Privacy policy

I. General information

1. Introductory remarks

With this privacy policy, AZUR Freizeit GmbH (hereinafter “AZUR”, “we” or “us”) explains to its customers, users, business partners, applicants, authorities and other persons involved (“you”) how personal data is collected and processed in the company. Handling your personal data responsibly is very important to us.

You may only provide us with personal data from third parties if you have the right to do so and if the personal data is correct. We ask you to ensure that the persons concerned are aware of this privacy policy.

In this privacy policy, we use the female and male forms alternately. The respective term also includes all other gender terms.

We may amend this privacy policy at any time and without notice. The current version published on our website applies in each case.

2. Responsible person for data protection issues

AZUR is a subsidiary of Camping Lodge AG based in Zug, Switzerland. We are therefore part of the Camping Lodge Group.

Responsible for the content of this privacy policy and for the data processing described is:

AZUR Freizeit GmbH
Rohrackerstr 272
70329 Stuttgart
germany
Telephone: +49 711 4093500
email: [email protected]

We have appointed a data protection officer:

Pascal Urscheler
AZUR Freizeit GmbH
Rohrackerstraße 272
70329 Stuttgart
Telephone: +49 711 4093500
email: [email protected]

3. Legal basis for data processing

If you have consented to data processing, we process your personal data on the basis of Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, provided that special categories of data are processed in accordance with Article 9 (1) GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TTDSG. The consent can be withdrawn at any time. If your data is necessary to fulfill a contract or to carry out pre-contractual measures, we process your data on the basis of Article 6 (1) (b) GDPR. We also process your data insofar as it is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c DSGVO. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO.

The following paragraphs of this privacy policy provide information on the relevant legal bases in each individual case.

4. Categories of personal data

Depending on the services and services you use and the respective relationship between you and us, we process the following categories of personal data in particular:

  • master data (e.g. title, surname, first name, date of birth, address, gender, contact information, language, user name, copies of and information from official documents, etc.)
  • Contract data (e.g. information regarding the initiation, conclusion, processing, administration and termination of contracts between you and us, information in connection with applications [see also section 14 below], interaction history, financial and payment information such as creditworthiness, information in connection with the enforcement of claims, bank details, etc.)
  • communication data (e.g. content exchanged via the respective communication channel, type, time and possibly location of communication, marginal data, etc.)
  • Behavioral and transactional data (e.g. in connection with using our website, visiting our locations, participating in events, competitions and surveys, using electronic communication channels, etc.)
  • registration data (e.g. information that you provide when creating an account, using our WLAN service or signing up for our newsletter)
  • specifications (e.g. IP addresses, device IDs, information about the devices and applications you use and their settings, Internet provider used by you, user names, passwords [as a hash value], information related to 2-factor authentication, log data, time and, if necessary, approximate location when using our services, etc.)
  • marketing data (e.g. information on personal preferences and interests, subscriptions and cancellations from newsletters, content of marketing correspondence)
  • Video and sound recordings (e.g. recordings of telephone and video conference calls [will only be made after prior notice and, if necessary, with your consent], recordings in connection with customer events).

5. Source of data

We collect a large part of personal data directly from you as the data subject. In particular, this includes master, contract, communication, registration, marketing, behavioral and transaction data. Such personal data is collected as part of initiating and processing business relationships and using our services and services (e.g. via the contact form).

In addition, we can also collect personal data about you ourselves or automatically or derive it from existing data. This includes in particular behavioral and transaction data, registration data and technical data.

Finally, we also receive personal data from third parties, to the extent permitted by law. Such third parties include in particular people from your environment (e.g. family members, fellow travelers), business partners, insurance companies, banks, authorities, official offices, courts, parties and their legal representatives in the context of legal disputes, etc. In addition, we may also collect personal data from public sources (e.g. credit agencies, social media).

