Privacy Policy

I. General Information

1. Introductory remarks

With this privacy policy, AZUR Freizeit GmbH (hereinafter referred to as “AZUR”, “we” or “us”) explains to its customers, users, business partners, applicants, authorities, and other involved persons (“you”) how personal data is collected and processed within the company. The responsible handling of your personal data is of great importance to us.

You may only provide us with personal data of third parties if you are authorised to do so and if the personal data is accurate. We ask you to ensure that the persons concerned are aware of this privacy policy.

In this privacy policy, we use the feminine and masculine forms interchangeably. The respective designation also includes all other gender identities.

We may amend this privacy policy at any time and without prior notice. The current version published on our website shall always apply.

2. Data protection controller

AZUR is a subsidiary of Camping Lodge AG, based in Zug, Switzerland. We are therefore part of the Camping Lodge Group.

The party responsible for the content of this privacy policy and for the data processing activities described herein is:

AZUR Freizeit GmbH
Zettachring 6
70567 Stuttgart
Deutschland
Telefon: +49 711 4093500
E-Mail: datenschutz@azur-freizeit.de

VAT identification number pursuant to Section 27a of the German Value Added Tax Act (Umsatzsteuergesetz): DE147833725

We have appointed a data protection officer:

Pascal Urscheler
AZUR Freizeit GmbH
Zettachring 6
70567 Stuttgart
Telefon: +49 711 4093500
E-Mail: info@azur-freizeit.de

3. Legal bases for data processing

If you have given your consent to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of personal data pursuant to Art. 9 para. 1 GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to access to information stored on your device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 para. 1 TTDSG. Consent may be withdrawn at any time.

If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data insofar as this is necessary to fulfil a legal obligation, on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Information on the specific legal bases applicable in individual cases is provided in the following sections of this privacy policy.

4. Categories of personal data

Depending on the services and offerings you use, as well as the respective relationship between you and us, we process, in particular, the following categories of personal data:

Master data (e.g. title, name, first name, date of birth, address, gender, contact information, language, usernames, copies of and information from official documents, etc.)

Contract data (e.g. information relating to the initiation, conclusion, processing, administration and termination of contracts between you and us, information related to applications [see also section 14 below], interaction history, financial and payment information such as creditworthiness, information related to the enforcement of claims, bank details, etc.)

Communication data (e.g. content exchanged via the respective communication channel, type, time and, where applicable, location of the communication, metadata, etc.)

Behavioural and transaction data (e.g. in connection with the use of our website, visits to our locations, participation in events, competitions and surveys, use of electronic communication channels, etc.)

Registration data (e.g. information you provide when creating an account, using our Wi-Fi service or subscribing to our newsletter)

Technical data (e.g. IP addresses, device IDs, information about the devices and applications you use and their settings, your internet service provider, usernames, passwords [as hash values], information relating to two-factor authentication, log data, time and, where applicable, approximate location when using our services, etc.)

Marketing data (e.g. information about personal preferences and interests, newsletter subscriptions and cancellations, content of marketing communications)

Image and audio recordings (e.g. recordings of telephone and video conference calls [only carried out after prior notification and, where necessary, with your consent], recordings in connection with customer events).

5. Source of data

We collect personal data largely directly from you as the data subject. This includes, in particular, master data, contract data, communication data, registration data, marketing data, as well as behavioural and transaction data. The collection of such personal data takes place in the context of initiating and processing business relationships as well as the use of our services and offerings (e.g. via the contact form).

In addition, we may collect personal data about you ourselves or through automated processes, or derive such data from information already available to us. This includes, in particular, behavioural and transaction data, registration data and technical data.

Finally, we also receive personal data from third parties where this is legally permitted. Such third parties include, in particular, persons from your personal environment (e.g. family members, fellow travellers), business partners, insurance companies, banks, authorities, official bodies, courts, parties and their legal representatives in connection with legal disputes, etc. We may also collect personal data from publicly available sources (e.g. credit agencies, social media).

6. Purposes of data processing

We process the collected data in order to fulfil our legal and contractual obligations towards you and third parties. This includes, in particular, the initiation, administration and processing of contractual relationships, such as:

  • the rental of pitches and accommodation units at our campsites
  • the organisation of banquets, birthday parties, anniversary celebrations, etc., held in our restaurants
  • table reservations in restaurants
  • the employment of staff
  • the procurement of other deliveries and services at our campsite.

