Data protection declaration

HolidayCheck AG / HC Touristik GmbH

zu Deutsch wechseln

print this page


In this data protection declaration, we provide you with all relevant information on the processing of your personal data (hereinafter also referred to as ‘data’) by HolidayCheck. We place the greatest possible importance on transparency. Please contact us under datenschutz@holidaycheck.com if you have any questions or comments.

Data protection declaration – list of content

  1. General information
    1. The scope of this data protection declaration
    2. The controllers for the processing of your data
    3. The data protection officer
  2. The data we process
  3. What we do with your data
    1. When you register with us
    2. When you book with us
    3. When you post a review or upload media
    4. In the course of our customer service
    5. When you book a journey with HC Touristik GmbH (HolidayCheck Reisen)
    6. When you become a HolidayCheck Premium member
    7. To prevent fraud/protect against any misuse of our services
    8. To develop and improve our services and processes
    9. To send you newsletters and other information
    10. When you access/use our website/application (tracking)
    11. On our social media fan pages
    12. When you take part in a prize competition
    13. When you use the HolidayCheck Shop
    14. When you use the HolidayCheck Business Center
    15. To meet the requirements of the Digital Services Act (DSA)
  4. When and how we transmit data
  5. How long we store data
  6. Your rights
  7. Changes to this data protection declaration

I. General information

The processing of your personal data is carried out in compliance with the Swiss and European data protection laws.

You have neither a contractual nor a legal obligation to provide personal data. However, if you do not provide personal data, we may not be able to render some of our services or not in the same form and quality.

1. The scope of this data protection declaration

In this data protection declaration, we inform you about how we process your data when you

  • access or use one of our websites which are available for example under holidaycheck.de / .at / .ch (including of all sub-domains operated under these domains) or our applications.
  • make use of our services and offers via one of our websites, an app or in any other way, e.g. by phone, E-mail or chat.

2. The controllers for the processing of your data

HolidayCheck is not a single company. HolidayCheck consists of different companies which are combined under the umbrella of HolidayCheck Group AG and which render various services within the Group or for our customers.

The controllers for processing your personal data in the scope of this data protection declaration are:

  • - HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, Switzerland, as the operator of our review and booking portal.
  • - If you have booked a journey with HC Touristik GmbH (HolidayCheck Reisen), the controller is HC Touristik GmbH, Neumarkter Strasse 61, 81673, München, Germany.

    (HC Touristik GmbH offers hotel accommodation and package holidays as a tour operator under the brand name HolidayCheck Reisen via the booking portal HolidayCheck AG. The controllership of HC Touristik GmbH is limited to the data processing activities listed in Section III. 5.)

3. The data protection officer

You can contact our data protection officer by mail via the contact data listed under 2. (Attn. Data Protection Department) or via e-mail to datenschutzbeauftragter@holidaycheck.com.

II. The data we process

Depending on the services you use and the way you contact us, the collection and processing of different data is necessary. The necessary data are collected via online forms, by phone or in other ways, but directly from you.

To help you to understand this data protection declaration, we classify the different types of data in the following categories:

  • Account data

    Data for the provision of your personal log-in area and data which you store in your log-in area. You must enter your email address and password. Mandatory data are your e-mail address and your password. Further data such as name, address or a profile picture can be stored in your login area on a voluntary basis. Additionally, Information about the service through which you signed in. Dates, times and technical information about your signing in, confirmation and signing out; data given by you when you sign in.

    If you log in with Apple, Facebook or Google, we exchange the necessary data with Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Irland, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. This means that Apple, Facebook or Google learns that you are active on HolidayCheck and that we will receive personal profile data from Facebook/Google.

  • Address data

    Street, house number, any additional address components, postal code, city/town, country

  • Booking data

    Data on the products ordered, prices, payment and delivery information

    These data are not collected directly from you, they are created in the course of your use of our services.

  • Contact data

    Phone number(s), fax number(s), email address(es)

  • Personal master data

    Title, title, first name(s), surname, and date of birth

  • Usage data

    Information about the users' behaviour on our website and interaction with our services.

  • Payment data

    Bank account data, credit card data, data on other payment services such as PayPal

  • Access data

    Date and time when you visit our services, the website from which the accessing system came to our website, pages called up during use, session identification data (session ID) and the following information about the computer system which accesses our website: internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.

III. What we do with your data

We collect and process your data especially to be able to provide you with the desired services.

1. When you register with us

When you register with us, we particularly process your account data to provide you with your personal log-in area. These data are defined by you when you register on our website, and you can change them at any time via your log-in area.

We use the data stored in the context of your bookings and reviews (see sections III. 2 and III. 3) in order for you to access your bookings and reviews via your login area. It is up to you to decide what data you publish in postings on our forum. We only use such data to publish these postings in the forum and, if necessary, in the context of moderation.

Data processed:

Account data, booking data, additional data you choose to save in your profile or on the forum.

Legal basis:

The legal basis for the processing of your data for the purpose of providing a service requested by you is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

2. When you book with us

With HolidayCheck you can book package holidays, hotel accommodation and additional services such as rental cars, travel cancellation insurance or airport lounges.

Booking / support

When you ask us about a booking via our booking form, by phone, email, chat or in other ways, we process the necessary data to prepare relevant offers for you and provide you with the best possible advice regarding an intended trip in our function as a travel agent.

When you make a booking with us, we collect and process the necessary data for the conclusion of the contract, the implementation of your booking and the provision of effective support. This also includes the transmission of your data to the relevant tour operator and the other suppliers of the booked services, such as insurance companies or lounge operators. Further information about the transmission of data can be found in Section IV.

If you wish to collect bonus points/miles in connection with your booking, we process the necessary data to ensure that the bonus points/miles can be credited.

If you wish to use a voucher in the course of your booking, or if you are entitled to a refund of part of the travel price for other reasons, we process the necessary data to carry out the refund.