6. Purposes of data processing

We process the collected data to comply with our legal and contractual obligations to you and third parties. This includes in particular the establishment, administration and execution of contractual relationships, such as:

  • the rental of parking spaces and objects on our campsites
  • Organization of banquets, birthday parties, anniversary parties, etc., which are held in our restaurants
  • Table reservations in restaurants
  • Hiring employees

the purchase of other supplies and services at our campsite.

We also process the data collected to ensure communication with you, to be able to provide and improve the services, services and information you have requested, to manage your use of and desired access to our services, services and information, to maintain our business relationship with you, to carry out advertising and marketing measures (to the extent that we are authorized to do so, for example with your consent), to monitor and maintain the performance of our offering improve to enforce legal claims or defend ourselves against them, to identify, prevent or clarify illegal activities, to ensure compliance with laws and recommendations from domestic and foreign authorities as well as internal regulations (“compliance”), to generally guarantee our operations (in particular IT, website, etc.) and to ensure administrative processes (e.g. data archiving, accounting, master data maintenance, quality assurance).

7. Processing time of personal data

Unless a specific storage period has been specified in this privacy policy, we process your personal data as long as we are legally obliged to do so (e.g. storage and archiving obligations) or our legitimate business interests require this (e.g. enforcement or defense of claims, ensuring IT security) or as required by the purpose of collecting your data or storage is technically necessary. In the case of contracts, they are generally stored for the duration of the contractual relationship and the additional legal retention periods.

This may mean that your personal data or extracts from it must be kept for several years after the end of the contractual relationship between you and us. If your personal data is no longer required for the purposes mentioned above, it will always be deleted or anonymized as far as possible.

In certain cases, we also store your personal data for longer — based on your consent — (e.g. job applications that we are holding pending).

If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons cease to apply.

8. Data security

To secure your data, we maintain technical and organizational security measures in accordance with the latest state of the art.

Communication via our website is encrypted using the SSL/TLS encryption protocol. You can recognize an encrypted connection when the browser's address line changes from “http://” to “https://” and by the lock icon in your browser line.

If, after the conclusion of a paid contract, there is an obligation to provide us with your payment details (e.g. account number in case of direct debit authorization), this data is required to process payment. Payment transactions using common means of payment (Visa/MasterCard, direct debit, etc.) are also carried out exclusively via an encrypted SSL or TLS connection.

We would like to point out that even encrypted data transmission on the Internet always entails security risks. Complete protection of data from access by third parties cannot be guaranteed.

We oblige our employees and business partners to maintain secrecy and confidentiality as well as to comply with applicable data protection regulations.

9. Disclosure of personal data to third parties

To the extent permitted and necessary by law, we may also share certain personal data with third parties as part of our business activities. To the extent permitted, these third parties process your personal data either on our behalf (contract processor), jointly with us or on their own responsibility. These include:

  • Group companies (in particular Camping Lodge AG): These group companies can use the transmitted data for the same purposes as we do (see section 6).
  • our service providers, such as banks, insurance companies, IT providers, collection agencies, credit agencies, cleaning companies, advertising service providers, lawyers, external consultants, trustees, auditors, etc.
  • Business partners, such as insurance companies, sales partners, suppliers, etc.
  • National and foreign authorities, offices and courts
  • Other parties in administrative and court proceedings
  • Participants in corporate transactions (e.g. purchase, sale or merger of companies, divisions, etc.)
  • Other third parties that are necessary to achieve the purpose of the respective data processing

Where necessary, we have concluded appropriate contracts with these third parties. If contract processors are brought in, they agree to comply with the applicable data protection and data security regulations. Furthermore, they may only process personal data in accordance with our instructions. They also grant us comprehensive audit and control rights as well as information, correction and deletion rights.

10. Disclosure of personal data abroad

We generally process and store personal data in Switzerland and in the European Union (EU) or in the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and recipients who are located outside this area or process personal data outside this area, in principle in any country in the world. In particular, you must expect personal data to be disclosed to all countries in which the service providers we use and their subcontractors are located (in particular the USA).