Furthermore, we process the collected data to ensure communication with you, to provide and improve the services, offerings and information you request, to manage your use of and access to our services, offerings and information, to maintain our business relationship with you, to carry out advertising and marketing activities (where we are authorised to do so, e.g. based on your consent), to monitor and improve the performance of our offerings, to enforce legal claims or defend ourselves against claims, to detect, prevent or investigate illegal activities, to ensure compliance with laws and recommendations of domestic and foreign authorities as well as internal regulations (“compliance”), to generally ensure our operations (in particular IT, website, etc.) and to manage administrative processes (e.g. data archiving, accounting, master data maintenance, quality assurance).

7. Duration of processing of personal data

Unless a more specific retention period is stated within this privacy policy, we process your personal data for as long as we are legally required to do so (e.g. retention and archiving obligations) or as long as our legitimate business interests require it (e.g. enforcement or defence of claims, ensuring IT security), or for as long as the purpose for which your data was collected requires it, or as long as retention is technically necessary. In the case of contracts, data is generally retained for the duration of the contractual relationship and for the statutory retention periods that follow thereafter.

This may result in your personal data or extracts thereof having to be retained for several years after the termination of the contractual relationship between you and us. If your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymised wherever possible.

In certain cases, we also retain your personal data for a longer period based on your consent (e.g. job applications that we keep pending).

If you submit a justified request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible grounds for retaining your personal data (e.g. retention periods under tax or commercial law). In the latter case, deletion will take place once these reasons no longer apply.

8. Data security

To protect your data, we maintain technical and organisational security measures in accordance with the current state of the art.

Communication via our website is encrypted using the SSL/TLS encryption protocol. You can recognise an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the padlock symbol displayed in your browser bar.

If, after concluding a paid contract, you are required to provide us with payment details (e.g. an account number for a direct debit authorisation), this data is required for payment processing. Payment transactions using common payment methods (Visa/MasterCard, direct debit procedures, etc.) are also carried out exclusively via an encrypted SSL or TLS connection.

We would like to point out that even encrypted data transmission over the internet always involves security risks. Complete protection of data against access by third parties cannot be guaranteed.

We require our employees as well as our business partners to maintain secrecy and confidentiality and to comply with applicable data protection regulations.

9. Disclosure of personal data to third parties

Where legally permitted and necessary, we may disclose certain personal data to third parties in the course of our business activities. Where permitted, these third parties process your personal data either on our behalf (data processors), under joint responsibility with us, or under their own responsibility. These include, among others:

  • Group companies (in particular Camping Lodge AG): These group companies may use the data provided for the same purposes as we do (see section 6).
  • Our service providers, such as banks, insurance companies, IT providers, debt collection companies, credit agencies, cleaning companies, advertising service providers, lawyers, external consultants, trustees, auditors, etc.
  • Business partners, such as insurance companies, sales partners, suppliers, etc.
  • Domestic and foreign authorities, official bodies and courts
  • Other parties in administrative and court proceedings
  • Parties involved in corporate transactions (e.g. purchases, sales or mergers of companies, business divisions, etc.)
  • Other third parties whose involvement is necessary to achieve the purpose of the respective data processing.

Where necessary, we have concluded appropriate agreements with these third parties. In the case of engaging data processors, they are obliged to comply with the applicable data protection and data security regulations. Furthermore, they may only process personal data in accordance with our instructions. They also grant us comprehensive rights of inspection and control as well as rights to information, correction and deletion.

10. Disclosure of personal data abroad

We generally process and store personal data in Switzerland and in the European Union (EU) or the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and recipients located outside these areas or who process personal data outside these areas, in principle in any country worldwide. In particular, you should expect that personal data may be disclosed to all countries in which the service providers engaged by us and their subcontractors are located (especially the United States).

