Skip links

let's chat: 0818 67 67 67

Sign In
Sign Up

LEGAL | EASYTRIP

Privacy Policy

Thanks for taking the time to learn about Easytrip’s legal policies. It’s essential stuff. This is where you’ll locate facts about how we defend your privacy, what you can and can not do with Easytrip, and how we deal with consumer accounts.

easytrip iso 9001:2015

Privacy & Cookies Policy
Easytrip Services Ireland Limited
(Version: December 2024)

Table of Content

I. Preamble

Easytrip Services Ireland Limited (“Easytrip”, “we” “us” and “our”) offers the following services: toll services, parking services, breakdown services, car washes and insurance for lost car keys.

With the following Privacy & Cookies Policy (the “Policy”) we inform you comprehensively and in detail about how we protect your privacy and how we are processing personal data in connection with the provision of our services, websites and/or online platforms. If you have any queries, please do not hesitate to contact us under the contact details published in Section II.

II. Data Controller / Data Protection Officer / Supervisory Authority

Data Controller
Easytrip Services Ireland Limited
EA House, Damastown, Industrial Estate,
Mulhuddart, Dublin 15
D15 XWR3 Irland

Tel.: 018613200 / 1890676768
Fax: 018613250
E-Mail: info@easytrip.ie
Website: https://www.easytrip.ie/

Data Protection Officer /Contact
Easytrip Services Ireland Limited
EA House
Damastown Industrial Park
Mulhuddart
Dublin 15

E-Mail: privacy@easytrip.ie

Data Protection Supervisory Authority
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland

III. Definitions

The definitions and terms used within this Policy are governed by Regulation (EU) 679/2016 on the protection of natural persons with regard to processing of personal data, free movement of such data and the repealing of Directive 95/46/EC (hereinafter “General Data Protection Regulation” or “GDPR“). This applies, in particular, for the definitions made in Art.s 4 and 9 GDPR.

Please note that the GDPR only applies to the processing of personal data of natural persons. The data of legal entities (e.g., a limited liability company, a public limited company or a cooperative association etc.), are – in general – not subject to and therefore not protected by data protection law, except where traders as natural person are affected or personal data of employees of legal entities are the subject of processing.

IV. General Principles / Information

1. Scope of the processing of personal data
In general, we only collect and process personal data if it is necessary for providing and making available our services, for the fulfilment of contracts as well as for providing our web and online platforms (including mobile apps) or if the collection and/or processing of personal data for other purposes is permitted by another legal basis.

2. Legal basis
For any processing of personal data based on the data subject’s consent, Art. 6 (1), lit. a GDPR is the legal basis for the processing.

In cases where data is processed for the performance of a contract to which the data subject is a party, Art. 6 (1), lit. b GDPR is the legal basis; this also applies to processing necessary for the implementation of pre-contractual measures.If personal data is processed in order to comply with a legal obligation to which we are subject, Art. 6 (1), lit. c GDPR is the legal basis. If processing of personal data is necessary in order to protect vital interests of the data subject or any other natural person, Art. 6 (1), lit. d GDPR is the legal basis.

If processing takes place in order to protect the legitimate interests of our company or a third party, provided that the data subject’s interests or fundamental rights and freedoms do not outweigh this interest, Art. 6 (1), lit. f GDPR is the legal basis of the processing.

If processing of personal data takes place in the context of a so-called change of purpose, i.e. data is processed for other purposes than for the purposes for which it has been collected in the first place, the factors set out in Art. 6 (4) GDPR will be considered.

In cases where special categories of personal data within the meaning of Art. 9 GDPR are processed, the express consent of the data subject pursuant to Art. 9 (2) lit. a in conjunction with Art. 6 (1) lit. a GDPR and/or a permission pursuant to Art. 9 (2) lit. b-j GDPR is the legal basis for the processing.

3. Enforcement of claims / legal compliance
We reserve the right to process personal data for enforcing claims within the scope of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR; this includes, in particular, a transfer of data to a General Credit Protection Agency (see Section VI.1.3), authorities and/or courts. In addition, personal data might be processed and/or transferred in the fulfilling of legal or regulatory obligations (e.g. disclosure to authorities etc.); in this case, Art. 6 (1) lit. c GDPR is the legal basis.

4. Obtaining consent / right to revoke
Consent declarations within the meaning of Art. 6 (1) lit. a GDPR will be obtained in writing, in text form or electronically. If a consent is obtained electronically, it will be granted by ticking an opt-in-check box and the granting of the consent will be documented electronically. In the case of electronic consent, the so-called double opt-in procedure (i.e. where a user signs up for email marketing, then confirms the subscription via a separate email or landing page to officially be added to an email list) may be used to identify the user, as far as legally required.

Right to revoke: Please note that consent, once given, may be – in whole or in part – revoked at any time with effect for the future. The lawfulness of the processing that has taken place until such revocation shall remain unaffected. If you wish to revoke your consent, please use the contact details provided in Section II (data controller or data protection officer / contact).

5. Possible recipients of personal data
In order to provide our services (including our web and/or online platforms), we may use third-party service providers (subcontractors), who will, when providing their services, operate on our behalf and in accordance with our instructions. These service providers include tolling, breakdown service and car-parking operators, These service providers may receive or may have access to personal data when providing their services and shall constitute third parties or recipients within the meaning of the GDPR.

In such cases, we ensure that our service providers have taken adequate security measures, that suitable technical and organizational measures are in place, that any processing complies with the requirements of the GDPR and guarantees the safeguarding of the data subject’s rights and that we have entered into an agreement with all such service providers for the purposes of Art. 28 GDPR.

If personal data is transferred to third parties and/or recipients outside of a data processing agreement within the meaning of Art. 28 GDPR, we ensure that this transfer complies with the requirements of the GDPR and will be conducted only if a corresponding legal basis exists; see also Section IV.2) and the appropriate data sharing or other contractual terms have been put in place to govern this data sharing.

