Welcome to holidayheroes and our online presence, especially at www.holidayheroes.de We are pleased that we have aroused your interest in our region and our offers. We are very concerned about protecting your privacy and your personal data. The collection and use of your data is therefore always in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and the Data Protection and Privacy Act in telecommunications and telemedia (TTDSG).
Below we will inform you about what data we collect and how we process this data.
In addition, we may require to collect additional data about you when you apply for our deferred payment services, and more information is available in paragraph 37.
In the following, we therefore inform you about which data we collect and how we process this data. The person responsible for this online presence within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: holidayheroes TRAVELSTORE sprl, a limited liability company under Belgian law, Managing Director: Mr. Yoni Alhadeff (Directeur Général), registered office: 11/4, Avenue Docteur Lemoine, 1070 Brussels, telephone 32.2.2621355, e-mail address team@holidayheroes.de (hereinafter abbreviated as "holidayheroes") The operation of our Facebook fan page constitutes processing under joint responsibility pursuant to Art. 26 GDPR. We ourselves have no influence on the processing of data by Facebook. The responsibility for the processing of the so-called Insights data and the fulfillment of corresponding obligations under the GDPR is assumed by Facebook. You can find further information at: https://www.facebook.com/legal/terms/page_controller_addendum and at: https://de-de.facebook.com/help/pages/insights Personal data within the meaning of Art. 4 No. 1 GDPR means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data is only stored insofar as this is necessary for the provision of the booked service, for compliance with legal requirements or for the purpose stated below. Personal data is processed on the following legal bases or for the following purposes: You can withdraw your consent at any time. We would like to point out that the revocation is effective for the future and processing that took place before the revocation is not affected. This applies in particular to the following groups of cases: The collection of personal data becomes essential if you wish to book a stay or other service via our portal or use offers from us for the processing of which personal data is essential. This also includes voucher purchases and participation in competitions. In accordance with the statutory regulations and in the interests of data economy, we only collect data that is required for the provision of this particular service. If we ask you to provide further information in our forms, this is always voluntary and marked as such. If you book a stay or other service, the data collected will be used to process this booking, for advertising purposes and for statistical purposes in accordance with legal requirements. Your personal data will only be passed on within the framework of the relevant regulations, in particular those relating to competition and data protection. Insofar as this is necessary for the provision of the contractual service owed by us or legal obligations, your data will also be passed on to subcontractors or service providers to provide the service in our name or on our behalf (e.g. technical processing of postal and e-mail dispatch, customer service). In addition, the data will be passed on to persons or companies to process your booking, in particular to hosts, hotels, local service providers and authorities, etc. Your data will also be disclosed and transferred to third parties if we are obliged to do so by law or on the basis of legally binding court proceedings. You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided. Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the execution of our offers, required by law or if you have given us your consent. If required by law, we will inform you of the details. Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It cannot be ruled out that US authorities, such as secret services, may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on this processing activity. We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk within the meaning of Art. 32 GDPR. Your personal data will be stored for the purposes stated under "Purpose of collecting personal data". The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data in accordance with Art. 17 para. 3 GDPR. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted, i.e. the data is blocked and not processed for other purposes. This includes data that must be retained for tax law reasons. Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your device when you use our online services (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising. Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent. You have the option of registering for our newsletter on our website. We process the personal data transmitted via the registration form in order to send you the individual newsletters. For the purpose of measuring reach and evaluating our email marketing campaigns, we collect data on your use of our newsletters, e.g. whether, how often and for how long you read them and which links you click on. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. a GDPR, if applicable in conjunction with. § Section 7 para. 2 no. 3 UWG. We may also send you certain information by email on the basis of legal permission in accordance with Section 7 (3) UWG. You can revoke your consent at any time with effect for the future (e.g. via the "unsubscribe" link in the newsletter). If you exercise your right of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. You can object to the storage if your interests outweigh our legitimate interest. On our website, we use a cookie from the service provider Hubspot of HubSpot Inc, 25 First Street, Cambridge, MA 02141, USA or, in the case of use within the EU, HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland (hereinafter "HubSpot") to record the individual websites and topics that a registered user views during their visits. Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. By registering on our homepage, we enable users to learn more about our company. For example, you can download content and provide your contact information. This information and the content of our website is stored on HubSpot's servers. We use all information collected exclusively to optimize our marketing measures. You can view Hubspot's privacy policy at: https://legal.hubspot.com/privacy-policy?