Please also pass on this information to any persons whose data you communicate to us currently and in the future (for example, traveling persons).
- What do we use to process your data and on what legal basis?
1.1. Conclusion, execution or termination of a contract
The object of the operation of kennet.net DMC GmbH is the organization of travel as well as the organization, sale and brokerage of travel services of all kinds worldwide. In this connection, we process the data necessary for the conclusion, execution or termination of a contract with you.
These include, among others:
First name Last Name
Billing and delivery address
Invoice and payment data
if applicable date of birth
if necessary phone number
if necessary further data from and to the passport
If applicable, personal data necessary for the procurement of Visa and ESTA applications for entry into third countries
The legal basis for this is Article 6 (1) (b) GDPR, i. You provide us with the data based on the contractual relationship between you and us. To process your e-mail address we are also obliged to send an electronic order confirmation due to a requirement in the Civil Code (BGB) (Art. 6 (1) (c) GDPR). Insofar as we do not use your contact data for advertising purposes (see clause 2.7.), We store the data collected for the execution of the contract until the expiry of statutory or potential contractual warranty and guarantee rights. After expiry of this period, we retain the information required by commercial and tax law of the contractual relationship for the periods specified by law. For this period (regularly ten years from the conclusion of the contract), the data will be reprocessed in the sole case of a review by the tax authorities.
As part of our business relationship, you must provide the personal information necessary to enter into a business relationship and perform its contractual obligations, or that we are required to collect by law. Without this data, we will usually have to refuse to conclude the contract or to execute the order or to be unable to complete an existing contract and possibly terminate it.
To process the contract, the following additional data processing is required:
If you have selected a payment method other than “payment on account”, you will be redirected to the self-responsible payment service provider and give the required payment data directly to them as independent payment service provider. The data will be stored directly by you. If you provide us with this data by telephone at your own express request, the data will be entered by our employees directly at the payment service provider. In this case, the data will also not be stored by us. We will forward details of your postal address to a postal or logistics company commissioned by us for the purpose of processing the purchase contract.
If required for the execution of the contract, other companies will also receive your personal data to which we transfer personal data (eg partner agencies, hotels, airlines, transport companies, credit institutions, tour guides, insurance companies) to fulfill the contract, execute the contract or carry out the business relationship with you. other tour operators, postal service providers etc.).
If you specify an intermediary travel agency during your online booking and select it for further processing of your booking, your chosen travel agency will receive the data. Further information, in particular the data protection regulations applicable there, can be obtained from this travel agency.
In the event of a delay in payment, we submit the necessary data to a company commissioned with the assertion of the claim if the other legal requirements are met. Legal bases for this are both Article 6 (1) (b) and Article 6 (1) (f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest within the meaning of the second-named provision.
1.2. Data processing for the protection of vital interests
In order to safeguard the vital interests of our guests (Article 6 (1) (d) GDPR), we also collect personal data during the course of the contract, in particular as regards intolerances, allergies, physical restrictions, mobility restrictions, other special needs, etc. These data will be blocked after the end of the contract. However, they will not be permanently deleted. The data is deleted insofar as no statutory or contractual retention periods or other statutory obligations or rights for further storage are to be observed. The deletion will therefore take place regularly at the latest after approx. 3 years.
If necessary, we pass on this data to those natural or legal persons (companies, authorities, etc.) who, on our behalf, provide the services of the contract concluded with you and for whom the knowledge of this data is required.
Possible receivers are e.g. Foreign agencies, restaurants, hotels, airlines and the like. Please note that this data is also transmitted to countries outside the EU or the EEA (so-called third countries), if this is necessary for the proper performance of the services.
We kindly ask for your understanding that due to the blocking you will have to keep this data up to date whenever a new contract is concluded.
1.3. Data entry by fellow travelers
In principle, we do not use fully automated decision-making pursuant to Art. 22 DSGVO to justify and implement the business relationship.
However, we sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling to provide you with targeted information and advice on products. This enables needs-based communication and advertising, including market and opinion research.
We are profiling to fulfill a legitimate interest in adapting our services to your benefit.
RIGHT TO OBJECT:
You may object to the use of your personal data for the purpose of profiling at any time. For this, a short note by e-mail to firstname.lastname@example.org or a written message to our postal address is sufficient.