6. Processing of personal data in so-called third countries
The processing of your personal data will generally take place within the EU or the European Economic Area (“EEA“).
In a few exceptional cases (e.g. in connection with the calling-in of service providers for rendering web analysis services) your personal data may be transferred to and/or processed in so-called “third countries” (including through remote access to such personal data from outside the EEA where the data is hosted in the EEA). “Third countries” are countries outside of the European Union and/or the Agreement on the European Economic Area, which do not automatically safeguard an adequate level of data protection as required by the EU.

If any transferred information includes personal data, we ensure, prior to such transfer, that an adequate level of data protection is safeguarded in the respective third country or at the respective recipient in the third country. This may be ensured by a so-called “adequacy decision” of the European Commission, by using the so-called “EU Standard Contractual Clauses” or other measures subject to Art. 44 ff. GDPR. Processing outside the EEA may also be justified under Art. 49 GDPR derogations/exceptions or by consent to such processing under Art. 49 (1) lit. a GDPR.

7. Data deletion and storage periods
Personal data of data subjects will be deleted as soon as they are no longer required for the respective purpose of processing. Instead of deletion, personal data may, if necessary, be stored with restrictions on processing if provided for by European or national legislators in EU ordinances, laws or other regulations to which we are subject (eg for the fulfilment of mandatory legal retention periods).
In this case, Art. 6 (1) lit. c and Art. 6 (1) lit. f GDPR respectively are the legal basis. Personal data shall be deleted at the latest when any applicable statutory storage period expires, unless further storing of the data is necessary for the conclusion of a contract or for other purposes (e.g. legitimate interests according to Art. 6 (1) lit. f GDPR).

8. Rights of the data subject
The GDPR grants certain rights to data subjects, i.e. persons affected by the data processing (in particular under Art. 12 to 22 GDPR). The individual rights of data subjects are specified in Section XI. If you wish to exercise one or more of these rights, you may contact us at any time. For that purpose, please use the contact details provided above in Section II.

V. Data Categories

Regarding the categories of personal data affected, we generally process (i) Master Data, (ii) Performance Data, (iii) Third Party Data as well as – if relevant– (iv) special categories of personal data within the meaning of Art. 9 GDPR.

1. Master Data
Master Data are data concerning your company and/or your person, which you provide in the context of the preparation and/or the conclusion of a contract. This means when you set up an Easytrip account, request information, subscribe to a service or otherwise actively submit data to us on our website. This includes, in particular, data such as company name, surname, first name, address, birthday, email address, phone number, fax as well as bank and account details. You may submit further data such as your mobile number, your preferred language for correspondence or further interests and preferences to us. This data category is altogether referred to as “Master Data”.

2. Performance Data
Performance data are data arising from the execution or the fulfilment of a contract and are processed for contract implementation, billing, management or further development or marketing of our offers, services and deliveries. Such data often have no direct reference to a natural person, but a personal reference could be established so that such data are deemed personal data. Depending on the services ordered or provided, Performance Data includes in particular (i) data required for providing contract offers (including financing offers), (ii) data required for the provision of services (e.g. Fuel Cards, license plate, names of employees), (iii) payment and billing data, or (iv) data/information required for the processing of customer enquiries and complaints.

3. Third Party Data
In general, personal data will be collected directly from you. However, it is possible that we do not collect personal data directly, but receive it from third party companies and/or contractual partners, e.g. within the framework of separate contracts (so-called Third Party Data). Such Third Party Data about your company/your person can be, for example, address data, billing data from third parties (e.g. from our service partners), credit information or similar.

VI. Data processing in connection with deliveries and services of Easytrip

We process personal data in accordance with relevant data protection laws applicable, in particular the GDPR, the Data Protection Acts 1988 – 2018 and the E-Privacy Directive 2002/58/EC and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (the “E-Privacy Regulations”).

As far as data protection law is applicable, we process any data collected from you and/or your company in connection with our services as follows:

1. Purpose and legal basis of the processing
We collect and process personal data for the following purposes and on the following legal bases:

1.1. Services (services/toll processing)
Master Data, Performance Data and Third Party Data – including data from our customers, service partners and their employees’ and staffs’ data – for the purpose of contract initiation, contract conclusion and the provision of our services, as far as such processing is necessary for this purpose. This includes, in particular, data processing for the purpose of provision/delivery of goods (e.g. fuels, oils, lubricants, electricity), the provision of services (e.g. roadside assistance, car wash, toll and parking services etc), including the billing of our services.
Art. 6 (1) lit. b GDPR respectively Art. 6 1 lit. f GDPR (legitimate interests) are the legal basis for the abovementioned data processing between the parties involved; legitimate interests exist in the provision of services to customers within the delivery chain. With respect to data protection law, this will take place within a so-called controller-to-controller relationship; further information on this matter will be provided upon request.

As part of our deliveries and services, we offer customers and their employees the opportunity to categorize the use of our services according to business or private use (if this is desired or required by the customer, e.g. for billing reasons). Easytrip provides appropriate tools/possibilities for this purpose. The data processing in this regard is based on the aforementioned legal bases Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR (legitimate interests).

1.2. Credit check/credit agencies/credit rating
We reserve the right to request and to process credit information from credit rating agencies based on the personal data collected by us within the scope of the contractual relationship. In addition, we reserve the right to transfer and process data to credit rating agencies, for the purpose of determining creditworthiness or default risks within the scope of legitimate interests of our company and/or third parties; e.g. if payments due have not been paid.

All such instances of data processing and transfers will be conducted on the basis of Art. 6 (1) lit. f GDPR, as far as that is necessary to safeguard our legitimate interests or the legitimate interests of third parties to be protected against bad debts and provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

Please note that credit rating agencies themselves may process and use the received data for own scoring purposes in order to provide their contractual partners in the European Economic Area and in Switzerland as well as, if necessary, in further third countries (if there is a European Commission decision on their appropriateness) with information about e.g. the creditworthiness of customers. The respective rating agency is responsible for such data processing in accordance with the GDPR; if you have any questions regarding data processing by such agencies, you must contact them directly.

1.3. Invoicing of deliveries and services
For the purpose of invoicing our services, we use Master Data provided by the customer, Performance Data necessary for billing (e.g. purchased equipment, used services etc.) as well as Third Party Data in specific cases (e.g. if customers acquire equipment via Easytrip third service partners or if we acquire third party claims (e.g. toll operators) for the purpose of (uniform) invoicing to the customer)). The legal basis for such processing is Art. 6 (1) lit. a GDPR (contract fulfilment/performance of pre-contractual measures) as well as Art. 6 (1) lit. f GDPR (legitimate interests).

