Hit Enter to search or Esc key to close

Imprint

Information obligation according to §5 E-Commerce Act, §14 Company Code, §63 Trade Regulation Act and disclosure obligation according to §25 Media Act.

surfvacationer.com in cooperation with blaredigitalbusiness.com

CEO: René Angelo Blaschek

Head Office Central Europe
Moselgasse 26/10/2
1100 Vienna,
Austria

Business purpose: Digital office service
UID number: ATU75696579 Small entrepreneur according to § 6 Abs. 1 Z 27 UStG

Phone: +43 660 4925 189
E-mail: management@surfvacationer.com

Member of: WKO, Landesinnung, etc.
Professional law: Trade regulations: www.ris.bka.gv.at

Supervisory authority/trade authority: Vienna District Authority
Job title: Small entrepreneur
Awarding state: Austria

 

EU Dispute Resolution

In accordance with the Regulation on Online Dispute Resolution in Consumer Matters (ODR Regulation), we would like to inform you about the online dispute resolution platform (OS platform).
Consumers have the possibility to submit complaints to the online dispute resolution platform of the European Commission at http://ec.europa.eu/odr?tid=221142146. You will find the necessary contact details above in our imprint.

However, we would like to point out that we are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.

Liability for the contents of this website

We are constantly developing the content of this website and make every effort to provide correct and up-to-date information. Unfortunately, we cannot accept liability for the accuracy of all content on this website, especially that provided by third parties.

If you notice any problematic or illegal content, please contact us immediately. You will find the contact details in the imprint.

Liability for links on this website

Our website contains links to other websites for whose content we are not responsible. According to § 17 ECG, we are not liable for linked websites, as we were and are not aware of any illegal activities, we have not noticed any such illegal activities and we would remove links immediately if we became aware of any illegal activities.

If you notice illegal links on our website, please contact us. You will find the contact details in the imprint.

Copyright notice

All contents of this website (pictures, photos, texts, videos) are subject to copyright. If necessary, we will legally pursue the unauthorised use of parts of the contents of our site.

Picture credits

The images, photos and graphics on this website are protected by copyright.

The image rights are held by the following photographers and companies:

  • freepik
  • unsplash
  • pexels

 

Privacy policy

Introduction and Overview

We have written this privacy statement (version 18.11.2021-111882396) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679and applicable national laws, what personal data (data for short) we as the controller – and the processors (e.g. providers) engaged by us – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short:We inform you comprehensively about the data we process about you.

Data protection statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as transparency is concerned, technical terms are explained in a reader-friendly way, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you did not know.
If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the links provided and to look at further information on third party sites. Our contact details can of course also be found in the imprint.

Scope of application

This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person’s name, e-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

all online presences (websites, online shops) that we operate
social media sites and email communications
mobile apps for smartphones and other devices

In short:The data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately where applicable.

Legal basis

In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course access online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679

We will only process your data if at least one of the following conditions applies:

Consent(Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
Contract(Article 6(1)(b) DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.
Legal obligation(Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
Legitimate interests(Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.

Other conditions such as the performance of recording in the public interest and the exercise of official authority as well as the protection of vital interests do not usually arise for us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
In Germany, the Federal Data Protection Act, orBDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible

see imprint

Storage period

It is our general policy to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:

You have a right of access under Article 15 GDPR to know whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:

the purpose for which we are processing it;
the categories, i.e. types, of data being processed;
who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
how long the data will be stored;
the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
The origin of the data if we have not collected it from you;
whether profiling is carried out, i.e. whether data is automatically analysed to arrive at a personal profile of you.
You have a right to rectification of data under Article 16 of the GDPR, which means that we must rectify data if you find errors.
You have the right to erasure (“right to be forgotten”) under Article 17 of the GDPR, which specifically means that you may request the deletion of your data.
According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
You have a right to object under Article 21 of the GDPR, which entails a change in processing after enforcement.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
If data is used to carry out direct advertising, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example profiling).

In short:You have rights – do not hesitate to contact the controller listed above with us!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website you can find at https://www.dsb.gv.at/finden. In Germany, there is a data protection commissioner for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Communication

Communication summary
👥 Data subjects: anyone who communicates with us by phone, email or online form.
📓 Data processed: e.g. telephone number, name, email address, form data entered. You can find more details on this in the respective contact type used.
🤝 Purpose: processing of communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and legal requirements.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests).

When you contact us and communicate by telephone, e-mail or online form, personal data may be processed.

