. On our Facebook fan page

At https://www.facebook.com/HolidayCheck/ we operate a Facebook fan page which you can use to communicate with us.

Replies to enquiries

If you send us an enquiry via the communication channels which we provide on Facebook, we also process the necessary data to deal with and reply to your enquiry in our system.

Processed data:

Names, email address or similar data which are necessary to reply to your enquiry and contact you.

Legal basis:

The legal basis for the data processing are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in dealing with and responding to enquiries.

Operation of the Facebook fan page

We process the necessary data to ensure that we can operate our Facebook fan page. In this respect, Facebook and HolidayCheck AG act as the joint controllers pursuant to Article 26 of the GDPR. The data processing in connection with the Facebook fan page is governed by the agreement under www.facebook.com/legal/terms/page_controller_addendum and the data protection declaration of Facebook Inc. which is available under de-de.facebook.com/about/privacy/.

12. When you take part in a prize competition

If you take part in one of our prize competitions, we process the necessary data to carry out the competition and distribute the relevant prizes.

Processed data:

Personal master data, contact data, address data, data to check your entitlement to enter the competition

Legal basis:

The legal basis for the processing of your data to carry out a prize competition and to distribute the prizes is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

13. When you use the HolidayCheck Shop

The HolidayCheck Shop can be found at shop.holidaycheck.de and is operated by Herold Fulfillment GmbH, Raiffeisenallee 10, 82041 Oberhaching, Germany.

User account

If you set up a user account with us, we process the necessary data to be able to provide you with your personal user account.

Processed data:

Personal master data, address data, contact data, account data and the additional data which you enter in your user account

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Orders

If you place an order with us, we process the necessary data to be able to handle your order.

Processed data:

Personal master data, address data, contact data

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

14. When you use the HolidayCheck Business Center

Through our Business Centre, we provide hoteliers with the opportunity to design their presence on our website and to respond to reviews and questions from holidaymakers.

If you register in our Business Centre accessible at www.holidaycheck.de/partner/, we process the necessary data to provide you with your personal log-in area and a well-functioning customer service, and to send you newsletters and other information.

Processed data:

Personal master data, account data, contact data, address data and the additional data you have stored in your profile

Legal basis:

The legal basis for the processing of your data to provide a service that you have requested is the performance of a contract pursuant to Article 6 paragraph letter b of the GDPR.

The legal basis for the processing of your data in connection with the transmission of newsletters and other information are on the one hand of our legitimate interests pursuant to Article paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the initiation of business transactions and the increase of revenue, and on the other hand your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

You are entitled at any time to revoke your consent to the use of your data, with effect for the future. To do so, you can simply remove the tick under settings/email notifications in your account, use the direct revocation option in the email or send a simple informal email to service@holidaycheck.de. In this case we process your data to document your revocation/cancellation in our system.

IV. When and how we transmit data

Transmission within the Group

The companies of the HolidayCheck Group cooperate closely in the provision of their services. Accordingly, other companies in the HolidayCheck Group may also access your data insofar as this is necessary to support HolidayCheck AG and HC Touristik GmbH in the provision of their services. This takes place, for example, in areas such as IT support and finance management.

Transmission to external service providers

In the provision of its services, HolidayCheck also uses external service providers such as hosting and software providers, payment service providers or service providers which deal with travel bookings or the transmission of information and documents.

In this context, the data are only processed for the purposes of HolidayCheck, according to the company's instructions and under the control of HolidayCheck.

To send information via the messenger service WhatsApp, we cooperate with the service provider Burda Direct Services GmbH, Hauptstrasse 130, 77652 Offenburg, Germany (http://whatsmessage.de).

To send push notifications, we cooperate with the service provider CleverPush UG (limited liability), Nagelsweg 22, 20097 Hamburg, Germany.

Transmission to other controllers

In the process of implementing your bookings, it is necessary to transmit your data to tour operators and other providers of booked services, such as hoteliers, airlines, lounge operators or any intermediaries who are involved. These parties are not service providers for HolidayCheck but process your data as independent controllers pursuant to Article 4 No. 7 of the GDPR.

Transmission to public authorities

If we are under an obligation to hand over data to public authorities or other third parties based on a law or other regulation or a decision by a public authority or a court, we do so to the extent which is necessary.

Transmission to third countries

Any transmission of data to third countries only takes place in the framework of and in compliance with the legitimacy requirements under Articles 44 – 49 of the GDPR. This means that any such transmission is only carried out based on an adequacy decision from the EU Commission, or that we ensure an adequate level of protection for personal data by using the EU standard data protection clauses.

If you book a journey or any other service which must be rendered by a provider which is based in a third country, we are not able to guarantee an adequate level of data protection for personal data in every instance. In such cases, the transmission of the data to carry out the booking is implemented based on Article 49 paragraph 1 letter b of the GDPR.

V. How long we store the data

We do not store data for longer than it is necessary for the purpose for which the data processing is carried out. When the data are no longer necessary, they are regularly deleted unless there is an obligation to archive the data. Such obligations may arise, for example, under commercial or tax law or in the framework of legal disputes.

Registration/log-in area

We store the data which you enter during registration or which you add later in your log-in area until you change the data in your log-in area or until you yourself delete your log-in area.

Booking

We store data which we collect in connection with the provision of an offer for a period of three years and data which we collect in relation to your booking for a period of ten years. Payment data are deleted after 72 hours at the latest. The storage of data is carried out for verification purposes and to fulfil the legal obligations of HolidayCheck.

Reviews

We store the data which we collect and process in connection with a review for as long as the review is published.

If we have a justified suspicion that a review has been given with the intention of deceiving us and the users of our review portal, we store the relevant data for as long as we are able to use them to detect future attempts at deception.

We store data which we collect and process in connection with your participation in a miles programme for seven years, to guarantee that the miles are credited to you even retrospectively, and also as protection against misuse.

Customer service / complaints

We store data which we collect and process in the context of our communication with you for no longer than three years unless they are linked in any way to a booking or complaint.

Data which we collect and process in connection with complaints management or other legal procedures is stored, in accordance with the legal requirements, for four years after the legal procedure has been completed.

Newsletters/push notifications

We store data which we record and process in connection with your subscription for our newsletter or our push notifications until you cancel your subscription to our newsletter.

HolidayCheck Shop

We store your data for as long as this is necessary to fulfil the intended purposes. We store the data for your user account until you delete the account. We store data for your orders until the statutory data storage obligation expires.

VI. Your rights

When the relevant conditions are fulfilled, you have the following rights as an data subject under the GDPR: right to access to stored data (Article 15 of the GDPR), right to rectification of inaccurate data (Article 16 of the GDPR), right to erasure of data (Article 17 of the GDPR), right to restriction of data processing (Article 18 of the GDPR), right to object to unreasonable data processing (Article 21 of the GDPR), right to data portability (Article 20 of the GDPR).

To exercise these rights, please use the contact details listed under I. 2. or send an informal email to datenschutz@holidaycheck.com.

VII. Changes to this data protection declaration

We constantly work on the improvement of existing services and the development of new services. In this context and as a result of regulatory changes, we regularly adapt our data protection declaration to reflect the latest developments to ensure that you always have access to all necessary information.

In the event of significant changes, we naturally inform you without delay. In addition, we also recommend that you should reread this data protection declaration from time to time.