1.5. Calling our website / application
When you visit our website / application, the browser used on your device automatically sends information to the server of our website / application and temporarily stores it in a so-called log file. We have no influence on this. The following information will also be collected without your intervention and stored until automated deletion:
the IP address of the requesting Internet-enabled device,
the date and time of access,
the name and URL of the retrieved file,
the website / application from which the access was made (referrer URL),
the browser you use and, if necessary, the operating system of your Internet-capable computer as well as the name of your access provider.
The legal basis for the processing of the IP address is Article 6 (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we can not draw any direct conclusions about your identity from the data collected, nor are we drawn by it.
The IP address of your device and the other data listed above are used by us for the following purposes:
Ensuring a smooth connection setup,
Ensuring comfortable use of our website / application,
Evaluation of system security and stability.
The data will be stored for a period of max. Saved for 1 year and then deleted automatically. We also use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website / application. Which of these are the exact procedures and how your data will be used will be explained in section 1.8. explained in more detail.
If you have consented to so-called geolocation in your browser or in the operating system or other settings of your device, we will use this function to offer you individualized services (for example, the location of the nearest branch) based on your current location. We process your processed location data exclusively for this function. If you stop using it, the data will be deleted.
1.6. Data processing for advertising purposes
The following statements refer to the processing of personal data for advertising purposes. The DSGVO declares such data processing on the basis of Art. 6 (1) (f) as fundamentally conceivable and as a legitimate interest. The duration of data storage for promotional purposes does not follow any rigid principles and is based on the question of whether the storage is required for the promotional approach. We also follow the principle of erasing data for commercial use after 10 years at the latest. As in the case of your objection, please refer to section 1.6.3.
1.6.1. Advertising purposes of the kennet.net DMC GmbH
As far as you have concluded a contract with us, we will take you as an existing customer. In this case, we will process your postal contact details outside of a specific consent to provide you with information about new products and services, event invitations, and more. to be delivered.
We do not share your information with third parties for the purpose of advertising.
1.6.2. Interesting advertising
In order for you to receive only those promotional information that is of perceived interest to you, we categorize and supplement your customer profile with additional information. Both statistical information and information about yourself (for example basic data of your customer profile) are used for this purpose. The aim is to provide you with advertisements oriented solely to your actual or perceived needs, and not to bother you with useless advertising.
1.6.3. right to
Against the data processing for the above purposes (ie advertising purposes) you can at any time charge for the respective communication channel separately and with effect for the future objection. For this an email to email@example.com or a written message to our postal address is sufficient.
Insofar as you object, the affected contact address will be blocked for further advertising processing. We point out that in exceptional cases, even after receipt of your objection, there may be a temporary shipment of advertising material. This is technically due to the necessary lead time of advertisements and does not mean that we do not implement your objection. Thank you for your understanding.
On our website, we offer you the opportunity to sign up for our newsletter. In order to be sure that no errors have occurred when entering the e-mail address, we use the so-called double-opt-in procedure: After you have entered your e-mail address in the registration field, send it we will send you a confirmation link. Only when you click on this confirmation link will your e-mail address be included in our mailing list. The processing of your electronic contact data takes place here solely on the basis of your consent (Art. 6 (1) (a) GDPR).
Your credentials will be used exclusively to send our newsletter. All we need for sending is your e-mail address and your personal travel interests. Your personal travel interests are required in order to tailor the contents of the newsletter to your interests.
You can also specify your salutation, title and name. We use this information exclusively for personal salutation in the newsletter.
If you are already registered as a customer, we also use your activity history to determine your interests (bookings made, interests indicated).
The subscription to the newsletter follows the so-called two-stage double opt-in procedure. In the first step, you share your data and interests. In accordance with Art. 6 (1) (a) GDPR, you consent to us sending you a confirmation e-mail to the specified e-mail address. This confirmation email contains a link, by calling it you confirm your e-mail address and, in accordance with Art. 6 (1) (a) GDPR, you agree that the newsletter may be sent to the specified e-mail address.
The link in your confirmation email will remain valid for 10 days. If you have not confirmed your order within these ten days, we will delete your data analogously to the cancellation of the newsletter as described below.
