We are very pleased about your interest in our company. Data protection is of particular importance to the management of Atrium Apartments GmbH. Use of the Atrium Apartments GmbH website is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Atrium Apartments GmbH. By means of this data protection declaration, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, Atrium Apartments GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed through this website. However, internet-based data transmissions may, in principle, have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example, by telephone.
Atrium Apartments GmbH's privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy policy we use, among other things, the following terms:
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
e) Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymization
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or person responsible for processing
The controller or controller responsible for processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct authority of the controller or processor.
k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Atrium Apartments GmbH
Am Speyerbach 28a
67433 Neustadt n der Weinstraße
Germany
Phone: +49 1757387467
E-mail: info@atriumapartments.de
Website: www.atriumapartments.de
The Atrium Apartments GmbH website uses cookies. Cookies are text files that are stored on a computer system via an internet browser.
Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that allows websites and servers to associate the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.
By using cookies, Atrium Apartments GmbH can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.
Cookies allow us to optimize the information and offers on our website for the user. As already mentioned, cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter their login details every time they visit the website because this is done by the website and the cookie stored on the user's computer system. Another example is the cookie for a shopping cart in an online shop. The online shop uses a cookie to remember the items a customer has placed in the virtual shopping cart.
The data subject can prevent the setting of cookies through our website at any time by making the appropriate settings in the Internet browser used, thereby permanently denying the setting of cookies. Furthermore, cookies already set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully available.
The Atrium Apartments GmbH website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server's log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information used to avert dangers in the event of attacks on our information technology systems.
When using this general data and information, Atrium Apartments GmbH does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and its advertising, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. This anonymously collected data and information is therefore evaluated by Atrium Apartments GmbH both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.
The data subject has the option of registering on the controller's website by providing personal data. The personal data transmitted to the controller in this process is determined by the input mask used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be transferred to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal use attributable to the controller.
By registering on the website of the controller, the IP address assigned to the data subject by the Internet service provider (ISP), the date, and the time of registration are also stored. This data is stored because it is the only way to prevent misuse of our services and, if necessary, to enable the investigation of committed crimes. Therefore, the storage of this data is necessary to protect the controller. As a general rule, this data will not be passed on to third parties unless there is a legal obligation to do so or the transfer serves the purpose of law enforcement.
The registration of the data subject with the voluntary provision of personal data allows the controller to offer the data subject content or services that, due to their nature, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.
The controller shall provide each data subject with information, upon request, at any time about which personal data concerning the data subject is stored. Furthermore, the controller shall correct or delete personal data at the request or notification of the data subject, unless otherwise required by law. All employees of the controller shall be available to the data subject as contact persons in this regard.
Due to legal regulations, the Atrium Apartments GmbH website contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted voluntarily by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage or as far as this is granted by the European legislator or other legislator in laws or regulations to which the controller is subject to.
If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
a) Right to confirmation
Every data subject has the right granted by the European legislator to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.
b) Right to information
Any person affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller free information about the personal data concerning him or her stored at any time and a copy of this information. Furthermore, the European legislator has granted the data subject the right to obtain the following information:
the processing purposes
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, where not possible, the criteria used to determine that period
the existence of a right to rectification or erasure of personal data concerning him or her or to restriction of processing by the controller or a right to object to such processing
the existence of a right of complaint to a supervisory authority
if the personal data are not collected from the data subject: all available information about the origin of the data
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to information as to whether personal data has been transferred to a third country or to an international organization. If so, the data subject also has the right to receive information about the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right to information, he or she may contact an employee of the controller at any time.
c) Right to rectification
Any person affected by the processing of personal data has the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of providing a supplementary statement, taking into account the purposes of the processing.
If a data subject wishes to exercise this right to rectification, he or she may contact an employee of the controller at any time.
d) Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and where processing is not necessary:
The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
The data subject withdraws his or her consent on which the processing is based according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, and there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
The personal data was processed unlawfully.
The erasure of personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.
The personal data were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
If one of the above reasons applies, and a data subject wishes to request the erasure of personal data stored by Atrium Apartments GmbH, they may contact an employee of the controller at any time. The employee of Atrium Apartments GmbH will ensure that the erasure request is complied with immediately.