If you address special requirements or requests to us as part of your booking or make corresponding reservations through us, we process the necessary data in order to process your request and forward it to the respective provider of the relevant service and, if necessary, to make the desired reservations.

In case of a complaint arising in the context of your booking, we process the necessary data to clarify the facts and to process the complaint or to support the respective tour operator in clarifying the facts and processing the complaint.

In the event that we have obtained important information concerning an existing booking, which we have to provide to you in order to comply with our own information obligations, the information obligations of the tour operator or to protect your interests and the interests of your fellow travellers, we process the necessary data to contact you and provide you with the relevant information.

Data processed:

This generally involves personal master data, contact data, address data, payment data and booking data. Additional data may be stored and processed in individual cases in connection with your correspondence with us.

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Insofar as we process special categories of personal data within the meaning of Art. 9 GDPR on your behalf in the context of special requirements or requests or corresponding reservations, we process this data on the basis of your consent in accordance with Art. 6 paragraph 1 letter a GDPR.

Insofar as we contact you to protect your interests and the interests of your fellow travellers to provide you with important information, we process the necessary data on the basis of our legitimate interests in accordance with Art. 6 paragraph 1 letter f GDPR, whereby our legitimate interests lie in the protection of our customers and their fellow travellers.

Scheduling of appointments - Callback service

We use a callback service of VirtualQ GmbH, Spittastr. 2, D- 70193 Stuttgart, Germany. You can use the form on our website to schedule a personal callback appointment with our customer service, by entering your preferred time and date and your phone number. Your phone number will only be used to conduct the requested callback. The data will be deleted after 30 days in accordance with data protection regulations.

Processed data:

Phone number, IP address, metadata, call time and call duration.

Legal basis:

The legal basis for the processing of your data is the performance of precontractual measures upon your request pursuant to Art. 6 paragraph 1 letter b of the GDPR.

Rental car

If you ask us about the booking of a rental car via our website, by phone, email, chat or in any other way, we process the necessary data to prepare relevant offers for you.

If you book a rental car through us, we collect and process the necessary data for the conclusion of the contract, the implementation of your booking and the provision of effective support. This also includes transferring your data to the relevant rental car provider and the other suppliers of the of the booked services.

The preparation of the offers and the booking of your rental car are carried out by Driveboo AG, Bahnweg 8, 8598 Bottighofen, Switzerland (https://www.driveboo.com/privacy.html), a company of HolidayCheck Group AG.

Further information about the transmission of data can be found in Section IV.

Data processed:

This generally involves personal master data, contact data, address data, payment data and booking data. Additional data may be stored and processed in individual cases in connection with your correspondence with us.

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Quality assurance:

If you contact us by phone in connection with a booking or support request, we record some conversations for training purposes and to improve our service quality. However, such recordings are only made if you give us your explicit consent to do so.

Data processed:

Content of the conversation, especially but not only personal master data, contact data, address data, payment data and booking data.

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

3. When you post a review or upload media

HolidayCheck AG operates the largest German-speaking opinion portal on travel and holidays on the internet. Users have the opportunity to submit personal reviews and upload photos via our portal.

Publication:

If you submit a review via our online form or upload an image, we collect and process the necessary data to ensure the publication of the review/the image on our platform.

Data processed:

In the event of a review: first name(s), age, the country where you live, email address, information about the nature of your travel group, details on the reason for your journey, information about the duration and time of your trip and the content of your actual review.

In the event of an image: first name(s), email address and the data content of the uploaded image or file / Metadata.

Legal basis:

The legal basis for the processing of your data for the purpose of providing a service requested by you is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Quality assurance:

In addition, we process the necessary data to check and ensure the quality and authenticity of the content and its compliance with our terms of use.

Data processed:

In the event of a review: IP address, first name(s), age range, the country where you live, email address, information about the nature of your travel group, information about the reason for your journey, information about the duration and time of your trip and your actual review.

In the event of an image: IP address, first name(s), email address and the data contained in the image or file.

In individual cases we may request additional proof of accommodation for further verification.

Legal basis:

The legal basis for the processing of the data are our legitimate interests in such processing pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in publishing only qualitatively verified and authentic reviews and images.

Hotel terminals:

If you enter your email address in a hotel using one of our terminals, we use this email address to send you a request to submit a review.

Processed data:

Email address

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

Partnerships:

We work together with various partners which offer you voucher codes or other privileges/benefits if you enter a review via our portal.

If you enter a review on our portal in the context of such a partnership, we use your email address to send you the voucher code or the necessary information about the other privileges/benefits. In cases where the sending is done by our partner, this includes the transfer of your e-mail address to the respective partner.

Processed data:

E-Mail-address

Legal basis:

The legal basis for the processing of your data for the purpose of providing a service requested by you is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Bonus and Miles programmes:

If you want to collect bonus points/miles when you submit your review, we process the necessary data to ensure that the bonus points/miles are credited to you. To do this we only use the data which you have personally entered into the relevant form. This also includes the transfer of your data to the provider of the respective program.

Processed data:

Ihre Meilennummer oder sonstige Identifikationsnummer beim jeweiligen Bonus- oder Meilenprogramme, die ID der relevanten abgegebenen Bewertung, Destination, Vorname, Nachname.

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

4. In the course of our customer service

As part of our general customer service, we process enquiries and complaints from customers, potential customers and hoteliers.

When you send us an enquiry, we process the necessary data to deal with and reply to your enquiry.

When a hotelier sends an enquiry or a complaint, we process the necessary data to clarify the relevant facts and to deal with and reply to the enquiry or complaint. If this enquiry relates to content which you have posted on our platform, it may also be necessary to process your data. However, we never pass on your data to hoteliers without your specific consent..