The data is processed for the purpose of handling and processing your question and the related business transaction. The data will be stored for the same period of time or as long as required by law.

Persons concerned

All those who seek contact with us via the communication channels provided by us are affected by the above-mentioned processes.

Telephone

When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been closed and legal requirements permit.

E-mail

If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,…) and data is stored on the e-mail server. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Online forms

If you communicate with us using online forms, data is stored on our web server and may be forwarded to an e-mail address of ours. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of data is based on the following legal grounds:

Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store your data and to further use it for purposes related to the business case;
Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities, such as the preparation of an offer;
Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): we want to operate customer enquiries and business communication in a professional framework. For this purpose, certain technical facilities such as e-mail programmes, exchange servers and mobile operators are necessary in order to be able to operate the communication efficiently.

Web hosting

Web hosting summary
👥 Parties concerned: visitors to the website
🤝 Purpose: professional hosting of the website and safeguarding its operation
📓 Data processed: IP address, time of website visit, browser used and other data. More details on this can be found below or with the respective web hosting provider used.
📅 Storage period: depends on the respective provider, but usually 2 weeks.
Legal basis: Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

What is web hosting?

When you visit websites nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the totality of all web pages on a domain, i.e. everything from the home page (homepage) to the very last sub-page (like this one). By domain, we mean, for example, example.de or sampleexample.com.

If you want to view a website on a screen, you use a programme called a web browser to do so. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.

This web browser needs to connect to another computer where the website’s code is stored: the web server. Running a web server is a complicated and costly task, which is why it is usually done by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data.

When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

To illustrate:

Why do we process personal data?

The purposes of data processing are:

To professionally host the website and secure its operation
To maintain operational and IT security
Anonymous evaluation of access behaviour to improve our services and, if necessary, to prosecute or pursue claims.
What data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically saves data such as

the complete Internet address (URL) of the website you are visiting (e.g. https://www.beispielwebsite.de/beispielunterseite.html?tid=111882396)
browser and browser version (e.g. Chrome 87)
the operating system used (e.g. Windows 10)
the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
the host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121)
the date and time
in files, the so-called web server log files
How long is data stored?

As a rule, the above data is stored for a fortnight and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful behaviour.

In short: Your visit will be logged by our provider (the company that runs our website on special computers (servers), but we will not pass on your data without your consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company on the internet in a secure and user-friendly way and to be able to pursue attacks and claims from this if necessary.

There is usually a contract between us and the hosting provider for commissioned processing in accordance with Art. 28 f. DSGVO, which ensures compliance with data protection and guarantees data security.

Checkdomain Privacy Policy

We use Checkdomain, a web hosting provider among others, for our website. The service provider is the German company checkdomain GmbH, Große Burgstraße 27/29, 23552 Lübeck, Germany. You can find out more about the data processed through the use of checkdomain in the privacy policy at https://www.checkdomain.de/agb/datenschutz/.

Web Analytics

Web Analytics Privacy Policy Summary
👥 Data subjects: Visitors to the website
🤝 Purpose: Evaluation of visitor information to optimise the web offer.
📓 Data processed: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. More details can be found in the respective web analytics tool used.
📅 Storage duration: depending on the web analytics tool used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).

What is Web Analytics?

We use software on our website to evaluate the behaviour of website visitors, known as web analytics for short. This involves collecting data that the respective analytic tool provider (also called tracking tool) stores, manages and processes. With the help of the data, analyses of user behaviour on our website are created and made available to us as the website operator. In addition, most tools offer various test options. For example, we can test which offers or contents are best received by our visitors. For this purpose, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?

We have a clear goal with our website: we want to deliver the best web offer on the market for our industry. In order to achieve this goal, we want to offer the best and most interesting offer on the one hand, and on the other hand we want to make sure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behaviour of our website visitors and then improve our website accordingly for you and for us. For example, we can see how old our visitors are on average, where they come from, when our website is visited the most or which content or products are particularly popular. All this information helps us to optimise the website and thus best adapt it to your needs, interests and wishes.

What data is processed?

Exactly what data is stored depends, of course, on the analysis tools used. But as a rule, for example, which content you view on our website, which buttons or links you click on, when you call up a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use are stored. If you agreed that location data may also be collected, these may also be processed by the web analysis tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (DSGVO), IP addresses are personal data. However, your IP address is usually stored pseudonymised (i.e. in an unrecognisable and shortened form). For the purpose of testing, web analysis and web optimisation, no direct data, such as your name, age, address or e-mail address, is stored as a matter of principle. All this data, if collected, is stored pseudonymously. This means that you cannot be identified as a person.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with Java Script code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website again, other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary to provide our services and products. If, as in the case of accounting for example, it is required by law, this storage period may be exceeded.