By taking appropriate measures, we ensure compliance with legal requirements. More specifically, there is an adequacy decision from the competent authority. If there is no such provision, the transfer of personal data is based on appropriate guarantees (in particular standard contractual clauses approved by the European Commission and the Federal Data Protection and Information Commissioner [FDPIC]) or there are exceptions for certain situations (contract processing, law enforcement abroad, etc.) or we obtain your express consent.

11. Your rights as a data subject

Insofar as the legal requirements are met and no legal exceptions apply, you as a data subject have the following rights in particular:

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right to receive information free of charge about your stored personal data, its origin and recipients and the purpose of data processing and, if applicable, a right to correct or delete this data. You can contact us at any time about this and if you have any further questions on the subject of personal data.

Right to restrict processing

You have the right to request that the processing of your personal data be restricted. You can contact us for this at any time. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the audit, you have the right to request that the processing of your personal data be restricted. If the processing of your personal data was/happens unlawfully, you can request the restriction of data processing instead of deletion. If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion. If you have filed an objection in accordance with Article 21 (1) GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data — apart from storage — may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of data to another person responsible, this will only be done insofar as it is technically feasible.

Withdrawal of your consent to data processing

Many data processing processes are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to object to data collection in special cases and against direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU FILE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED, UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION IN ACCORDANCE WITH ARTICLE 21 (2) GDPR).

Objection to promotional emails

The use of contact data published as part of the legal notice obligation to send unsolicited advertising and information material is hereby rejected. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

Please note that these rights may be limited or excluded in specific individual cases (e.g. to protect third parties or trade secrets).

To assert your rights as a data subject or if you have any questions about this privacy policy and the processing processes described therein, you can contact the offices mentioned in section 2 above at any time.

If you believe that your data has been processed unlawfully, we would be grateful for your direct contact. Alternatively, you can file a complaint with the supervisory authority responsible for you. The supervisory authority for data protection in Switzerland is Federal Data Protection and Information Commissioner (FDPÖB). In the EU, the complaint is filed with competent national data protection authority submit.

II. Supplementary information in connection with selected data processing

12. Processing of personal data as part of the use of our website and the services offered on it

12.1. website hosting provider

Our website is hosted by an external service provider (host). The personal data collected as part of website usage is stored on the host's servers. These include in particular server log files (e.g. name and URL of the retrieved file, date and time of access, amount of data, web browser and web browser version, operating system, the domain name of your Internet provider, the so-called referrer URL (the page from which you accessed our offer), the IP address), contact requests, meta and communication data, contract data, contact details, names, website accesses and other data.

Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. We have concluded an order processing contract with the host.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

12.2. Cloudflare

We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed via the Cloudflare network. This enables Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Data transmission to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF. Insofar as these certifications are not applicable or are not in force, data transfer to the USA is based on standard contractual clauses approved by the competent authorities. Details can be found here: https://www.cloudflare.com/de-de/trust-hub/gdpr/.

You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.

12.3. cookies

Our website uses so-called “cookies.” Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you use our site (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g. cookies to process payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to evaluate user behavior or display advertising.

You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. On the following pages, you will find explanations of how you can configure the processing of cookies in the most common browsers:

If cookies are deactivated, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you separately as part of this privacy policy and, if necessary, request consent.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Article 6 (1) (f) GDPR, unless another legal basis is provided. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); consent can be withdrawn at any time.

12.4. contact form

If you send us inquiries via the contact form, we will store your details from the enquiry form, including the contact details you provided there, for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.

This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be withdrawn at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.

12.5. Request by e-mail, telephone or fax

If you contact us by email, telephone or fax, your request, including all resulting personal data, will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.

This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be withdrawn at any time.

The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular statutory retention periods — remain unaffected.

