Data Privacy Policy
1. Introduction
We, Deep Curl, take the protection of your personal data seriously! We treat your personal data confidentially and in accordance with the stipulations of the statutory data privacy regulations and this data privacy policy
With the following information we would like to give you – the respective “data subject” – an overview of the processing of your personal data by us, the “person responsible”. In addition, we would like to give you an insight into your rights arising from data privacy law.
In principle, our website can be used without entering personal data. If you want to use our company’s special services via our website (contact form, booking), processing of personal data will be required. The data of the travelers collected upon registration will be used to process the booking order and for customer care, i.e. the processing is necessary to fulfill the purpose of the contract; Art. 6 para. 1 sentence 1 lit. b GDPR. Furthermore, the processing is deemed necessary to protect the legitimate interests of the person responsible and is not disproportionate; Art. 6 para. 1 sentence 1 lit. f GDPR.
Your personal data, for example your name, address or email address, will always be processed in accordance with the General Data Protection Regulation (GDPR) and the stipulations of the national data protection regulations applicable to “PDeep Curl SARL”. With this data privacy policy we would like to inform you about the scope and purpose of the personal data we collect, use and process.
As the controller, we have implemented numerous technical and organizational measures to ensure as comprehensive a protection as possible with regard to the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security loopholes, thus absolute protection cannot be guaranteed.
2. Responsible body
Responsible body within the meaning of the GDPR is
Deep Curl SARL
CEO Richard Thurnes
20 Rue Esplanade
L – 9213 Diekirch
VAT ID: 69120307031
Website operator:
www.surflodgemorocco.com
3. Data Protection Officer
You can contact the data protection officers as follows:
Tanja Noack
089 599 88 361
data_protection@puresurfcamps.com
Nathalie Schubert
089 599 88 366
data_protection@puresurfcamps.com
You can contact our data protection officer directly at any time with any questions and suggestions regarding data protection.
4. Definitions
The data privacy policy
is based on the terminology used by the European directors and regulators when adopting the General Data Protection Regulation (GDPR). Our privacy policy is designed to be easy to read and understand for both the public and for you, our customers, guests and business partners. To ensure that this is the case, we would like to specify and explain the terms used in advance.
We use the following terms in this data privacy policy:
Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable person is a natural person who, directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
Affected person
Affected person is any identified or identifiable natural person whose personal data are processed by the controller (our company).
Processing
Processing is any operation or series of operations carried out with or without the help of automated processes in connection with personal data such as the collection, organization, organization, storage, adaptation or modification, reading, querying, use, the disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling
Profiling is any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects that relate to a natural person, in particular to aspects related to work performance, economic situation, health, personal Analyze or predict the preferences, interests, reliability, behavior, location or relocation of this natural person
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
Processor
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.
Recipient
The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under EU law or the law of the Member States are not considered recipients.
Third party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor.
Consent
Consent is any expression of will voluntarily given by the data subject for the specific case in an informed manner and unequivocally in the form of a declaration or other clear confirmatory act, with which the data subject indicates that they consent to the processing of their personal data.
5. Legal basis for data processing
Art. 6 para. 1 sentence 1 lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary to fulfill a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the execution of a trip or the provision of other services or considerations, the data processing is based on Art. 6 para. 1 sentence 1 lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual efforts, for example in cases of inquiries about our products or services.
If we are obliged by law to process personal data, such as to fulfill tax obligations, the data processing is based on Art. 6 Para. 1 S. 1 lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or other natural persons. This is the case, for example, if a visitor to our company was injured and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. The data processing would then be based on Art. 6 para. 1 sentence 1 lit. d GDPR.
Ultimately, processing operations can be based on Art. 6 Para. 1 S. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this provision if processing is necessary to safeguard the legitimate interests of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject shall not outweigh such interests . We are allowed to carry out these data processing operations since they have been explicitly specified and deemed legitimate by the European legislator. The European legislator opined that a legitimate interest within the meaning of Art. 6 Para. 1 S. 1 lit. f GDPR can reasonably be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).