As part of your login, the IP address of the device that triggered the newsletter order and the IP address of the device that called the confirmation link are also recorded. To defend against legal claims, we store these addresses and your e-mail address in accordance with Art. 17 (3) (e) GDPR for 3 years from the end of the calendar year of your newsletter unsubscription.
Your address, title, name and interests will be deleted by unsubscribing from our newsletter.
You can withdraw your consent at any time with effect for the future. Simply send us a short note via e-mail to the e-mail address specified in 1.6.3 or by clicking
Use the corresponding opt-out link at the end of each newsletter (you will no longer receive a newsletter)
by deselecting the respective newsletter in your customer area (you can adjust your travel interests or receive no more newsletters)
1.7. Online presence and website optimization
1.7.1. Contact and inquiry forms on our website
You have the opportunity to contact us via various contact or inquiry forms.
Among other things, the following data is collected:
Name first Name
if necessary address
if necessary salutation
if necessary phone number
If necessary, further information on inquiries for private travel, group travel, business travel, bus rental, training, purchase vouchers u. a.
The processing of your electronic contact data takes place at this point solely on the basis of your consent in accordance with. Art. 6 (1) (a) GDPR.
This data collection is used to communicate with you, so in particular to answer your request. This answer will be sent via e-mail.
To defend against legal claims, we keep this data and your e-mail address in accordance with Art. 17 (3) (e) GDPR for 3 years from the end of the calendar year in which your request was made. This also applies after any revocation by you. We send out e-mails (answer to your request) in accordance with the provisions of commercial law for 10 years. After that they will be deleted.
You can withdraw your consent at any time with effect for the future. For this, a short note by e-mail to firstname.lastname@example.org or a written message to our postal address is sufficient.
1.7.2. Submission of ratings & comments
Personal data is collected if you voluntarily provide it to us as part of your travel assessment or comment on a travel report. In the case of comments on travel reports, we will only use the data provided by you without your separate consent to publish the comment, whereby your e-mail address will not be published and only your name will be displayed on the website in the form you specify.
In the case of travel reviews, you have the option of giving your consent for publication on our website before submitting the evaluation. Apart from the publication just described, there is no disclosure of the data to third parties in connection with ratings and comments.
1.7.3. Cookies – general information
1.7.4. Google Analytics
For the purpose of the needs-based design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google Inc. (“Google”), based on Art. 6 (1) f) (DSGVO). In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as
Browser type / version,
used operating system,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
Time of server request,
are transferred to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for the purpose of market research and customization of these websites. This information may also be transferred to third parties if required by law or as far as third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (so-called IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by using this browser add-on: https: // tools Download and install .google.com / dlpage / gaoptout? hl = DE. As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent detection by Google Analytics by clicking on this link: Deactivate Google Analytics. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information about privacy related to Google Analytics, please visit the Google Analytics website (https://policies.google.com/privacy/update?hl=en).
1.7.5. Google AdWords
As an AdWords customer, we also use Google Conversion Tracking, an analysis service provided by Google Inc. Google Adwords sets a cookie on your computer (“Conversion Cookie”) if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of us and the cookie has not expired yet, we and Google may recognize that someone clicked on the ad and was redirected to our page. Each advertiser receives a different cookie. Cookies can not be tracked through the websites of advertisers. This information is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie – for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “googleadservices.com”.
1.7.6. Google Remarketing
You can prevent the collection by Google Analytics, Google Remarketing and Adwords by clicking on the link below. This installs an “opt-out cookie” into your browser so that in future your data will not be collected when you visit this website: Google Remarketing Hosting (http://www.google.com/ads/preferences/html/opt-out .html).
1.7.7. Google TagManager
This website uses Google Tag Manager. This service allows website tags to be managed through a single interface. The Google Tag Manager only implements tags. This means: no cookies are used and no personal data is collected. Google Tag Manager dispatches other tags, which in turn may capture data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags, provided they are implemented with Google Tag Manager.
1.7.8. Userlike LiveChat
1.7.9. Social media plug-ins
On our website, we use social plug-ins of the social networks Facebook, Google+ and Twitter on the basis of Art. 6 (1) (f) (DSGVO) in order to make our company better known. The underlying commercial purpose is to be regarded as legitimate interest within the meaning of the GDPR. The responsibility for the operation compliant with data protection is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place in the way of the so-called two-click method, in order to protect visitors of our website in the best possible way.
