Preface

We, TravelAppointments, Veit Spiegelberg, Cranachstraße 47, 12157 Berlin (hereinafter: "the company", "we" or "us") take the protection of your personal data seriously and would like to inform you about the data protection in our company.

As part of our data protection liability, additional obligations have been imposed on us as part of our data protection liability by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "DS-GMO") in order to ensure the protection of personal data of the data subject (we will also address you as a data subject below with "customer", "user", "you", "you" or "affected").

Insofar as we decide, either alone or jointly with others, on the purposes and means of data processing, this includes, above all, the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (see Articles 13 and 14 GDPR). With this declaration (hereinafter: "Privacy Notice") we inform you about how your personal data is processed by us.

Our data protection notices are modular. They consist of a general part for any processing of personal data and processing situations that come into effect each time a website is accessed (A. General) and a special part, the content of which refers only to the processing situation specified therein with the name of the respective offer or product, in particular the visit to websites (e.g. visit of websites).

In order to be able to find the relevant parts for you, please refer to the following overview of the breakdown of the data protection notices:

A. General

(1) Definitions

Following the example of Article 4 GDPR, these data protection notices are based on the following definitions:

(2) Name and address of the controller

The body responsible for the processing of your personal data within the meaning of Article 4 No. 7 GDPR is:

TravelAppointments
Veit Spiegelberg
Cranachstraße 47, 12157 Berlin
Telefon: +49 (0)173 6034787
Telefax: +49 (0)30 609 825 539
E-Mail: info@travelappointments.com

Weitere Angaben zu unserem Unternehmen entnehmen Sie bitte demImpressum auf unserer Internetseite.

(3) Legal bases of data processing

By law, any processing of personal data is prohibited by law and is only permitted if the processing of data falls within one of the following justifications:

For the processing operations carried out by us, we specify the applicable legal basis in each case. Processing may also be based on several legal bases.

(4) Data erasure and storage time

For the processing operations we perform, we specify in the following how long the data is stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage is omitted. In principle, your data will only be stored on our servers in Germany, subject to any disclosure in accordance with the regulations in A.(7) and A.(8).

However, storage may take place beyond the stated time in the event of a (threatening) dispute with you or any other legal procedure or if the storage is provided for by legal regulations to which we are subject as the controller (e.g. Section 257 of the German Commercial Code ( Section 147 AO). If the retention period prescribed by the statutory provisions expires, the personal data will be blocked or deleted, unless further storage by us is required and there is a legal basis for this.

(5) Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of processing, as well as the existing risks of a data breach (including its probability and impact). Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with further information on request. Please contact our Data Protection Officer (see A.(3)).

(6) Cooperation with processors

As with any major company, we use external domestic and foreign service providers (e.B. for the areas of IT, logistics, telecommunications, sales and marketing) to handle our business transactions. These act only in accordance with our instructions and iSv Art. 28 GDPR was contractually obliged to comply with the data protection regulations.

If personal data is passed on by you through us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is due to existing order processing relationships.

(7) Conditions for the transfer of personal data to third countries

As part of our business relationships, your personal data may be disclosed to third-party companies. They may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfilment of contractual and business obligations and for the maintenance of your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points.

Einigen Drittländern bescheinigt die Europäische Kommission durch sog. Angemessenheitsbeschlüsse einen Datenschutz, der dem EWR-Standard vergleichbar ist (eine Liste dieser Länder sowie eine Kopie der Angemessenheitsbeschlüsse erhalten Sie hier:https://ec.europa.eu/info/law/law-topic/data-protection_en). In anderen Drittländern, in die ggf. personenbezogene Daten übertragen werden, herrscht aber unter Umständen wegen fehlender gesetzlicher Bestimmungen kein durchgängig hohes Datenschutzniveau. Soweit dies der Fall ist, achten wir darauf, dass der Datenschutz ausreichend gewährleistet ist. Möglich ist dies über bindende Unternehmensvorschriften, Standard-Vertragsklauseln der Europäischen Kommission zum Schutz personenbezogener Daten, Zertifikate, anerkannte Verhaltenskodizes oder eine Eigenzertifizierung über das EU-US-Privacy Shield (Informationen dazu erhalten Sie hier: https://www.privacyshield.gov/welcome). Bitte wenden Sie sich an unseren Datenschutzbeauftragten (siehe unter A.(3)), wenn Sie hierzu nähere Informationen erhalten möchten.

(8) No automated decision-making (including profiling)

We do not intend to use any personal information you collect for automated decision-making (including profiling) procedures.

(9) No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, there is no legal or contractual obligation to provide us with your personal data; however, we may be unable to provide certain offers to a limited extent or not at all if you do not provide the necessary information. If this should exceptionally be the case within the scope of the products presented below and offered by us, you will be informed separately.

(10) Legal obligation to provide certain data

We may be subject to a special legal or legal obligation to provide the legally processed personal data to third parties, in particular public authorities (Art. 6 sec. 1 p. 1 lit.c GDPR).

(11) Your rights

You can assert your rights as a data subject with regard to your processed personal data at any time against us under the contact details given at the beginning under A.(2). As a person concerned, you have the right to:

B. Visiting websites

(1) Explanation of the function

Information about our companies and the services offered by us can be found at www. travelappointments.com and the corresponding subpages (hereinafter collectively: "Websites"). When you visit our websites, personal data may be processed by you.