6 Types of data processed
6.1 Data categories
We process the following categories of data to process your trip and to protect our legitimate interests: inventory, contact, content, contract, payment, usage, meta and communication data.
m
6.2 Special categories of data
In principle, no special categories of data are processed, unless these are processed by the user, e.g. if there are allergies and intolerances that should be communicated to the surf camp team or the carrier.
6.3. Categories of data subjects
Visitors and users of our online offer, customers, interested parties, suppliers, business partners, tour operators
7 Minimum age 16 years
In order to use / fill in our inquiry or booking forms, you must be at least 16 years old. If this is not the case, please ask your parents for permission to fill in and send the form. Since we can only process your data, i.e. process your request or booking, with the consent of your parents, we ask you to obtain this permission in advance.
8 Technology
8.1 SSL / TLS encryption
This site uses an SSL or TLS encryption with the SHA-256 bit security algorithm with RSA encryption. You can recognize an encrypted connection by the fact that “https: //” appears in the address line of the browser instead of “http: //” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
8.2 Data collection when visiting the website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (in so-called “server log files”). Every time you or an automated system calls up a page, our website collects a series of general data and information. This general data and information will be stored in the server’s log files. The following data can be recorded
· Browser types and versions used,
· the operating system used by the accessing system,
· the website from which an accessing system reaches our website (so-called referrer),
· the sub-websites which are accessed via an accessing system on our website,
· the date and time of access to the website,
· an Internet protocol address (IP address),
· the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions from it regarding your identity. This information is in fact needed to
· deliver the content of our website correctly,
· optimize the content of our website and the advertising for it,
· ensure the long-term functionality of our IT systems and the technology used and
· to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack.
This data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure the highest level of protection of the personal data we process. The data of the server log files are stored separately from all personal data provided by a data subject and are deleted every 2 weeks.
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest results from the data collection purposes specified above.
9. Disclosure of data to third parties
Your personal data will not be transmitted to third parties for purposes other than those specified hereunder.
We only transmit your personal data to third parties if the following applies:
· Art. 6 para. 1 sentence 1 lit. a GDPR: you have given your express consent
· Art. 6 para. 1 sentence 1 lit. b GDPR: the disclosure is necessary for the processing of contractual relationships with you
· Art. 6 para. 1 sentence 1 lit. c GDPR: there is a legal obligation disclose the data
· Art. 6 para. 1 sentence 1 lit. f GDPR: the transmission
· is permitted to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data
10. Cookies
10.1 General information about cookies
We use cookies on our website. These are small files created automatically by your browser and saved on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your end device and do not contain viruses, trojans or other malware.
Information is stored in the cookie, which results in connection with the specific device used. However, this does not mean that we immediately become aware of your identity.
On the one hand, the use of cookies ensures that the use of our offer is more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. Session cookies are automatically deleted after leaving our site.
In addition, we also use temporary cookies, i.e. cookies stored on your device for a specific period of time, to optimize user-friendliness. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These cookies enable us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined time.
The data processed by cookies are required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
Most browsers accept cookies automatically. However, by configuring your browser accordingly you can prevent it from placing cookies on your computer or ensure that you are notified before a new cookie is placed. Please note that the complete deactivation of cookies might mean that you cannot use all features of our website.
11. Contents of our website
11.1 Data processing for travel arrangements
The personal data collected by us will be transmitted to the company /companies commissioned with the realisation of the tour as far as this is necessary to process your booking. The legal basis for the transmission of the data is Art. 6 Para. 1 S. lit. b GDPR.
11.2 Establishing contact / contact form
When you contact us (e.g. via contact form or email), the following personal data is collected: first name, last name, email, telephone number. This data is stored and used exclusively for the purpose of answering your request or for contacting you as well as for the technical administration regarding your request. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 S. lit. f GDPR. If your request aims at the conclusion of a contract, the additional legal basis for the data processing is Art. 6 Para. 1 S. lit. b GDPR. Your data will be deleted after the final processing of your request. This is the case if it can be inferred from the circumstances that the matter concerned has been finally clarified and if no statutory retention requirements apply.