If the personal data was made public by Atrium Apartments GmbH and our company as the controller pursuant to Art. 17 Para. 1 GDPR is obliged to erase the personal data, Atrium Apartments GmbH shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, in order to inform other data controllers which process the published personal data that the data subject has requested the erasure by such controllers of all links to these personal data or of copies or replications of these personal data, unless processing is required. The Atrium Apartments GmbH employee will arrange the necessary measures in individual cases.
e) Right to restriction of processing
Any person affected by the processing of personal data has the right granted by the European legislator to request the controller to restrict processing if one of the following conditions applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead.
The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims.
The data subject has objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by Atrium Apartments GmbH, he or she may contact an employee of the controller at any time. The employee of Atrium Apartments GmbH will arrange for the restriction of processing.
f) Right to data portability
Every data subject shall have the right granted by the European legislator to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject may contact an employee of Atrium Apartments GmbH at any time.
g) Right to object
Any person affected by the processing of personal data has the right granted by the European legislator to object at any time to the processing of personal data concerning him or her, which is based on Article 6(1)(e) or (f) of the GDPR, for reasons related to his or her particular situation. This also applies to profiling based on these provisions.
In the event of an objection, Atrium Apartments GmbH will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If Atrium Apartments GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such advertising purposes. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to Atrium Apartments GmbH processing for direct marketing purposes, Atrium Apartments GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data concerning him or her by Atrium Apartments GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, for reasons related to his or her particular situation, unless such processing is necessary to perform a task carried out in the public interest.
To exercise the right to object, the data subject may contact any employee of Atrium Apartments GmbH or another employee directly. Furthermore, in connection with the use of information society services, the data subject is free to exercise his or her right of objection by automated means using technical specifications, notwithstanding Directive 2002/58/EC.
h) Automated decisions in individual cases, including profiling
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
Where the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller or (2) is made with the data subject’s explicit consent, Atrium Apartments GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights with regard to automated decisions, he or she may contact any employee of the controller at any time.
i) Right to withdraw consent under data protection law
Any person affected by the processing of personal data has the right granted by the European legislator to withdraw his or her consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact an employee of the controller at any time.
The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to the controller electronically, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this sense include, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).
Art. 6 I lit. a GDPR serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third parties. In that case, the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal grounds if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override them. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and our shareholders.
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiration of this period, the corresponding data will be routinely deleted unless it is no longer required for the fulfillment or initiation of a contract.
We would like to clarify that the provision of personal data is sometimes required by law (e.g. tax regulations) or can also arise from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will clarify to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of non-provision of the personal data would be.
As a responsible company, we do not use automated decision-making or profiling.
Developed by the SaaS and LegalTech specialists at Willing & Able, who also developed the system for digital GDPR processing records. The texts of the privacy policy generator were created and published by Prof. Dr. hc Heiko Jonny Maniero and attorney Christian Solmecke.
If you have given your consent, this website uses Google Analytics 4, a web analysis service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics uses cookies, which enable an analysis of your use of our website. The information collected through cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
In Google Analytics 4, IP address anonymization is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events." Events can be:
Also recorded:
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your [pseudonymous [NOT USING USER ID]] use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.
Recipient
Recipients of the data are/can be
It cannot be ruled out that US authorities will access the data stored by Google.
Third country transfer
To the extent that data is processed outside the EU/EEA and there is no data protection level corresponding to the European standard, we have taken steps to ensure an appropriate level of data protection with the service provider EU standard contractual clauses Closed. The parent company of Google Ireland, Google LLC, is based in California, USA. The transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal recourse against access by authorities.
Storage period
The data we send and linked to cookies is automatically deleted after two months. Data whose retention period has been reached is automatically deleted once a month.
Legal basis
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR [IF APPLICABLE: Art. 49a GDPR].
Revocation
You can revoke your consent at any time with effect for the future by changing the cookie settings
[cookie_settings]and change your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent cookies from being saved by selecting the appropriate settings in your browser. However, if you configure your browser to reject all cookies, some functionality on this and other websites may be restricted. Furthermore, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by selecting the appropriate settings on the browser.
a. Do not give your consent to the setting of the cookie or
b. the browser add-on to deactivate Google Analytics HERE download and install.
For more information about Google Analytics Terms of Use and Google’s Privacy Policy, please visit https://policies.google.com/?hl=de.