The necessary processing activities and data depend on the specific requirements of the individual case. Common examples include:

  • processing of access and erasure requests by data subjects within the meaning of the GDPR,
  • processing of enquiries related to posted reviews and the log-in area,
  • complaints by hoteliers in relation to individual reviews and images. In the event of a complaint relating to content submitted or uploaded by you, we may contact you to further clarify the respective facts.
Processed data:

Contact data, address data, personal master data, data in relation to content which you have posted to our platform, the content of the correspondence in relation to the enquiry.

Legal basis:

Legal basis of the processing are:

  • as far as you make a request in connection with your use of our services, the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.
  • as far as you make a request to assert your data subject rights pursuant to the GDPR, the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
  • in all other cases, our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, whereby our legitimate interests are to provide a functioning customer service, to process inquiries and to process and defend against complaints.

5. When you book a journey with HC Touristik GmbH (HolidayCheck Reisen)

When you book a trip with HC Touristik GmbH (HolidayCheck Reisen), your data, as described in section "III. 2. When you book with us", will be transmitted by HolidayCheck AG to the tour operator HC Touristik GmbH and processed by them for the purpose of fulfilling your booking and ensuring a functioning customer service and forwarded to the respective service providers (for example, hoteliers or airlines). As a tour operator, HC Touristik GmbH is subject to an insolvency insurance obligation and has concluded a contract with Deutscher Reisesicherungsfonds GmbH in this context. If you book a trip with HC Touristik GmbH, your data will also be forwarded to Deutscher Reisesicherungsfonds GmbH as necessary for the purpose of insolvency insurance. We will provide you with an information sheet on the collection and processing of personal data by Deutscher Reisesicherungsfonds GmbH together with the travel documents.

Processed data (booking process and customer service):

In general, personal master data, contact data, address data, payment data and booking data. Further data may be stored and processed in individual cases, if necessary, as part of your correspondence with us.

Processed data (insolvency protection):

Personal master data, number of children and adults booked along with you as well as their personal master data, address data, contact data, payment data, booking data, information on deposits and other fees already paid by you.

Legal basis:

The legal basis for the processing for the purpose of carrying out your booking is the fulfillment of a contract pursuant to Art. 6 Para. 1 lit. b GDPR.

The legal basis for the processing within the scope of the insolvency insurance obligations is our legal obligation pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with the Reisesicherungsfondsgesetz (RSG).

6. When you become a HolidayCheck Premium member

HolidayCheck customers can benefit from a wide range of advantages (hereinafter referred to as "HolidayCheck Premium services") as part of a paid HolidayCheck Premium membership when booking journeys through HolidayCheck AG's various sales channels.

When you become a member of HolidayCheck Premium, we process the necessary data to ensure a functioning membership administration and proper billing of membership fees. This includes, for example, the maintenance of a member database as well as the sending of messages without promotional information, which are sent in the context of our contractual relationship with our customers.

When you make use of HolidayCheck Premium services, we process the necessary data to ensure that the service is provided properly. This may include, for example, passing on data to our tour operator, HC Touristik GmbH, if you make use of a HC Touristik GmbH discount.

Processed data:

Personal master data, booking data, address data, contact data, payment data as well as your membership number and other data relating to your membership and use of HolidayCheck Premium services.

Legal basis:

The legal basis for the processing of your data is the performance of a contract under pursuant to Article 6 paragraph 1 letter b of the GDPR.

7. To prevent fraud/protect against misuse of our services

Fraud prevention:

As a booking platform, HolidayCheck is responsible for preventing and combating fraud and other illegal activities. In this context, we may process data in order to evaluate the risk in individual cases and to detect illegal activities. In this context, an evaluation does not take place exclusively by automated means, but is conclusively carried out by our employees.

Processed data:

Contact data, usage data, access data

Legal basis:

The legal basis for the processing is our legitimate interests pursuant to Art. 6 (f) GDPR, whereby our legitimate interests are to prevent and detect cases of fraud and to protect our websites from misuse.

Protection against automated bots:

We use Akamai Bot Manager a service of Akamai Technologies GmbH, Parkring 20-22, D-85748 Garching, Germany, to determine whether a request came from a real user or from a bot. In this context, we share usage data with Akamai to the extent necessary.

Legal basis

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the prevention and clarification of cases of fraud and in the protection of our websites from misuse.

8. To develop and improve our services and processes

Improvement of existing services and development of new services

We constantly work on the improvement of existing services and the development of new services. In this context we process the necessary data to find out how our services are used by our customers.

The goal of this data processing is not to analyse the behaviour of individual persons or to compile a profile, but to analyse the use of our services by all or large groups of our customers. This means that, in a first step, your data are combined/aggregated with the data of other customers. The analysis is then only carried out based on aggregated/anonymous data.

Processed data:

Personal master data, address data, booking data, payment data, usage data

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the development and improvement of our existing services, the development of new services and the preparation of evaluations and reports.

Improvement and development of internal processes

We process the necessary data to achieve continual improvements in our systems and internal processes. However, at no time is the focus on processing information about you as a person, therefore we pseudonymise and anonymise your data as far as this is possible in the individual case.

Processed data:

Account data, Address data, Booking data, Contact data, Personal master data, Usage data, Payment data, Access data

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the improvement and development of internal processes.

Development of new technologies and improvement of existing technologies

We process the necessary data as part of the development of new technologies and the improvement of existing technologies to improve our services and set new standards in data protection and information security. This especially includes the areas of machine learning, artificial intelligence and deep learning. In this context, as far as is technically possible, we only use pseudonymised, anonymised or aggregated data.

Processed data:

Account data, Address data, Booking data, Contact data, Personal master data, Usage data, Payment data, Access data

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the development of new technologies and the improvement of existing technologies.

9. To send you newsletters and other information

We send out newsletters and other announcements with advertising information based on your consent or our legitimate interests.

This does not include messages without any advertising information which are transmitted as part of our contractual or other business relationship with our customers.

Direct marketing

When you use our services, we process the necessary data to send you advertising about our own similar products and services (direct advertising). Personalization of the advertising content does not take place. However, we may use individual information to define the target groups of the advertising content.

