1. ​Name and address of the responsible

   The responsible party, within the meaning of basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

   ATLANTIC Hotels Management GmbH Ludwig-Roselius-Allee 2

   28329 Bremen Deutschland

   Telephone: +49 (0) 421 944888-0

   Telefax: +49 (0) 421 944888-552

   Email: info@atlantic-hotels.de Website: https://www.atlantic-hotels.de

2. ​Name and address of the data protection officer

The data protection officer of the responsible party is:
SHIELD GmbH, CEO: Martin Vogel and Martin Dalecki
Ohlrattweg 5, 25497 Prisdorf
Telephone: +49 (0) 4101 8050600
E-Mail: datenschutz@atlantic-hotels.de www.shield-datenschutz.de

 

 

1. ​General data management

   1. Scope of processing of personal data

      We process personal data from our users principally only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly only carried out with their consent. These consents can be revoked at any time with effect for the future by informing the responsible. The contact details can be found under "I. Name and address of the responsible".

       

   2. Legal basis for the processing of personal data

      Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

       

      In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

       

      Insofar as processing of personal data is required to fulfill a legal obligation that is required for our company, art. 6

      (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, art. 6 (1) (f) GDPR serves as legal basis for processing.

   3. Data deletion and storage duration

      The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage expires. Additional storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

       

2. ​Provision of the website and creation of logfiles

   1. Description and scope of data processing

      Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

      The following data is collected:

      1. Information about the browser type and the version used

      2. The operating system of the users

      3. The Internet service provider of the user

      4. The IP address of the user

      5. Date and time of access

      6. Websites from which the user's system accesses our website

      7. Websites accessed by the user's system through our website

         The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

   2. Legal basis for data processing

      The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

   3. Purpose of the data processing

      The temporary storage by the system of the IP address is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

      Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

      We have a justified interest in the processing of data for this purpose, according to Art. 6 (1) (f) GDPR.

      In diesen Zwecken liegt auch unser berechtigtes Interesse an der Datenverarbeitung nach Art. 6 Abs. 1 lit. f DSGVO.

   4. Duration of storage

      The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the session is completed. In the case of storing the data in log files, data is stored for no more than seven days. After one day, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.

   5. Objection and removal possibility

      The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

3. ​Use of cookies

   Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

    

   We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after switching pages. In addition, we use cookies on our website that allow an analysis of users' browsing behavior.

   In this way, the following data is transmitted:

   1. IP address, age, gender, interests

   2. activities on the website during the visit

   3. frequency of page views

   4. use of website features

   5. origin / visitor source

       

      Technical precautions pseudonymize the data of the users collected in this way. This makes it much more difficult to assign the data to the calling user and is only possible with the help of an appropriate "key". The data will not be stored together with other personal data of the user.

       

      Cookies are stored on the computer of the user and transmitted by it to our page. For cookies requiring consent, a so-called cookie consent banner is made available to you when you visit the website. There you have the possibility, if you wish, to use our website only with the technically necessary cookies.

      Furthermore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.

      1. Legal basis for data processing

         The legal basis for the processing of personal data using cookies that are technically necessary or necessary for the provision of the service is Art. 6 (1) (f) GDPR.

         The legal basis for the processing of personal data using all other cookies or cookies not strictly necessary for the provision of the service is Art. 6 (1) (a) GDPR.

      2. Purpose of the data processing

         The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after switching pages. The user data collected through technically necessary cookies will not be used to create user profiles. The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our services offered.

          

      3. Duration of storage, objection and removal options

4. ​Private customer newsletter & conference customer newsletter

   1. Description and scope of data processing

      On our website, it is possible to subscribe to a free newsletter that informs customers and business partners about the company’s offers and news at regular intervals. During registration for the newsletter, the data from the input mask are transmitted to us. Here it is mandatory to enter the e-mail address and select the newsletter.

      Optionally, the salutation, title, first name and last name can be entered.