Data protection declaration for the online booking tool DIRS21 of TourOnline AG
The booking functionality on this website within the framework of this online booking tool (“OBT”) is
You from TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de),
hereinafter abbreviated to "TOAG". The collection and use of your data
always in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679
(GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
We – as the data controller – therefore inform you about which data
collected by us and how we process this data.
1) Personal data
Personal data within the meaning of the GDPR is all information relating to an identified
or identifiable natural person; an identifiable natural person is
which are directly or indirectly, in particular by association with an identifier such as a
name, an identification number, location data, an online identifier or one or more
several special characteristics that express the physical,
physiological, genetic, psychological, economic, cultural or social identity of these
natural person. Personal data will only be stored if this is necessary for
Provision of the booked service, to comply with legal requirements or to the subsequent
specified purpose is necessary.
2) Anonymized data / log files
You can access this online booking tool (“OBT”) without any collection of personal data
Data is required. However, certain anonymized data is stored each time the website is accessed, e.g.
which offer was accessed. However, this data is not personal and is subject to
therefore not subject to the legal regulations of the GDPR or the BDSG.
TOAG collects data about access to the OBT and saves it as “server log files.”
Data is logged as follows:
Visited website, time of access, amount of data sent in bytes,
Source/reference from which you came to the page, browser used,
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
Operating system, IP address used.
The data collected is used solely for statistical evaluations and to improve the website.
However, the website operator reserves the right to subsequently check the server log files if
concrete indications of illegal use.
Anonymous data is collected solely for statistical purposes in order to improve our services.
Please note the section "Right to Information / Right of Withdrawal".
3) Purpose of collecting personal data
However, the collection of personal data becomes essential if you use our OBT to
Book a trip or other service for which personal data is essential.
In accordance with legal regulations and in the spirit of data economy, the
As a rule, only data that is required for the provision of this service is collected.
If we ask for further information in our forms, this is always voluntary
and marked as such.
The temporary storage of the IP address by the system is necessary to ensure delivery
the website to the user's computer. For this purpose, the user's IP address must be
remain stored for the duration of the session. Log files are also stored to ensure
ensure the functionality of the website. The data also helps us to optimize the
Website and to ensure the security of our information technology systems.
The data will not be evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to Art. 6 (1) (f)
GDPR.
If you use the contact form displayed by a host,
If you would like to contact them directly, the data you provide will be transferred to this
Purpose stored and processed by us and passed on to the respective host for the purpose of
Contacting you will be transmitted. Your information will not be passed on to third parties.
In the case of booking a trip or other service, the data collected will be used for
the processing of this booking, within the legal requirements for advertising purposes and for
used for statistical purposes.
4) Legal basis for the processing of personal data
To the extent that we obtain the consent of the data subject for the processing of personal data,
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the controller is party,
data subject, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to
Processing operations necessary to carry out pre-contractual measures.
To the extent that processing of personal data is necessary to fulfil a legal obligation,
our company is subject to, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person are
If the processing of personal data is necessary, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party
necessary and the interests, fundamental rights and freedoms of the data subject outweigh the former
If there is no interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
5) Disclosure of personal data to third parties
Your personal data will only be passed on within the relevant, in particular
data protection and competition law requirements.
To the extent that this is necessary for the performance of the contractual services owed by us or legal obligations
is necessary, your data will also be passed on to subcontractors or service providers to provide the
Services in our name or on our behalf (e.g. technical processing of mail and email delivery,
Payment processing, customer service).
In addition, the data will be passed on to persons or companies to process your booking,
in particular to airlines, tour operators, hotels, travel agencies, car rental companies,
Cruise lines, authorities, etc. Please note that the data protection regulations at the location
of these persons and companies may differ from those in Germany.
In addition, your data will be disclosed and transmitted to third parties if we are required to do so by law or on the basis of
of a legally concluded legal procedure are obliged to do so.
You have the right to receive the personal data concerning you that you have provided to us in a
structured, common and machine-readable format. You also have the right to have this data
other controller without hindrance from the controller to whom the personal data
provided.