You are entitled to object to this use of your data, with effect for the future. To do this, you can simply send an informal email to community@holidaycheck.de. In this case, we process your data to document your objection in our system.

Processed data:

Names, title, address data, contact data, log-out date and time, individual data elements on the use of our services

Legal basis:

The legal basis for the processing of your data are our legitimate interests pursuant to Article 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the initiation of business transactions and increase in revenue.

Personalised advertising

When you register to receive our personalised newsletter and other advertising information, we process the necessary data to ask you to confirm your registration (the double opt-in procedure) and to document your registration.

If you confirm your registration to receive our newsletter and other promotional information, we process the necessary data to carry out the dispatch and adapt the content to your interests. Your registration and its confirmation constitute consent within the meaning of the GDPR. You may revoke your consent at any time. The revocation of your consent will not affect the lawfulness of the processing carried out based on the consent prior to the revocation. To revoke your consent, you can simply use the following link www.holidaycheck.de/newslettercancel or send an informal email to community@holidaycheck.de. In this case, we process your data to document your revocation in our system.

Processed data:

Email address, registration and confirmation date and time, revocation date and time, personal master data, contact data, address data, data concerning your bookings, reviews posted and any other use of our services (usage data)

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

Messenger services

When you register via WhatsApp for communication via messenger services (WhatsApp) as explained on our website, we process the necessary data to document your registration and to carry out the sending of messages. Your registration constitutes a consent within the meaning of the GDPR.

You may to revoke your consent at any time. The revocation of your consent will not affect the lawfulness of the processing carried out based on the consent prior to the revocation. To revoke your consent, you can simply send a message with the text ‘Stop’ by WhatsApp to the number +4915792464558 if you wish to receive no more messages for a time, or ‘Delete all data’ if you no longer wish to use the WhatsApp service at all. In this case, we process your data to document your revocation in our system.

Processed data:

Phone number, registration and revocation date and time

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

Push notifications

On our website you can register to receive push notifications. Your registration constitutes a consent in the sense of the GDPR. After you have registered you will regularly receive information in the form of push notifications, for example about current offers or new entries in our forum, depending on which content you have registered for.

When you register to receive push notifications by using a query in your browser or terminal device, we process the necessary data to document your registration, to send the notifications and to adapt the content to your presumed interests. Your registration constitutes a consent within the meaning of the GDPR.

You may revoke your consent at any time. The revocation of your consent will not affect the lawfulness of the processing carried out based on the consent prior to the revocation. In this case, we process your data to document your revocation in our system.

You can revoke your consent via the link: https://www.holidaycheck.de?cleverPushUnsubscribe=true or in the relevant settings for receiving push notifications in your browser. If you use our push notifications on a desktop PC with a Windows operating system, you can cancel the push notifications by right clicking on the relevant push notification in the settings which appear on your screen. A detailed explanation of the cancellation process can be found under the following link: https://cleverpush.com/en/faq .

Processed data:

Browser or device ID, registration and revocation time and date, information about the topic of the page where the push notifications were activated, information about whether and when our push notifications have been displayed and clicked on.

Legal basis:

The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

10. When you access/use our website/application (tracking)

When you access/use one of our websites which are available under holidaycheck.de / .at / .ch (including all sub-domains operated under these domains) or applications, we collect and process the necessary data, for example by means of cookies, to ensure and optimise the functionality of our websites / applications, to be able to fulfil our obligations to provide advice to our users, to find out how customers and interested persons use our websites / applications and to adapt our websites / applications as well as our content to your presumed interests. We pass on the collected data to our partners and tracking service providers to the extent necessary in the context of the respective purposes.

The data collected and processed when you access and use our websites / applications are not assigned to any natural person but are exclusively processed in a pseudonymised form using cookie IDs or other identifiers. Any link with other data, for example your booking data, is only carried out after and based on your explicit consent.

Directly transmitted pseudonymous information such as the cookie ID or (possibly shortened) IP address is assigned further information as part of tracking. Typically, this is technical information of the end device used, information about usage behavior on the Internet, interests, and possibly location data.

The description of the tracking methods also includes information on how you can prevent the data processing. Please note that this so-called "opt-out", i.e. the refusal of processing, is partly logged via cookies. If you use our services via a new terminal device or in a different browser, or if you have deleted the cookies set by your browser, you may have to declare the rejection again.

Further information is provided in the following sub-sections and in connection with our privacy settings. In the privacy settings you will also find a list of all involved providers and you can define for which purposes and by which providers your data may be processed.

HolidayCheck observes the requirements of the IAB Europe Transparency & Consent Framework and complies with its specifications and guidelines.

Purposes and legal basis of the data processing

The fulfilment of our advisory obligations

When you use the services of a travel agent, a contract is always concluded between you and the travel agent, on the basis of which the travel agent has comprehensive advisory obligations. In this context, as a travel agent we process the necessary usage data in order to fulfil these obligations and provide you with the best possible advice regarding an intended trip.

The legal basis for the processing of your data is the fulfilment of our contractual obligations pursuant to Art. 6 paragraph 1 letter b of the GDPR.

Security

We process the necessary data to ensure the secure operation of our website. In particular, this involves the prevention of fraudulent activities to our detriment or to the detriment of customers.

In this context, we process in particular data about how you interact with our website / our services (usage data).

The legal basis for the processing is our legitimate interests pursuant to Art. 6 paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the secure operation of our websites and the prevention of criminal offenses.

Display of special offers

In the context of the display of special offers, for example following the completion of a booking or the submission of a rating, we transmit your IP address to our partner Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany. The IP address is used by Sovendus solely for security purposes and insofar as technically necessary for the display of the offers and is usually anonymized after seven days (Art. 6 para.1 f DSGVO).

For further information on the processing of your data by Sovendus, please refer to the online privacy policy at www.sovendus.de/datenschutz.