By taking appropriate measures, we ensure compliance with the applicable legal requirements. Specifically, an adequacy decision by the competent authority may apply. If no such decision exists, the transfer of personal data takes place on the basis of suitable safeguards (in particular standard contractual clauses approved by the European Commission and the Swiss Federal Data Protection and Information Commissioner [FDPIC]) or exemptions apply for specific situations (e.g. contract performance, enforcement of legal claims abroad, etc.), or we obtain your explicit consent.

11. Your rights as a data subject

Provided that the legal requirements are met and no legal exceptions apply, you as a data subject have, in particular, the following rights:

Right of access, deletion and rectification

Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as, where applicable, the right to request the rectification or deletion of this data. For this purpose, and for any other questions regarding personal data, you may contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

  • If you dispute the accuracy of the personal data stored by us, we generally require time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of the deletion of the data.
  • If we no longer require your personal data, but you require it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.
  • If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balancing of your interests and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from its storage – only be processed with your consent or for the purpose of asserting, exercising or defending legal claims, protecting the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.

Right to data portability

You have the right to receive data that we process automatically on the basis of your consent or in the performance of a contract, or to have such data transferred to a third party, in a commonly used and machine-readable format. If you request the direct transfer of the data to another controller, this will only be carried out where technically feasible.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEREAFTER NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Objection to advertising emails

The use of contact details published as part of the legal obligation to provide an imprint for the purpose of sending unsolicited advertising and informational materials is hereby objected to. The operators of the websites expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as through spam emails.

Please note that these rights may be restricted or excluded in individual cases (e.g. to protect third parties or business secrets).

To exercise your data subject rights or if you have any questions regarding this privacy policy and the processing activities described therein, you may contact the offices mentioned in section 2 above at any time.

If you believe that your data has been processed unlawfully, we would appreciate you contacting us directly. Alternatively, you may lodge a complaint with the supervisory authority responsible for you. The supervisory authority for data protection in Switzerland is the Swiss Federal Data Protection and Information Commissioner (FDPIC). In the EU, complaints must be submitted to the competent national data protection authority.

II. Additional information relating to selected data processing activities

12. Processing of personal data in connection with the use of our website and the services offered on it

12.1. Website hosting provider

Our website is hosted by an external service provider (hoster). The personal data collected in connection with the use of the website is stored on the hoster’s servers. This includes, in particular, server log files (e.g. name and URL of the accessed file, date and time of access, amount of data transferred, web browser and browser version, operating system, domain name of your internet service provider, the so-called referrer URL [the page from which you accessed our website], IP address), contact requests, metadata and communication data, contract data, contact details, names, website accesses and other data.

Our hoster will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding such data. We have concluded a data processing agreement with the hoster.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of ensuring the secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

12.2. Cloudflare

We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).

Cloudflare provides a globally distributed Content Delivery Network (CDN) with DNS services. Technically, the transfer of information between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyse the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious internet traffic. In this context, Cloudflare may also use cookies or other technologies to recognise internet users; however, these are used solely for the purposes described herein.

The use of Cloudflare is based on our legitimate interest in providing our website as reliably and securely as possible (Art. 6 para. 1 lit. f GDPR).

The transfer of data to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and/or the Swiss-U.S. DPF. If these certifications are not applicable or not in force, the transfer of data to the USA takes place on the basis of standard contractual clauses approved by the competent authorities. Further details can be found here: https://www.cloudflare.com/de-de/trust-hub/gdpr/.

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

12.3. Cookies

Unsere Website verwendet sogenannte „Cookies“. Cookies sind kleine Textdateien und richten auf Ihrem Endgerät keinen Schaden an. Sie werden entweder vorübergehend für die Dauer einer Sitzung (Session-Cookies) oder dauerhaft (permanente Cookies) auf Ihrem Endgerät gespeichert. Session-Cookies werden nach Ende Ihres Besuchs automatisch gelöscht. Permanente Cookies bleiben auf Ihrem Endgerät gespeichert, bis Sie diese selbst löschen oder eine automatische Löschung durch Ihren Webbrowser erfolgt.

Teilweise können auch Cookies von Drittunternehmen auf Ihrem Endgerät gespeichert werden, wenn Sie unsere Seite nutzen (Third-Party-Cookies). Diese ermöglichen uns oder Ihnen die Nutzung bestimmter Dienstleistungen des Drittunternehmens (z.B. Cookies zur Abwicklung von Zahlungsdienstleistungen).

