Cookie and privacy policy

This Cookie Policy describes how Charter Tickets OU, its affiliated companies (“we”, “us”, or “our”), as well as approved third-party service providers, use cookies, tracking pixels, web beacons, and similar technologies (collectively referred to as “cookies”) on our websites, including chartertickets.net (the “Sites”). It also explains the options available to you regarding the use of such technologies.

What are cookies?

Cookies are small text files that websites store on your computer, smartphone, or other devices when you access them. Some cookies are temporary and are automatically removed once you close your browser, while others remain stored on your device and allow the website to recognize you during future visits. Cookies help websites remember your actions and preferences over time, so you do not need to re-enter information each time you return or navigate between pages. Additional general information about cookies can be found at www.allaboutcookies.org.

How we use cookies

Cookies help us understand how visitors interact with our Sites, enabling us to improve functionality, performance, and overall user experience. They allow us to analyze browsing behavior, optimize our services, and enhance the content we provide.

We also permit certain third-party partners to place cookies on our Sites. These cookies may track your activity across our Sites and other websites over time in order to deliver advertisements and content that are more relevant to your interests and to assess the effectiveness of advertising campaigns.

Cookies may be used, among other things, to:

· Store information about your shopping cart and previous bookings

· Remember your preferred language, currency, and regional settings

· Save searched trip details

· Retain login credentials

· Enable submission of reviews

· Identify your approximate location

· Display personalized advertisements or content

Types of cookies we use

Cookies used on our Sites generally fall into the following categories:

Strictly necessary cookies

These cookies are essential for the proper functioning of the Sites and cannot be disabled in our systems. They are usually session-based and are deleted when you close your browser. Such cookies do not collect data for marketing purposes or track your browsing history. They are primarily used to ensure that core features, such as booking and payment forms, work correctly.

Functional cookies

These cookies enhance the usability and performance of the Sites by remembering your preferences and previous interactions. For example, they allow us to recall your past searches or recognize that you have visited the Site before, making future visits faster and more convenient. Functional cookies are typically persistent cookies and can be removed through your browser settings.

Analytics and performance cookies

These cookies collect aggregated and anonymous information about how users interact with our Sites, such as pages viewed, time spent on the Site, frequency of visits, and search terms used to reach the Site. We use tools such as Google Analytics for these purposes. The data collected helps us improve Site structure, usability, and content relevance. These cookies do not collect personally identifiable information.

Users who wish to prevent Google Analytics from tracking their activity can install the Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout.

In addition, we use the Facebook Pixel to analyze user behavior after they click on a Facebook advertisement and are redirected to our Site. This helps us evaluate the performance of our advertising campaigns for statistical and market research purposes. You may manage or disable Facebook ad preferences through your Facebook account settings at https://www.facebook.com/settings?tab=ads.

Managing cookies

You can manage, restrict, or delete cookies through your browser settings at any time. Most browsers allow you to control cookies via their “Settings”, “Preferences”, or “Internet Options” sections. Further guidance on managing cookies is available at aboutcookies.org.

Please note that disabling or deleting certain cookies may affect the availability and functionality of some features on the Sites, and you may need to manually reset preferences each time you visit.

For more information about Google Analytics cookies and available opt-out options, please visit https://tools.google.com/dlpage/gaoptout.

Contact information

To assert your rights or to raise questions regarding the processing, storage, or use of your personal data and for suggestions and complaints regarding the processing of your personal data please contact our Customer Care Service by email to: [email protected].

CharterTickets OU

Harju maakond, Tallinn,

Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115

Estonia

Definitions

This Privacy Policy uses terminology consistent with the General Data Protection Regulation (GDPR). The aim is to ensure that the policy is clear and understandable for users, customers, and business partners. For this reason, the key terms used are explained below.

Personal data

Personal data refers to any information relating to an identified or identifiable natural person (the “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to identifiers such as a name, identification number, location data, online identifier, IP address, contact details, or other factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Personal data may exist in any form or format, including information provided through the website or other communication channels.

Data subject

A data subject is any identified or identifiable natural person whose personal data is collected and processed.

Processing

Processing refers to any operation or set of operations performed on personal data, whether carried out by automated or manual means. This includes, but is not limited to, collecting, recording, organizing, structuring, storing, adapting, modifying, retrieving, consulting, using, disclosing, transmitting, disseminating, aligning, combining, restricting, erasing, or destroying personal data.

Restriction of processing

Restriction of processing means limiting the use of stored personal data by marking it in a way that restricts further processing.

Profiling

Profiling is any form of automated processing of personal data used to evaluate or predict certain personal aspects of a natural person, such as preferences, interests, behavior, location, reliability, economic situation, health, or movements.