Right of objection

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. This consent constitutes data protection according to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools.

In addition to consent, there is a legitimate interest on our part in analysing the behaviour of website visitors and thus improving our offer technically and economically. With the help of web analytics, we detect website errors, can identify attacks and improve economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general data protection declaration on cookies. To find out exactly which of your data is stored and processed, you should read the data protection statements of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Amazon Affiliate Program Privacy Policy

Amazon Affiliate Program Privacy Policy Summary
👥 Data subjects: visitors to the website.
🤝 Purpose: economic success and optimisation of our service performance.
📓 Data processed: Access statistics containing data such as locations of accesses, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. Personal data such as name or email address may also be processed.
📅 Storage period: personal data is stored by Amazon until it is no longer needed.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

What is the Amazon affiliate programme?

On our website, we use the Amazon affiliate programme of the company Amazon.com, Inc. The data controllers within the meaning of the data protection declaration are Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four located at 5, Rue Plaetis, L-2338 Luxembourg and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich, Germany, will act as data processor. By using this Amazon affiliate programme, data from you may be transferred to Amazon, stored and processed.

In this data protection declaration, we inform you what data is involved, why we use the programme and how you can manage or prevent the data transfer.

The Amazon affiliate programme is an affiliate marketing programme of the online shipping company Amazon.de. Like every affiliate programme, the Amazon affiliate programme is based on the principle of commission. Amazon or we place advertisements or affiliate links on our website and if you click on them and buy a product through Amazon, we receive an advertising fee (commission).

Why do we use the Amazon affiliate programme on our website?

Our goal is to provide you with an enjoyable time with lots of helpful content. To do this, we put a lot of work and energy into developing our website. With the help of the Amazon affiliate programme, we have the opportunity to be rewarded a little for our work. Every affiliate link to Amazon is of course always related to our topic and shows offers that might be of interest to you.

What data is stored by the Amazon affiliate programme?

As soon as you interact with Amazon’s products and services, Amazon collects data from you. Amazon distinguishes between information that you actively give to the company and information that is automatically collected and stored. Active information” includes, for example, name, email address, telephone number, age, payment information or location information. So-called “automatic information” is primarily stored via cookies. This includes information on user behaviour, IP address, device information (browser type, location, operating systems) or the URL. Amazon also stores the clickstream. This refers to the path (sequence of pages) that you as a user take to reach a product. Amazon also stores cookies in your browser in order to be able to trace the origin of an order. In this way, the company recognises that you have clicked on an Amazon advertisement or an affiliate link via our website.

If you have an Amazon account and are logged in while surfing our website, the collected data can be assigned to your account. You can prevent this by logging out of Amazon before browsing our website.

Here we show you example cookies that are set in your browser when you click on an Amazon link on our website.

Name: uid
Wert: 3230928052675285215111882396-9
Purpose: This cookie stores a unique user ID and collects information about your website activity.
Expiry date: after 2 months

Name: ad-id
Value: AyDaInRV1k-Lk59xSnp7h5o
Purpose: This cookie is provided by amazon-adsystem.com and is used by the company for various advertising purposes.
Expiry date: after 8 months

Name: uuid2
Wert: 8965834524520213028111882396-2
Purpose: This cookie enables targeted and interest-based advertising via the AppNexus platform. The cookie collects and stores anonymous data via the IP address, for example, about which advertisements you have clicked on and which pages you have accessed.
Expiry date: after 3 months

Name: session-id
Wert: 262-0272718-2582202111882396-1
Purpose: This cookie stores a unique user ID that the server assigns to you for the duration of a website visit (session). If you visit the same page again, the information stored in it will be retrieved.
Expiry date: after 15 years

Name: APID
Wert: UP9801199c-4bee-11ea-931d-02e8e13f0574
Purpose: This cookie stores information about how you use a website and what advertisements you viewed before visiting the website.
Expiry date: after one year

Name: session-id-time
Wert: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Purpose: This cookie records the time you spend on a website with a unique cookie ID.
Expiry date: after 2 years

Name: csm-hit
Value: 2082754801l
Purpose: We would not be able to find out any specific information about this cookie.
Expiry date: after 15 years

Note: Please note that this list only shows cookie examples and cannot claim to be exhaustive.