_ga=2.49766949.2042516961.1652774786-968170581.1652774786 Information on Hubspot's EU data protection regulations can be found at: https://www.hubspot.com/de/data-privacy/privacy-shield Information on the cookies used by HubSpot can be found at: https://legal.hubspot.com/de/cookie-policy The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future. The personal data will be stored for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose. As part of processing via HubSpot, data may be transferred to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a GDPR. We use ActiveTrail from ACTIVE TRAIL LTD - 513921072 Drech Begen 48 ,Tel Aviv - Jaffa, IL, to send our newsletter. ActiveTrail is the recipient of your personal data and acts as a processor for us when it comes to sending our newsletter. In addition, ActiveTrail collects the following personal data using cookies and other tracking methods: Information about your end device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data such as date and time, when you opened the email / campaign and browser activities (e.g. which emails / websites were opened) are collected. ActiveTrail requires this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of ActiveTrail (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). ActiveTrail also analyzes performance data, such as email delivery statistics and other communication data. This information is used to compile usage and performance statistics for the services. ActiveTrail also collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent to the processing of your personal data at any time. The declaration of revocation does not affect the legality of the processing carried out to date. Your data will be processed for as long as we have your consent to do so. They will be deleted after termination of the contract between us and ), unless legal requirements make further storage necessary. Further information on objection and removal options vis-à-vis ActiveTrail and the privacy policy can be found at: https://www.activetrail.com/activetrail-general-data-protection-regulation-gdpr/ If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected. If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data (name, request), for the purpose of processing your request. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time. The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. If you no longer wish to receive our newsletter or our advertising emails, click on the link: "Unsubscribe newsletter", which is included at the bottom of all emails we send. A fully automated decision means that decisions are made by technical means without the direct involvement of a person. Automated decision-making in accordance with Art. 22 GDPR does not take place on our website. In the event that we use this procedure in individual cases, we will inform you of this separately if required by law. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. We do not process your data with the aim of evaluating certain personal aspects (profiling). This website uses Google Analytics, a web analytics service provided by Google Inc. Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in Ireland. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. The Google tracking codes on this website use the "anonymizeIp()" function, which means that IP addresses are only processed in abbreviated form in order to prevent them being directly linked to individuals. You can object to the collection and storage of data at any time with effect for the future. For the objection to be permanent, the browser used must accept cookies. Alternatively, you can object to the collection of data by using a Google browser plugin to prevent the information collected by cookies (including your IP address) from being sent to Google Ireland Limited and used by Google Ireland Limited. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de The legal basis for the use of Google Analytics is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. You can find the privacy policy at: https://policies.google.com/privacy?hl=en Our online presence uses Google Fonts and the Google Fonts API to visually display fonts and symbols. When using Google Fonts, Google also collects, processes and uses data about the use of the fonts functions by visitors to the websites, unless the data is stored on the local servers of our online presence. You can find more information about data processing by Google in Google's privacy policy at http://www.google.com/privacypolicy.html entnehmen. You can also change your settings there in the data protection center so that you can manage and protect your data. The use of Google Web Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time. If your browser does not support web fonts, a standard font will be used by your computer. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/ https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de Our online presence uses Google Maps and the Google Maps API to visually display a map and geographical information. When Google Maps is used, Google also collects, processes and uses data about the use of the Maps functions by visitors to the websites. The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de Our online presence uses Mixpanel, of the company Mixpanel Inc, One Front Street, Floor 28, San Francisco, CA 94111, USA. Mixpanel supports us in the statistical evaluation of the use of our website in order to constantly optimize our Internet presence and make it more appealing to you as a user. Mixpanel uses pixels that are integrated into our website for analysis purposes. Personal data such as the anonymized IP address, browser, browser version and operating system used are collected. Mixpanel processes personal data in the USA, among other places. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mixpanel.com/legal/dpa/. The legal basis for the use is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time. Further information can be found in Mixpanel's privacy policy: https://mixpanel.com/legal/privacy-policy/ . If you have given us your express consent to this during or after your order by activating a corresponding checkbox or clicking on a button provided for this purpose ("Rate later"), we will send your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de) as a reminder to submit a rating of your order so that they can remind you by e-mail of the opportunity to submit a rating. This consent can be revoked at any time by sending a message to the contact option described below or directly to Trusted Shops. You can access the privacy policy of trustedshops at: https://www.trustedshops.de/impressum-datenschutz/ Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation. If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, there is joint responsibility (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The joint obligations have been set out in an agreement on joint processing. You can access the agreement at: https://de-de.facebook.com/legal/terms/page_controller_addendum According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is generally processed within social networks for market research and advertising purposes. This website uses social plugins ("plugins") of the social network operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). The plugins can be recognized by one of the Facebook logos (hand with raised thumb) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/plugins When a web page of this website containing such a plugin is accessed, the browser used establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the browser used, which integrates it into the website. The provider therefore has no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs according to its level of knowledge: by integrating the plugins, Facebook receives the information that the corresponding page of our website has been accessed. If the visitor is logged in to Facebook, Facebook can assign the visit to their Facebook account. If the visitor interacts with the plugins (for example, by clicking the "Like" button or posting a comment), the corresponding information is transmitted directly from their browser to Facebook and stored there. If the visitor is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. We use the social plug-ins to offer you a better user experience on our website and so that Facebook can optimize our advertisements. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for the protection of privacy can be found in Facebook's data protection information: https://www.facebook.com/policy.php If the visitor is a Facebook member and does not want Facebook to collect data about them via this website and link it to their member data stored on Facebook, the visitor must log out of Facebook before visiting this website. It is also possible to block Facebook social plugins with add-ons for the browser used, for example with the "Facebook Blocker". If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, there is joint responsibility (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The joint obligations have been set out in an agreement on joint processing. You can access the agreement at: https://de-de.facebook.com/legal/terms/page_controller_addendum According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is generally processed within social networks for market research and advertising purposes. Functions of the Twitter service are integrated on this website. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. When the social media element is active, a direct connection is established between your device and the Twitter server. Twitter thereby receives information about your visit to this website. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter's privacy policy at: https://twitter.com/de/privacy and at: https://help.twitter.com/de/rules-and-policies/data-processing-legal-bases If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. You can change your data protection settings on Twitter in the account settings at: https://twitter.com/account/settings We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is generally processed within social networks for market research and advertising purposes. Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to this website. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, there is joint responsibility in accordance with Art. 26 GDPR. The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can access the agreement at: https://de-de.facebook.com/legal/terms/page_controller_addendum According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook. Further information on this can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is generally processed within social networks for market research and advertising purposes. On this website, we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. When you access a page that contains such an element, your browser establishes a direct connection to the Pinterest servers. This social media element transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies. If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media in accordance with Art. 6 para. 1 lit. f GDPR. Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options for protecting your privacy in this regard can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is usually processed within social networks for market research and advertising purposes. This website uses the "Facebook pixel" of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). This allows the behavior of users to be tracked after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize future advertising measures. The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook privacy policy (https://www.facebook.com/about/privacy/) The user can enable Facebook and its partners to place advertisements on and outside of Facebook. It may also store a cookie on your computer for these purposes. The user can also deactivate the use of cookies by third-party providers such as Facebook on the following website of the Digital Advertising Alliance : https://www.aboutads.info/choices/ If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, there is joint responsibility (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The joint obligations have been set out in an agreement on joint processing. You can access the agreement at: https://de-de.facebook.com/legal/terms/page_controller_addendum According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is generally processed within social networks for market research and advertising purposes. This website uses social media plugins from the social network Xing, which is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany ("XING"). The "social plugins" are recognizable by the XING logo, a stylized "X" made of opposing arrows in green. When this website is accessed, a short-term connection to XING servers is established via the user's browser, with which the "XING share button" functions (in particular the calculation/display of the counter value) are provided. XING does not store any of the user's personal data when this service is accessed. In particular, XING does not store any IP addresses. There is also no evaluation of user behavior through the use of cookies in connection with the "XING Share Button". Users can access the latest data protection information on the "XING share button" and additional information on this website: https://www.xing.com/app/share?op=data_protection If you have given us your consent, this consent is the legal basis for data processing in accordance with Art. 6 (1) GDPR. Your data will be stored and processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data within social networks is generally processed for market research and advertising purposes. This website uses plugins from the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). Please note that the plugin establishes a connection between your internet browser and the LinkedIn server when you visit our website. LinkedIn is thus informed that this website has been visited with your IP address. If you click on the LinkedIn "Recommend button" and are logged into your LinkedIn account at the same time, you have the option of linking content from our website to your LinkedIn profile page. In doing so, you enable LinkedIn to associate your visit to our website with you or your user account. You should be aware that we have no knowledge of the content of the data transmitted or its use by LinkedIn. For further details on the collection of data and your legal options and settings options, please contact LinkedIn at: https://de.linkedin.com/legal/privacy-policy We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data within social networks is generally processed for market research and advertising purposes. Our website uses technologies from etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany (www.etracker.com) to collect and store data for marketing and optimization purposes. This data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor's Internet browser. Cookies make it possible to recognize the Internet browser. The data collected using etracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately granted consent of the person concerned. The collection and storage of data can be revoked at any time with effect for the future. In order to revoke the collection and storage of your visitor data for the future, you can obtain an opt-out cookie from etracker under the following link, which means that no visitor data from your browser will be collected and stored by etracker in the future: http://www.etracker.de/privacy?et=V23Jbb This sets an opt-out cookie with the name "cntcookie" from etracker. Please do not delete this cookie as long as you wish to maintain your opt-out. Further information can be found in etracker's privacy policy: https://www.etracker.com/datenschutzerklaerung/ This website uses a link to YouTube from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use the "extended data protection mode" when embedding, so that usage information is only transmitted when the video is started. In this case, the specific page of our website you visit and the video you watch are transmitted. If you are logged into your YouTube account, you enable YouTube to assign your page views directly to your personal profile. If you want to ensure that no data about you is stored by YouTube, do not click on the embedded videos. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. Further information on the handling of user data can be found in Google's privacy policy at: https://policies.google.com/privacy?hl=de This website uses the software Hotjar (Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta). Hotjar enables us to measure and evaluate user behavior (mouse movements, clicks, scroll height, etc.) on our website. For this purpose, Hotjar places cookies on users' end devices and can store user data such as browser information, operating system, time spent on the site, etc. in anonymized form. You can prevent this data processing by Hotjar by deactivating the use of cookies in your web browser settings and deleting cookies that are already active. You can find out more about data processing by Hotjar at: https://www.hotjar.com/legal/policies/privacy/ This website uses the web analysis tool Lucky Orange (Lucky Orange LLC, 8665 W 96th St Suite #100, Overland Park, KS 66212, USA). Lucky Orange enables us to measure and evaluate user behavior on our website. For this purpose, Lucky Orange places cookies on users' end devices and can store user data and user behavior such as mouse movements, time spent on the site, etc. in anonymized form. The use of Lucky Orange is in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. If you wish to deactivate data collection by Lucky Orange, click on the following link and follow the instructions there: http://help.luckyorange.com Further information on the handling of user data can be found in Lucky Orange's privacy policy: https://www.luckyorange.com/legal/privacy. This website uses the live chat of Olark, a service of Olark Inc, 427 N Tatnall St #63602, Wilmington, DE 19801, which allows us to contact and support visitors to the website. During the chat connection, the location, IP address, browser and website visited are displayed to us. Once the connection has ended, we no longer have access to this data. Olark places cookies on your computer to make it easier for you to surf our website. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can find Olark's privacy policy at: https://www.olark.com/privacy-policy We use the reCaptcha service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website. The purpose of using reCaptcha is to check whether the data entry on the homepage is made by a human or by an automated program. In doing so, reCaptcha analyzes the behavior of the website visitor based on various characteristics, whereby the analysis begins automatically as soon as the website visitor accesses the website. For the analysis, reCAPTCHA then evaluates various information such as IP address, time spent on the website by the website visitor, etc. The data collected during the analysis is forwarded to Google. reCAPTCHA analyses run in the background and website visitors are not informed that an analysis is taking place. The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ Further information on the handling of user data can be found in Google's privacy policy at: https://policies.google.com/privacy?hl=de You have the right: • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
; • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us; • in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims; • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR; • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller; • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future and • to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR). If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR). You are of course entitled to these rights free of charge. To revoke your consent to the use of data, to request information or the correction, blocking or deletion or to exercise the other rights of data subjects, please contact: team@holidayheroes.de We would like to point out that you can most easily assert your data subject rights in connection with your social media use against the social media companies and that you can make further settings options there to protect your privacy with the social media companies. You can contact the supervisory authority responsible for you for complaints within the meaning of Art. 77 GDPR using the following contact details: Bavarian State Office for Data Protection Supervision (BayLDA) Promenade 18 91522 Ansbach Telephone: +49 (0) 89 12 08 67 74 Fax: +49 (0) 89 12 08 67 74 E-Mail: poststelle@lda.bayern.de Security depends not least on your system. You should always treat your access information confidentially, never allow passwords to be saved by the web browser and close the web browser window when you end your visit to our website. This will make it more difficult for third parties to access your personal data. Use an operating system that can manage user rights. Set up several users on your system, even within the family, and never use the Internet with administrator rights. Use security software such as virus scanners and firewalls and keep your system up to date.
1. Holidayheroes / Travelstore (“Merchant”) offers customers online deferred
payment services. If you select to pay using deferred payment services, the
Merchant assumes the credit risk associated with the transaction and
therefore may assign the purchase price claims to a Partnering Finance
Provider (“Partnering Finance Provider '').
2. In doing so, Noosa the technical service provider (“Noosa”) processes personal
data. This Data Privacy Statement provides comprehensive information on the
processing of personal data and data protection rights when using the
Merchant’s deferred payment services.