       

      In addition, the following data are collected during registration:

      For the processing of the data, your consent is obtained in the context of the registration process and reference is made to this privacy policy.

       

      The company CleverReach GmbH & Co. KG has been authorized to handle the dispatch of the newsletter. The company provides guarantees under contract to ensure that appropriate technical and organizational measures are taken to ensure that the processing complies with the EU GDPR and ensures the protection of the data subject’s rights.

      The data will be used exclusively for sending the newsletter. In connection with the data processing for the dispatch of newsletters, the data will not be passed on to third parties.

       

      1. IP address of the calling computer

      2. Date and time of registration

      3. URL

      4. Date/time and IP of the order

   2. Legal basis for data processing

      The legal basis for the processing of data after registration by the user for the newsletter and for data processing as part of newsletter tracking is Article 6(1)(a) GDPR if the user has given consent.

       

   3. Purpose of data processing

      The collection of the user’s e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to address the user personally. The provision of further personal data is voluntary.

   4. Duration of storage

      The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The user’s e- mail address and the personal data optionally provided during the registration process are therefore stored as long as the newsletter subscription is active.

       

   5. Objection and removal possibility

      The subscription of the newsletter can be cancelled by the data subject at any time. For this purpose, there is a corresponding unsubscribe link in every newsletter.

      The e-mail address of the user and the personal data collected in the registration process will be deleted immediately in the event of an objection (unsubscribe).

      In addition, you can at any time object to the storage of your data with effect for the future via newsletter@atlantic- hotels.de. Your data will then be deleted immediately and you will no longer receive a newsletter.

   6. Newsletter tracking

      The newsletter contains a so-called web beacon. A web beacon is a transparent 1x1 pixel graphic that is embedded in the e-mail. This is only possible in HTML mails, not in plain text mails, and makes it feasible to record a log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded web beacon, ATLANTIC Hotels Management GmbH can detect if and when an e-mail was opened by a data subject and which links in the e-mail were accessed by the data subject.

       

      Such personal data collected via the web beacons contained in the newsletters are stored and evaluated by the data controller in order to optimize the newsletter distribution and to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the relevant separate declaration of consent submitted via the double opt-in procedure. After revocation, this personal data will be deleted by the data controller. ATLANTIC Hotels Management GmbH automatically interprets any subscription cancellation from the newsletter as a revocation.

       

      Openings, clicks, cancellations etc. are saved as activities for the respective recipient. These data can be viewed

      in the recipient data record for each recipient addressed. This has a retention period of up to six months and is then deleted again. Then no more evaluations, follow-up campaigns or the like can be carried out.

       

      The data are also not stored permanently in the report area. Reports that are older than one year are automatically archived by the system. The archived reports can still be viewed by ATLANTIC Hotels Management GmbH, but personalized data are not evaluated here. These are only visible up to six months after the newsletter has been sent.

5. ​Ordering vouchers

   l. Description and scope of data processing

   On our website, we offer users the opportunity to buy vouchers, for certain values or services, by providing personal information. The data is entered into an input mask and transmitted to us and stored.

   The company Incert eTouristmus GmbH & Co KG, Leonfeldner Straße 328, 4040 Linz from Austria is responsible for processing and sending the voucher. This service provider signed a data processing agreement with us. The collected data will be used exclusively for the delivery of the voucher. The data will not be passed on to third parties.

   At the time of the voucher order, the following data is also stored:

   2. Legal basis for data processing

    

   For the processing of the data, your consent is obtained as part of the sending process and reference is made to this Data Protection Statement.

   In addition, the data will only be passed on to third parties if the transfer is necessary for the purpose of contract execution or for billing purposes or for collecting the fee or if you have given your express consent. In this regard, we only pass on the data required in each case.

   The data recipients are typically delivery / shipping companies, payment institutions, payment service providers and, in the event of payment default, also collection agencies.

   A Data Processing Agreement was concluded with Incert eTourismus GmbH & Co. KG in accordance with Art. 28 Para. 3 GDPR.