On our website so-called plug-ins of the social network Facebook are used, which is offered by the Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or the addition “Like” or “Share”. An overview of the Facebook plug-ins and their appearance can be found at the following link: https://developers.facebook.com/docs/plugins. If you activate such a plug-in (first click), your browser connects directly to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) will be transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can immediately assign the visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the “Like” button, this information will also be transmitted directly to a Facebook server and stored there. The information will also be posted on your Facebook profile and displayed to your Facebook friends.
Our website uses so-called plug-ins of the social network Google Plus, which is offered by Google Inc. The plug-ins are z. B. on buttons with the sign “+1” on a white or colored background recognizable. For an overview of Google plug-ins and their look, visit https://developers.google.com/+/plugins.
If you enable the plug-in (first click), your browser connects directly to Google’s servers. The content of the plug-in is transmitted by Google directly to your browser and integrated into the site. The integration gives Google the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on Google Plus or are currently not logged in to Google Plus. This information (including your IP address) will be sent from your browser directly to a Google server in the US and stored there. If you are logged in to Google Plus, Google may immediately associate your visit to our website with your Google Plus profile. If you interact with the plug-ins, for example by pressing the “+1” button, the corresponding information is also transmitted directly to a Google server and stored there. The information will also be published on Google Plus and displayed there to your contacts.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for the protection of your privacy, can be found in the data protection information provided by Google here: http://www.google.com/intl/de/+ /policy/+1button.html. If you do not want Google to immediately associate information collected about your visit to our site with Google Plus, you must log out of Google Plus before visiting our website. You can completely prevent the Google plug-ins from loading even with add-ons for your browser, such as: Eg with the script blocker “NoScript”.
Our website also includes plug-ins from the short message network Twitter Inc. The Twitter plug-ins (“Tweet” button) can be recognized by the Twitter logo (a white bird on a blue background) and the addition “Tweet”. When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter button while logged in to your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. More information can be found here: http://twitter.com/privacy. If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account.
2. Receiver outside the EU
Data transfer to countries outside the EU or the EEA (so-called third countries) only takes place, to the extent necessary for the fulfillment of the contract and is required by law, you have given us consent or under a contract by us secured order data processing.
The under 1.7.4. Processes up to and including 184.108.40.206 cause data to be transmitted to the servers of the providers of tracking or targeting technologies commissioned by us. These servers are located in the USA. The data transmission takes place according to the principles of the so-called EU-US Privacy Shield as well as on the basis of so-called standard contractual clauses of the European Commission.
3. Your rights
In addition to the right of revocation of your consent granted to us, the following further rights are available to you if the respective legal requirements apply:
Right to information about your personal data stored by us in accordance with. Art. 15 GDPR; in particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your information has been disclosed, the planned retention period, the source of their data, if not collected directly from you,
Right to correction of incorrect or to the completion of correct data acc. Art. 16 GDPR,
Right to delete your stored data in accordance with. Art. 17 DSGVO, insofar as no statutory or contractual retention periods or other statutory obligations or rights for further storage are to be observed,
Right to restriction of the processing of your data acc. Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion; the person responsible no longer needs the data, but you need it for the assertion, exercise or defense of legal claims or you have lodged an objection against the processing according to Art. 21 GDPR,
Right to data portability acc. Art. 20 GDPR, i. the right to receive selected data stored about us in a common, machine-readable format, or to request transmission to another person in charge
Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
3.2. right to
Under the conditions of Article 21 (1) of the GDPR, data processing may be contradicted for reasons arising from the particular situation of the person concerned.
The above general right of objection applies to all processing purposes described in this privacy statement, which are processed on the basis of Art. 6 (1) (f) GDPR. Unlike the special right of objection to data processing for commercial purposes (see point 2.7.3.), According to the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance (eg a possible danger for life or health).
4. Data security
All personally transmitted data, including your payment details, will be transmitted using the common and secure TLS (Transport Layer Security) standard. TLS is a safe and proven standard, e.g. is also used in online banking. You will see a secure TLS connection, for example, at the attached “s” at the “http” (ie https: // …) in the address bar of your browser or at the lock symbol in the address bar or at the bottom of your browser.
Incidentally, we use appropriate technical and organizational security measures to protect your personal data stored against us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.