Affiliate Marketing

Within our services, we offer so-called affiliate links as well as further references (e.g. search masks, widgets or discount codes) to offers and services from third-party providers (hereinafter uniformly referred to as "affiliate links"). In the event that you decide to click on such an affiliate link and subsequently book corresponding offers, we receive a commission from these third-party providers.

The same applies if you come to us via an offer on another website and book with us or if users become aware of a hotel on our website and then book it via another channel.

In order for us to be able to demonstrate to the respective third-party providers that the respective users have reached the offer of the third-party provider, for example through an affiliate link used by us, it is necessary to track the users. The necessary processing of your data takes place exclusively for the purpose of commission settlement and thus ultimately to ensure the financing of our services. In this context, the individual affiliate links may also use cookies and similar technologies to store information about users.

In this context, we process technical data, in particular IP addresses; user IDs; time stamps and information on the website from which the respective request is made ("referrer URL"); device information, in particular information on the browser and device used.

The legal basis for processing is Art. 6 paragraph 1 letter a of the GDPR, insofar as you have given us your consent, and Art. 6 paragraph 1 letter b of the GDPR in the context of the respective contract initiation. In addition, Art. 6 paragraph 1 letter f of the GDPR, insofar as we pursue the legitimate interest of financing our services on the basis of affiliate marketing.

Your consent

Insofar as the data processing takes place, for example, in order to be able to show you optimized and personalized advertising and content, this is based on your prior consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on this data processing can be found in our privacy settings

At any time, you are entitled to grant your full or partial consent to the processing of your data for the above purposes, or to revoke your previously granted consent and object to any further processing of your data. To do so, simply use the link to the privacy settings in the footer of our websites. The revocation of your consent will not affect the lawfulness of the processing of the data based on your consent prior to the revocation.

To manage your consent and other privacy settings, we use a consent management platform which complies with the IAB Europe Transparency & Consent Framework.

You can also use our websites/applications without granting any consent. In this case, however, we may be unable to provide you with the full functionality of our websites/applications for technical reasons.

Other possibilities of objection / opt-out possibilities

You can also deactivate/delete cookies in the settings of your browser and block the creation of new cookies or set an opt-out cookie for each individual provider, which will mean that this provider will not be able to save and process any data about you in future. Please note that your preferences will be lost if you delete the opt-out cookie.

11. On our social media channels

We offer online services on various social media platforms to get in touch with you and provide information for you.

We would like to point out that you use these channels and their functions on your own responsibility. This applies in particular for the use of the interactive functions (for example, commenting, sharing, rating). Alternatively, you can also access the information offered via the channels via our regular website.

When processing the data, the operator of the relevant Social Media Platform acts in conjunction with HolidayCheck AG as joint controllers pursuant to Art. 26 GDPR.

Detailed information about data processing in the data protection area of responsibility of the respective social network, as well as options for objection, privacy settings, and the rights of data subjects, can be obtained from the privacy notices of the corresponding platform operator.

Facebook

Under the following URL https://www.facebook.com/HolidayCheck/ we operate a Facebook fan page using the services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.

When you visit our Fanpage, Meta collects, among other things, your IP address and other information that is stored in the form of cookies on your terminal device. This information is used to provide us, as the operator of the fan page, with statistical information about the use of the fan page. Meta provides more detailed information on this under the following link: https://de-de.facebook.com/help/pages/insights.

The data collected about you in this context will be processed by Meta and, if necessary, transmitted to countries outside the European Union. Meta describes in general terms what information it receives and how it is processed in its data usage guidelines. There you will also find information on how to contact Meta and on the settings options for advertising. The data usage guidelines are available at the following link: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

Meta does not conclusively and clearly state how it uses the data collected during your visit on our Fanpage for its own purposes, to what extent activities on the Fanpage are assigned to individual users, how long Meta stores this data and whether data from a visit to the Fanpage is transmitted to third parties, and we are therefore not fully aware of this.

When you access our Fanpage, the IP address assigned to your end device is transmitted to Meta. According to Meta, this IP address is anonymized. Meta also stores information about the end devices of its users (for example, as part of the "registration notification" function). Meta may thus be able to link IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This enables Meta to track that you have visited this page and how you have used it. This also applies to all other Meta pages. Via Facebook buttons embedded in websites, it is possible for Meta to record your visits to these websites and link them to your Facebook profile. Based on this data, content or advertising can be offered to you in a tailored manner.

If you wish to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies on your end device and close and restart your browser. In this way, information from Facebook through which you can be directly identified will be deleted. This allows you to use our website without revealing your Facebook identifier. When you access interactive features of the website ("Like", comment, share, message, etc.), a Facebook login page will appear. After any login, you will again be recognizable to Meta as a specific user.

Information on how you can manage or delete information about yourself at Meta can be found on the following Meta support pages: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

The subject of joint responsibility is the processing of personal data in the context of a so-called site Insights event (hereinafter "Insights"). Insights are aggregated statistics that are created based on certain events. These events are logged by meta servers if people interact with pages and the content associated with them. We do not have access to the personal data that is processed as part of the events, but only to the aggregated insights that are made available to us by Meta. Events used to create Insights do not store IP addresses, cookie IDs, or any other identifiers associated with individuals or their devices for individuals logged into Facebook, other than a Facebook user ID.

The processing is carried out in particular for the purpose of ensuring an attractive, appealing and user-friendly design of our fan page.

As part of an agreement on joint controllership within the meaning of Article 26 (1) sentence 2 of the GDPR, it has been agreed with Meta that Meta will assume primary responsibility for the fulfillment of data protection rights and obligations with regard to the processing of Insights data. Further information on the type and scope of processing under joint controllership can be found here: https://www.facebook.com/legal/terms/page_controller_addendum

Instagram

Under the following link https://www.instagram.com/HolidayCheck/ we operate an Instagram fan page using the services of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Every visit and every interaction on our fan page leads to data processing, regardless of whether or not you have an account with Instagram or Facebook. In the case of a logged-in account, the operators of Instagram and/or their affiliated companies may combine the information about the call of the Fanpage with your account information and may use this to form profiles. If you do not wish to be profiled in this way, log out before accessing our fan page.