11.3 Application management / job exchange
We collect and process applicants’ personal data for the purpose of handling the application process. Data processing can also be done electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, e.g. by email. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be deleted six months after the announcement of the rejection decision. In order to be able to prove equal treatment during the application process, we have a legitimate interest in storing the applicants´ data for the period within which claims can be asserted and we -consequently- have to provide e.g. evidence in a legal proceeding under the German General Equal Treatment Act (AGG).
Data processing for application management is carried out solely on the basis of our legitimate interest pursuant Art. 6 Para. 1 S. lit. f GDPR.
12 Newsletter delivery
Existing customers:
If you have provided us with your email address upon purchase of a trip, we are entitled to sending you emails to this email address on a regular basis about offers and trips similar to those already purchased. We do not need to obtain separate consent from you for this in accordance with Section 7 (3) UWG. The respective data processing is based solely on our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 S. lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for advertising at any time with future effect by notifying us. Upon receipt of your objection, we will immediately stop using your email address for advertising purposes. If you are interested, you can subscribe to the newsletter on our website. The personal data transmitted to us when you subscribe to the newsletter are determined by the registration mask used for this purpose.
We inform our customers on a regular basis about our offers by means of a newsletter. The newsletter of our company can only be received by you if you have subscribed to the newsletter by providing a valid email address. For legal reasons, a confirmation email will be sent to the email address given in your newsletter request in a double opt-in procedure. This confirmation email helps us to ensure that you, as the owner of the email address, have actually authorized the receipt of the newsletter.
When you subscribe to the newsletter, we also save the IP address of the IT system you are using at the time of subscription, as well as the date and time of the subscription itself. The collection of this data is necessary for us to understand the (possible) misuse of your e-mail address at a later point in time and therefore serves our legal protection.
The personal data collected when you register for the newsletter will only be used to deliver our newsletter. In addition, subscribers to the newsletter could be informed by email if this is necessary for the operation of the newsletter service or for a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. The personal data collected as part of the newsletter service is not transmitted to third parties. You can unsubscribe from our newsletter at any time. The consent regarding the storage of personal data that you have given us for delivering the newsletter can be revoked at any time. For the purpose of revoking said consent, we provide an opt-out link in every newsletter.
If you wish to unsubscribe from the newsletter, please click the unsubscribe link at the end of the newsletter or send an email with your request to: data_protection@puresurfcamps.com
The legal basis for data processing for the purpose of delivering the newsletter is Art. 6 Para. 1 S. lit. a GDPR.
12.1 CleverReach
This website uses technology provided by CleverReach (CleverReach GmbH & Co. KG, Mühlenstr. 43, D- 26180 Rastede) to deliver newsletters
CleverReach is a newsletter service with which the newsletter dispatch can be organized and analyzed. The data you enter for newsletter subscription (e.g. email address) will be saved on CleverReach’s servers in Germany and Ireland.
Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients such as – inter alia- how many recipients open the newsletter message and how often each link contained in the newsletter is clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. the purchase of a product on our website) has taken place after clicking the link in the newsletter. For more information on data analysis through the CleverReach newsletter service, please see: www.cleverreach.com/de/funktion/reporting-und-tracking/.
Data will be processed solely if you have given your consent pursuant to Art. 6 Para. 1 S. lit. a GDPR. You can revoke your consent at any time by unsubscribing from the newsletter. The lawfulness of data processing that has already taken place prior to you unsubscribing from the newsletter shall remain unaffected.
If you do not wish any analysis by CleverReach to happen, you must unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter message.
The data you have given us for the purpose of subscribing to the newsletter will be processed by us until you unsubscribe from the newsletter and, after your unsubscribing from the newsletter, will be deleted from both our servers and the servers of CleverReach.
You may learn more about CleverReach’s data privacy regulations at: https://www.cleverreach.com/de/datenschutz/.
Such an evaluation is carried out in particular in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interests in displaying personalized advertising, carrying-out market research and / or designing our website to meet your needs.
13 Web Analysis
13.1 Facebook Pixel (Custom Audience)
This website uses the “Facebook Pixel” by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If explicit consent is given, the behavior of users can be tracked after they have seen or clicked on a Facebook advertisement. This procedure conduces to evaluate the effectiveness of Facebook advertisements for statistical and market research and helps to optimize future advertising efforts.