12.6. Communication via WhatsApp

To communicate with our customers and other third parties, we use, among other things, the WhatsApp instant messaging service. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is carried out using end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp has access to metadata that is created during the communication process (e.g. sender, recipient, and time). We would also like to point out that WhatsApp, according to its own statement, shares personal data of its users with its parent company Meta based in the USA.

Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

WhatsApp is used on the basis of our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, data processing is carried out exclusively on the basis of consent; this can be withdrawn at any time with effect for the future.

The communication content exchanged between and on WhatsApp will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.

We use WhatsApp in the “WhatsApp Business” variant. Data transmission to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF. Insofar as these certifications are not applicable or are not in force, data transmission to the USA is based on the EU Commission's standard contractual clauses approved by the competent authorities. Details can be found here: https://www.whatsapp.com/legal/data-privacy-framework/preview and here: https://www.whatsapp.com/legal/business-data-transfer-addendum

12.7 Comment function on the website

When using the comment function on this website, in addition to your comment, information about the time the comment was created, your e-mail address and, if you do not post anonymously, the username you have chosen will be saved.

Saving the IP address

Our comment function stores the IP addresses of users who write comments. Since we do not check comments on this website before they are published, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Storage period of comments

The comments and associated data are stored and remain on this website until the commented content has been completely deleted or the comments must be deleted for legal reasons (e.g. insulting comments).

legal basis

Comments are stored on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. All you need to do is send us an informal message by e-mail. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

12.8. Tracking, Analytics, and Advertising

12.8.1. Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and play out the tools integrated via it. However, Google Tag Manager collects your IP address, which can also be transferred to Google's parent company in the United States.

Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on his website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

12.8.2. Google Analytics

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. Here, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is assigned to the user's respective device. There is no assignment to a user ID. We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the collected data sets and uses machine learning technologies in data analysis. Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF. Insofar as these certifications are not applicable or are not in force, data transfer to the USA is based on standard contractual clauses approved by the competent authorities. Details can be found here: https://policies.google.com/privacy/frameworks?hl=de and here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

We have activated the IP anonymization feature on this website. As a result, your IP address is abbreviated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area and Switzerland before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Demographics in Google Analytics

This website uses the “demographic characteristics” feature of Google Analytics to be able to show website visitors suitable advertisements within the Google advertising network. As a result, reports can be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third parties. This data cannot be attributed to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit Google Analytics from collecting your data as described in the “Objection to data collection” section.

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

12.8.3. Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). In addition, targeted advertisements can be displayed based on user data available on Google (e.g. location data and interests) (target group targeting). As a website operator, we can quantitatively evaluate this data, for example by analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF. Insofar as these certifications are not applicable or are not in force, data transfer to the USA is based on standard contractual clauses approved by the competent authorities. Details can be found here: https://policies.google.com/privacy/frameworks?hl=de and here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads Remarketing

This website uses the features of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to then display interest-based advertising to them in the Google advertising network (remarketing or retargeting). In addition, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising under the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be withdrawn at any time.

Further information and the privacy policy can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Target group building with customer reconciliation

To build target groups, we use, among other things, Google Ads Remarketing customer matching. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In doing so, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they will be shown appropriate advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

12.8.4. Google conversion tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be withdrawn at any time.

You can find more information about Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

12.8.5. Google DoubleClick

This website uses features from Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter “DoubleClick”).

DoubleClick is used to show you interest-based ads across the Google advertising network. With the help of DoubleClick, the advertisements can be tailored to the interests of the respective viewer. For example, our advertising may be displayed in Google search results or in advertising banners associated with DoubleClick. In order to be able to display interest-based advertising to users, DoubleClick must recognize the respective viewer and be able to associate the websites they have visited, clicks and other information about user behavior. DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting) for this purpose. The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be withdrawn at any time.

For more information on options to object to advertisements displayed by Google, please see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

12.9. Plugins and tools

12.9.1. YouTube

This website includes videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily preclude the transfer of data to YouTube partners. This is how YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.

As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. In addition, after you start a video, YouTube can save various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability, and prevent fraud attempts.

