Privacy Policy

The Booktravelnow team is pleased about your visit to our website. The protection of your personal data is very important to us. We want you to feel safe and certain when visiting our website.

Like every EU company, we are bound by the legal provisions on data protection. In the following paragraphs, we would like to explain to you how we comply with these provisions.

Entity processing the data

Booktravelnow, who serves as the entity processing the data and whose contact details you can find here.

Extent of processing of personal data

As a general rule, this only processes personal data from users in that it is necessary to provide a working website and content and services. Your personal data is processed periodically to obtain your consent. The exception applies where prior consent cannot be obtained for practical reasons and processing of the data is legally permitted.

What personal information is collected?

  • For a consultation request, please provide your e-mail address or telephone number. We need this information in order to contact you.
  • When making a booking request, we also need your address and the names and dates of birth of the travelers. These data are necessary for the proper processing of your booking. If the tour operator requires the nationality of the traveler to create an option booking, we will ask for it directly in the booking form.
  • Depending on the payment method, your account number and bank code (if paying by direct debit) or your credit card details are required for a fixed booking. When paying by invoice, you do not have to submit any payment details to us.
  • After a fixed reservation and before departure, the tour operator will need to enter the pass details (name, nationality, passport number, output date, display authority, output points) to create an onboard manifest. “We need to place something available to the immigration authorities of the country we visit, and this data can be sent directly to the tour operator, but if this is necessary, we will take over this data.
  • We process usage data (e.g. the visited web pages of our online offering, interest in the cruises and package tours offered) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile. We use this, for example, to display product information to the user based on the services the user has previously used.

Server log files

In addition, we log all accesses to our server for the purpose of fault diagnosis. This data is also used to optimize the website and to ensure the security of our information technology systems. For this purpose, the following data, which your Internet browser transmits to us or to our web hosting provider, is recorded:

  • Browser type and version
  • Operating system used
  • Website from which you visit us (Referrer URL)
  • Address of the website you visit
  • Date and time of your access
  • Your Internet Protocol (IP) address.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no right of objection to this on the part of the user.

Cookies

Like many other websites, we use cookies called in this way on our website to identify several uses of offers from the same user/internet browser. A cookie is a small text file stored on your computer by an internet browser. They help optimize our website and our offers and promote access to our website. Cookies help us:

  • To estimate our visitor numbers and to estimate the frequency of use of our offer,
  • Store information about your preferences so that we can tailor the page to your needs and show you more relevant content,
  • To process your search queries faster,
  • To recognize when you return to our website.

You can prevent the storage of cookies by setting your browser accordingly. Already saved cookies can be deleted at any time. This can also be done automatically. We do need to point out to you, however, that you may not be able to use all the features of our website if you disable or delete cookies.

In order for us to be able to display the appropriate prices when you display a cruise or package tour detail page, the following information is stored in a cookie on your computer:

  • Number of adults (1,2,3,4)
  • Number of children (0,1,2,3)
  • Currency

You can also use our website if you disable cookies. In this case, you only have to re-enter the number of adults / children and the currency when displaying each cruise or package tour detail page.

Legal basis

  • Insofar as we obtain the consent of the data subject for processing of personal data, the legal basis is Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR).
  • In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
  • Insofar as processing of personal data is required to fulfill a legal obligation that our company is subject to, the legal basis is Art. 6 para. 1 lit. c GDPR.
  • In the event that the essential interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
  • If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR is the legal basis for processing.

Data transmission to third parties

If we pass on data to other persons and companies (processors or third parties), transmit them to them or otherwise grant them access to the data, this is done only on the basis of: a legal permission (eg if a transmission of data to third parties according to Art. 6 para 1 letter b GDPR is required to fulfill the contract), your consent, a legal obligation or on the basis of our legitimate interests (e.g. the use of agents, web hosting, etc.).

Insofar as we commission third parties to process data on the basis of a contract processing contract, this is done on the basis of Art. 28 GDPR.

When traveling to the United States, local authorities require that each passenger’s flight and reservation details be inspected prior to entry. Without this data transmission by the tour operator an entry into the USA is not possible. Similar rules may apply to other states.