   The legal basis is Art. 6 Para. 1 lit. b GDPR. Regarding the voluntary data, the legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.

   The mandatory data collected is required for the fulfillment of the contract with the user (for the purpose of sending the goods and confirming the content of the contract). We therefore use the data to answer your inquiries, to process your booking, if necessary to check creditworthiness or to collect a debt and for the purpose of technical administration of the websites. The voluntary information is provided for the prevention of misuse and, if necessary, for the investigation of criminal offences. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with information.

   The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. We are required by commercial and tax law to store your address, payment and order data for a period of ten years after the execution of the contract. However, we will restrict processing after six years, i.e. your data will only be used to comply with legal obligations. If a continuing obligation exists between us and the user, we store the data for the entire term of the contract and for ten years thereafter (see above). Regarding data provided voluntarily, we will delete the data upon expiration of six years after execution of the contract, provided that no further

   contract is concluded with the user during this period; in this case, the data will be deleted upon expiration of six years after execution of the last contract.

   If the data is required for the performance of a contract or for the execution of precontractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the data stock of the responsible party. Regarding the voluntary data, you can declare your revocation to the person responsible at any time. In this case, the voluntary data will be deleted immediately.

   More information on data protection at Incert eTourismus GmbH & Co. KG can be found at: https://www.incert.at/unternehmen/datenschutz/ (in German only)

    

   1. The following data is collected as part of the voucher order Required Fields:

      1. First name

      2. Last name

      3. Street

      4. Postal code

      5. City

      6. Country

      7. E-Mail

      8. Payment method

         Optional:

      9. Company

      10. Phone number

      11. E-mail address of additional coupon recipients

      12. Gift message (For, From, Message)

      13. Own photos

      14. Own video

   2. The IP address of the user

   3. Date and time of booking

   4. Order number

   5. Coupon code

   6. Value

   7. Transaction number

6. ​Rights of the affected person

   If your personal data are processed, you are the person affected within the meaning of GDPR and you have the following rights vis-à-vis the data controller:

   1. Right to information

      You may ask the person responsible to confirm whether personal data concerning you is processed by us.

      If your data is being processed, you can request information from the person responsible about the following information:

      1. the purposes for which the personal data are being processed;

      2. the categories of personal data being processed;

      3. the recipients or the categories of recipients to whom personal data concerning you have been disclosed or are being disclosed;

      4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;

      5. the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the data controller or a right to object to such processing;

      6. the existence of a right of appeal to a supervisory authority;

      7. all available information on the source of the data, if the personal data is not collected from the data subject;

      8. the existence of automated decision-making, including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

         You have the right to request information about whether your personal information is passed on to a third country or an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

   2. Right to rectification

      You have a right to rectification and / or completion by the data controller, if your personal data being processed is incorrect or incomplete. The responsible person must make the correction immediately.

   3. Right to restriction of processing

      You may request the restriction of the processing of your personal data under the following conditions:

      1. if you contest the accuracy of the information relating to you for a period of time, that allows the data controller to verify the accuracy of your personal information;

      2. the processing is unlawful and you refuse the deletion of the personal data and instead demand restriction of the use of your personal data;

      3. the data controller no longer needs the personal data for the purposes of processing, but you need it in order to assert, exercise or defend legal claims; or

      4. if you have objected to the processing pursuant to Art. 21 (1) GDPR, and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons.

         If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of important public interests of the Union or a Member State. If the restriction of processing was restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.

   4. Right to deletion

      1. Obligation to delete

         You may demand that the controller delete your personal information immediately, and the controller is required to delete that information immediately if one of the following is true:

         1. Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

         2. You revoke your consent, which the processing was based on according to Art. 6 (1) (a) or Art. 9

            (2) (a) GDPR and there is no other legal basis for processing.

         3. You object to the processing according to Art. 21 (1) GDPR and there are no prior justifiable reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.

         4. Your personal data have been processed unlawfully.

         5. The deletion of personal data concerning you is required, in order to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

         6. The personal data concerning you were collected in relation to information society services, pursuant to Article 8 (1) of the GDPR.

