If a term has only been used in the feminine or masculine form in this privacy policy, both genders are equally included.
With this privacy policy, we inform you about how we collect, use, disclose, and otherwise process your personal data. As an affected individual customer or other individual, we offer you our services (travel, stays, accommodation, conferences and events, as well as related products and services) through our websites, mobile applications, email communication, or other online or offline channels. We protect the privacy of users of our websites to the best of our ability and process all personal data in accordance with the provisions of European and Austrian data protection law. Personal data that you transmit to us as part of inquiries on the subject of data protection will be used exclusively for the purpose of processing your request.
Who is responsible for the processing of your data and who can you contact?
The responsible entities for the processing of your data in accordance with data protection regulations are:
- Eurotours Gesellschaft m.b.H. (Kirchberger Straße 8, A-6370 Kitzbühel, Austria) and its affiliated companies
- Eurotours Deutschland GmbH (Parkring 2, 85748 Garching bei München, Germany)
- Eurotours Cesko sro (Křižíkova 2110/2b, 186 00 Praha 8-Karlín-Praha 6-Nové Město, Czech Republic)
- Eurotours Polska spolká z o.o. (Rynek Główny 7/5, 31-042 Kraków, Poland)
- Eurotours Italia S.r.l. (Via Chiesolina, 16, 37066 Sommacampagna VR, Italy)
- Verkehrsbüro Touristik GmbH
The data protection representative for the German-speaking area is located at Kirchberger Straße 8, A-6370 Kitzbühel, Austria (Tel.: +43/1/58800-752; E-Mail: datenschutz@eurotours.at).
What categories of data are processed?
Due to our obligation to fulfill the contract concluded with you, we process:
Customer master data – When you contact us, register with us, or use our services, we collect general information about you to be able to contact you about our offers and to correspond with you during a trip, stay, or other service. This information may include your name, email address, phone numbers, postal address, and, if necessary, gender and date of birth.
Guest and travel information – When you book a trip, stay, or other service with us, we collect directly from you or indirectly (via third parties) details of the trip or stay or other service (such as arrival and departure location and time, airline, hotel, car rental) and other data necessary to complete your bookings. We may also collect special categories of data to provide accessibility, dietary requirements, or other desired services. We may also require passport information from travelers. If we book trips for your companions, we may collect the same categories of data from them. Therefore, please forward this information to all persons whose data you provide in a travel booking. Your customer data is stored in your travel or guest profile, where we record the information required for your travel booking and the provision of our services. You can provide additional data in your travel or guest profile, including login information for frequent flyer programs, government identification numbers, and emergency contact information.
Due to our legitimate interest in sending you personalized advertising and being able to create statistics about user behavior during visits to our websites, we process:
Device data – We collect data about how you use our services, including the IP address of your computer and data that can be determined from it (such as the internet provider and general geographic location), the unique device number, and other technical information. We also collect data about how you use our websites and mobile applications. Some of this data is collected through the use of cookies and similar technologies, as described here.
How long will your data be processed?
Your data will be stored for as long and to the extent necessary under the contractual basis. After the contract has been terminated, your data will be kept for 7 years (in Austria) or 10 years (in Germany) in accordance with our accounting obligations. Furthermore, your data will be stored based on our legitimate interests until we receive a justified objection from you or, with your explicit consent, until you revoke this consent.
What purposes are your data processed for?
We use your data for the following purposes:
Providing our services – We use your data for your travel bookings, accommodations, organization of meetings and events, creating travel plans and invoices, sending you communications related to your trip or our products and services, providing customer service, and managing your account.
Processing of payments – We use your basic data and payment information to process transactions and provide customer service related to payments.
Operating websites, mobile applications, and electronic communication – We use device data to ensure the security of online services and optimize the delivery and content of our services, for updates, for non-personal trend and usage analysis related to our services, and to determine the effectiveness of our ads and offers.