1.4. Assignment of claims/factoring/collection
If customers order deliveries and services directly from toll operators and/or service partners, we reserve the right to acquire the resulting claims from them for the purpose of uniform accounting and invoicing, by way of a purchase of claims with assignment. After assignment, these claims shall be asserted against the customers in Easytrip’s own name and own account as part of a uniform invoicing procedure. The legal basis for the assignment and the data processing necessary for the debt collection is Art. 6 (1) lit. b GDPR (contract fulfilment), otherwise Art. 6 (1) lit. f GDPR (legitimate interests) – insofar as the customer agrees to this in the contract with the toll operator and/or service partner; the legitimate interest lies within the provision of a uniform invoice, as well as a simplified debt collection.

Further, we reserve the right to assign payments and claims we have against customers to third parties or to have these enforced by third parties for the purpose of realisation and enforcement. For this purpose, we may transfer personal data to respective assignees and/or service providers. The legal basis for such processing, including its transfer, is Art. 6 (1) lit f GDPR (legitimate interests). The legitimate interest of Easytrip in such assignment and data transfer is that these service providers have the necessary competence to enforce receivables from customers or to equip service providers with the necessary competence to effectively enforce receivables in or out of court (e.g. via payment plan agreements). This helps to avoid long-term legal disputes, while reducing bad debt losses and increasing the collection rate, thus improving Easytrip’s liquidity and solvency.

If you are of the opinion that your interest in the protection of your personal data outweighs our legitimate interest in such assignment, you have the right to object to the processing of your personal data for the aforementioned purpose (regarding the right to object see Section XI 6). After assignment, the responsibility for data processing for the purpose of debt collection according to data protection lies with the respective service provider; for any queries regarding data processing by these service providers, please contact them directly (see above).

1.5. Enforcement of claims/compliance with legal obligations
We reserve the right to use personal data for the enforcement of claims in and out of court. Art. 6 (1) lit. b GDPR (contract performance/implementation of pre-contractual measures) and Art. 6 (1) lit. f GDPR (legitimate interests) respectively are the legal basis for such processing. Data can also be processed and/or transferred for the purpose of fulfilling legal or statutory obligations (e.g. information to authorities etc.); in that case Art. 6 (1) lit. c GDPR is the legal basis for such processing.

2. Electronic customer accounts
For the use of certain services and/or benefits, we provide our customers with the possibility to set up an electronic user account. When registering and setting up such account, the following personal data (“mandatory information“) will be collected and stored:

  • password,
  • corporate email address of the user, first name, last name, title,
  • company (where relevant),
  • address, country, state and location of the company
  • account number/payment information (e.g. credit card, direct debit etc.)
  • telephone number (mobile/landline)

At the time of registration, (i) the user’s IP address as well as (ii) date and time of the registration are stored.

Moreover, voluntary information such as user e.g. phone number and/or mobile, can be submitted. Information required for registration purposes is marked as a mandatory field in the input mask by an asterisk. Without the complete and truthful completion of all mandatory fields, registration cannot take place. The registration is only completed when you confirm the link contained in an e-mail we send to you after the complete filling in of all mandatory fields. On an anonymous basis, this information can be used, among other purposes, for improving our services.

2.1. Purpose and legal basis
A user registration takes place for the purpose of access restriction and/or access control to selected contents and services, which we only make available to registered users within the scope of our websites and/or online offers. Such registration can also take place for the purpose of providing selected content and services to registered users as part of the contract fulfilment and/or to implement pre-contractual measures.

The legal basis for the processing of data for the purpose of registration is Art. 6 (1) lit. a GDPR, if the user has given his/her consent. If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the legal basis for such processing is Art. 6 (1) lit. b GDPR. If the registration is required for the purpose of access restriction and/or access control, the protection of legitimate interests may also be the legal basis (Art. 6 (1)lit. f. GDPR); the legitimate interest is to restrict access in order to protect the content and information developed by Easytrip against an unauthorized usage.

2.2. Data deletion and storage period
If the registration takes place in the context of a contract fulfilment or for the implementation of pre-contractual measures (Art. 6 (1) lit b GDPR), the registration data will be stored for the duration of the respective order or contract relationship and will be deleted or blocked after expiry of the respective contract or notice period, taking into account Section IV.7.

If the registration is not related to a contract fulfilment or the implementation of pre-contractual measures, the registration data will be deleted as soon as the registration is dissolved, altered or deleted by the user, taking into account Section IV.7.

2.3. Opt-out and removal option
You as a user have always the possibility to dissolve or delete your registration at any time. You can also change your stored personal data at any time. If your data is (still) necessary for the fulfilment of a contract or the implementation of pre-contractual measures, a deletion of your data is only possible if there are no contractual or legal obligations that prevent such deletion.

3. Research / Development, Product Improvement, Product Safety, Product Quality
Customers’ personal data (including location data) collected and processed by Easytrip and/or Easytrip partners as part of service performance may be processed by Easytrip in depersonalized form to the extent permitted by law for purposes of research, product development, product improvement, product safety, IT security and to ensure product and service quality. “Depersonalized” means that data can no longer be used to directly identify customers, suppliers/subcontractors, employees of customers and/or vehicles. For this purpose, Easytrip can processes personal data to generate depersonalized data sets that are then used to improve Easytrip’s products and services.

The legal basis for such processing is Article 6(1)(f) of the GDPR (legitimate interests) and the factors set out in Article 6(4) of the GDPR (change of the purpose of processing) will be taken into account. The legitimate interests of Easytrip consist of using depersonalized data to meet the high requirements of customers for high-quality services and to improve products and services, ensure product safety and IT security and satisfy the demand for newly-developed, innovative solutions and/or services.

4. Possible recipients of data/persons authorized to access data
In the context of providing our services including the processing of personal data relating thereto, our employees have access to data for the purposes stated in Section V on the basis of the so-called “need-to-know principle”. This means that the group of persons authorized to access data is limited to those employees deemed necessary to fulfil the respective processing purpose.