The data collected is anonymous to us; consequently, we cannot identify the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising efforts in accordance with its data privacy policy (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to place advertisements on and outside of Facebook. A cookie can also be stored on your computer for these purposes. These processing operations take place only if express consent is given in accordance with Art. 6 Para. 1 S. lit. a GDPR.
Users who are older than 13 but have not yet reached the age of 16 do need the consent of their parents in order to use Facebook pixel.
Facebook Inc., based in the USA, is certified under the US-European data privacy agreement “Privacy Shield”, which guarantees compliance with the data privacy level applicable in the EU.
In order to deactivate the use of cookies on your IT system, you can configure your internet browser in a way that no cookies can be stored on your IT system or cookies that have already been stored will be deleted. Disabling all cookies can, however, mean that certain features of our website can no longer be performed. You can block the use of cookies by third parties on the following website of the Digital Advertising Alliance: www.aboutads.info/choices/
13.2 Google Analytics
On our website we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this context, pseudonymized usage profiles are created and cookies (see section 4 hereunder) are used. The information collected by the cookie about your usage of this website such as
· Browser type / version,
· operating system used,
· referrer URL (the previously visited page),
· host name of the accessing computer (IP address),
· time of the server request,
will be transmitted to and stored by Google on servers located in the United States. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for market research and the needs-based design of this website. This information may also be transmitted to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by configuring your browser software accordingly; however, we would like to point out that in this case not all features of our website can be used to the full extent.
Google Analytics is used for optimizing and designing our website as required, which constitutes a legitimate interest within the meaning of Art. 6 Para. 1 S. lit. f GDPR.
You can prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) and the processing of your data by Google Analytics by installing the Google Analytics opt-out browser add-on available under https: //tools.google.com/dlpage/gaoptout?hl=de.
Further information on data privacy regarding Google Analytics is provided here https://support.google.com/analytics/answer/6004245?hl=de.
We have implemented Google Analytics with activated IP anonymization. This means that the IP address of the user is encrypted by Google on the territory of member states of the European Union or contracting states of the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is transmitted directly to a Google server in the USA and encrypted there.
13.3 Google Analytics Remarketing
We have implemented Google Remarketing services on this website. Google remarketing is a function of Google AdWords that enables a company to provide advertisements to Internet users who have previously accessed the company’s website. The integration of Google Remarketing therefore allows a company to create user-related advertising and consequently to display interest-based advertisements to the Internet user.
Google Remarketing is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google remarketing is to display interest-based advertising. Google remarketing enables us to display advertisements via the Google advertising network or to display them on other websites that are customized with regard to the individual needs and interests of Internet users.
Google remarketing places a cookie on the data subject’s IT system. This will enable Google to identify visitors of our website whenever they subsequently access websites that are also part of the Google advertising network. Every time you access a website which operates Google Remarketing, your internet browser will automatically be uniquely identified by Google. As part of this technical process, Google gains knowledge about your personal data, such as your IP address or surfing behavior, which Google uses, inter alia, to display interest-relevant advertising.
Cookies are used to store personal information, such as the websites you visit. Each time you visit our website, personal data, including your IP address, is transmitted directly to Google in the United. The personal data are stored by Google on servers located in the United States. Google may transmit these personal data to third parties.
You can prevent the setting of cookies by our website, as already described above, at any time by configuring the internet browser you use accordingly and thus permanently object to the setting of cookies. The said configuration of the internet browser used also prevents Google from placing a cookie on your IT system. In addition, a cookie already placed by Google Analytics can be deleted at any time via the internet browser or other software programs.
You can also object to Google’s interest-based advertising by clicking the link www.google.de/settings/ads from every internet browser used and entering the desired settings there.
Such an evaluation is carried out in particular in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in displaying personalized advertising, doing market research and / or designing our website to meet your needs.
Further information and the applicable data privacy policy of Google can be found at www.google.de/intl/de/policies/privacy/.