Cookies haben verschiedene Funktionen. Zahlreiche Cookies sind technisch notwendig, da bestimmte Websitefunktionen ohne diese nicht funktionieren würden (z.B. die Anzeige von Videos). Andere Cookies dienen dazu, das Nutzerverhalten auszuwerten oder Werbung anzuzeigen.

Sie können Ihren Browser so einstellen, dass Sie über das Setzen von Cookies informiert werden und Cookies nur im Einzelfall erlauben, die Annahme von Cookies für bestimmte Fälle oder generell ausschließen sowie das automatische Löschen der Cookies beim Schließen des Browsers aktivieren. Auf den nachfolgenden Seiten finden Sie Erläuterungen, wie Sie die Verarbeitung von Cookies bei den gängigsten Browsern konfigurieren können:

Disabling cookies may limit the functionality of this website.

Where cookies from third-party companies or cookies used for analytical purposes are deployed, we will inform you separately about this within this privacy policy and, where required, request your consent.

Cookies that are necessary for carrying out the electronic communication process, providing certain functions requested by you (e.g. shopping cart functionality), or optimising the website (e.g. cookies for measuring website traffic) (“necessary cookies”) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimised provision of its services. Where consent has been requested for the storage of cookies and similar recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG); consent may be withdrawn at any time.

12.4. Contact form

If you send us enquiries via the contact form, the information you provide in the enquiry form, including the contact details you enter there, will be stored by us for the purpose of processing your enquiry and for any follow-up questions. We will not share this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), where such consent has been requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

12.5. Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry, including all personal data resulting from it, will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), where such consent has been requested; consent may be withdrawn at any time.

The data sent to us via contact enquiries will remain with us until you request its deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

12.6. Communication via WhatsApp

For communication with our customers and other third parties, we use, among other services, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of communications. However, WhatsApp receives access to metadata generated during the communication process (e.g. sender, recipient and time of communication). We would also like to point out that, according to its own statements, WhatsApp shares users’ personal data with its parent company Meta, which is based in the United States.

Weitere Details zur Datenverarbeitung finden Sie in der Datenschutzrichtlinie von WhatsApp unter: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in enabling communication with customers, prospective customers and other business and contractual partners as quickly and efficiently as possible (Art. 6 para. 1 lit. f GDPR). Where corresponding consent has been requested, data processing is carried out exclusively on the basis of this consent; consent may be withdrawn at any time with effect for the future.

The communication content exchanged between you and us via WhatsApp will remain with us until you request its deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

We use WhatsApp in the “WhatsApp Business” version. The transfer of data to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and/or the Swiss-U.S. DPF. If these certifications are not applicable or not in force, the transfer of data to the USA is based on the standard contractual clauses approved by the European Commission. Further details can be found here: https://www.whatsapp.com/legal/data-privacy-framework/preview and here: https://www.whatsapp.com/legal/business-data-transfer-addendum

12.7. Comment function on the website

When using the comment function on this website, in addition to your comment, information on the time the comment was created, your email address and, if you do not post anonymously, the username you have chosen will be stored.

Storage of the IP address

Our comment function stores the IP addresses of users who submit comments. Since we do not review comments on this website before they are published, we require this data in order to take action against the author in the event of legal violations, such as insults or propaganda.

Storage period of comments

The comments and the associated data are stored and remain on this website until the commented content has been completely deleted or the comments must be removed for legal reasons (e.g. offensive comments).

Legal basis

The storage of comments is based on your consent (Art. 6 para. 1 lit. a GDPR). You may withdraw your consent at any time. An informal notification by email to us is sufficient for this purpose. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal.