Business operations and improvement of business processes – We use your data to comply with our corporate policies and business processes, for accounting and economic purposes, to detect or prevent fraudulent or criminal activities, for business operations, analysis and improvement of our business and services, and otherwise as required by law.
Optimizing services & marketing
We use your data in your and our legitimate interest to optimize our services towards you and for future services, including:
- Use of frequent flyer information and travel preferences
- Pre-filling of forms and payment data
- Use of contact details to communicate service changes
- Contact in case of emergencies
- Collection of feedback on services provided
- Electronic and postal delivery of information about our products and services
If we assume such interest incorrectly on your part, you are welcome to indicate this to us by providing a contrary statement.
Who and how do we share your data with?
In principle, we do not disclose your data to third parties without your consent, either free of charge or for a fee. However, exceptions to this rule apply when we disclose your data based on a legal or contractual obligation, or in accordance with our mutual interests as stated above, including:
Travel providers and other travel service providers – In order to successfully process your travel booking and provide you and any third parties with related travel services, we may disclose data to travel providers (such as airlines and hotels) and travel service providers (such as ticketing systems and travel app providers) as well as their service partners.
Service partners – We disclose data to service providers to the extent necessary for the provision of their services, such as other travel agencies, conference and event planners, visa and passport service providers, restaurants, mobile applications and software developers, as well as partners providing IT support, data hosting, marketing and communication systems, and debt collection services.
Affiliated companies – We disclose data within the legally permissible scope within the corporate family to enable the provision, analysis, and optimization of their and our products and services.
Authorities, banks, and courts – We may disclose data to supervisory authorities, courts, banks, and government agencies if we consider this necessary or permissible in accordance with laws, regulations, or legal proceedings, or to protect your and our interests, rights, property, or those of others.
Business transfers – In the event that we negotiate or conclude a transaction that affects the business in whole or in part (such as restructuring, merger, sale or acquisition), data may be disclosed to third parties involved in this transaction within the legally permissible scope.
Google Analytics
We have integrated the Google Analytics component (with anonymization function) on our website. Google Analytics is a web analytics service. The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports that show the activities on our website, and to provide other services related to the use of our website.
Google Analytics sets a cookie on your IT system. The setting of the cookie enables Google to analyze the use of our website. Each time one of the individual pages of our website, which is operated by us and on which a Google Analytics component has been integrated, is called up, the Internet browser on your IT system is automatically prompted by the respective Google Analytics component to transmit data for the purpose of online analysis to Google. As part of this technical process, Google becomes aware of personal data, such as your IP address, which is used, among other things, to trace the origin of visitors and clicks and to enable commission settlements to be made in the future.
Personal information, such as access time, the location from which access originated, and the frequency of visits to our website, is stored via the cookie. Every time you visit our website, this personal data, including the IP address of the internet connection you are using, is transmitted to Google. Google may also share this personal data collected through the technical process with third parties.
You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser you are using and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Furthermore, you have the option to object to the collection of data generated by Google Analytics related to your use of this website and to the processing of this data by Google, and to prevent such data from being collected. To do so, you can download and install a browser add-on at the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data or information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered a contradiction by Google. If your IT system is deleted, formatted or reinstalled at a later time, you will need to reinstall the browser add-on to disable Google Analytics.
Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.
Ve Interactive DACH GmbH
We use the services of Ve Interactive DACH GmbH (Französische Straße 47, 10117 Berlin; hereinafter referred to as “Ve”). In providing its services, Ve collects personal data from end-users who visit our websites. Ve uses cookies and other comparable technologies for this purpose. Further information about the technologies used by Ve can be found in Ve’s cookie policy. A list of the purposes for which Ve collects personal data is listed in Ve’s privacy policy. In general, Ve collects personal data from end-users through the use of cookies, in particular contact data and behavioral data. Ve uses this personal data to draw conclusions about the respective personal preferences of end-users and to personalize the end-user’s web experience, for example by displaying personalized offers when visiting customer websites or similar personalization of the customer website for the end-user and displaying personalized advertising when visiting customer websites or third-party websites.