Transfers to other countries

If we process data in another country (ie outside the EU), or transmit data in the context of the use of third party services or disclosure, this is only done to fulfill our (pre) contractual obligations, on the basis of your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. The processing is on the basis of specific guarantees, such as the officially recognized level of data protection or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Website optimization using Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google, within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. You can prevent the storage of cookies by amending the relevant setting of your browser software. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google, by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be set that will prevent the future collection of your data when you visit this website: disable Google Analytics

For more information about Terms of Use and Privacy, please visit https://www.google.de/analytics/terms/gb.html or https://policies.google.com/?hl=en. On this website Google Analytics is extended by the code “anonymizeIp”, in order to ensure an anonymized collection of IP addresses (so-called IP-Masking).

Third Party Tools for Ad Measurement and Optimization

We allow third parties such as Google to collect information about your online activity through cookies and other technologies. These third parties include ad networks that collect information about your interests when you view or interact with one of their advertisements posted on many websites. The information collected by these third parties will be used to make predictions about your characteristics, interests or preferences, and to display advertisements tailored to you.

Please note that we do not have access to or control over cookies or other technologies that these third parties use to collect information about you and that the information practices of such third parties are not covered by this Privacy Policy. Some of these companies are members of the Network Advertising Initiative, which makes it possible to refuse targeted advertising from member companies through a single agency. For more information and the ability to opt-out of interest-based advertising, please visit the Network Advertising Initiative link above.



Legal Basis

The legal basis for the processing of the data after the user has registered for the newsletter is the consent of the user Art. 6 para. 1 lit. a GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services (due to sending the booking form) is § 7 Abs. 3 UWG.

Contact form and e-mail contact

On our website a contact form is available, which can be used for electronic contact. If you use this form, the data entered in the input mask will be transmitted to us and saved. These data are:

  • IP address of the calling computer
  • Date and time of registration

Alternatively, contact via the provided e-mail address is possible. In this case, personal data transmitted by e-mail (such as name and e-mail address and content of the e-mail) will be processed and stored.

User information can be stored in a Customer Relationship Management System (“CRM System”) or comparable system of organizing requests. We delete the requests, if they are no longer required. We check this necessity every two years; furthermore, the legal archiving obligations apply.

Transactional e-mails

In addition to newsletters, we also send non-advertising, so-called transactional emails that are directly related to the use of Cruiseberater.de (e.g. when registering, forgetting your password, etc.).

We use Mailjet for this.

These transactional emails are absolutely necessary for the implementation of the business relationship. Unlike newsletters, they therefore do not contain a link to unsubscribe.

For the purpose of analysis, emails sent with Mailjet contain a so-called “tracking pixel” that connects to Mailjet’s servers when the email is opened. In this way it can be determined whether a transactional email has been opened.

We can also use Mailjet to determine whether and which links in the transactional email are clicked. Some links in the email are so-called tracking links that can be used to count your clicks.

Data processing is based on your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Business-related processing

We process the data of our customers in the course of the booking processes on our website, on the phone and in our shop, in order to enable them to select and book the relevant travel services, as well as their payment and supply.

Processed data includes inventory data, communication data, contract data and payment data. Those affected by the processing include customers, stakeholders and other business partners. This process will help you provide contracted services in relation to the operation of online travel agents, billing, delivery and customer service operations.

Processing is based on Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) GDPR. The necessary information for the establishment and fulfillment of the contract is required. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. The data will only be processed in third countries if this is necessary for the fulfillment of the contract (for example, at the customer’s request upon delivery or payment) and in the cases specified in this privacy policy.

Data is deleted after the expiry of legal obligations, and the necessity of storage of the data is checked every three years; in the case of legal archiving obligations, deletion takes place after expiry, ie after the end of the commercial law (6 years) and tax (10 years) storage obligations.

Business analysis and market research

Analyze data available for business transactions, contracts, inquiries and more based on ART to run economically and identify market trends as well as customer and user needs. 6 para. The GDPR includes customers, stakeholders, business partners, visitors and online offers users as affected people.