12.8. Tracking, analytics and advertising

12.8.1. Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely to manage and deploy the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

12.8.2. Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In this context, the website operator receives various usage data, such as page views, duration of visits, operating systems used and the user’s origin. This data is assigned to the respective user device. No assignment to a user ID takes place. Furthermore, we can use Google Analytics to record, among other things, your mouse movements, scrolling behaviour and clicks. Google Analytics also uses various modelling approaches to supplement the collected datasets and applies machine learning technologies for data analysis. Google Analytics uses technologies that enable recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to and stored on a Google server in the United States.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 TTDSG. Consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and/or the Swiss-U.S. DPF. If these certifications are not applicable or not in force, the transfer of data to the USA is based on standard contractual clauses approved by the competent authorities. Further details can be found here: https://policies.google.com/privacy/frameworks?hl=de and here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have activated the IP anonymisation function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, as well as Switzerland, before being transferred to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity and provide further services related to website usage and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic characteristics in Google Analytics

This website uses the “demographic characteristics” function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated containing information about the age, gender and interests of website visitors. This data originates from interest-based advertising by Google and visitor data from third-party providers. The data cannot be assigned to any specific individual. You can disable this function at any time via the advertising settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

Data processing agreement

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

12.8.3. Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g. location data and interests) (audience targeting). As the website operator, we can analyse this data quantitatively, for example by evaluating which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 TTDSG. Consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and/or the Swiss-U.S. DPF. If these certifications are not applicable or not in force, the transfer of data to the USA is based on standard contractual clauses approved by the competent authorities. Further details can be found here: https://policies.google.com/privacy/frameworks?hl=de and here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing enables us to assign individuals who interact with our online services to specific target groups in order to subsequently display interest-based advertising within the Google advertising network (remarketing or retargeting). Furthermore, the advertising audiences created with Google Ads Remarketing can be linked with Google’s cross-device functions. This allows interest-based, personalised advertising messages that are tailored to you based on your previous usage and browsing behaviour on one device (e.g. a mobile phone) to also be displayed on another of your devices (e.g. a tablet or PC).

If you have a Google account, you can object to personalised advertising via the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG. Consent may be withdrawn at any time.

Further information and Google’s privacy policy can be found at: https://policies.google.com/technologies/ads?hl=de.

Audience creation with customer matching

For audience creation, we use, among other things, Google Ads Remarketing Customer Match. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

For this purpose, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the respective customers are Google users and are logged into their Google accounts, they are shown relevant advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

12.8.4. Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can determine whether users have carried out certain actions. For example, we can analyse which buttons on our website are clicked and how often, and which products are viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our advertisements and which actions they performed. We do not receive any information that allows us to personally identify users. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 TTDSG. Consent may be withdrawn at any time.

Further information on Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

12.8.5. Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “DoubleClick”).

DoubleClick is used to display interest-based advertisements to you across the Google advertising network. With the help of DoubleClick, advertisements can be specifically tailored to the interests of the respective viewer. For example, our advertisements may appear in Google search results or in advertising banners connected with DoubleClick. In order to display relevant advertising to users, DoubleClick must be able to recognise the respective viewer and associate their visited websites, clicks and other information regarding user behaviour. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the relevant user.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 TTDSG. Consent may be withdrawn at any time.

Further information on options for objecting to advertisements displayed by Google can be found via the following links: https://policies.google.com/technologies/ads und https://adssettings.google.com/authenticated.

12.9. Plugins and tools

12.9.1. YouTube

This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not necessarily excluded by the enhanced privacy mode. YouTube therefore establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, after starting a video, YouTube may store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube may obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempts at fraud.

Additional data processing operations may be triggered after starting a YouTube video, over which we have no control.

The use of YouTube is in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

Further information about data protection at YouTube can be found in their privacy policy at:https://policies.google.com/privacy?hl=de.

We have concluded a data processing agreement with Google. Further information can be found here: https://www.youtube.com/t/terms_dataprocessing.

12.9.2. Font Awesome

This website uses Font Awesome for the consistent display of fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you access a page, your browser loads the required fonts into your browser cache in order to display texts, fonts and icons correctly. For this purpose, the browser you use must establish a connection to Font Awesome’s servers. As a result, Font Awesome becomes aware that this website has been accessed via your IP address.

The use of Font Awesome is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring a consistent presentation of the typeface on our website. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

If your browser does not support Font Awesome, a standard font from your computer will be used.

Further information about Font Awesome can be found in Font Awesome’s privacy policy at:https://fontawesome.com/privacy.