3. Insofar as the processing of payment transactions is affected, the Merchant is
the data controller and the responsible party and Noosa is the data processor
within the meaning of the EU Basic Data Protection Regulation (GDPR),
Ritterstr. 12-14, D-10969 Berlin, Germany, registered in the Commercial
Register of the Charlottenburg (Berlin) District Court under HRB 124156 B
(“we”, “us” or “Merchant”).
4. Below you can find contact information for;
5. Why does Noosa process your data?
6. What data is processed?
7. Credit Risk analysis
8. Cooperation with credit agencies
9. Data processing in the performance of the contract
10. Measures to combat fraud
11. Other processing purposes and service providers
12. Fulfillment of legal obligations
13. Consent
14. Transfer of data outside the EEA
15. Retention and storage of data
16. Your rights with regard to data processing
17. Information in case of a rejection
1. Person responsible
2. Personal data
3. Purpose of the collection of personal data
c. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis
d. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis,
e. Insofar as the protection of our legitimate interests is required, Art. 6 para. 1 lit. f GDPR serves as the legal basis.
f. We also use the personal data stored by us to maintain customer relationships, for customer support (e.g. information on the course of your stay), to carry out our own advertising and marketing measures (e.g. sending catalogs or other postal advertising mailings) and for order processing. The legal basis for sending promotional emails in connection with bookings and orders is Section 7 (3) UWG.
g. Through your use of social media companies, usage profiles are created based on your usage behavior and used for the use of advertisements. Cookies are usually stored on your computer for this purpose. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
h. Special information concerning our website:
4. Disclosure of personal data to third parties
5. Transfer of the data to a third country or to an international organization
6. Security measures
7. Storage and deletion of data
8. Use of cookies and comparable technologies
9. Newsletter
This enables us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer. The following personal data is passed on to ActiveTrail, among others: E-mail address, name.
10. Contact form
11. Request by e-mail, telephone or instant messaging services
12. Newsletter - Unsubscription
13. Automated decision in individual cases
14. Use of data for profiling
15. Use of Google Analytics
16. Use of Google Web Fonts
17. Use of Google Maps
18. Use of Mixpanel
20. Use of Facebook
21. Facebook Social Plugins
22. Use of Twitter
23. Use of Instagram
24. Use of Pinterest
25. Use of the Facebook conversion pixel
By visiting our website and our Facebook page, you consent to the use of cookies. To generally object to the use of cookies on the computer, the Internet browser can be set so that no more cookies can be stored on the computer in the future or cookies that have already been stored are deleted. However, deactivating all cookies may mean that some functions on our website can no longer be executed.
26. Use of the Xing social plugin
27. Use of the LinkedIn social plugin
29. Use of YouTube
30. Use of Hotjar
33. Use of reCaptcha
34. Right to information / right of revocation; further rights of data subjects
Merchant deferred payment services are offered in cooperation with the
Noosa and possibly with Partnering Finance Providers and therefore when
processing the payment transactions, we transmit your personal data to
Noosa and in the case of assignment of your claims arising from the purchase
between you and us, Noosa as our data processor transmits the data to the
Partnering Finance Providers,
Noosa Innovation Contact Details
Noosa Innovation BV
27 Hamatzbeim St
Tel Aviv, 6993516
ISRAEL
+972-54-4620053
corporate-bv@noosa.io
Noosa Innovation EU Data Representative
Ametros Ltd
Unit 3D
North Point House
North Point Business Park
New Mallow Road
Cork
Ireland
gdpr@ametrosgroup.com
www.ametrosgroup.com
5.1 We provide you with deferred payment services for your order and our
technology service provider needs to process your data accordingly.
5.2 Purchase price claims arising from the contract between you and us
can be subsequently assigned to the Partnering Finance Provider (factoring).
5.3 Offering deferred payment services requires the processing of your
data. You will find more detailed information on this in the following
data privacy provisions.
6.1 For the above-mentioned purposes Noosa collects and processes the
following data about you:
6.1.1 Personal data: First and last name, date of birth, address, e-mail
address and telephone number.
6.1.2 Account data (for direct debits): Account holder, IBAN,
BIC/SWIFT, bank.
6.1.3 Order data: Data on your current, past and/or future orders
placed with the Merchant.
6.1.4 Creditworthiness data: Data, in particular from credit agencies
and other cooperation partners, which provide information about
your creditworthiness, such as details of enforceable claims
against you and other creditworthiness data, always subject to the
proviso that the use of this data is permitted under data
protection law.
6.1.5 Sanction and PEP lists: Comparison of your data with lists of
sanctioned and politically exposed persons. These lists contain
information such as name, date of birth, place of birth, profession
or position and the reason for inclusion in the list.