By means of "Instagram Insights", we process statistical data of our fan page such as gender, age range, location, page views, interactions and information on paid activities, reach, accounts reached, impressions and impressions per day. We do not have access to the personal data that is processed as part of the events, but only to the aggregated insights that are made available to us by Facebook.

You have the right to information, deletion and correction of your data, restriction of processing, objection to processing, data portability and complaint to the supervisory authority. You can assert these rights both against Facebook Ireland Ltd. and against us, and we will forward your requests there in accordance with our agreement with Facebook.

The data processing within the scope of this fan page is governed by the agreement available at https://www.facebook.com/legal/terms/page_controller_addendum and the privacy policy at https://www.facebook.com/help/instagram/155833707900388.

Processed data:

Usage data, name, email address or similar data necessary to respond to the request and contact.

Legal basis:

The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. lit. f GDPR. The legitimate interest here is the processing of your personal data to ensure the operation of our fan pages as well as the effective use of an information and communication opportunity.

Telegram

We use the messaging service Telegram. In this context, we process the necessary data to ensure optimal operation of our Telegram channel. We have no influence on whether and how Telegram Messenger LLP, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, as the operator of Telegram, processes your data, for example in the context of evaluating user behavior. Information on data processing by Telegram Messenger LLP can be found at https://telegram.org/privacy.

Processed data:

Among other things, the username on Telegram, your cell phone number, your profile picture, as well as usage data and data required to respond to a request and contact you.

Legal basis:

The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. lit. f GDPR. The legitimate interest lies in the processing of your personal data to ensure the optimal operation of our Telegram channel as well as the effective use of an information and communication opportunity.

TikTok

We operate a TikTok channel under the following link https://www.tiktok.com/@holidaycheck. In this context, we process the necessary data to ensure optimal provision of our TikTok channel. We have no influence on whether and how TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, as the operator of Telegram, processes your data, for example in the context of evaluating user behavior. Information on data processing by TikTok Technology Limited can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.

Processed data:

Among other things, profile name, and profile picture, as well as usage data and data required to respond to a request and contact you.

Legal basis:

The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. lit. f DS-GVO. The legitimate interest lies in the processing of your personal data to ensure the optimal operation of our TikTok channel as well as the effective use of an information and communication opportunity.

Xing

We operate a Xing fan page at https://www.xing.com/pages/holidaycheckgroupag. The career-oriented social media platform XING is operated by the provider New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (hereinafter "XING").

Please note that you use XING and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, chat function) and the creation of your profile. Alternatively, you can also access the information offered via XING via our regular offer within this website.

Data processing by XING

In general, you can obtain information about data processing by XING within the service provider's privacy policy. The privacy policy is available at the following link: https://privacy.xing.com/de/datenschutzerklaerung.

We have no influence on the type and scope of the data processed by XING, the type of processing and use or the transmission of this data to third parties. We also have no effective control options in this respect.

When using the XING service, your personal data will be processed by XING and transferred to third countries or processed in third countries, regardless of your place of residence. On the one hand, XING processes your voluntarily entered data such as name and user name, e-mail address, telephone number or the contacts in your address book, if you upload or synchronize it. On the other hand, XING also evaluates the content you share to determine which topics you are interested in, processes confidential messages that you send directly to other users and can determine your location using GPS data, information on wireless networks or your IP address in order to send you advertising or other content. XING also uses analysis tools, such as Google Analytics, as part of the evaluation. We have no influence on the use of such tools by XING. The analysis data obtained in this way is not made available to us by XING. We only receive non-personal information about activities, such as the number of profile or link clicks through a specific tweet.

You can restrict processing by XING via the general settings within your XING account under "Privacy". In addition, when using mobile devices, you can restrict XING's access to contact and calendar data, photos, location data, etc. within the settings options.

Further information on the restriction of data processing by XING can be found here:

https://www.xing.com/settings/privacy

By clicking on the following link you will receive further information on how you can view your data on XING:

https://www.xing.com/settings/privacy/data/disclosure

LinkedIn

To ensure that our online offering is up-to-date, informative and appealing, we also use the career-oriented LinkedIn platform service. The LinkedIn platform service is operated by the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn").

We would like to point out that you use LinkedIn and its functions at your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information offered via LinkedIn via our regular offer within this website.

Data processing by LinkedIn

In general, you can obtain information about data processing by LinkedIn within the service provider's privacy policy. The privacy policy is available under the following link:

https://www.linkedin.com/legal/privacy-policy

We have no influence on the type and scope of the data processed by LinkedIn, the type of processing and use or the transmission of this data to third parties. We also have no effective control options in this respect.

When using the LinkedIn platform, your personal data will be processed by LinkedIn and transferred to or processed in the United States, Ireland and any other country in which LinkedIn does business, regardless of your place of residence. On the one hand, LinkedIn processes your voluntarily entered data such as name and user name, e-mail address, telephone number or the contacts in your address book if you upload or synchronize it. On the other hand, LinkedIn also evaluates the content you share to determine which topics you are interested in, which people or companies you follow, processes confidential messages that you send directly to other users and can determine your location using GPS data, information on wireless networks or your IP address in order to display content tailored to you. As part of the analysis, LinkedIn also passes on data to the cooperating company Microsoft. LinkedIn also offers the option of connecting your profile with other services such as Twitter or WeChat. The data obtained through these and any other analyses and profile-building techniques are not passed on to us by LinkedIn. We only have access to the data you share publicly, which we do not specifically record and process.