Pseudonymisation

Pseudonymisation refers to the processing of personal data in such a manner that it can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and protected by appropriate technical and organizational measures.

Controller

The controller is a natural or legal person, public authority, agency, or other body that determines, alone or jointly with others, the purposes and means of processing personal data. Where applicable, such determination may be governed by Union or Member State law.

Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Recipient

A recipient is any natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether or not they are a third party. Public authorities receiving data in the context of a specific legal inquiry are not considered recipients.

Third party

A third party is any person or entity other than the data subject, controller, processor, or persons authorized to process personal data under the direct authority of the controller or processor.

Consent

Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data, either by a clear affirmative action or statement.

Categories of personal data and processing activities

We collect and process personal data that you provide directly to us through our website, mobile applications, customer support channels, or other means of communication, as well as data that is automatically collected during your use of our services (for example, through cookies or similar technologies). Personal data is processed only to the extent necessary to provide our services and to perform contractual or legal obligations.

The categories of personal data we may collect and process include the following:

Contact and identification data

This includes information such as name, surname, address, email address, phone number, nationality, gender, date of birth, and details of identity or travel documents (including document numbers and expiry dates).

Account and user profile data

This includes internal account identifiers, registration dates, account status, login credentials, search history, preferred settings, language preferences, avatar or profile image, and frequent flyer program details.

Payment and billing data

This includes payment card details (such as card number, expiry date, cardholder name, and security codes), transaction information (amount, currency, date, time, transaction ID), billing address, contact details used for invoicing or receipts, and authentication or anti-fraud data (such as 3D Secure or one-time passwords).

Travel and booking data

This includes search queries, travel preferences, destinations, travel dates, number of passengers, ticket class, booking references, order numbers, ticket details, purchase history, itineraries, passenger records, additional services purchased, and information relating to co-passengers.

Technical and usage data

This includes technical information such as IP address, browser type and version, device type, operating system, time zone, device identifiers, mobile network data, and information about how you interact with the website or app (pages visited, links clicked, session duration, navigation paths, and error logs).

Preferences data

This includes information about your communication preferences, cookie settings, marketing consents, preferred language, currency, location, and departure airport.

Communications data

This includes the content of messages exchanged with us, such as customer support requests, feedback, inquiries, and related metadata (date, time, and interaction details).

Sensitive personal data

In certain cases, we may request additional information that may be classified as sensitive personal data, such as data relating to health conditions or religious beliefs. This information is collected solely for the purpose of providing services at the highest possible standard and only where the provision of such services would not be possible without it.

Sensitive data may relate, for example, to special seating or accommodation preferences, dietary requirements, the need for assistance, or the use of specific equipment. Such data is provided voluntarily by the user and processed only with their explicit consent. Where required by law or necessary for the provision of requested services, sensitive personal data may be shared with third parties, including recipients located outside the European Economic Area, in accordance with applicable legal requirements.

Social network sign-in

Users may choose to register or log in using existing social network accounts (such as Facebook). In such cases, basic account details (for example, name and email address) are imported from the relevant social network. Depending on the provider, additional information from the public profile (such as age, location, preferences, or occupation) may also be transmitted automatically.

Only data required for account creation and service provision is retained. Any excess information received from social networks is deleted. After registration, users may voluntarily add or update information in their account as necessary for booking or service-related purposes.

Data of third parties

If you book services or make payments on behalf of another person, you may provide personal data relating to that third party. Such data will be processed under the same conditions as your own personal data and solely for the purpose of delivering the requested services.

By submitting third-party information, you confirm that the individual concerned has been informed about this Privacy Policy and has given valid consent to the processing of their personal data. Information about third parties may be accessible through your user account where applicable.

Data of minors

Our services and Website are not intended for use by minors without the involvement of a parent or legal guardian. We do not knowingly collect personal data directly from underage individuals.

Personal data relating to minors is processed only where it is provided by parents or legal representatives and strictly for the purpose of creating or managing a booking. If we become aware that personal data has been collected directly from a minor without appropriate consent, or if a deletion request is submitted by a parent or legal guardian, such data will be removed without undue delay.

Cookies and automated data collection

We use cookies, web beacons, social media plug-ins, and similar automated technologies to ensure the proper functioning of the Website, improve usability, enhance security, and analyze performance, subject to your consent where required.

Cookies are small text files stored on your device that allow us to recognize your browser and remember certain information, such as login details or preferences. Some cookies are essential for technical operation, while others help us understand how users interact with the Website or enable personalized content and advertising.

Automatically collected data may include device information, browser type, operating system, IP address, referrer URLs, visited pages, access times, and interaction data. This information is used to:

deliver website content correctly;
optimize functionality and performance;
prevent misuse or fraudulent activity;
analyze usage trends and improve services.