(2) Personal data processed

When using the website in an informative manner, we collect, store and process the following categories of personal data:

"Protocol data": When you visit our websites, a so-called log record (so-called server log files) is temporarily and anonymized on our web server. It consists of:

"Contact form data": When using contact forms, the data transmitted thereby will be processed (e.B. gender, name and first name, address, company, e-mail address and the time of transmission).

"Registration data/account data": When booking our services and registering on our website, the data transmitted thereby will be processed (e.B. gender, name and first name, address, company, e-mail address and the time of transmission).

(3) Purpose and legal basis of data processing

We process the personal data specified above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 sec. 1 p. 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.

The processing of the log data serves statistical purposes and improves the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 sec. 1 p. 1 lit. f GDPR).

The processing of contact form data is carried out for the processing of customer enquiries (legal basis is Art. 6 sec. 1 p. 1 lit.b or lit. f GDPR).

The processing of registration data/account data takes place for the use of our services (legal basis is Art. 6 sec. 1 p. 1 lit.b GDPR).

(4) Duration of data processing

Ihre Daten werden nur so lange verarbeitet, wie dies für die Erreichung der oben genannten Verarbeitungszwecke erforderlich ist; hierfür gelten die im Rahmen der Verarbeitungszwecke angegebenen Rechtsgrundlagen entsprechend. Hinsichtlich der Nutzung und der Speicherdauer von Cookies beachten Sie bitte Punkt A.(4) sowie dieCookie-Richtlinie.

Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of the services for us in accordance with the respective order.

(5) transfer of personal data to third parties; Justification

The following categories of recipients, which are usually processors (see A.(6)), may have access to your personal data:

For the guarantees of an adequate level of data protection when the data is to be passed on to third countries, see A.(7).

In addition, we will only pass on your personal data to third parties if you have given express consent to this in accordance with Art. 6 sec. 1 lit. a GDPR.

(6) Use of cookies

We use cookies on our websites. Cookies are small text files that are mapped and stored on your hard drive by a characteristic string to the browser you are using, and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore do not cause damage. They serve to make the Internet offer more user-friendly and effective overall, so more pleasant for you.

Cookies may contain data that allows the device used to be recognised. In some cases, cookies also contain only information about certain settings that are not personal. However, cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and persistent cookies that are stored beyond the individual session.

We only use session cookies with the following functions:

Any use of cookies, which is not necessarily technically necessary, constitutes data processing, which is only permitted with the express and active consent of you in accordance with Art. 6 sec. 1 p. 1 lit. a GDPR.

C. Data processing on our website

Our web hosting provider, domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning ("domainfactory"), automatically collects data from the calling device every time our website is accessed and stores this data in log files (web server log files). This data is used exclusively for the delivery of our contents. We don't have access to it.

The following data is collected for access:

Die erfassten Informationen erlauben keine Rückschlüsse auf Personen; eine Speicherung dieser Daten zusammen mit anderen personenbezogenen Daten findet nicht statt. Wir benutzen auf dieser Website keine technischen Hilfsmittel zur Nutzungsanalyse wie Cookies, Google Analytics o. ä. Weitere Informationen:Datenschutzerklärung von domainfactory.

Purposes and legal basis of data processing: The temporary processing of data by domainfactory during website use is technically necessary to deliver our web content. IP addresses are only collected and temporarily stored for technical and security purposes, including establishing connections, detecting hacker attacks, and fixing technical faults. For the purposes mentioned above, there is a legitimate interest on our part in the processing of the data collected for this purpose in accordance with Article 6 (1) (f) GDPR.

Storage time and deletion: Web server log files are deleted by domainfactory as soon as they are no longer required for the above purposes. The storage period is 3 days. We have no influence on the data collection by the provider and cannot make any deletion ourselves. Therefore, there is no possibility of objection on the part of the users.

D. Data processing in the context of e-mail communication

We offer on our website possibilities to get in touch with us quickly and conveniently. When you contact us via the e-mail address provided by us, we will store the personal data that you provide to us with your e-mail as long as this is necessary for the processing of your request. Your contact information will not be passed on to third parties.

E-Mail-Nachrichten speichern wir lokal auf unseren Systemen sowie auf den E-Mail-Servern bei unserem E-Mail-Provider domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning („domainfactory“). Außerdem speichert domainfactory eventuell Verkehrsdaten mit IP-Adressen von Absendern. Mehr Informationen:Datenschutzerklärung von domainfactory.

Purposes and legal basis of data processing: The storage and processing of personal data transmitted by us by e-mail as well as traffic data enables the necessary communication within the scope of our work, in particular the processing of enquiries and the coordination during the treatment. For the purposes mentioned above, there is a legitimate interest on our part in the processing of the data collected for this purpose in accordance with Article 6 (1) (f) GDPR.

Storage period and deletion: We delete personal data that may be transmitted to us by e-mail if no contract is concluded or if it is no longer necessary for the aforementioned purposes and there is no legal obligation to retain it. If we wish to store personal data permanently in our systems in such cases, we will obtain the consent of the data subject.

We have no influence on the data collection by the provider and cannot make any deletion ourselves. Therefore, there is no possibility of objection on the part of the users.