6.1.6 Technical data: Data on characteristics of the terminal device
used by you, such as the IP address, browser version, language
settings (“device-specific data”) and data on the use of the
marketplace websites.
6.2 We the merchant collect this data primarily to process your order in
accordance with your desire to pay using deferred payment services.
Noosa as the data processor collects data on the creditworthiness of
credit agencies and information from service providers for the purposes
of combating fraud.
7.1 As part of our risk analysis, Noosa processes your data to determine
whether you will be able to meet your payment obligations and to
protect you from fraudsters who may attempt to use your data to
commit crimes. To do this, we determine the likelihood of proper
payment in connection with the deferred payment services we offer
you.
7.2 In order to carry out this credit risk analysis, we transmit your data to
Noosa. Depending on the result of the risk analysis, you can use the
relevant deferred payment services. If we use the so-called ‘regular
customer concept’, data on your previous purchases are transmitted to
Noosa by us to reduce risk and thus increase the approval of your
deferred payment services request. We are the data controller and, thus,
responsible for the transmission and processing of personal data within
the course of the regular customer concept. Noosa solely processes your
personal data in this regard as a data processor on our behalf as the
Merchant.
7.3 In the case the claim is assigned, the Partnering Finance Provider
receives from Noosa the results of these credit risk analyses to the
respective deferred payment services required prior to the assignment
of the claim, and when we have assigned the claim in question, the
Partnering Finance Provider becomes a processor of the data and
Noosa then becomes the data sub-processor post assignment of the
claim to the Partnering Finance Provider.
7.4 When conducting the risk analysis, Noosa determines the probability of
proper payment (the “analysis result”). The analysis result is determined
based on Noosa experience in the mathematical-statistical evaluation of
the following data:
7.4.1 Information on the current order (price of the goods or services,
details of the buyer or the person using the service, shopping
basket level, technical data),
7.4.2 Information on orders already placed with the Merchant using
the deferred payment services.
7.4.3 details of your address,
7.4.4 Information from credit agencies, so-called “credit scores” (e.g.
Schufa), as well as creditworthiness information. When using
deferred payment services, creditworthiness data is stored in
Noosa’s systems for a period of up to 12 months and used for risk
assessment. In contrast, negative characteristics transmitted by
credit agencies are used in Noosa’s systems for a maximum of 48
hours. The further use of the data in the productive systems serves
to avoid multiple queries with credit agencies.
7.5 Based on the analysis result, we, the Merchant will decide whether the
desired deferred payment services can be offered to you. To this end,
Noosa informs us whether the result of the credit risk analysis is positive
or negative. In certain cases, Noosa also informs us of the reason for a
negative analysis result (e.g. an incorrect address entry or insufficient
creditworthiness). This transmission enables us to avoid unnecessary
rejection regarding the selected deferred payment services, for example
by informing customers of errors in entering an address. We have no
access at any time to the data on which the credit risk analysis was
based unless he or she has submitted it to Noosa himself or herself.
7.6 By processing your data for credit risk analysis purposes, we protect you
against possible over-indebtedness, fraudulent use of your personal
data and ourselves against the risk of default. The processing of data is
carried out in accordance with Art. 6 para. 1 lit. f) GDPR based on
legitimate interests.
8.1 In addition to the other categories of data mentioned above, the
analysis result is also based on the scores and ratings of credit agencies.
Scoring and ratings are statistically based estimates of the future risk of
a person defaulting on payments and are presented as a numerical
value. In order to obtain these ratings from the credit agencies, Noosa
first provides the credit agencies with data in connection with the
conclusion of your contract with us.
8.2 If the payment to us in connection with the deferred payment services
is not executed correctly, Noosa transmits the information on this delay
to the credit agencies. This processing is in the interest of all participants
in economic life, the avoidance of payment default and the
overindebtedness of consumers and debtors and is therefore based on
Art. 6 para. 1 lit. f) GDPR.
8.3 The list of credit agencies with which data can be exchanged can be
found below;
● Crif GMBH
info.de@crif.comwww.crif.de/
● Schufa Holding AG
query form
www.schufa.de
● Creditreform e.V
info@creditreform.dewww.creditreform.com
● Seon Technologies
info@seon.iowww.seon.io
● Trulioo
info@trulioo.comwww.trulioo.com
9.1 In order to enforce outstanding claims that were transferred to the
Partnering Finance Provider, your data may be further transferred to
collection agencies, which will then take over debt collection on their
own responsibility. The legal basis of the processing is our and the
Partnering Finance Provider legitimate interest in the collection of open
claims according to Art. 6 para. 1 lit. f) GDPR.