14. Advertising
14.1 Google (AdWords) remarketing
Our website uses the internet service Google AdWords remarketing in order to advertise this website in the Google search results as well as on third-party websites. The service provider is Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, Google places a cookie in the internet browser of your end device, which automatically enables- based on which pages you access- interest-based advertising by using a pseudonymous cookie ID. The respective data processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 S. lit. f GDPR.
Any further data processing will only take place if you have agreed to Google linking your internet and app browser history to your Google account and using information from your Google account to personalize advertisements that will be displayed to you on the internet .If you are logged in to Google in this case while accessing our website, Google uses your data combined with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google temporarily links your personal data to Google Analytics data to form target groups.
You can permanently deactivate the setting of cookies for advertising specifications by downloading and installing the browser plug-in available via the following link: www.google.com/settings/ads/onweb/
Alternatively, you can inform the Digital Advertising Alliance at www.aboutads.info about the placement of cookies and enter specific settings. Finally, you can configure your browser in a way that you are notified about the placement of cookies and thus be able to decide on a case-by-case basis whether to accept them or exclude the acceptance of specific cookies or cookies in general. If cookies are not accepted, the functionality of our website may be restricted.
Google LLC, based in the USA, is a certified entity regarding the US-EU Privacy Shield.The EU-US Privacy-Shield is an agreement between the European Union and the USA that guarantees the compliance with European data protection standards in the USA.
For further information on Google and its data privacy policy regarding advertising please click here: www.google.com/policies/technologies/ads/
14.2 Google AdWords with conversion tracking
We have integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place advertisements in both the Google search engine results and the Google advertising network. Google AdWords enables an advertiser to define certain keywords in advance, by means of which an advertisement is only displayed in the Google search engine results if the user uses the search engine to retrieve a keyword-relevant search result. The ads are distributed within the Google advertising network on topic-related websites by using an automatic algorithm and in accordance with the previously defined keywords.
Google AdWords is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
We use Google AdWords to advertise our website by displaying interest-based advertising on the websites of third-party companies, in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If you access our website via a Google ad, Google places a so-called conversion cookie on your IT system. A conversion cookie becomes ineffective after thirty days and is in no way used to identify you. The conversion cookie is used to determine whether certain sub-pages of our website, such as the booking or inquiry form, have been accessed. The conversion cookie enables both us and Google to determine whether a user, who has accessed our website via an AdWords ad, has generated sales, i.e. has completed or canceled a booking.
Google uses the personal data and further information collected through the use of the conversion cookie to compile visitor statistics for our website. We use these visitor statistics to determine the total number of users who were referred to us by AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor any other Google AdWords advertisers receive information from Google that can be used to identify you.
The conversion cookie is used to save personal data, such as the websites you visit. Each time you access our website, personal data, including the IP address of the internet connection you use, is transmitted to Google in the United States. These personal data are stored by Google on servers located in the United States. Google may transmit these personal data to third parties.
You can prevent the placement of cookies by our website at any time by configuring the internet browser you use accordingly and thus object permanently to the placement of cookies. Such a configuration of your internet browser also prevents Google from placing a conversion cookie on your IT system. Furthermore, a cookie already placed by Google AdWords can be deleted at any time via your internet browser or other software programs.
You can also object to Google’s interest-based advertising by to calling up the link www.google.de/settings/ads from your internet browser and entering the desired settings.
Such an evaluation is carried out in particular in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interests in the display of personalized advertising, market research and / or the needs-based design of its website.
15 Plugins and other services
15.1 Google Maps
On our website we use Google Maps (API), an internet service provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. By using this service, e.g. our location can be shown to you and any trip can be made easier.
As soon as you call up those sub-pages into which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and saved there, regardless of whether Google provides a user account that you are logged in to or whether you do not have user account. If you are logged in to a Google user account, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out of your Google user account. Google saves your data (even regarding users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out in particular in accordance with Art. 6 (1) lit. f GDPR based on Google’s legitimate interests in displaying personalized advertising, carrying out market research and / or designing its website in line with requirements. You have a right to object to the creation of these user profiles, although you must contact Google to exercise it.
Google LLC, based in the USA, is a certified entity regarding the US-EU Privacy Shield.The EU-US Privacy-Shield is an agreement between the European Union and the USA that guarantees the compliance with European data protection standards in the USA.
