Privacy Policy (Datenschutzerklärung)

Last updated: [DATE_PLACEHOLDER]

We take the protection of your personal data very seriously. This privacy policy informs you about how we collect, process, and use your personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Data Controller

The data controller responsible for processing your personal data is:

[COMPANY_NAME]

[FULL_ADDRESS]

Email: [EMAIL_ADDRESS]

Phone: [PHONE_NUMBER]

2. Data Protection Officer

If you have any questions regarding data protection, you can contact our Data Protection Officer at datenschutz@[DOMAIN]. We are available to address any concerns about how your personal data is handled.

3. Data Collection

We collect different types of data depending on how you interact with our services:

3.1 Automatically Collected Data

When you visit our website, certain information is automatically collected for technical and security purposes:

  • IP address (anonymized where possible)
  • Browser type and version
  • Device type and operating system
  • Date and time of access
  • Pages visited and duration of visit

3.2 Data You Provide

When you use our services, you may provide us with the following data:

  • Account information (name, email, password)
  • Contact details (phone number, address)
  • Payment information (bank details for invoicing)
  • Business data (customer records, booking information)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 GDPR:

  • Consent (Art. 6(1)(a) GDPR): When you have given explicit consent for specific processing purposes.
  • Contract Performance (Art. 6(1)(b) GDPR): When processing is necessary for the performance of a contract with you.
  • Legal Obligation (Art. 6(1)(c) GDPR): When we are legally required to process your data (e.g., tax regulations).
  • Legitimate Interest (Art. 6(1)(f) GDPR): When processing is necessary for our legitimate business interests.

5. Purpose of Processing

We use your personal data for the following purposes:

  • Providing and improving our travel agency management services
  • Managing your user account and authentication
  • Communicating with you about your account and our services
  • Complying with legal obligations (e.g., tax documentation, retention requirements)
  • Analyzing usage patterns to improve our services

6. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and ensure the proper functioning of our services.

6.1 Essential Cookies

These cookies are necessary for the website to function properly and cannot be disabled. They include session cookies for authentication and security.

6.2 Functional Cookies

These cookies remember your preferences (such as language settings) to provide a personalized experience.

6.3 Analytics Cookies

With your consent, we may use analytics cookies to understand how you use our services and to improve them.

7. Third-Party Services

We may share your data with trusted third-party service providers who assist us in operating our services (e.g., hosting providers, payment processors). These providers are contractually bound to protect your data and only process it on our behalf.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Business records are typically retained for 10 years in accordance with German commercial and tax law.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and regular security assessments.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request information about your personal data we process.
  • Right to Rectification: You can request correction of inaccurate personal data.
  • Right to Erasure: You can request deletion of your personal data under certain conditions.
  • Right to Restriction: You can request restriction of processing under certain conditions.
  • Right to Data Portability: You can receive your data in a structured, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests.
  • Right to Withdraw Consent: You can withdraw consent at any time without affecting prior processing.

11. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority for data protection matters is typically the data protection officer of the German state in which our company is headquartered.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the 'Last updated' date.

13. Contact

If you have any questions about this privacy policy or wish to exercise your rights, please contact us using the information provided in Section 1 or on our Contact page.