You can restrict processing by LinkedIn via the "Settings & Privacy" menu item. In addition, when using mobile devices, you can restrict LinkedIn's access to contact and calendar data, photos, location data, etc. within the settings options.

By clicking on the following link, you will receive further information on how you can view your data on LinkedIn:

https://www.linkedin.com/legal/privacy-policy

Data processing by us

The use of the LinkedIn service does not result in any direct data collection by us. We only process your personal data, such as the content you publish including information about your profile, if we interact with your posts or your profile ("like", "share", "comment"). This results in your personal data being included in our offer, whereby your details are published to our "followers".

Processed data

Among other things, profile names and profile picture as well as usage data and data required to answer the request and make contact.

Legal basis

The legal basis for processing is our legitimate interest pursuant to Art. 6 (f) GDPR. The legitimate interest consists in the processing of your personal data to ensure the optimal operation of our LinkedIn channel and the effective use of an information and communication opportunity.

Pinterest

We also use the social media platform Pinterest to ensure that our online offering is up-to-date, informative and appealing. The Pinterest "pinboard" service is operated by the provider Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter "Pinterest").

We would like to point out that you use Pinterest and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. creating pins, commenting, sharing, rating). Alternatively, you can also access the information offered via Pinterest via our regular offer within this website.

Data processing by Pinterest

In general, you can find out more about data processing by Pinterest in the service provider's privacy policy. The privacy policy is available under the following link:

https://policy.pinterest.com/de/privacy-policy

We have no influence on the type and scope of the data processed by Pinterest, the type of processing and use or the transmission of this data to third parties. We also have no effective control options in this respect.

When you use the Pinterest service, your personal data will be processed by Pinterest and transferred to or processed in the United States, Ireland and any other country in which Pinterest does business, regardless of your place of residence.

Pinterest processes your voluntarily entered data such as name and user name, e-mail address, telephone number, photos, pins, comments and all information that can be derived from them, such as the exact location by posting photos or eating habits, if you upload or synchronize this. On the other hand, Pinterest also analyzes the content you share to determine which topics you are interested in, processes confidential messages that you send directly to other users, so-called clickstream data and inferences, and can determine your location using GPS data, wireless network information or your IP address in order to send you advertising or other content. Pinterest also uses analysis tools such as Pinterest Pixel, Facebook Ads, Microsoft Advertising, LinkedIn Advertising or Google Analytics as part of the evaluation. We have no influence on the use of such tools by Pinterest. The analysis data obtained in this way is not made available to us by Pinterest. We only receive non-personal information about pin activities, such as the number of pins or likes on a particular pin.

Information on the restriction of data processing by Pinterest can be found here:

https://policy.pinterest.com/de/cookies

https://help.pinterest.com/de/article/personalization-and-data

https://help.pinterest.com/de/article/personalized-ads-on-pinterest

By clicking on the following link, you will receive further information on how you can view your data on Pinterest:

https://help.pinterest.com/de/contact?current_page=about_you_page&personal_data=personal_data_view

Data processing by us

The use of the Pinterest service does not result in any direct data collection by us. We only process your personal data, such as the content you publish including information about your account, if we interact with your pinboard ("like", "share", "comment"). This results in your personal data being included in our offer, whereby your details are published to our "followers".

Processed data

Among other things, profile names and profile picture as well as usage data and data required to answer the request and make contact.

Legal basis

The legal basis for processing is our legitimate interest pursuant to Art. 6 (f) GDPR. The legitimate interest consists in the processing of your personal data to ensure the optimal operation of our LinkedIn channel and the effective use of an information and communication opportunity.

12. When you take part in a prize competition

If you take part in one of our prize competitions, we process the necessary data to carry out the competition and distribute the relevant prizes.

Processed data:

Personal master data, contact data, address data, data to check your entitlement to enter the competition

Legal basis:

The legal basis for the processing of your data to carry out a prize competition and to distribute the prizes is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

13. When you use the HolidayCheck Shop

The HolidayCheck Shop can be found at shop.holidaycheck.de and is operated by Herold Fulfillment GmbH, Raiffeisenallee 10, 82041 Oberhaching, Germany.

User account

If you set up a user account with us, we process the necessary data to be able to provide you with your personal user account.

Processed data:

Personal master data, address data, contact data, account data and the additional data which you enter in your user account

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

Orders

If you place an order with us, we process the necessary data to be able to handle your order.

Processed data:

Personal master data, address data, contact data

Legal basis:

The legal basis for the processing of your data is the performance of a contract pursuant to Article 6 paragraph 1 letter b of the GDPR.

14. When you use the HolidayCheck Business Center

Through our Business Centre, we provide hoteliers with the opportunity to design their presence on our website and to respond to reviews and questions from holidaymakers.

If you register in our Business Centre accessible at www.holidaycheck.com/partner/, we process the necessary data to provide you with your personal log-in area and a well-functioning customer service, and to send you newsletters and other information.

Processed data:

Personal master data, account data, contact data, address data and the additional data you have stored in your profile insofar as they relate to a natural person.

Legal basis:

The legal basis for the processing of your data to provide a service that you have requested is the performance of a contract pursuant to Article 6 paragraph letter b of the GDPR.

The legal basis for the processing of your data in connection with the transmission of newsletters and other information are on the one hand of our legitimate interests pursuant to Article paragraph 1 letter f of the GDPR, whereby our legitimate interests lie in the initiation of business transactions and the increase of revenue, and on the other hand your consent pursuant to Article 6 paragraph 1 letter a of the GDPR.

You are entitled at any time to revoke your consent to the use of your data, with effect for the future. To do so, you can simply remove the tick under settings/email notifications in your account, use the direct revocation option in the email or send a simple informal email to service@holidaycheck.de. In this case we process your data to document your revocation/cancellation in our system.

15. To meet the requirements of the Digital Services Act (DSA)

We support the objectives and aspirations of the Digital Services Act (Regulation (EU) 2022/2065 of the European Parliament and of the Council of October 19, 2022 on a single market for digital services and amending Directive 2000/31/EC, "DSA"), which aims to ensure better protection for users in the online sector.