If you do not agree to the future transmission of your data to Google when using Google Maps, you can also completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Subsequently, Google Maps and thus the map display on this website cannot be used any longer.
We use Google Maps to ensure an attractive presentation of our online offers and to make it easier to determine and find the locations we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 S. lit. f GDPR.
For Google’s terms of use please click here www.google.de/intl/de/policies/terms/regional.html; the additional terms of use for Google Maps can be found at www.google.com/intl/de_US/help/terms_maps.html
For further detailed information on data privacy regarding the use of Google Maps please access the Google website (“Google Privacy Policy”) via the following link: www.google.de/intl/de/policies/privacy/
15.2 Google Tag Manager
This website uses Google Tag Manager, a cookie-free domain that does not collect any personal data.
In Google Tag Manager, we have stored a user-defined script tag with JavaScript code that enables you to opt-out from Google Analytics Tracking and Facebook Pixel. You can find both opt-out links placed in the respective sections of our data privacy policy.
With this tool “website tags” (i.e. keywords, which are integrated in HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically determine which button, link or personalized image you have actively clicked on and thus are able determine which content of our website is of particular interest to you.
The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have set a deactivation either at domain or at cookie level, this remains in effect for all tracking tags that are implemented with Google Tag Manager.
Google Tag Manager is used for convenient and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 S. lit. f GDPR.
15.3 YouTube (videos)
We have integrated YouTube components on this website. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, evaluate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and TV programs, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Each time you access one of our website’s individual pages on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download the display of the respective YouTube component from YouTube. Further information on YouTube can be found at www.youtube.com/yt/about/de/. In the context of this technical process, YouTube and Google receive information as to which specific subpage of our website you are accessing.
If you are logged in to YouTube at the same time as accessing our website, YouTube recognizes which specific subpage of our website you are visiting when calling up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.
YouTube and Google always receive information about the fact that you have visited our website via the YouTube component if you are logged in to YouTube at the same time as accessing our website; this happens regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website.
YouTube is used to ensure the convenient and easy use of our website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 S. lit. f GDPR.
The data privacy policy published by YouTube that is available at www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.
15.4 Facebook plugins (like button)
We have integrated plugins provided by the social network Facebook that is operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA into our website. You can recognize the Facebook plugins by the Facebook logo on the “Like” button on our site. You can find an overview of the Facebook plugins here: developers.facebook.com/docs/plugins/.
When you access our website, the plugin sets up a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site along with your IP address. If you click on the Facebook “Like” button while being logged in to your Facebook account, you can link the content of our website to your Facebook profile. This enables Facebook to assign your visit to our website to your user account. We would like to point out that we -as the provider of the website- do not have any knowledge about the content of the data transmitted to Facebook or about how the respective data are used by Facebook.
Facebook is certified under the Privacy Shield Agreement and thus guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Via the integrated plugins, Facebook receives the information that a user has called up the respective web page of the online offer. If the user is logged in to their Facebook account, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by pressing the Like button or leaving a comment, your device will transmit the respective information directly to a Facebook server on which it will be saved. Even if a user is not a member of Facebook, Facebook will possibly save his IP address. According to Facebook, only an anonymized IP address is saved in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options for protecting the privacy of the users can be found in Facebook’s data privacy information: www.facebook.com/about/privacy/.
If you are a Facebook member and do not wish Facebook to collect data about you via this online offer and link it to your member data stored on Facebook, you must log out of your Facebook account before using our online offer and delete your cookies. Further settings and objections regarding the use of personal data for advertising purposes are possible within the Facebook profile settings: www.facebook.com/settings or via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices. com. The settings are independent from the platform, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Alternatively, you can click on the “Disable Facebook Tracking” button below to prevent future collection of your data when you access this website. An opt-out cookie is placed. This opt-out cookie is only effective in this browser and only for our website and is saved on your device. If you delete the cookies in this browser, you have to place the opt-out cookie again. Please note that after deactivating Facebook tracking, our website will only function to a limited extent and elements from Facebook may not be displayed. If you would like to reactivate Facebook tracking, simply click “Activate Facebook tracking again”.