6) Storage and deletion of data
Within the scope of the purposes stated under the point “Purpose of collecting personal data”
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
Your personal data will be stored. The personal data of the data subjects
Person will be deleted or blocked as soon as the purpose of storage no longer applies.
may also be carried out if this is permitted by the European or national legislator in
Union regulations, laws or other provisions to which the controller is subject
The legislator has stipulated a variety of retention obligations and periods
Blocking or deletion of data will also occur if a violation of the aforementioned
storage period prescribed by the standards expires, unless there is a need for further
Storage of data for the purpose of concluding or fulfilling a contract.
7) Use of cookies
We use cookies (small computer files containing text information that the web server sends to your internet browser
sends) to improve your experience when visiting our online services. For example, some
Notices only appear once, if you allow us to set a cookie. Our cookies also have an expiration date.
If you manually delete your cookies before they expire, you will receive a new one the next time you visit the site.
new, unless you block the storage of the cookie.
The technical specifications stipulate that only the server can read a cookie that was sent by it.
We assure you that we do not store any personal data in cookies.
Unfortunately, the use of our services is only possible to a limited extent without accepting cookies. We therefore recommend that you
To permanently activate cookies for our website. Most internet browsers are set to
Accept cookies automatically. However, you can deactivate the storage of cookies and configure your Internet browser
so that it notifies you as soon as cookies are sent.
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f)
GDPR.
The legal basis for the processing of personal data using cookies is
For analysis purposes, if the user has given his consent, Art. 6 (1) (a) GDPR applies.
8) Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your
computer and which enables an analysis of the use of the website by you.
Information generated by the cookie about your use of this website (including your IP address) will be transmitted to a
to a Google server in the USA and stored there. Google will use this information to
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
To evaluate the use of the website in order to compile reports on website activities for the website operators
and to provide other services related to website and internet usage
Google may also transfer this information to third parties where required to do so by law
required or to the extent that third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google. You can prevent the installation of cookies by selecting
You may prevent this by setting your browser software accordingly; however, we would like to point out that in this
In this case, you may not be able to use all the functions of this website to their full extent.
this website, you agree to the processing of data about you by Google in the manner and
manner and for the purposes described above.
The Google tracking codes on this website use the function “_anonymizeIp()”, so IP addresses are only
processed in abbreviated form to exclude direct personal reference. The data collection and -
You can withdraw your consent to the storage of your data at any time with future effect. By clicking the button
"Deactivate" will completely prevent tracking. To make the objection permanent,
The browser used must accept cookies. Alternatively, data collection can be prevented by using a Google
Browser plug-ins can be rejected to prevent the information collected by cookies
(including your IP address) will be sent to Google Inc. and used by Google Inc. The following link will take you
to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de
9) Use of Google
Our online presence uses Google Fonts and the Google Fonts API to display fonts and symbols visually
When using Google Fonts, unless the data is stored on the local servers of our
online presence, Google also receives data about the use of the font functions by visitors to the
Websites collected, processed and used. Further information about data processing by
You can find Google's privacy policy at http://www.google.com/privacypolicy.html
There you can also change your settings in the privacy center so that you can
manage and protect them. The Google Fonts Terms of Use can be found at
https://fonts.google.com/about# and https://policies.google.com/terms?hl=en.
10) Use of a content delivery network
Our online presence uses “Bunny”, a so-called Content Delivery Network (“CDN”) of BUNNYWAY
doo, Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia ("Bunny"). In the case of a Content Delivery
Network is an online service that helps you to share large media files
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
(such as graphics, page content or scripts) through a network of regionally distributed and over the Internet
connected server. The use of Bunny's Content Delivery Network helps us
in optimizing the loading speed of our website. Bunny generally does not interact
with visitors to our website and does not process any personal visitor data. Should
If processing does occur in individual cases, this will be carried out in accordance with Art. 6 (1) (f) GDPR on
Based on our legitimate interest in a secure and efficient provision, as well as the
Improve the stability and functionality of our website. For more information, see
Bunny's privacy policy at: https://bunny.net/privacy.
11) Use of Error Logging
Our online presence uses Sentry. The service is provided by Functional Software, Inc., 132
Hawthorne St, San Francisco, CA 94107. The service collects and stores data from anonymized
Usage profiles are created. These are used exclusively for the analysis of error cases and the
Monitoring system stability. Cookies are used for this purpose. Data collection and
You can object to the storage by Sentry at any time with effect for the future by
deactivate cookies in your browser settings. Sentry's privacy policy is available at
Available at https://sentry.io/privacy/.