End-users can prevent the processing of their personal data by Ve through various means. The available options for preventing data processing are included in Ve’s privacy policy, including clicking on the opt-out button at https://www.ve.com/de/datenschutzerklaerung#opting-out or using the opt-out mechanism of IAB Europe at http://www.youronlinechoices.com/opt-out-interface.
International data transfer
For the purposes described here, we may transfer your data to service providers and jurisdictions outside your home country or our country of residence, including countries that may not have the same level of data protection. To protect the data, data transfer takes place in accordance with appropriate data transfer agreements and other protective measures. Regardless of where we process your data, we protect it in the manner described in this privacy policy and in accordance with applicable law.
What rights do you have?
You have the right to:
- request confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about the processing of such data;
- withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- request the rectification of inaccurate personal data concerning you or, where appropriate, the erasure of such data, if there is no longer a legal ground for us to keep the data;
- request the restriction of the processing of your personal data;
- receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us;
- have your personal data transferred directly from us to another controller, where technically feasible and where doing so does not adversely affect the rights and freedoms of others;
- file a complaint with the Austrian data protection authority if we fail to act on your requests and you believe that your data protection rights have been violated.
How do we protect your data?
We take appropriate administrative, technical, and physical security measures to protect your data from unauthorized access and use. We only store your data for as long as necessary to provide our services and for legitimate operational purposes, unless we are required by laws or regulations or are obliged to store them for a longer period due to legal disputes and government investigations.
General data security measures
We commit ourselves to taking appropriate technical and organizational measures, such as pseudonymization, both at the time of determining the means for processing and at the time of actual processing of your personal data, which are designed to effectively implement data protection and to incorporate the necessary safeguards into the processing in order to comply with the requirements of data protection law and to protect your data.
To this end, we take appropriate measures to ensure that only those personal data concerning you which are necessary for the respective specified processing purpose are processed by default, and thereby ensure that your data is not made accessible to an indefinite number of natural persons without your intervention. These measures include, among other things, the pseudonymization and encryption of your data, as well as the ability to ensure the confidentiality, integrity, availability and resilience of the systems and services related to the processing over the long term, the ability to rapidly restore the availability of personal data and access to it in the event of a physical or technical incident, and the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing.
Special data security measures
Secure Socket Layer (SSL)
All booking forms through which you transmit personal information to us use an encrypted transmission method (SSL) to ensure the security of your data. “SSL” stands for “Secure Socket Layer”. You can tell that you are on a secure page, meaning that the data on this page has been transferred to your computer using this secure transmission method, by noticing that the address bar (URL) begins with “https://” instead of the usual “http://” and by the display of special symbols in the status bar (usually at the bottom of the window) of your browser.
Internet Explorer
The encryption takes place between the server and the client (i.e., your computer) in the form of a secure connection, over which any data can be transferred.
For SSL, certificates are necessary to ensure secure transmission, so that one can be sure where the server is located and who operates it.
SSL Certificate Authority: To obtain such a certificate, one needs a kind of “witness” who vouches for the correctness of the data. Our secure servers have been certified by the Comodo Group, Thawte, Inc., and Corporation Service Company (Trusted Secure Certificate Authority 5).
Changes
This privacy policy may be amended by us from time to time due to business changes or legal updates. In the event of material changes to this privacy policy, we will publish a corresponding notice on our website before it becomes effective and, if required by applicable law, inform you in another manner.
Questions
If you have any questions or complaints regarding the processing of your data, please contact our customer service representatives or contact us in writing at:
Eurotours Gesellschaft m.b.H. (Kirchberger Straße 8, A-6370 Kitzbühel, Austria, or datenschutz@eurotours.at)
We will review your request and respond in writing within 30 days of receipt.