In order to fulfil the purposes mentioned in Section VI, data may also be transferred and processed by (technical) service providers, subcontractors, vicarious agents and/or service partners of Easytrip, in particular in the context of the contract fulfilment (e.g. “extended“ chain delivery transactions, service chains, toll processing). Furthermore, data can be transferred in the context of payment transactions (e.g. to banks, payment service providers) and/or for the implementation of financing. Data can also be transferred to courts, attorneys, credit agencies and/or public institutions for the purpose of enforcing claims and/or meeting legal obligations (e.g. reporting obligation, follow-up obligations in the event of product warning or similar), see also Section IV.3.

With regard to possible recipients of data and the overall organization of access authorizations in our company, please see also Section IV.5 above.

5. Data processing outside the EEA
Data processing outside the European Union (EU) and/or the European Economic Area EEA) may take place e.g. in case of deliveries and services to customers outside the EEA. Such data processing is permissible where derogations/exceptions apply under Art. 49 GDPR, especially according to para 1 lit. b and/or lit. c GDPR. If Art. 49 GDPR does not apply and Easytrip is responsible for the data processing on site in accordance with data protection law applicable, Easytrip will take the measures mentioned in Section IV.6 to ensure an appropriate level of data protection. On request, we are happy to provide you with further information.

6. Data deletion, storage periods, right of withdrawal and objection
If the processing of personal data takes place in connection with the fulfillment of a contract or in order to carry out pre-contractual measures (Art. 6 (1) lit. b GDPR), (personal) data will be stored for the duration of the respective order or contractual relationship and will be deleted or blocked after expiry of the contract or notice period (taking into account the storage periods mentioned in Section IV.7).

7. Obligation to provide personal data (so-called mandatory information)
Data, which is necessary for the initiation, conclusion or implementation of a business relationship, including the fulfilment of related contractual obligations and/or which we are obliged to collect, is mandatory information. Mandatory information is marked with an asterisk in our forms. Without providing this data, it is possible that we may not be able to provide a contract and/or service or only provide it to a limited extent; we reserve the right to refuse contract conclusion if mandatory information is not provided.

8. Automated decision making/profiling pursuant to Art. 22(1) and /4) GDPR
We generally do not use fully automated decision-making procedures within the meaning of Art. 22 GDPR to establish and/or conduct business relationships. Should we use such procedures in future or in other cases, we will inform you separately, as far as required by law.

VII. Data processing concerning suppliers/service partners/service providers

We process personal data of suppliers and/or service providers (hereinafter “suppliers“) who are natural persons and whose services we commission and/or use on a contractual basis only for the purpose of fulfilling or performing a contract. This might concern Master Data, Performance Data as well as Third Party Data. The legal basis for such data processing is Art. 6 (1) lit. b GDPR (fulfilment of contract/implementation of pre-contractual measures).

Furthermore, we reserve the right to process our suppliers’ personal data for the purpose of enforcement of claims within the scope of legitimate interests pursuant to Art. 6 (1) lit. f GDPR. This includes in particular the disclosure of data to credit rating agencies (see Section VI.3), consultants and/or lawyers, authorities and/or courts. Data may also be processed and/or disclosed for the purpose of fulfilling legal or statutory obligations (e.g. information to authorities, etc.); the legal basis for such processing is Art. 6 (1) lit. c GDPR

VIII. Data processing for the fulfilment of legal obligations

As a company we may be subject to several legal obligations (e.g. Tax laws, Anti-Money Laundering Act etc.) which may make it necessary to process your data in order to meet legal and statutory obligations (e.g. information to authorities etc.). In these cases, Art. 6 (1) lit. c GDPR is the legal basis.

We determine in individual cases and on a case-by-case basis, whether we can enter business relations with you, taking into account (on a non-exhaustive basis):

  • S.I. No. 147/2005 and S.I. No. 659/2023 (implementing European Council Regulation (EC) No. 2580/2001 (as amended)).
  • The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended by Part 2 of the Criminal Justice Act 2013 and by the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018.
  • The European ‘EU restricted measures’ list as published by the Official Journal of the European Union and the UN sanctions list.

IX. Data processing for newsletter/advertisement/marketing/press work

We only process personal data for the purpose of advertising or marketing activities (e.g. newsletter), the conduct of customer satisfaction surveys as well as press and public relations (hereinafter “marketing“) if a corresponding consent or another legal basis, which allows the processing even without consent; exists. In further detail:

1. Newsletter registration
If you would like to take advantage of our newsletter service, we need your valid email address. In order to check whether you are the owner of the email address provided, we will first of all send an automated email to the provided email address that contains a newsletter registration link. Only after the confirmation of that registration link i.e. by clicking on it, we will add your email address to our mailing list (so-called double opt-in). We do not collect any further data beyond the email address and the data required for the confirmation of the registration link.

Your data will be processed for the purpose of sending the newsletter you have requested. The legal basis for this processing is Art. 6 (1) lit. a GDPR which we rely on in conjunction with Section 13 of the E-Privacy Regulations. You can unsubscribe from the newsletter at any time; the statements on the right of withdrawal of consent pursuant to Section IV.4 shall also apply.

2. Processing of personal data for advertising and marketing purposes/customer surveys
We process your personal data for advertising and marketing purposes, as well as for customer satisfaction surveys if a consent or another legal basis, which allows the advertising and marketing approach even without consent, exists. As far as legally permissible, we reserve the right to address customers for advertising purposes on the basis of publicly accessible data and/or third-party data, which they get from publicly accessible sources (e.g. data from directory media, the internet, company homepages, public registers etc.). In detail:

  • Legal basis for advertising and marketing measures on the basis of an explicit consent is Art. 6 (1) lit. a GDPR; Section IV.4 shall apply accordingly.
  • Legal basis for data processing for the purpose of direct advertisement by direct letter-mail is Art. 6 (1) lit. f GDPR (legitimate interests); the legitimate interest here is to address potential customers for the purpose of direct advertising for similar goods and services we provide, on condition that in compliance with Section 13 (Unsolicited communications) of the E-Privacy Regulations we (i) received your email address in connection with the selling of our products or services, (ii) you did not object to the use of your email address for direct advertising; (iii), at the time of collecting your email address and at every subsequent use/communication with you, we clearly inform you that you may at any time object to the use of your email address for marketing purposes (for the right to object see Section XI.6); and (iv) the sale of the product or service occurred not more than twelve months prior to the sending of the relevant communication.