Due to the requirements of the DSA, we are obliged to provide separate reporting and transparency channels. If you contact us in this context or if we contact you in this context, the processing of your personal data is mandatory. We would also like to inform you that we are obliged under the provisions of the DSA to remove certain content and, if necessary, to report or cooperate with the competent authorities or out-of-court dispute resolution bodies. If you are affected by such a measure or report such content, the processing of your personal data is also necessary in order to comply with the legal requirements.

The processing is carried out exclusively for the purpose of providing our separate reporting and transparency channels and for processing any reports and/or complaints. In addition, your personal data will also be processed in individual cases for the purpose of communicating and processing the report with the competent authorities or out-of-court dispute resolution bodies.

Processed data

Personal master data, address data, contact data, information in connection with a complaint or report.

Legal basis

The legal basis for the processing of your data for the purpose of providing our separate reporting and transparency channels and for processing any reports and/or complaints is the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with Art. 11 et seq. Art. 11 et seq. DSA.

IV. When and how we transmit data

Transmission within the Group

The companies of the HolidayCheck Group cooperate closely in the provision of their services. Accordingly, other companies in the HolidayCheck Group may also access your data insofar as this is necessary to support HolidayCheck AG and HC Touristik GmbH in the provision of their services. This takes place, for example, in areas such as IT support and finance management.

Transmission to external service providers

In the provision of its services, HolidayCheck also uses external service providers such as hosting and software providers, payment service providers or service providers which deal with travel bookings or the transmission of information and documents.

In this context, the data are only processed for the purposes of HolidayCheck, according to the company's instructions and under the control of HolidayCheck.

Transmission to other controllers

In the process of implementing your bookings, it is necessary to transmit your data to tour operators and other providers of booked services, such as hoteliers, airlines, lounge operators or any intermediaries who are involved. These parties are not service providers for HolidayCheck but process your data as independent controllers pursuant to Article 4 No. 7 of the GDPR.

Transmission in the context of your use of our websites / apps

When you use our websites / apps, we transmit data to our partners and service providers in accordance with the privacy settings you have made and to the extent necessary for the respective purposes.

Transmission to public authorities

If we are under an obligation to hand over data to public authorities or other third parties based on a law or other regulation or a decision by a public authority or a court, we do so to the extent which is necessary.

Transmission to third countries

Any transmission of data to third countries only takes place in the framework of and in compliance with the legitimacy requirements under Articles 44 – 49 of the GDPR. This means that any such transmission is only carried out based on an adequacy decision from the EU Commission, or that we ensure an adequate level of protection for personal data by using the EU standard data protection clauses.

A transmission to third countries may occur, depending on the privacy settings you have made, especially in the context of your use of our websites / apps, as the providers of the relevant tracking technologies are partly based outside of the EU. Further information on the domicile of the individual providers can be found in the privacy settings.

If you book a journey or any other service which must be rendered by a provider which is based in a third country, we are not able to guarantee an adequate level of data protection for personal data in every instance. In such cases, the transmission of the data to carry out the booking is implemented based on Article 49 paragraph 1 letter b of the GDPR.

V. How long we store the data

We do not store data for longer than it is necessary for the purpose for which the data processing is carried out. When the data are no longer necessary, they are regularly deleted unless there is an obligation to archive the data. Such obligations may arise, for example, under commercial or tax law or in the framework of legal disputes.

Registration/log-in area

We store the data which you enter during registration or which you add later in your log-in area until you change the data in your log-in area or until you have your login area deleted.

Booking

We store data which we collect in connection with the provision of an offer for a period of three years and data which we collect in relation to your booking for a period of ten years. Payment data are deleted after 72 hours at the latest. The storage of data is carried out for verification purposes and to fulfil the legal obligations of HolidayCheckData that we collect as part of our callback service will be deleted after 14 days.

Reviews

We store the data which we collect and process in connection with a review for as long as the review is published.

If we have a justified suspicion that a review has been given with the intention of deceiving us and the users of our review portal, we store the relevant data for as long as we are able to use them to detect future attempts at deception.

We store data which we collect and process in connection with your participation in a miles programme for seven years, to guarantee that the miles are credited to you even retrospectively, and also as protection against misuse.

Customer service / complaints

We store data which we collect and process in the context of our communication with you for no longer than three years unless they are linked in any way to a booking or complaint.

Data which we collect and process in connection with complaints management or other legal procedures is stored, in accordance with the legal requirements, for four years after the legal procedure has been completed.

Newsletters/push notifications

We store data which we record and process in connection with your subscription for our newsletter or our push notifications until you cancel your subscription to our newsletter.

HolidayCheck Shop

We store your data for as long as this is necessary to fulfil the intended purposes. We store the data for your user account until you delete the account. We store data for your orders until the statutory data storage obligation expires.

VI. Your rights

When the relevant conditions are fulfilled, you have the following rights as an data subject under the GDPR: right to access to stored data (Article 15 of the GDPR), right to rectification of inaccurate data (Article 16 of the GDPR), right to erasure of data (Article 17 of the GDPR), right to restriction of data processing (Article 18 of the GDPR), right to object to unreasonable data processing (Article 21 of the GDPR), right to data portability (Article 20 of the GDPR).

To exercise these rights, please use the contact details listed under I. 2. or send an informal email to datenschutz@holidaycheck.com.

You also have the right to file a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is

State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, https://www.lda.bayern.de

VII. Changes to this data protection declaration

We constantly work on the improvement of existing services and the development of new services. In this context and as a result of regulatory changes, we regularly adapt our data protection declaration to reflect the latest developments to ensure that you always have access to all necessary information.

In the event of significant changes, we naturally inform you without delay. In addition, we also recommend that you should reread this data protection declaration from time to time.