After the start of a YouTube video, further data processing processes may be triggered over which we have no influence.

YouTube is used in the interest of presenting our online offerings in an appealing way. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

For more information about YouTube's privacy policy, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

We have concluded an order processing contract with Google. You can find more information here: https://www.youtube.com/t/terms_dataprocessing.

12.9.2. Font Awesome

This site uses Font Awesome to uniformly display fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you call up a page, your browser loads the required fonts into its browser cache to correctly display texts, fonts and symbols. For this purpose, the browser you are using must connect to Font Awesome's servers. As a result, Font Awesome becomes aware that this website has been accessed via your IP address.

Font Awesome is used on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the uniform presentation of the typeface on our website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

If your browser doesn't support Font Awesome, a standard font is used by your computer.

You can find more information about Font Awesome and in Font Awesome's privacy policy at: https://fontawesome.com/privacy.

12.9.3. Google Maps

This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Fonts for the purpose of uniformly displaying fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.

Google Maps is used in the interest of presenting our online offerings in an appealing way and making it easy to find the locations we have specified on the website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF. Insofar as these certifications are not applicable or are not in force, data transfer to the USA is based on standard contractual clauses approved by the competent authorities. Details can be found here: https://policies.google.com/privacy/frameworks?hl=de and here: https://privacy.google.com/businesses/controllerterms/mccs/ .

More information on how to handle user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

12.9.4. OpenStreetMap

This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Fonts for the purpose of uniformly displaying fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.

Google Maps is used in the interest of presenting our online offerings in an appealing way and making it easy to find the locations we have specified on the website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF. Insofar as these certifications are not applicable or are not in force, data transfer to the USA is based on standard contractual clauses approved by the competent authorities. Details can be found here: https://policies.google.com/privacy/frameworks?hl=de and here: https://privacy.google.com/businesses/controllerterms/mccs/ .

More information on how to handle user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

12.10. newsletters

On our website, we offer you the opportunity to subscribe to our newsletter, which will inform you about our services at regular intervals.

To send you the newsletter, we need your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. This data is used exclusively for sending the newsletter.

We use the so-called double opt-in procedure to subscribe to the newsletter. After registration, you will receive an email asking you to confirm your registration. Subscriptions to the newsletter are logged. In principle, this includes saving the time of registration and confirmation, as well as the IP address. In addition, any changes to your stored data are logged.

You can withdraw your consent to the storage of your personal data and your use for sending newsletters at any time. There is a corresponding link to it in every newsletter.

We use the services of Microsoft Dynamics to process, send and analyze newsletters. Its privacy policy can be found here: https://learn.microsoft.com/de-de/dynamics365/customer-insights/journeys/privacy.

Within the scope of the GDPR, the associated processing of your personal data is based on our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in providing adequate information to our existing customers or based on your consent (Art. 6 para. 1 lit. a GDPR). The consent can be withdrawn at any time with effect for the future.

12.11. Payment service provider

We include payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective contract and data protection regulations of the respective providers apply to these transactions.

Payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be withdrawn at any time in the future.

We use the following payment services/payment service providers on this website:

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

Data transmission to the USA is based on the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF. Insofar as these certifications are not applicable or are not in force, data transfer to the USA is based on standard contractual clauses approved by the competent authorities. Details can be found here: https://stripe.com/de-ch/legal/data-privacy-framework and here: https://stripe.com/de/guides/general-data-protection-regulation.

For more information about Stripe's privacy policy, please see Stripe's privacy policy: https://stripe.com/de/privacy.

Instant transfer

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “Sofort GmbH”).

With the help of the “instant transfer” process, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have opted for the “Sofortüberweisung” payment method, send the PIN and a valid TAN to Sofort GmbH, which they can use to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have provided. It then immediately sends us a transaction confirmation. After logging in, your transactions, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you have entered and personal data will also be transmitted to Sofort GmbH. Your personal data includes first and last name, address, telephone number (es), e-mail address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts.