      2. Information to third parties

         If the data controller has made the personal data concerning you public and is required to delete them according to Article 17 (1) of the GDPR, he must take appropriate measures, including technical means, with due regard to available technology and implementation costs, to inform data controllers that you, the data subject, have requested the deletion of all links to such personal data or copies or replications of this personal data.

         Exceptions

         The right to erasure is not in force if the processing is necessary:

         1. to exercise the right to freedom of expression and information;

         2. to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

         3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9

            (3) GDPR;

         4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph

            (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

         5. to assert, exercise or defend legal claims.

   5. Right to information

      If you have the right of rectification, erasure or restriction of processing to the controller, he / she is obliged to notify all recipients, to whom your personal data have been disclosed, of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort. You have a right to be informed about these recipients by the data controller.

   6. Right to Data Portability

      You have the right to receive personally identifiable information that you provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

      1. the processing is based on consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract according to Art. 6 (1) (b) GDPR

      2. the processing is done by automated means.

         In exercising this right, you also have the right to obtain that your personal data are transmitted directly from one controller to another, as far as technically feasible. This situation should not affect the freedoms and rights of other persons.

         The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.

   7. Right to object

      You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data, which occurs pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

      The controller will no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

      If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

      If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.

      Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, to exercise your right to object through automated procedures that use technical specifications.

   8. Right to revoke the data protection consent declaration

      You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent before the revocation.

   9. Automated decision in individual cases, including profiling

      You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or negatively affect you in a similar manner. This does not apply if the decision

      1. is required for the conclusion or performance of a contract between you and the controller,

      2. is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

      3. occurs with your express consent.

      4. However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) apply, and reasonable measures have been taken to protect your rights and freedoms and your legitimate interests.

      5. With regard to the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from the side of the controller, to present the case and to challenge the decision.

      6. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen (State Data Protection and Freedom of Information Officer)

Arndtstraße 1, 27570 Bremerhaven

Tel.: +49 471 596 2010 oder +49 421 361 2010

Fax: +49 421 496 18495

E-Mail: office@datenschutz.bremen.de

ADDITIONAL PLUGINS AND ONLINE SERVICES

1. ​Google analytics (with anonymization function)

   The data controller has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about referrers - from which website the user came to the website, which subpages of the website were accessed, or how often and for how long a subpage was viewed. A web analysis is mainly used for optimization of a website and for cost-benefit analysis of Internet advertising.

   The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

   The controller uses the addition "_gat._anonymizeIp" for web analytics via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject will be shortened and anonymized by Google, if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

   The purpose of the Google Analytics component is to analyze streams of visitors on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our websites, and to provide other services related to the use of our website.

   Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are has already been explained above. Using this cookie makes it possible for Google to analyze the usage of our website. Each time one of the pages of this website, that is processed by the data controller and where a Google Analytics component is integrated, is accessed, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google receives information about personal data, such as the IP address of the person concerned, which among other things serves Google to track the origin of visitors and clicks, and subsequently to allow commission billing.

   The cookie stores personal data, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.

   The data subject can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time through the Internet browser or other software programs.

   Furthermore, the data subject has the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, the person must download and install a browser add-on at tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must re-install the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.

   Additional information and Google's privacy policy can be found

   at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

   You can prevent collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website: Disable Google Analytics

2. ​Google Enhanced Conversion

   This website uses Google Enhanced Conversion - an enhanced version of Google Conversion. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"). With the help of Google Enhanced Conversion, Google and we can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which content was viewed or used particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any

   information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

   Google Enhanced Conversion allows us to increase the accuracy of conversion measurement compared to Google Conversion. It securely sends hashed first-party conversion data from our website to Google as part of an addendum to existing conversion tags. User information is not shared with other advertisers. Access controls and encryption are in place to prevent unlawful access.

   The legal basis for the use of Google Conversion is your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. This consent can be revoked at any time.