Prior to logging into your account, such data is processed in a pseudonymized manner. Once you log in, data may be associated with your account to personalize your experience.

You may manage or disable cookies through your browser settings. Please note that restricting cookies may limit certain Website features.

Further details regarding cookies and tracking technologies may be provided in a separate Cookie Policy.

Registration and user accounts

Users may create an account by providing personal data through the relevant registration forms. The specific data collected depends on the information requested at the time of registration. Registration-related data, including IP address and registration time, may be stored for security, fraud prevention, and legal compliance purposes.

Registered users may review, update, or request deletion of their personal data at any time, subject to applicable legal retention obligations.

Newsletters and marketing communications

Users may subscribe to newsletters by providing a valid email address and completing a double opt-in confirmation process. Subscription data, including registration time and IP address, is stored to document consent and prevent misuse.

Newsletter content may include information about services, offers, or operational updates. Users may withdraw consent and unsubscribe at any time via the link included in each communication or by contacting us directly.

Newsletters may contain tracking elements (such as pixels) that allow us to assess delivery, open rates, and interaction with content. This data is used exclusively to improve communication relevance and effectiveness and is not shared with third parties.

Contact forms, comments, and communications

When you contact us via email, contact forms, blog comments, or other communication channels, the information you voluntarily provide is stored and processed for the purpose of responding to inquiries or managing interactions.

In public areas such as blog comments, certain information (such as a chosen username, timestamp, and IP address) may be stored for security and legal protection purposes. Such data is not shared with third parties unless required by law or necessary to protect legal rights.

Data retention and deletion

Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws. Once the purpose of processing no longer applies or statutory retention periods expire, personal data is securely deleted or restricted in accordance with legal requirements.

Use of personal data and data of third parties

We process personal data to ensure the proper operation of the Website and to provide requested services. In particular, personal data is used to:

deliver and manage booked services;
process, modify, and confirm bookings;
communicate with users regarding services, bookings, and operational updates;
provide customer support and respond to inquiries, requests, or complaints;
improve Website functionality, quality, and user experience;
administer loyalty programs, bonuses, and surveys;
analyze demand and identify services that may be of interest to users;
prevent fraud, misuse, or unlawful activities;
comply with legal obligations and enforce the Terms of Service;
fulfill any additional contractual purposes, about which users will be informed in advance and, where required, asked to provide consent.

Certain personal data, such as payment card details, is required to confirm and process transactions. If mandatory data is not provided, it may not be possible to deliver the requested services.

Where consent has been granted, we may also use contact and preference data to send newsletters, push notifications, promotional messages, and information about services or offers that may be relevant to the user. Users may withdraw consent or opt out of such communications at any time.

Profiling and automated processing

Subject to user consent and applicable law, we may analyze usage and booking behavior to create user profiles in order to personalize content, offers, and discounts. Profiling involves automated processing intended to evaluate or predict preferences, interests, behavior, location, or similar aspects.

Profiling is not used to produce legal effects or similarly significant consequences for users unless it is necessary for contract performance, required by law, or explicitly consented to. Users have the right to object to profiling and to request human intervention where applicable.

Legal basis for processing

Personal data is processed on one or more of the following legal grounds:

performance of a contract or pre-contractual steps;
compliance with legal obligations;
legitimate interests, provided such interests are not overridden by the rights and freedoms of the data subject;
explicit consent, where required by law.

Data retention

Personal data is retained only for as long as necessary to achieve the purposes for which it was collected or to comply with legal requirements. Retention periods are determined based on the nature of the data and the applicable legal obligations, including:

identification and account data - for the duration of the customer relationship and a limited period thereafter up to 5 years;
transaction and payment data - in accordance with tax, accounting, and financial regulations up to 7 years;
communications and support records - for quality assurance and dispute resolution up to 2 years;
usage, technical and marketing data - for security, analytics, marketing and service improvement up to 3 years.

Where required by law or for the establishment, exercise, or defense of legal claims, data may be stored for longer periods in a restricted and secure manner.

Data storage and security

Personal data is stored only where there is an ongoing legitimate need, such as service provision or legal compliance. When such need ceases, data is deleted, anonymized, or securely archived until deletion becomes possible.

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. These measures include encryption, access controls, monitoring, internal policies, and staff training. While absolute security cannot be guaranteed, we strive to maintain the highest reasonable level of protection.

Transfer and disclosure of personal data

To provide services, personal data may be shared with third parties, including:

service operators (such as airlines, hotels, and booking systems);
payment processors and fraud prevention providers;
technical, analytics, customer support, and marketing service providers;
business partners offering joint or integrated services, subject to consent;
affiliates and group companies where necessary for service delivery.