The analysis is carried out for the purpose of business analysis, marketing and market research. In doing so, we can better define the profiles of registered users, e.g. by taking into account the services used. The analysis allows us to increase the user-friendliness of the site, to optimize our offer and the business economics. This analysis is solely for our use and will not be disclosed externally unless they are anonymous, aggregated value analyses.

If the analysis or profiles are personal, they will be deleted or anonymised upon cancellation by the users, otherwise after two years from the conclusion of the contract. The overall business and trend analyses are initially created anonymously wherever possible.

How is my data protected?

Your personal data is encrypted during transmission with SSL according to the current technical state of the art.

On request you can also pay by credit card. For the transmission of the card data, we will then provide you with a link to an SSL-encrypted form. For your own protection, you should never send credit card details by e-mail.

Data deletion and storage duration

The non-public information of the applicable individual might be deleted or blocked as quickly because the cause of the garage not exists. In addition, garage necessities can be furnished for through the European or country wide legislator in EU guidelines, legal guidelines or different guidelines to which the accountable corporation is subject. Blocking or deletion of the information additionally takes vicinity whilst a garage length prescribed through the requirements referred to expires, until there may be a want for in addition garage of the information for the belief or achievement of the contract.

Rights of the person concerned

If we process your personal data, you are protected by GDPR and have the following rights in respect to us:

Information Rights

You may ask the person in charge to confirm if personal information concerning you is being processed. If such processing is happening, you can request information from the person responsible about the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  • the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • all available information on the source of the data if the personal data are not collected from you;
  • the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on you.
  • You have the right to request information about whether your personal information has been transmitted to a third country or an international organization. In this case, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

Right to rectification

You have a right to rectification and / or completion by us if the personal data we process is incorrect or incomplete. We must make the correction without delay.

Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

  • if you contest the accuracy of your personal information, restriction for a period of time that enables us to verify the accuracy of your personal information;
  • the processing is unlawful and you refuse to allow the deletion of your personal data and instead request the restriction of the use of the personal data;
  • we no longer require your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  • if you objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether our legitimate grounds prevail over your rights.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest oft he EU or a Member State.

If processing of your data has been limited according to the above conditions, you will be informed by the person in charge before the restriction is lifted.

Right to delete

Obligation to delete: You may require the responsible person to delete the personal data concerning you without delay, and we are obliged to delete this data immediately if one of the following reasons applies:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent to the processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for processing.
  • You object to the processing according to Art. 21 para. 1 GDPR and there are no higher priority justifiable reasons for the processing, or you object to processing according to Art. 21 para. 2 GDPR.
  • Your personal data has been processed unlawfully.
  • The deletion of personal data concerning you is required to fulfill a legal obligation under EU law or the law of the Member States to which we are subject.
  • The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Information to third parties: If the person in charge has made the personal data concerning you public and he is required to delete it according to Article 17 (1) of the GDPR, he shall take appropriate measures – taking into account available technology, implementation costs – including technical means, to inform data controllers who process the personal data that you have been identified as being affected, requesting deletion of all links to such personal data or of copies of such personal data.

Exceptions: The right to delete does not exist if the processing is required:

  • to exercise the right to freedom of expression and information;
  • to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
  • for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  • to assert, exercise or defend legal claims.

Right to information

If you have the right of rectification, deletion or restriction of processing, we are obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort. You have a right to be informed about these recipients.

Right to data portability

You have the proper to acquire in my view identifiable facts you offer to us in a structured, not unusualplace and machine-readable format. In addition, you’ve got got the proper to transmit this statistics to some other individual with out drawback through the individual liable for offering the private statistics, supplied that the processing is primarily based totally on a consent according with Art. 6 para. 1 lit. a GDPR or Art. nine para. 2 lit. a GDPR or on a settlement in step with Art. 6 para. 1 lit. b GDPR and processing is accomplished the usage of automatic procedures.

In exercising this right, you also have the right to require that your personal data are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons cannot be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

Right to object

You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The controller will no longer process your personal data in relation to you unless you can provide a compelling and valid reason for processing that exceeds your interests, rights and freedoms.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.