   More information on Google Enhanced Conversion can be found in Google's privacy policy at https://policies.google.com/privacy.

3. ​Google Ads

   The controller has integrated Google Ads on this website. Google Ads is an Internet advertising service that allows advertisers to run ads in both Google search engine results and in the Google advertising network. Google Ads allows an advertiser to set keywords in advance, that will display an ad on Google's search engine results only when user uses the search engine to retrieve a search result relevant to the key words. In the Google advertising network, ads are distributed on relevant web pages using an automated algorithm and according to pre-defined keywords.

   The operating company for the services of Google Ads is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

   The purpose of Google Ads is to advertise our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the search engine Google.

   If a data subject comes to our website via a Google ad, a conversion cookie will be stored on the user's information technology system by Google. What cookies are has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. If the conversion cookie has not yet expired, it will be traced whether certain sub-pages, such as the shopping cart from an online shop system, were accessed on our website. The conversion cookie allows both us and Google to understand whether a data subject who came to our website via an Ads ad generated revenue, i.e. completed or interrupted a purchase.

   The data and information collected through the use of the conversion cookie are used by Google to create visitor statistics for our website. These visit statistics are then used by us to determine the total number of users who have been sent to us through Ads ads, in order to determine the success or failure of each Ads ad and to optimize our Ads ads for the future. Neither our company nor any other Google Ads advertiser receives any information from Google that could identify the data subject.

   The conversion cookie stores personal information, such as the web pages visited by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.

   The affected person can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a conversion cookie on the data subject's information technology system. In addition, a cookie already set by Google Ads can be deleted at any time through the Internet browser or other software programs.

   Furthermore, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the data subject must access the link www.google.com/settings/ads from each of the Internet browsers they use and make the desired settings there.

   Additional information and Google's privacy policy can be found at https://www.google.com/intl/en/policies/privacy/.

4. ​Google Remarketing

   The data controller has integrated Google Remarketing services into this website. Google Remarketing is a feature of Google Ads that allows a business to show advertisements to internet users that have previously been on the company's website. The integration of Google Remarketing allows a company to create user-friendly advertising and thus show the Internet user interest-related ads.

   The Google Remarketing Services operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

   The purpose of Google Remarketing is to show interest-based advertising. Google Remarketing allows us to display ads through the Google advertising network or other websites tailored to the individual needs and interests of Internet users.

   Google Remarketing places a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google will be able to recognize the visitor to our website, if he subsequently accesses websites that are also members of the Google advertising network. With each visit to a website on which Google Remarketing's service has been integrated, the data subject's Internet browser is automatically identified with Google. As part of this technical process, Google receives personal data, such as the IP address or the surfing behavior of the user, which Google uses among other things to display interest-relevant advertising.

   The cookie is used to store personal data, such as the websites visited by the data subject. Each time a user visits our website, this personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through this technical process to third parties.

   The affected person can prevent the setting of cookies at any time by our website, as explained above, by changing the Internet browser settings and thus permanently preventing the setting of cookies. Such Internet browser settings would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Ads can be deleted at any time through the Internet browser or other software programs.

   Furthermore, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the data subject must access the link www.google.com/settings/ads from each of the Internet browsers they use and make the desired settings there.

   Additional information and Google's privacy policy can be found at https://www.google.com/intl/en/policies/privacy/.

5. ​Google DoubleClick

   A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: DoubleClick) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to DoubleClick.

   You can prevent DoubleClick from collecting and processing your data by refusing your consent when you enter the website, deactivating the execution of script code in your browser or installing a script blocker in your browser. The legal basis for the use of Google Double Click is your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. The data will be deleted as soon as the purpose of their collection has been fulfilled. Further information on the handling of the transferred data can be found in the DoubleClick data protection

   declaration: policies.google.com/privacy

6. ​Bing Ads

   Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone clicked on an ad, was redirected to our website and reached a previously determined target page (conversion page). We only find out the total number of users who clicked on a Bing ad and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed. If you do not want to participate in the tracking process, you can also reject the setting of a cookie required for this - for example via a browser setting that generally disables the automatic setting of cookies.