10.1 In order to prevent the misuse of your data and to avoid financial losses,
Noosa processes your data to detect fraudulent actions based on
unusual usage behavior. In order to select service providers and to be
able to detect and prevent fraud in advance, Noosa may transmit your
data to service providers with whom Noosa works, who will use the
technical data and order data to a plausibility check, for example to
assess the risk of fraud when ordering from another address. To improve
fraud detection, detected cases of fraud may be reported back to service
providers.
10.2 Fraud prevention measures are based on information on this subject:
10.2.1 whether the User’s terminal device is currently communicating
through a proxy connection or has done so in the past,
10.2.2 whether the terminal equipment has recently dialed in through
different ISPs,
10.2.3 whether the geo-referencing of the terminal equipment
changes frequently,
10.2.4 how many Internet transactions have recently been made
through the device (without the ability to determine the nature of
the transactions),
10.2.5 the likelihood that the terminal listed in the service provider’s
database is actually the user’s terminal; and
10.2.6 whether information provided by the customer is plausible and
conclusive
10.3 Processing for the purpose of fraud prevention shall be based on
legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR, in particular
with regard to our obligations to prevent fraud as a payment service
provider. Processing is also carried out in the interest of protecting your
personal data from unauthorized use by third parties and in Merchant’s
interest in avoiding bad debts.
11.1 In order to comply with our legal obligation to check incoming
payments for suspicion of money laundering, Noosa uses different
service providers. These service providers are contractually obliged to
process payment data exclusively in accordance with our instructions.
Otherwise, processing for the purpose of checking for suspicion of
money laundering is necessary to fulfill our legal obligations and is
based on Art. 6 para. 1 lit. c) GDPR in conjunction with the duties of care
arising from the Money Laundering Act.
11.2 To the extent permitted by data protection law, Noosa may also use
your data for new purposes, such as the performance of data analyses
and or providing, further developing and securing their services and
content. In addition, Noosa may use your data in compliance with
relevant data protection laws for product development, optimization of
business processes and the needs-based design of our services
processed. The prerequisite for this is that these new purposes for which
the data is to be used were not yet established or could not be foreseen
when the data in question was collected and that the new purposes are
compatible with those for which the data in question was originally
collected. For example, new developments in the legal or technical field
and new business models and services may lead to new processing
purposes.
11.3 In order to provide the contractually specified services, Noosa uses
software and IT service providers who act as processors and provide the
necessary server and IT capacities. Noosa has set out the contractual
obligations in respective data processing agreements. The processors
are bound by Noosa instructions and may only process your data to
fulfill the purposes specified in the respective data processing
agreement.
12.1 The merchant (us) and Noosa may disclose required information to
authorities such as the police, tax authorities or other bodies, insofar as it
is legally obliged to do so or the Merchant, Noosa and the Partnering
Finance Provider have a legitimate interest in the disclosure. An
example of such legally required disclosures is disclosure for the
purpose of combating money laundering and terrorism.
12.2 Insofar as the merchant, Noosa and the Partnering Finance Provider
are legally obliged to provide notification, the processing is based on Art.
6 para. 1 lit. c) GDPR. In all other respects, the merchant, Noosa and the
Partnering Finance Provider legitimate interest pursuant to Art. 6 para. 1
lit. f) GDPR is the basis of the processing.
If you have given us your consent to the processing of personal data in
accordance with Art. 6 para. 1 lit. a) GDPR, your consent is primarily the basis of
the Merchant data processing. Which of your data the Merchant process based
on your consent depends on such assessment.
In some cases, the Merchant and or Noosa may require to transfer your data
outside of the European Economic Area (EEA). If personal data is transferred to
countries outside the European Economic Area (EEA) and no adequacy decision
of the European Commission is available for this, we use standard contractual
clauses of the European Commission or there are binding internal data
protection regulations to ensure an adequate level of data protection, a copy of
which can be requested via the above-mentioned contact details, or we rely on
the exemptions of Article 49 (1) of the GDPR.
15.1 The Merchant and Noosa will retain the data collected about you in
connection with the initiation and processing of the Agreement for a
period of five years. This period begins at the end of the year in which
the contract was concluded or at least initiated, and corresponds to the
statutory period of limitation for civil law claims and therefore complies
with the statutory retention obligations. The legal basis under data
protection law for storing the data is Art. 6 (1) lit. c) GDPR in conjunction with the statutory retention obligations. In addition, the data is stored
for the enforcement, defense and assertion of legal claims. The legal
basis for storage for this purpose is in the legitimate interest of the
Merchant and Noosa in this regard (Art. 6 para. 1 lit. f) GDPR).