15.5. Instagram plug-in
Functions of the Instagram service are integrated on our website. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our website with your user account. We would like to point out that, as the provider of the website, we do not have any knowledge of the content of the data transmitted or on how it is used by Instagram. For more information, see Instagram’s data privacy policy: instagram.com/about/legal/privacy/
16 Your rights as a data subject
16.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data in question is being processed.
16.2 Right to information, Art. 15 GDPR
You have the right to receive information from us free of charge at any time about the personal data stored about you and a copy of this data.
16.3 Right to rectification, Art. 16 GDPR
You have the right to request us to rectify any inaccurate or incomplete personal data we hold about you.
16.4 Right to Erasure, Art. 17 GDPR
You have the right to have your personal data we hold about you erased, if we do not have a legal reason to continue to process and hold it..
According to legal requirements, particular personal data is held for 6 years pursuant § 257 (1) HGB (commercial books, inventories, opening balance sheets, annual accounts, commercial letters, booking receipts, etc.) and for 10 years pursuant § 147 (1) AO (books, records, management reports , Booking vouchers, commercial and business letters, documents relevant for taxation, etc.).
We delete requests if they are no longer necessary. We check the necessity every two years. We delete inquiries and emails that resulted in a booking every three and a half years after the end of the calendar year in which the contract was fulfilled. In the case of statutory archiving obligations, we will delete the respective data after expiry of the statutory retention periods (end of commercial law (6 years) and tax law (10 years) retention obligation).
16.5 Restriction of processing, Art. 18 GDPR
You have the right to ask us to restrict how we process your data subject to Art. 18 GDPR. In this case we will be permitted to store the data but not to further process it.
16.6 Data portability, Art. 20 GDPR
You are entitled to receive personal data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent in accordance with Art. 6 Para. 1 S. lit. a GDPR or Art. 9 Para. 2 S. lit. a GDPR or on a contract in accordance with Art. 6 Para. 1 S. lit. b GDPR and the processing is carried out by using automated processes, unless the processing is necessary for the performance of a task that is in the public interest or for the exercise of official authority that has been transferred to us.
16.7 Right to object to data processing, Art. 21 GDPR
You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation provided that the data processing is based on Art. 6 Para. 1 S. lit. e (data processing in the public interest) or f (data processing based on a balance of interests) GDPR.
This also applies to profiling within the meaning of Article 4 (4) GDPR that is based on the aforementioned provisions.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we process personal data in order to operate direct mail. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is connected to such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you, which we do for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR unless such processing is necessary to perform a task in the public interest.
You are free to exercise your right to object in connection with the use of information society services, regardless of Directive 2002/58 / EC, by using automated procedures that use technical specifications.
16.8 Withdrawal of consent pursuant Art. 7 GDPR
If you have given us your consent to process your data but change your mind later, you have the right to withdraw your consent at any time by sending an email or written letter to our contact address as stated above. We will stop processing your data accordingly.
16.9 Complaint to a supervisory authority
You have the right to lodge a complaint with the competent supervisory authority about how we process your personal data.
17 Routine storage, deletion and blocking of personal data
We only process and store your personal data for the period of time necessary to achieve the storage purpose or stipulated by applicable statutory provisions.
If the retention purpose ceases to exist or a stipulated retention period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
18 Duration of retention of personal data
The criterion for the duration of the retention of personal data is the respective statutory retention period, stipulated by German law (Commercial Code, GoBD and Tax Code). After expiry of the statutory retention period, the respective data will be routinely deleted, provided that it is no longer required to perform or initiate a contract.
19 Up-to-dateness of the data privacy policy; amendments
This data privacy policy is currently effective and was last updated in June 2018.
We may amend this data privacy policy from time to time due to the further development of our websites and offers or due to changes to legal or official requirements. This only applies, however, to declarations regarding data processing. If user consent is required or parts of the data privacy policy contain stipulations regarding the contractual relationship with the users, we will only amend the privacy policy if the user consents to the amendment. Users are asked to inform themselves regularly about the content of the data privacy policy. You can call up and print out the current data privacy policy at any time on the website at “https://www.surflodgemorocco.com/privacy”.