   The legal basis for the use of Bing Ads is your consent pursuant to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG.

   Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement

7. ​Google Tag Manager

   We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data.

   The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

   The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. Further information on Google Tag Manager and Google's data protection declaration can be found at the following link: policies.google.com/privacy

8. ​Gstatic

   A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.

   The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. You can prevent Gstatic from collecting and processing your data by refusing your consent when you enter the website, deactivating the execution of script code in your browser or installing a script blocker in your browser. The data will be deleted as soon as the purpose of their collection has been fulfilled. Further information on the handling of the transferred data can be found in Google's data protection

   declaration: https://policies.google.com/privacy

9. ​Google Fonts

   Google Fonts (https://fonts.google.com/) are used to visually improve the presentation of various information on this website. The web fonts are transferred to the cache of the browser when the page is called up so that they can be used for display. If the browser does not support Google Fonts or prevents access, the text is displayed in a standard font.

   When the page is called up, no cookies are stored by the website visitor. Data that are transmitted in connection with the page view are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. You will not be associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

   You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution in your browser or installing a script blocker in your browser. If your browser does not support the Google Fonts or you prevent access to the Google servers, the text is displayed in the system's standard font.

   The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG.

   You can find information on the data protection conditions of Google Fonts at: https://developers.google.com/fonts/faq#Privacy

   General information on data protection can be found in the Google Privacy Center at: https://policies.google.com/privacy

10. ​MyFonts Counter

    On this website we use MyFonts Counter, a web analytics service provided by Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA (hereinafter referred to as "MyFonts").

    Under the terms of the license agreement, page-view tracking is performed by counting the number of visits to the website for statistical purposes and transmitting this information to MyFonts. MyFonts only collects anonymous data. The data may be passed on by activating Java-Script code in your browser.

    The legal basis for the use of this web service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG.

    To prevent the execution of Java-Script code from MyFonts, you can install a Java-Script blocker (e.g. www.noscript.net).

    Further information on MyFonts Counter can be found in the MyFonts data protection Statement at: https://www.monotype.com/legal/terms-conditions-business#Privacy

11. YouTube

The data controller has integrated YouTube components on this website. YouTube is an internet video portal that allows you to watch video clips for free and also to view, rate and comment on them for free. YouTube allows the publication of all types of videos, so that both complete film and television programs, but also music videos, trailers or user-made videos are available on the Internet portal.

YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each visit to one of the pages of this site, that is operated by the data controller and where a YouTube component (YouTube video) is integrated, the Internet browser on the subject's information technology system will be caused by the particular YouTube component to download an image of the corresponding YouTube component from YouTube. More information about YouTube can be found at www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google receive information about which specific page of our website is visited by the data subject.

When the data subject visits a subpage containing a YouTube video while logged in to YouTube, YouTube recognizes which specific subpage the data subject is visiting. This information is collected by YouTube and Google and attributed to the individual YouTube account of the data subject.

YouTube and Google will always receive information through the YouTube components that the data subject has visited our website, if the data subject is logged into YouTube at the time of access to our website; this happens regardless of whether the person clicks on a YouTube video or not. If the data subject does not want the transmission of this information to YouTube and Google, he or she can prevent this by logging out of his or her YouTube account before accessing our website.

YouTube's privacy policy, available at https://www.google.com/intl/en/policies/privacy/, gives information about the collection, processing, and use of personal data by YouTube and Google.

13. Facebook pixel

On our website we use the so-called “Facebook pixel” from the company “Facebook” (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland). With the Facebook pixel we can arrange the visitors of our website in certain target groups in order to be able to show you corresponding advertisements on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, clicked buttons, possibly pixel IDs and other features) are not visible to us, but can only be used to display certain advertisements. Cookies are also set as part of the use of the Facebook pixel code.

If you have a Facebook account and are logged in, your visit to this website will be assigned to your Facebook user account.