Third parties are granted access only to the data required to perform their functions and are contractually bound to protect personal data and use it solely for authorized purposes.

Cross-border data transfers

Personal data may be transferred to recipients located outside the European Economic Area where necessary for service provision, including travel-related services. In such cases, appropriate safeguards are applied, such as Standard Contractual Clauses or adequacy decisions issued by the European Commission.

Where users choose destinations or services in jurisdictions that may not provide an equivalent level of data protection, transfers are limited to the minimum data required to perform the contract.

Rights of the data subject

Under the GDPR, users have the following rights:

Right to confirmation and access - to know whether and how personal data is processed and to obtain a copy;
Right to rectification - to correct inaccurate or incomplete data;
Right to erasure (right to be forgotten) - to request deletion where processing is no longer justified;
Right to restriction of processing - to limit processing under certain conditions;
Right to data portability - to receive data in a structured, machine-readable format and transfer it to another controller;
Right to object - to processing based on legitimate interests or for direct marketing;
Right not to be subject to automated decisions, including profiling, producing significant effects, except where legally permitted;
Right to withdraw consent at any time, without affecting prior lawful processing.

Requests regarding these rights may be submitted via the contact details provided in this Privacy Policy. Users also have the right to lodge a complaint with a competent data protection authority.

Amendments to this policy

We may update this Privacy Policy from time to time. Any changes will be published on the Website and become effective upon publication. Continued use of the Website after updates constitutes acceptance of the revised policy. We recommend reviewing this Privacy Policy regularly.

Data protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or company-related information. Facebook enables users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The operating company of Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be accessed at https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject submits a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains the setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress the transmission of data to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Data protection provisions about the application and use of Google Analytics (with anonymisation function)

The controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, collation and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimise a website and to analyse the costs and benefits of internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the addition "_gat._anonymiseIp" for web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the data subject's Internet connection if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to analyse the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject's IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is recognised by Google as an objection. If the data subject's IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

Data protection provisions about the application and use of Google Remarketing

The controller has integrated Google Remarketing services on this website. Google Remarketing is a function of Google AdWords that enables a company to display adverts to Internet users who have previously visited the company's website. The integration of Google Remarketing therefore allows a company to create user-related adverts and consequently display adverts relevant to the interests of the Internet user.

The operating company of the Google Remarketing services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing enables us to display adverts via the Google advertising network or on other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, Google is able to recognise the visitor to our website when they subsequently access websites that are also members of the Google advertising network. Each time a website on which the Google Remarketing service has been integrated is accessed, the data subject's internet browser automatically identifies itself to Google. As part of this technical process, Google receives knowledge of personal data, such as the IP address or the surfing behaviour of the user, which Google uses, among other things, to display interest-relevant advertising.

Cookies are used to store personal information, such as the websites visited by the data subject. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from each of the Internet browsers they use and make the desired settings there.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.

Data protection provisions about the application and use of Google AdWords

The controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place adverts in Google's search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, which are used to display an advert in Google's search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the adverts are distributed to relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The operating company of the Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-relevant adverts on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party adverts on our website.

If a data subject reaches our website via a Google advert, a so-called conversion cookie is stored on the data subject's IT system by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping basket from an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a data subject who has reached our website via an AdWords ad has generated sales, i.e. completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the data subject.

The conversion cookie is used to store personal information, such as the websites visited by the data subject. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the internet browser used would also prevent Google from placing a conversion cookie on the data subject's IT system. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programmes.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.

Data protection provisions about the application and use of Instagram

The controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also to redistribute such data in other social networks.

The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

With each call-up to one of the individual pages of this internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. As part of this technical process, Instagram receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in at the same time on Instagram, Instagram recognises with each call-up to our website by the data subject and for the entire duration of their stay on our Internet site, which specific sub-page of our Internet page was visited by the data subject. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it is assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.

Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Data protection provisions about the application and use of YouTube

The controller has integrated YouTube components on this website. YouTube is an internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognises which specific sub-page of our website the data subject is visiting when they access a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the same time as accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.

The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

Legal basis of the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

Legitimate interests in the processing pursued by the controller or a third party

Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business in favour of the well-being of all our employees and our shareholders.

Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. Once this period has expired, the corresponding data is routinely deleted, provided it is no longer required for the fulfilment or initiation of a contract.

Statutory or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

This Privacy Policy has been generated by the Privacy Policy Generator of the External Data Protection Officers that was developed in cooperation with RC GmbH, which sells used notebooks and the Media Law Lawyers from WBS-LAW.

Google Maps

We integrate the maps of the "Google Maps" service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

To exercise your rights related to your Personal Data Subject Request, please contact us at [email protected]

Subscribe to special offers

Cookie and privacy policy