For details on payment with instant bank transfer, please see the following links:

https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

Giropay

The provider of this payment service is paydirekt GmbH, Stephanstraße 14 — 16, 60313 Frankfurt am Main (hereinafter “giropay”).

For details, see giropay's privacy policy: https://www.paydirekt.de/agb/index.html.

mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard can transfer data to its parent company in the USA. Data transmission to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and here: https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, Great Britain (hereinafter “VISA”).

Great Britain is considered a secure third country under data protection law. This means that the UK has a level of data protection that is equivalent to the level of data protection in the European Union. VISA can transfer data to its parent company in the USA. Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

For more information, please see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

12.12. Links to other websites

Our website contains hyperlinks to third-party websites that are not operated or controlled by us. We are not responsible for their content or data protection practices.

13. Processing of personal data as part of interaction with our social media channels

13.1. general

We maintain the publicly available profiles on social networks listed below. In connection with the use of social networks, we would like to draw your attention to the following:

When you visit our profiles on social networks, personal data may be collected about you. For example, if you are logged into your social network accounts and visit our profile at the same time, the portal operator can associate this visit with your user account. But even if you have logged out of your account or if you do not have an account with the respective portal, your personal data may be collected. Such data collection can be carried out, for example, by setting cookies. Based on the data collected in this way, portal operators can create user profiles and show you interest-based advertising. Further information can be found in the respective privacy policies of the portal operators.

The use of social networks and the associated data processing is based on our legitimate interest. In particular, we want to present ourselves on the Internet and increase our reach.

Social networks are used in the interest of presenting our online offerings in an appealing way, increasing our reach and promoting our services. This is our legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out on the basis of Art. 6 para. 1 lit. a DSGVO. The consent can be withdrawn at any time with effect for the future.

13.2. facebook

We run a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter “Facebook”).

If you have a Facebook account, you can interact with us via Facebook. As part of this interaction, we process the personal data you provide.

You can find more information about Facebook's data protection here: https://www.facebook.com/policy.php

13.3. instagram

We run a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter “Instagram”).

If you have an Instagram account, you can interact with us via Instagram. As part of this interaction, we process the personal data you provide.

You can find more information about privacy on Instagram here: https://instagram.com/about/legal/privacy/.

14. Processing of personal data from applicants

As part of the recruitment process, we use the REFLINE recruiting tool. The provider is Refline AG, Baarermattstrasse 10, 6340 Baar, Switzerland. The company's privacy policy can be found here. We have concluded an order processing contract with the provider.

If required, we can also work with other external partners (e.g. job portals and employment agencies). In this case, please also note the privacy policies of these partners.

In the following, we will inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure that your data will be collected, processed and used in accordance with applicable data protection law and all other legal regulations and that your data will be kept strictly confidential.

Scope and purpose of data collection

When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes during job interviews, etc.) insofar as this is necessary to decide whether to establish an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and — if you have given consent — Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time.

Your personal data will only be shared with people who are involved in processing your application. This includes people in our company as well as in our parent company, lodgyslife Services GmbH based in Frankfurt, and the sister company Lodge Services AG based in Switzerland. With your consent, we may also share your personal data with other group companies in order to be able to consider employment opportunities.

If the application is successful, the data you submit will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b DSGVO for the purpose of carrying out the employment relationship.

Data storage period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you have provided with us for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Article 6 (1) (f) GDPR).

The data is then deleted and the physical application documents are destroyed. In particular, storage serves as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has elapsed (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given appropriate consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations preclude deletion.

Inclusion in the applicant pool

If we do not make you a job offer, it may be possible to include you in our pool of applicants. If accepted, all documents and information from the application will be added to the pool of applicants in order to contact you in case of suitable vacancies.

Inclusion in the pool of applicants is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). The submission of consent is voluntary and has no connection with the ongoing application process. The person concerned can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided that there are no legal storage reasons.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.