We also use the remarketing function "Custom Audiences" of the company "Facebook". This enables users of the website to be shown interest-based advertisements ("Facebook ads") when visiting Facebook or other websites that also use this method. We are interested in showing you advertisements that match your interests in order to make our website more interesting for you.

In order to exchange the respective data, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you are visiting our website Accessed the website or clicked on an advertisement from us. If you are registered with a "Facebook" service, "Facebook" can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and save your IP address and other identification features.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel

More information on Facebook's data policy can be found at https://www.facebook.com/policy.php

We use these functions in order to be able to offer you promotional offers that match your interests. We process your data because you have given your consent to this (Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG). We store your data as long as we need it for the respective purpose (displaying interestbased advertising), or you have withdrawn your consent. The deactivation of the "Facebook Custom Audiences" function is possible for logged in users at https://www.facebook.com/settings/?tab=ads#.You can change your settings for advertisements in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, provided you are logged in to Facebook.

 

PAYMENT PROVIDERS

Your security is our top priority! For this reason, data such as credit card number, sort code, account number, name and address are transmitted via a protected SSL line when paying by credit card. This means that no unauthorized person can read the data you enter during transmission over the Internet. We offer the following payment methods in the voucher shop:

1. Credit card – NEXI Germany GmbH

   If you select “credit card” as the payment method, the payment processing is carried out by NEXI Germany GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.

   NEXI Germany GmbH uses your personal data in particular to process the payments, to prevent card abuse, to limit the risk of payment defaults and also for statutory purposes, such as the prevention of money laundering and criminal prosecution.

   We as the credit card accepting entity, NEXI Germany GmbH and the payment service providers are each separately responsible for the processing of personal data within the respective technical sphere of influence.

   We would like to point out that NEXI Germany GmbH transfers your personal data to other bodies necessary for the processing of the transaction, in particular to the credit institutions, banks and credit card companies involved. Processing of your personal data for the completion of the payment also takes place at these points. You will find the respective privacy policies on the websites of NEXI Germany GmbH and the payment service providers.

   Please address any enquiries regarding data protection and the exercise of your rights to NEXI Germany GmbH or the respective payment service providers.

   The transmission of your data takes place on the basis of GDPR Article 6(1)(b) for the processing of the contract or your order. The secure transfer of your data takes place in accordance with the statutory provisions, § 25a KWG (German Banking Act), § 27 ZAG (Payment Services Oversight Act) and the provisions of the respective credit card companies. The processing and transfer are based on GDPR Article 6(1)(c) (legal obligations) and (f) (our legitimate interest). You have the possibility of revoking your consent to data processing at NEXI Germany GmbH and the respective payment service providers at any time for the future. Revocation has no effect on the effectiveness of data processing operations that have taken place in the past. However, in the event of revocation, we can no longer offer you the payment method “credit card”.

   Further information on data protection and your rights pursuant to GDPR Articles 15 to 21 for NEXI Germany GmbH can be found at Data Policy | Nexi.

    

2. PayPal – PayPal (Europe) S.à.r.l. & Cie. S.C.A

The data controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are made through PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments with credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to make online payments to third parties or to receive payments. PayPal also takes on fiduciary functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects "PayPal" as the payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal information connection with the respective order is also necessary for the execution of a purchase contract.

The purpose of the transmission of the data is payment processing and fraud prevention. The data controller will provide PayPal with personal data, in particular if there is a legitimate interest for the transfer. The personal data

exchanged between PayPal and the data controller may potentially be transferred by PayPal to credit reporting agencies. The reason for this transmission is for identity verification and credit checking.

PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations or to process the data on behalf of them. The data subject has the option to revoke the consent to the handling of personal data by PayPal at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing.

PayPal's applicable privacy policy is available at PayPal-Datenschutzerklärung

etracker
The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject tothe strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with theePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.

My visit data is used for web analysis.
Further information on data protection with etracker can be found here.