Depending on the applicable legal basis for the advertising measure (i.e. consent or legitimate interests), we store and use personal data for the purpose of advertisement for an indefinite period of time unless or until you object to such usage of your data or you revoke your consent, as applicable.

You may at any time with effect for the future revoke your consent to the processing of your personal data. You can at any time object to processing on the basis of legitimate interests; a right of objection exists in particular in the case of profiling in accordance with Art. 21 GDPR. In case of a revocation and/or objection, the personal data will no longer be processed for the respective purpose. This shall not apply if the processing of data is still required for the purpose of contract fulfilment (Art. 6 (1) lit. b GDPR), mandatory storage obligations and/or if data is still necessary in the context of legitimate interests (Art. 6 (1) lit. b GDPR), e.g. in the event of an objection against advertising, the processing of data in a so-called blacklist to prevent further advertising measures.

On request, we are happy to provide you with further information about our handling of data for marketing purposes and/or the sources of our data; please contact us via the contact details in Section II.

3. Press and public relations
For the purpose of press and public relations activities, we collect and process Master Data, Performance Data and Third Party Data of journalists and/or press representatives. This may include, in particular, the provision of press information, the processing of press requests, the addressing of press representatives or the organization of (press) events. The legal basis for such data processing is Art. 6 (1) lit. b GDPR (fulfilment of contract/implementation of pre-contractual measures), as far as the data processing is necessary to fulfil a corresponding agreement and/or in the context of a concrete request. In addition, the data may be processed in the context of legitimate interests pursuant to Art. 6 (1) lit. f GDPR; in this case, the legitimate interest is the conducting of press and public relations activities in favour of Easytrip.

X. Data processing in the context of the provision of our websites and/or Apps

For the provision of our websites and/or online services (including the provision of apps) we process personal data as follows:

1. Data processing in connection with the provision of websites / online services / apps
Whenever a user visits our websites, online services and/or our apps, our system automatically processes data and information from the accessing device/computer system in an automated manner. The following data is processed (hereinafter “Log Data”):

  • information on the type of browser and the version used
  • the user’s operating system
  • the user’s Internet service provider,
  • the user’s IP address
  • date and time of access,
  • websites from which the user’s system accesses our website,
  • websites accessed by the user’s system via our website,
  • the user’s movements on our website (e.g. click rates, duration of use); the so-called log data do not allow a personal reference to the user.

1.1. Purpose and legal basis
The collection and processing of Log Data (in particular IP addresses) take place for the purpose of providing our websites, online services and/or apps to the user (including the content provided on it), i.e. for the purpose of communication between the user and our web or online services. The IP address is temporarily stored for the duration of the respective communication process. This is necessary for addressing the communication between the user and our web and/or online platform and/or for using our web and/or online services. The legal basis for such data processing is Art. 6 (1) lit. b GDPR and such processing will be carried out in compliance with the E-Privacy Regulations for the duration of your visit / usage.

Any processing and storage of the IP address in log files beyond the communication process take place for the purpose of ensuring the functionality of our web and online platforms, optimizing these platforms and ensuring the security of our IT systems. Art. 6 (1), lit. f GDPR (protection of legitimate interests) is the legal basis for any storage of the IP address for these purposes beyond the communication process.

1.2. Data deletion and storage period
We will delete data as soon as they are no longer necessary for attaining the purpose for which we processed it. In case of data collection for providing the website, the data will be deleted when the respective session – the website visit – has ended. Any further storage of Log Data, including the IP address, for the purpose of system security may take place in accordance with mandatory law. Further processing and/or storage of Log Data will be possible and permissible if the users’ IP addresses are deleted or masked to such an extent that it is no longer possible to allocate the Log Data to an IP address. This applies except for further processing of data in the cases listed below (e.g. cookies etc.)

1.3. Possibility of objection and removal
The processing of Log Data for the provision of the website, including the storage of Log Data in log files within the aforementioned limits, is essential for the operation of our website. Therefore, the user has no possibility to object to it. This shall not apply to the processing of Log Data for analysis purposes, c.f. Section X.3 (depending upon the respective analysis tool used and the type of data analysis (personal / anonymous / pseudonymous)).

2. Use of cookies
Our website uses cookies. Cookies are text files stored in or by the Internet browser on the user’s computer system. Cookies do not contain programs and cannot place any malcode on your computer. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the system to identify the browser when the user visits the website again. Depending on the respective type of cookie and the possibility of allocating a cookie to an IP address, it is, however, possible that the user will be personally identifiable. We do not carry out such allocation, and/or anonymize the IP address in order to exclude such allocation (see Section X.3 for further details).

When using cookies which allow a personal identification to the user, we obtain your consent for such usage via a so-called cookie banner (see section 2.1, below).

We differentiate between two types of cookies: (i) technically necessary or essential cookies and (ii) non-essential cookies which require the consent of the users:

(i) We use technically necessary or essential cookies to make our web and/or online offerings more user-friendly. The following data are stored in our technically necessary cookies and transferred to our systems:

  • adoption of language settings
  • memorising of search terms
  • data on the end device / PC and its settings
  • articles in an online shopping cart
  • log-in data

(ii) “Cookies which require consent,” including so-called “functional cookies”, contain all cookies for whose installation or utilisation prior granting of consent by the user is required. Such cookies can include comfort, performance, statistical/analytic and/or advertising or marketing cookies. We differ the following types of cookies that require consent:

  • Functional or comfort cookies enable us to improve the comfort and user-friendliness of our websites and to provide a range of different functions. E.g..: comfort cookies can be used to store search results, language, layout and/or display settings.
  • Performance cookies collect data on how you use our websites. For example, performance cookies help us to identify especially popular parts of our websites. This enables us to adjust the content of our websites to your needs and thus to improve our offers for you.
  • We utilise statistical or analytic cookies to analyse user interaction with our web and/or online offers for the purpose of advertisement, market research or optimisation of our offerings. Further information can be found on our cookie banners.
  • We utilise cookies for marketing purposes / third party cookies in order to send you relevant advertisement and promotional information, e.g., based on the websites you have visited. Advertisement cookies are, as a rule, not from our web servers, but from third-party providers. This includes for example the integration of the ‘like’ button. When it is clicked on, Facebook leaves its ‘own’ cookie on the relevant browser. The cookies of third-party providers can never be sought and/or analysed by us. The third-party providers, who set the respective Cookies based on your consent, are solely responsible for the use of such cookies; we have no possibility or influence to/on its usage and/or the processing of data based on such cookies. You can prevent the placing of third party providers’ cookies by taking the measures described in Section X.2.3 and Section IX.3. If you do not allow these cookies, you will experience less personalised advertisement.

An overview about all providers with whom we cooperate and who use cookies – subject to user’s consent if required – can be found in our cookie settings available at https://www.easytrip.ie/cookies/ .

2.1. Purpose and legal basis
The purpose of using Essential Cookies is to simplify website usage. They are essential for certain website features, which require the recognition of the browser even after a website change. We use Essential Cookies for the following purposes:

  • adopting language settings,
  • memorising search terms,
  • data on the end device / PC and its settings
  • articles in an online shopping cart
  • log-in information.

The user data collected by Essential Cookies will not be used for creating profiles. The usage of Essential Cookies is based on Article 5(3) of the E-Privacy Regulations the further data processing is based on Art. 6 (1) lit. b GDPR, as far as the usage of Essential Cookies is necessary for the provision our web and/or online services, otherwise based on Art. 6 (1) lit. f GDPR, as the usage is also necessary for the purpose of providing web and/or online services within our legitimate interests.

Cookies which require a consent or Non-Essential Cookies are used to improve the quality of our website, its content and/or its usability. Because of such cookies, we learn more about the usage of the website, which enables us to optimize our websites continually (see above). With Performance and/or statistical/analytic Cookies we collect data on how our website is used. This enables us to improve the content and the user-friendliness of our website, e.g. through personalization. Cookies for Marketing Purposes are used to send you relevant advertisement and other similar promotional information. The above-mentioned cookies can be placed either by ourselves or third-party providers whose services we use on our websites. The third-party service providers are exclusively responsible for these cookies, we do not have any influence on their use; the use including the purposes and legal bases of the data processing are stated in the third-party’s data privacy terms.

Cookies that require consent will only be set / used if the user has given his/her prior consent to such use (Art. 6 (1) lit. a GDPR in connection with Article 5(3) of the E-Privacy Regulations and which may also include consent to data processing outside the EEA pursuant to Art. 49 (1) lit. a GDPR, if applicable).

2.2. Data deletion and storage period
Cookies are stored on the respective device of the user (smart device / PC) and will be transmitted from there to our websites. We differentiate between so-called permanent cookies and session cookies. Session cookies are stored during the duration of a browser session and will be deleted when the browser is closed. Permanent cookies will not be deleted when the respective browser session ends, but are stored on the user’s device for a longer period.

2.3. Objection and removal
When visiting our websites, users are, by means of an info banner, informed about the use of cookies. The user’s consent to the processing of his/her personal data will be obtained via the banner, including the consent to a data processing outside the EEA in accordance with Art. 49 (1) lit. a GDPR.

As user, you have full control over the usage and storage of cookies. By changing the settings in your Internet browser, you can generally deactivate or restrict the transfer of cookies. You can delete already stored cookies at any time. This can also take place in an automated manner. If you deactivate Essential Cookies for our website, it is possible that not all functions of the website can be used to their full extent.

You may object to the use of cookies which require a consent at any time with effect for the future (except for Essential Cookies); you may exercise your opt-out right via the info banner or via the aforementioned browsers’ setting options.

3. Web analysis/use of analysis tools
In order to optimize our websites and adapt to the changing habits and technical requirements of our users, we use tools for so-called web analysis, which use cookies (see above). We measure e.g. which elements the users visit, whether the information searched for is easy to find, etc. This information is only interpretable and meaningful at all, if a relatively large group of users is analyzed. For this purpose, the data collected is aggregated, i.e. combined into relatively large units.

Such analyses enable us to adapt the design of our websites or optimise content in cases where, for example, we discover that a significant number of visitors use new technologies or fail to find, or have difficulty finding, an existing piece of information.
On our web and online platforms, we carry out the following analyses and use the following web analysis tools:

3.1. Analysis of Log Data
The use of Log Data for analysis purposes takes place exclusively on an anonymous basis; there is neither a link between Log Data and personal data of the user, nor between Log Data and an IP address or a cookie. Therefore, such analysis of Log Data is not subject to the provisions of the GDPR under data protection law.

3.2. Google Analytics / Google 360
For analysing website usage, we use the web analysis service “Google Analytics” respectively Google 360 from Google (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google AnalyticsBoth tools use “cookies” to analyse the customers’ use of the website on a pseudonymous and/or anonymous basis.

The information generated by such cookie concerning your use of the website will be transferred to a Google server in the USA for storage. On this website, IP Anonymization is activated so that your IP address will be shortened prior transfer within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases, your full IP address will be transferred to a Google server in the USA and will then be shortened there. On our behalf, Google will use the aforementioned information to evaluate the use of the website, to put together reports on the website activities and to provide the website operator with other services relating to website and Internet usage. The IP address transmitted by your browser within Google Analytics will not be combined with other Google data.

The legal basis for the use of Google Analytics using cookies is Art. 6 (1) lit. a GDPR in connection with Section 4 para. 3 (security of processing) of the E-Privacy Regulations (consent); user consent will be obtained via our cookie banner (see Section X.2) and can be revoked at any time via the cookie banner / the cookie settings. As far as personal data generated by cookies, are transferred by Google to servers outside the EEA (eg the US) and processed there, the consent includes such transfer and processing pursuant to Art. 49 (1) lit. a GDPR. Further information on data protection at Google Analytics can be found at https://support.google.com/analytics/answer/6004245?hl=de.