12) Use of icons
Our online presence uses so-called web fonts for the uniform display of fonts,
provided by Fonticons, Inc. When you visit a page, your browser loads the required
Web fonts in your browser cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to the Fonticons servers,
Inc. This will inform Fonticons, Inc. that your IP address is being used to send our
website was accessed. The use of web fonts is in the interest of a uniform and
appealing presentation of our online offerings. This represents a legitimate interest within the meaning of
of Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font from your computer will be used.
For more information about Font Awesome, please visit https://fontawesome.com/help and the
Fonticons, Inc. Privacy Policy: https://fontawesome.com/privacy.
13) Right to information / right of withdrawal; other rights of data subjects
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
You have the right:
a. to request information about your personal data processed by us in accordance with Art. 15 GDPR.
In particular, you can obtain information about the processing purposes, the category of personal data
Data, the categories of recipients to whom your data has been or will be disclosed, the
planned storage period, the existence of a right to rectification, erasure, restriction of
Processing or objection, the existence of a right of appeal, the origin of your data, if
these were not collected by us, as well as the existence of an automated
Decision-making, including profiling and, where appropriate, meaningful information on their
Request for details;
b. in accordance with Art. 16 GDPR, immediately request the rectification of inaccurate or incomplete data concerning you
to request the personal data we hold about you;
c. to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR,
unless the processing is necessary for exercising the right to freedom of expression and information,
to fulfil a legal obligation, for reasons of public interest or
is necessary for the establishment, exercise or defense of legal claims;
d. to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR,
if you contest the accuracy of the data, the processing is unlawful, but you
refuse to delete them and we no longer need the data, but you need it to assert,
Exercise or defense of legal claims or you have pursuant to Art. 21 GDPR
have objected to the processing;
e. pursuant to Art. 20 GDPR, your personal data that you have provided to us in a
structured, common and machine-readable format or to have it transmitted to a
other responsible persons;
f. to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has
This means that we will no longer be able to process data based on this consent in the future.
may continue and
g. to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can
to the supervisory authority of your usual place of residence or work or our
company headquarters.
To withdraw your consent to the use of data, to request information or to correct, block or
To request deletion or to exercise other data subject rights, please contact:
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
TourOnline AG Borsigstraße 26
73249 Wernau
Email: info@dirs21.de
Phone: +49 (0) 7153 9250 0
Fax: +49 (0) 7153 9250 40
These rights are of course available to you free of charge, without you having to pay any higher
Transmission costs are higher than for the basic tariffs.
Below we give you the contact address of the data protection officer of our
Company. Our data protection officer is:
Attorney Frank Hütten, Noll & Hütten Rechtsanwälte GbR, c/o TourOnline AG
Borsigstrasse 26,
73249 Wernau
Email: datenschutzanwalt@dirs21.de Tel.: +49 (0) 7153 9250 0
Fax: +49 (0) 7153 9250 40
To exercise your rights as a data subject, such as information, correction, blocking
or deletion of your personal data not directly to the data protection officer, but
first to the data protection officers named above, who will address your request
be processed immediately.
14) Security, questions and suggestions, responsible
Security also depends on your system. You should always
treat confidentially, never allow passwords to be saved by the web browser and
Close your browser window when you finish visiting our website.
that third parties are prevented from accessing your personal data.
Use an operating system that can manage user rights. Set up user rights in the family
multiple users on your system and never use the Internet under
Administrator rights. Use security software such as virus scanners and firewalls and keep
your system is always up to date.
The person responsible for this online booking tool (“OBT”) within the meaning of the data protection
DIRS21 by TourOnline AG • Borsigstraße 26 • D-73249 Wernau • T +49(0) 7153 9250 70 • F +49(0)7153 9250 40 • sales@dirs21.de • www.dirs21.de
General Data Protection Regulation and other national data protection laws of the Member States as well as other
data protection regulations is:
TourOnline AG
Borsigstrasse 26
73249 Wernau
Email: info@dirs21.de
Phone: +49 (0) 7153 9250 0
Fax: +49 (0) 7153 9250 40
EN 
DE 
PL 
CS 
RO 
SK 
BS 
SL 
SR 
RU 
HR 
BG 