Amazon uses this information to tailor advertisements to users’ interests.

How long and where is the data stored?

Personal data is stored by Amazon for as long as it is necessary for Amazon’s business services or is required for legal reasons. Since the Amazon company has its headquarters in the USA, the collected data is also stored on American servers.

How can I delete my data or prevent data storage?

You have the right to access and also delete your personal data at any time. If you have an Amazon account, you can manage or delete much of the collected data in your account.

Another option to manage Amazon’s data processing and storage according to your preferences is provided by your browser. There you can manage, deactivate or delete cookies. This works a little differently for each browser. Here you will find the instructions for the most popular browsers:

Chrome: Delete, activate and manage cookies in Chrome.

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Legal basis

If you have consented to the Amazon affiliate programme being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection through the Amazon partner programme.

We also have a legitimate interest in using the Amazon affiliate programme to optimise our online service and our marketing measures. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the Amazon partner programme if you have given your consent.

Amazon also processes your data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the lawfulness and security of the data processing.

Amazon uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Amazon undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon data processing condition (AWS GDPR DATA PROCESSING), which corresponds to the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

We hope we have provided you with the most important information about data transfer through the use of the Amazon affiliate programme. You can find more information at https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

YouTube Privacy Policy

YouTube Privacy Policy Summary
👥 Data subject: Visitors to the website
🤝 Purpose: optimisation of our service performance
📓 Data processed: Data such as contact details, user behaviour data, information about your device and your IP address may be stored.
You can find more details about this further down in this privacy policy.
📅 Storage period: Data is generally stored for as long as it is necessary for the purpose of the service.
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

What is YouTube?

We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. In the process, various data are transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following, we would like to explain in more detail which data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on and upload videos themselves free of charge. Over the last few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have built into our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We are committed to providing you with the best possible user experience on our website. And of course, we can’t do without interesting videos. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, the embedded videos make our website easier to find on the Google search engine. Also, when we run ads through Google Ads, Google – thanks to the data it collects – can really only show these ads to people who are interested in what we have to offer.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet service provider. Other data may include contact details, any ratings, sharing of content via social media or adding to your favourites on YouTube.

If you are not signed in to a Google Account or a YouTube account, Google stores data with a unique identifier associated with your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be stored because fewer cookies are set.

In the following list, we show cookies that were set in the browser in a test. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete because the user data always depends on the interactions on YouTube.

Name:YSC
Wert:b9-CV6ojI5Y111882396-1
Purpose:This cookie registers a unique ID to store statistics of the video watched.
Expiry date:after end of session

Name:PREF
Value:f1=50000000
Purpose:This cookie also registers your unique ID. Google gets statistics about how you use YouTube videos on our website via PREF.
Expiry date:after 8 months

Name:GPS
Value:1
Purpose:This cookie registers your unique ID on mobile devices to track GPS location.
Expiry date:after 30 minutes

Name:VISITOR_INFO1_LIVE
Value:95Chz8bagyU
Purpose:This cookie attempts to estimate the user’s bandwidth on our websites (with embedded YouTube video).
Expiry date: after 8 months

Other cookies set when you are logged in with your YouTube account:

Name:APISID
Wert:zILlvClZSkqGsSwI/AU1aZI6HY7111882396-
Purpose:This cookie is used to create a profile about your interests. The data is used for personalised advertisements.
Expiry date:after 2 years

Name:CONSENT
Wert:YES+AT.de+20150628-20-0
Purpose:The cookie stores the status of a user’s consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorised attacks.
Expiry date: after 19 years

Name:HSID
Value:AcRwpgUik9Dveht0I
Purpose:This cookie is used to create a profile of your interests. This data helps to display personalised advertising.
Expiry date: after 2 years

Name:LOGIN_INFO
Value:AFmmF2swRQIhALl6aL…
Purpose:This cookie stores information about your login details.
Expiry date: after 2 years

Name:SAPISID
Value:7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose:This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiry date: after 2 years

Name:SID
Wert:oQfNKjAsI111882396-
Purpose:This cookie stores your Google Account ID and your last login time in digitally signed and encrypted form.
Expiry date: after 2 years

Name:SIDCC
Value:AN0-TYuqub2JOcDTyL
Purpose:This cookie stores information about how you use the website and what advertisements you may have seen before visiting our site.
Expiry date: after 3 months

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. You can see exactly where Google’s data centres are located at https://www.google.com/about/datacenters/inside/locations/?hl=de. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation.

Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited time and still others are stored by Google for a longer period of time. Some data (such as items from “My Activity”, photos or documents, products) stored in your Google Account will remain stored until you delete it. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser or app.

How can I delete my data or prevent data storage?

Basically, you can delete data in your Google Account manually. With the automatic deletion feature of location and activity data introduced in 2019, information will be stored depending on your decision – either 3 or 18 months and then deleted.

Whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome.

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow it or not.

Legal basis

If you have consented to your data being processed and stored by embedded YouTube elements, this consent is the legal basis for data processing (Art. 6 (1) a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and view the data protection declaration or cookie guidelines of the respective service provider.

YouTube also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, YouTube uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige YouTube to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.

Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary
👥 Data subject: Visitors to the website.
🤝 Purpose: Evaluation of visitor information to optimise the web offer.
📓 Data processed: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. More details can be found below and in the Google Analytics privacy policy.
Storage duration: depending on the properties used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).

What is Google Site Kit?

We have integrated the WordPress plugin Google Site Kit of the American company Google Inc. into our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics that come from various Google products such as Google Analytics directly in our WordPress dashboard. The tool or the tools integrated in Google Site Kit also collect personal data from you, among other things. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored and which other privacy texts are relevant for you in this context.

Google Site Kit is a plugin for the WordPress content management system. With this plugin, we can view important statistics for website analysis directly in our dashboard. These are statistics that are collected by other Google products. First and foremost, Google Analytics. In addition to Google Analytics, the Google Search Console, Page Speed Insight, Google AdSense, Google Optimize and Google Tag Manager services can also be linked to Google Site Kit.

Why do we use Google Site Kit on our website?

As a service provider, it is our job to give you the best possible experience on our website. We want you to feel comfortable on our website and find exactly what you are looking for quickly and easily. Statistical evaluations help us to get to know you better and to adapt our offer to your wishes and interests. We use various Google tools for these evaluations. Site Kit makes our work much easier in this respect because we can view and analyse the statistics of the Google products right in the dashboard. We no longer have to register for the respective tool. Site Kit thus always provides a good overview of the most important analysis data.

What data is stored by Google Site Kit?

If you have actively agreed to tracking tools in the cookie notice (also called script or banner), Google products such as Google Analytics will set cookies and send data about you, such as your user behaviour, to Google, where it will be stored and processed. This also includes personal data such as your IP address.

In the following, we show you examples of Google Analytics cookies that can be set in your browser, provided that you have agreed in principle to data processing by Google. Please note that these cookies are only a selection:

Name:_ga
Wert:2.1326744211.152111882396-2
Purpose:By default, analytics.js uses the cookie _ga to store the user ID. Basically, it is used to distinguish website visitors.
Expiry date:after 2 years

Name:_gid
Wert:2.1687193234.152111882396-7
Purpose:This cookie is also used to distinguish website visitors.
Expiry date: after 24 hours

Name:_gat_gtag_UA_<property-id>
Value:1
Purpose:This cookie is used to lower the request rate.
Expiration:after 1 minute

How long and where is the data stored?

Google stores collected data on its own Google servers, which are distributed around the world. Most servers are located in the United States and therefore it is easily possible that your data is also stored there. At https://www.google.com/about/datacenters/inside/locations/?hl=desehen you can find out exactly where the company provides servers.

Data collected by Google Analytics is kept for a standard 26 months. After that, your user data is deleted. The retention period applies to all data linked to cookies, user IDs and advertising IDs.

How can I delete my data or prevent data storage?

You always have the right to obtain information about your data and to have your data deleted, corrected or restricted. In addition, you can also deactivate, delete or manage cookies in your browser at any time. Here we show you the corresponding instructions for the most popular browsers:

Chrome: Delete, activate and manage cookies in Chrome.

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Please note that when you use this tool, data about you may be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

The use of Google Site Kit requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offer technically and economically. With the help of Google Site Kit, we can detect website errors, identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Site Kit if you have given your consent.

Google also processes your data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of the data processing.

Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Site Kit, can be found at https://business.safety.google/adsprocessorterms/.

To learn more about Google’s data processing, we recommend that you read Google’s comprehensive privacy policy at https://policies.google.com/privacy?hl=de.

All texts are protected by copyright.

Source: Created with the privacy generator from AdSimple

Cookies

see link: https://surfvacationer.com/en/cookie-policy-eu/