If you do not wish to have your data evaluated by Google Analytics, you have in addition the following options:

  • By clicking on the following link, you can install an add-on, which places an opt-out cookie preventing the future collection of your data by Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de
    Note: If you delete your cookies, the opt-out cookie will also be deleted and you need to re-activate it, if necessary.
  • By downloading and installing the browser plugin available under the link (http://tools.google.com/dlpage/gaoptout?hl=de), you can prevent the processing of data (including your IP address) generated by the Google Analytics cookie relating to your use of the website
    We use Google Analytics for statistical purposes and for evaluating data from AdWords and the double-click cookie. You may deactivate Google Analytics via the Ad Preferences Manager (http://www.google.com/settings/ads/onweb/ ).

3.3. Google Tag Manager
We may use the Google Tag Manager on our websites. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.

For further information about Google Tag Manager, please visit the following Link: https://www.marketingplatform.google.com/about/analytics/tag-manager/use-policy/ and/or https://www.google.com/intl/de/policies/privacy/index.html (section “Data we receive based on your use of our services”).

3.4. Google API
Google APIs are an application programming interface (API) developed by Google that enables communication with Google services and their integration into other services. Google APIs offer functions such as analysis, machine learning as a service (Prediction API) or access to user data (provided authorization to read the data is granted). Another example is an embedded Google map on a website owner’s website, which can be accessed using the Static Maps API, Places API or Google Earth API.

Further detailed information can be found on the Google website at the following link https://policies.google.com/privacy.

3.5. Google Static
With the Maps Static API, a Google Maps image can be embedded on our website. The Maps Static API service creates the map based on URL parameters sent via a standard HTTP request and returns the map as an image that can be displayed on the website. Further detailed information can be found on the Google website at the following link: https://policies.google.com/privacy

3.6. Cookiebot by Cybot
We use the Cookiebot software from Cybot on our websites. The cookie scanner automatically creates a legally compliant cookie banner with a corresponding cookie declaration for website visitors. Cookiebot collects and stores user data such as the IP address in anonymized form, technical browser data, the current website URL and the cookies permitted by the user as proof of consent. Cookiebot only stores this data locally. Further detailed information on Cookiebot can be found on the website https://www.cookiebot.com/de/privacy-policy/.

3.7. WP Engine
WordPress is a so-called content management system (CMS). It is software that can be used to create, manage and publish digital content. It can be used to create and organize a website. You can find more detailed information on the WP Engine website at the following link: https://wpengine.com/legal/privacy/

4. Marketing / Layout / Social Media PlugIns
On our web and online platforms, we offer you to register for our newsletter; the information in Section IX applies accordingly. Furthermore, advertisement tools and Social Media PugIns are used. In detail:

4.1. Google Marketing Platform (formerly DoubleClick)
On our websites / apps, we may – in some cases – use the Google Marketing Platform (formerly DoubleClick), a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (“Google”).

This service uses cookies to present you with ads that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser or device in order to check which ads were displayed in your browser and which ads were viewed. This can improve campaign performance or, for example, prevent you from seeing the same ad more than once. In addition, Google can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser’s website with the same browser and makes a purchase.

Based on the technology used, your browser automatically establishes a direct connection with Google’s server. Please note that we have no influence on the processing of this data by Google. According to the information provided by Google, Google receives through the integration of DoubleClick the information that you have called up the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the Google learns your IP address and stores it. The collected information may be transferred to Google servers in the USA.

The legal basis for the usage of Google Marketing Platform using cookies is Art. 6 (1) lit. a GDPR which we rely on in conjunction with Section 4 para. 3 (security of processing) of the E-Privacy Regulations (consent); the required consent is obtained via our cookie banner (see section X.2) and can be revoked at any time via our cookie banner / cookie settings. As far as personal data generated by cookies, are transferred by Google to servers outside the EEA (eg the US) and processed there, the consent includes such transfer and processing pursuant to Art. 49 (1) lit. a GDPR.

Further information on the Google Marketing Platform may be found at https://marketingplatform.google.com/about/ and on data protection at Google in general at https://www.google.de/intl/de/policies/privacy .

4.2. Google Ads Remarketing, Google Display & Video 360
On our websites / apps, we may – in some cases – use the remarketing technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”), in particular Google Ads Remarketing, Google Display & Video 360.

Through this technology, users, who already visited our website and/or online platforms and who are interested in our services, will be addressed again with targeted advertisement on the websites of the Google Partner Networks. The display of advertisement is carried out via cookies. With the help of these cookies, the user behaviour on our websites can be analysed and then be used for targeted product recommendation and interest-based advertisement. Google does not merge the data collected in the context of remarketing with your personal data. Google uses pseudonymization in the context of remarketing. The collected information will be transferred to Google servers in the USA.

The legal basis for the usage of Google Ads Remarketing by using cookies is Art. 6 (1) lit. a GDPR which we rely on in conjunction with Article 5(3) of the E-Privacy Regulations (consent); the required consent is obtained via our cookie banner (see section X.2) and can be revoked at any time via our cookie banner / cookie settings. As far as personal data generated by cookies, are transferred by Google to servers outside the EEA (eg the US) and processed there, the consent includes such transfer and processing pursuant to Art. 49 (1) lit. a GDPR.

If you do not want to receive targeted advertisement, you can deactivate the use of cookies by Google for this purposes by visiting https://www.google.de/settings/ads/onweb Alternatively, the users can deactivate the use of Third Party Cookies by visiting the deactivation website of the Network Advertising Initiative http://optout.networkadvertising.org/?c=1.

4.3. Web Fonts
For uniform representation of fonts, we use Web Fonts provided by Monotype GmbH (fonts.com respectively fast.fonts.net). When you access our website, your browser downloads the necessary fonts in the browser cash in order to correctly display the website content.

For this purpose, your browser has to connect to the servers of fonts.com. Thereby, Monotype GmbH registers that your IP address accessed our website. We use Fonts.com’s Web Fonts for a uniform display of our online platforms. This corresponds to a legitimate interest within the meaning of Art. 6 (1) lit. f. GDPR. If your browser does not support Web Fonts and/or you have blocked Web Fonts in your browser, your computer will use a standard font.