12.9.3. Google Maps

This website uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the functions of Google Maps, it is necessary to store your IP address. This information is generally transferred to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of displaying fonts consistently. When Google Maps is accessed, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online services and making the locations specified by us on the website easy to find. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and/or the Swiss-U.S. DPF. If these certifications are not applicable or not in force, the transfer of data to the USA is based on standard contractual clauses approved by the competent authorities. Further details can be found here: https://policies.google.com/privacy/frameworks?hl=en and here: https://privacy.google.com/businesses/controllerterms/mccs/.

Further information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

12.9.4. OpenStreetMap

This website uses the OpenStreetMap mapping service. The provider is the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

In order to use the functions of OpenStreetMap, it may be necessary to process your IP address. This information may be transmitted to OpenStreetMap servers and stored there. The provider of this website has no influence on this data transfer.

The use of OpenStreetMap is in the interest of an appealing presentation of our online services and making the locations specified by us on the website easy to find. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

Further information on the handling of user data can be found in the privacy policy of OpenStreetMap: https://wiki.openstreetmap.org/wiki/Privacy_Policy

12.10. Newsletter

We offer you the opportunity to subscribe to our newsletter on our website, through which we inform you about our services at regular intervals.

To send the newsletter, we require your email address as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. This data is used exclusively for sending the newsletter.

We use the so-called double opt-in procedure for subscribing to the newsletter. After registration, you will receive an email asking you to confirm your subscription. Newsletter registrations are logged. This generally includes the storage of the registration time and confirmation time, as well as the IP address. Any changes to your stored data are also logged.

You may withdraw your consent to the storage of your personal data and its use for newsletter delivery at any time. Each newsletter contains a corresponding unsubscribe link.

For the processing, distribution and analysis of newsletters, we use the services of Microsoft Dynamics. Its privacy policy can be found here: https://learn.microsoft.com/en-us/dynamics365/customer-insights/journeys/privacy.

Within the scope of the GDPR, the associated processing of your personal data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing appropriate information to our existing customers or on your consent (Art. 6 para. 1 lit. a GDPR). Consent may be withdrawn at any time with effect for the future.

12.11. Payment service providers

We integrate payment services from third-party companies on our website. If you make a purchase from us, your payment data (e.g. name, payment amount, bank details, credit card number) will be processed by the payment service provider for the purpose of processing the payment. The respective contractual and privacy provisions of the relevant providers apply to these transactions.

The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of enabling a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Where consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent may be withdrawn at any time with effect for the future.

The following payment services / payment service providers are used as part of this website:

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

The transfer of data to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and/or the Swiss-U.S. DPF. If these certifications are not applicable or not in force, the transfer of data to the USA is based on standard contractual clauses approved by the competent authorities. Further details can be found here: https://stripe.com/de-ch/legal/data-privacy-framework and here: https://stripe.com/de/guides/general-data-protection-regulation.

Further information on data protection at Stripe can be found in Stripe’s privacy policy: https://stripe.com/de/privacy.

Sofortüberweisung

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”).

With the “Sofortüberweisung” payment method, we receive real-time payment confirmation from Sofort GmbH and can immediately begin fulfilling our obligations. If you choose the “Sofortüberweisung” payment method, you transmit your PIN and a valid TAN to Sofort GmbH, enabling the company to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you provided. It then immediately sends us a transaction confirmation. After logging in, your transactions, overdraft credit limit and the existence of other accounts, including their balances, are also checked automatically. In addition to your PIN and TAN, the payment data entered by you and personal data are also transmitted to Sofort GmbH. The personal data includes your first and last name, address, telephone number(s), email address, IP address and, where applicable, other data required for payment processing. The transfer of this data is necessary to verify your identity beyond doubt and to prevent attempts at fraud.

Details regarding payment with Sofortüberweisung can be found via the following links:

https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

Sofortüberweisung

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”).

With the “Sofortüberweisung” payment method, we receive real-time payment confirmation from Sofort GmbH and can immediately begin fulfilling our obligations. If you choose the “Sofortüberweisung” payment method, you transmit your PIN and a valid TAN to Sofort GmbH, enabling the company to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you provided. It then immediately sends us a transaction confirmation. After logging in, your transactions, overdraft credit limit and the existence of other accounts, including their balances, are also checked automatically. In addition to your PIN and TAN, the payment data entered by you and personal data are also transmitted to Sofort GmbH. The personal data includes your first and last name, address, telephone number(s), email address, IP address and, where applicable, other data required for payment processing. The transfer of this data is necessary to verify your identity beyond doubt and to prevent attempts at fraud.