15.2 Access to this data is subject to strict restrictions. In principle, any of our
and Noosa’s employees have no access to creditworthiness information.
However, information relating to payment transactions in connection
with claims assigned to the Partnering Finance Provider may be made
available to such payment partners upon request, if and to the extent
that the Partnering Finance Provider requires such information in order
to comply with a legal obligation or official order. This shall only apply in
cases in which an assignment of the corresponding claim is made to the
Partnering Finance Provider. The legal basis for processing is the
legitimate interest in this respect (Art. 6 para. 1 lit. f) GDPR).
15.3 After expiry of the retention period, your personal data will generally be
blocked and, after expiry of the commercial and tax regulations
applicable to us and/or other statutory retention obligations, will be
permanently deleted or made anonymous. After that it is no longer
possible to draw conclusions about your person. However, the
anonymised data helps us to constantly optimize our credit risk analysis
and our business model. The Merchant and Noosa therefore have a
justified interest in the subsequent anonymisation of the data (Art. 6
Para. 1 lit. f) GDPR)
16.1 Right of access to your processed data (Art. 15 GDPR)
You have the right to receive information about which of your data is
processed by the Merchant and Noosa to receive further information in
accordance with Art. 15 GDPR in connection with data processing. On
request, we will be pleased to provide you with this data and
information as well as copies of the data.
16.2 Right to correction of your data (Art. 16 GDPR)
You have the right to ask for the rectification of your data if they are
incorrect or – taking into account the purposes of the processing –
incomplete.
16.3 Right of deletion (Art. 17 DPA)
You have the right to erase if data is no longer needed, if their
processing is unlawful or if one of the other cases mentioned in Art. 17
GDPR applies. In these cases the Merchant and Noosa will delete your
data immediately.
16.4 Right to restrict the processing of your data (Art. 18 GDPR)
You have the right to request the restriction of the processing of your
data in the cases mentioned in art. 18 GDPR. This includes, among other
things, the case that the merchant and Noosa process data at places or
to an extent that makes the processing of data no longer lawful.
Furthermore, the fact that data is subject to a retention obligation and
that the Merchant and Noosa cannot therefore delete this data without
further ado may be relevant. In this case, the Merchant and Noosa will
restrict data processing as far as possible. In general, a “restriction”
means that the data is still stored, but employees no longer have access
to this data.
16.5 Right to data transferability (Art. 20 GDPR)
The “right to data transferability” gives you the right to receive the
personal data concerning you that you have provided to us in the
format described in Art. 20 GDPR. However, this does not include data
that the Merchant and Noosa obtain as a result of processing (so-called
processing results).
16.6 Right of objection to the types of processing based on Art. 6 para. 1
letter f) GDPR (Art. 21 GDPR)
The Merchant and Noosa will cease processing data based on Art. 6
para. 1 letter f) GDPR if you object to the processing (e.g. by e-mail or
telephone) and your objection is justified.
16.7 Right of withdrawal (Art. 7 GDPR)
You may revoke the consent you gave the Merchant and Noosa at the
time of the conclusion of the contract between you, the Merchant and
Noosa at any time by notifying the merchant (e.g. by e-mail). If you
revoke your consent, your data will no longer be processed based on this
consent. The permissibility of data processing carried out based on your
consent prior to revocation is not affected by the revocation; likewise,
the permissibility of data processing on another legal basis is not
affected by the revocation.
16.8 Right of appeal (Art. 77 GDPR)
You have the right to file a complaint with the Berlin data protection
authority (Berlin Commissioner for Data Protection and Freedom of
Information) or any other authority responsible for data protection.
17.1 How can a refusal be made?
Based on the credit risk assessment, the Merchant automatically
decides whether to accept or reject your deferred payment request.
It is possible that the deferred payment for processing your purchase
may not be available for your order. Apart from reasons relating to
creditworthiness, there may also be other reasons for this:
17.1.1 The combination of your name and address could not be found.
This may be due to typing errors, relocation or marriages.
17.1.2 You have entered a different delivery address, a packing station
or a company address instead of your registered address as billing
address.
17.1.3 The personal shopping limit was exceeded with the order
request. This can happen if there are still too many unpaid orders.
17.2 What can you do in case of rejection?
If your deferred payment services are not available, you can of course
use another payment method offered by the Merchant.
If you suspect that the rejection is due to incorrect data entry, for
example, you can place the order again with the online merchant and
enter the correct data.
If there are still open or unpaid orders, please check and settle them.
Contact the credit agency directly and check whether the data
processed there is up-to-date and correct.
If the reason for the rejection is still unclear from your point of view, you
can approach the Merchant. Please use the contact form on our website
for your inquiry.