Details regarding payment with Sofortüberweisung can be found via the following links:

https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

giropay

The provider of this payment service is paydirekt GmbH, Stephanstraße 14–16, 60313 Frankfurt am Main, Germany (hereinafter “giropay”).

Further details can be found in giropay’s privacy policy: https://www.paydirekt.de/agb/index.html.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the USA. The transfer of data to the USA is based on Mastercard’s Binding Corporate Rules. Further details can be found here: https://www.mastercard.de/de-de/datenschutz.html and here: https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a safe third country under data protection law. This means that the United Kingdom provides a level of data protection equivalent to that of the European Union. VISA may transfer data to its parent company in the USA. The transfer of data to the USA is based on the European Commission’s standard contractual clauses. Further details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

12.12. Links to other websites

Our website contains hyperlinks to websites of third parties that are not operated or controlled by us. We are not responsible for their content or privacy practices.

13. Processing of personal data in connection with interaction with our social media channels

13.1. General information

We maintain the publicly accessible profiles listed below on social networks. In connection with the use of social networks, we would like to point out the following:

By visiting our profiles on social networks, personal data about you may be collected. For example, if you are logged into your accounts on social networks and visit our profile at the same time, the platform operator may associate this visit with your user account. However, your personal data may also be collected if you are logged out of your account or if you do not have an account with the respective platform. Such data collection may occur, for example, through the use of cookies. Based on the data collected in this way, platform operators may create user profiles and display interest-based advertising to you. Further information can be found in the respective privacy policies of the platform operators.

The use of social networks and the associated data processing are based on our legitimate interest. In particular, we use them to present ourselves online and increase our reach.

The use of social networks is in the interest of presenting our online services in an appealing manner, increasing our reach and promoting our services. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Where corresponding consent has been requested, processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time with effect for the future.

13.2. Facebook

We operate a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).

If you have a Facebook user account, you can interact with us via Facebook. In the course of such interaction, we process the personal data provided by you.

Further information on data protection at Facebook can be found here: https://www.facebook.com/policy.php

13.3. Instagram

We operate a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Instagram”).

If you have an Instagram user account, you can interact with us via Instagram. In the course of such interaction, we process the personal data provided by you.

Further information on data protection at Instagram can be found here: https://instagram.com/about/legal/privacy/.

14. Processing of personal data of applicants

As part of the recruitment process, we use the recruiting tool REFLINE. The provider is Refline AG, Baarermattstrasse 10, 6340 Baar, Switzerland. The company’s privacy policy can be found here. We have concluded a data processing agreement with the provider.

Where required, we may also work with additional external partners (e.g. job portals and recruitment agencies). In such cases, please also observe the privacy notices of these partners.

Below, we inform you about the scope, purpose and use of the personal data collected from you as part of the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions, and that your data is treated with strict confidentiality.

Scope and purpose of data collection

If you submit an application to us, we process the associated personal data (e.g. contact and communication data, application documents, notes from job interviews, etc.) insofar as this is necessary for making a decision regarding the establishment of an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – where you have provided consent – Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time.

Your personal data will only be disclosed to persons involved in processing your application. This includes persons within our company as well as within our parent company, lodgyslife Services GmbH, based in Frankfurt, and our sister company Lodge Services AG, based in Switzerland. With your consent, we may also disclose your personal data to other group companies in order to assess possible employment opportunities.

If your application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

Storage period of data

If we do not make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application).

After this period, the data will be deleted and physical application documents will be destroyed. The retention serves in particular as evidence in the event of legal disputes. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or ongoing legal dispute), deletion will only take place once the purpose for continued storage no longer applies.

Longer retention may also take place if you have provided corresponding consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant pool

If we do not make you a job offer, there may be an option to include you in our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6 para. 1 lit. a GDPR). Providing consent is voluntary and has no connection to the ongoing application process. You may withdraw your consent at any time. In this case, your data will be irrevocably deleted from the applicant pool unless statutory retention obligations apply.

Data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.