For further information about Web Fonts please refer to https://www.fonts.com/info/legal and the Data Protection Declaration of Fonts under https://www.fonts.com/ info/legal/privacy and the data protection declaration of Monotype GmbH: https://www.monotype.com/legal/privacy-policy/.

4.4. Google Maps
On our websites, we may use maps from the service Google Maps of Google LLC via API. In order to fully display the content in your browser, Google has to collect your IP address; otherwise, Google cannot deliver/display the incorporated map content. In the event of contract fulfilment, Art. 6 (1) lit. b GDPR is the legal basis for such data processing as well as Art. 6 (1) lit. f GDPR in the context of a legitimate interest while using our website as the IP address is necessary for displaying the content. Please note that Google has its own data protection policies, which are independent from ours. We take no responsibility or liability for these regulations and procedures. For further information about the data processing by Google, please refer to the Google Data Protection Regulation under https://www.google.de/intl/de/policies/privacy/.

4.5. Social Networks / Social Media Plugins
We incorporated plugins of several social media networks on our websites. These plugins provide different features whose subject and scope will be defined by the operators of the social networks. We use a 2-click-procedure for a better protection of your personal data. By clicking the button directly next to the respective plugin, the plugin will be activated which will be marked by a colour change of the plugin button from grey to colourful. Afterwards, you can use the respective plugin by clicking on the plugin button. Please note that the IP address of your browser session can be linked to your own profile on the respective social media network if you are logged in at this time. Equally, a visit of our website can be linked to your social media network profile if it recognizes you through a previously set social network cookie that is still present on your computer.

Please note that we are not the providers of the social media networks and that we do not have any influence on their data processing. For further information, please refer to the following links or addresses:

Facebook
We incorporate plugins of the social media network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA on our websites. You recognize the Facebook plugins by the Facebook logo or the “Like“ button on our website. For an overview on the Facebook plugins, please refer to: http://developers.facebook.com/docs/plugins/.

If you activate the plugin, your browser will be directly linked to the Facebook server. Thereby, Facebook receives the information that you visited our site with your IP address.

Please note that we as provider of the website do not have any knowledge about the content of the transferred data and their usage by Facebook and that we are not responsible for the data processing by Facebook. For further information, please refer to the Facebook Dara Protection Declaration under http://de-de.facebook.com/policy.php.

Facebook Connect
Instead of registering directly on our website, you can register via Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries.

If you decide to register with Facebook Connect and click on the “Login with Facebook”/”Connect with Facebook” button, you will be automatically redirected to the Facebook platform. There you can log in with your user data. This will link your Facebook profile with this website or our services. This link gives us access to your data stored on Facebook. These are above all:-

  • Facebook name
  • Facebook profile and cover picture
  • Facebook cover picture
  • E-mail address stored on Facebook
  • Facebook ID
  • Facebook friend lists
  • Facebook Likes (“Like” information)
  • Birthday
  • Gender
  • Country
  • Language

This data is used to set up, provide and personalize your account. Registration with Facebook Connect and the associated data processing operations are based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time with effect for the future.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .
Further information can be found in the Facebook terms of use and the Facebook privacy policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.

Instagram
In connection with our websites and online offerings, we make limited use of functions of the service, Instagram. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

When you logged in to your Instagram account, you can link the content of our pages with your Instagram profile by clicking on the Instagram button. Instagram will then be able to connect your visit to our pages to your user account. Please note that as a website provider, we receive no information about the content or the use of the data transferred by Instagram.

For further information, please refer to the privacy statement of Instagram: https://instagram.com/about/legal/privacy/.

VIMEO
We integrate the video portal of the US company Vimeo on our websites. The functions are offered by Vimeo.com, Inc, 330 West 34th Street, New York 10001, USA. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

Twitter
Functions of Twitter Inc. are integrated on our websites, which are operated by Twitter International Unlimited Company One Cumberland Place Fenian Street Dublin 2 D02 AX07 Ireland. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

5. Contact form and E-Mail contact
On our website, you can find a contact form, which the user can use for electronic contacting. If the user submits this contact form, the data entered in the contact form will be transferred to us and then stored by us:

  • full name (name, surname)*
  • phone number*
  • email address*
  • customer number
  • licence plate

*mandatory information, which are necessary for the registration, are marked with an asterisk as mandatory field (i.e. in the contact form).

At the time of sending the message, the following data will also be processed and stored:

  • the user’s IP address
  • date and time of the sending

Alternatively, you can also contact us via the indicated email address. In this case, all data transferred with the email will be stored. In no case, data will be transferred to third parties, except, when we have to resort to third parties for the processing of the request.

5.1. Purpose and legal basis
Data will only be processed for the purpose of the processing of the respective request respectively the respective user request. All further data collected during the sending process serve to prevent a misuse of the contact form and to ensure the security of our information technology systems.

If the data processing takes place for the purpose of the fulfilment of a customer order or a customer request, Art. 6 (1) lit. b GDPR is the legal basis, no matter whether the contacting takes place via the contact form or via email. In case of the existence of a user consent, Art. 6 (1) lit. a GDPR is the legal basis for the processing. Legal basis for the collection of additional data during the sending process is Art. 6 (1) f. GDPR; the legitimate interest lies in the prevention of misuse and ensuring system security (see Section IV.2).

5.2. Data deletion and storage period
Data will be generally deleted as soon as we do no longer need it for attaining the purpose for which we collected it. In respect to the personal data from the input mask of the contact form and the data sent by email, we will delete the data when the respective communication with the user has ended and/or the user’s enquiry has been answered definitively. The communication shall be deemed ended, or the enquiry definitively answered, if it is evident from the circumstances that the matter concerned has been definitively resolved. If continued storage of the data is necessary for the reasons specified in Section IV.7, the data shall be stored and blocked instead of being deleted.
Data collected additionally during the sending process will be deleted as soon as they are no longer necessary for the purpose of their collection.

5.3. Right to object and removal
The user has the option of discontinuing the communication with us and/or withdrawing his/her enquiry and objecting to the corresponding use of his/her data at any time. In such case, all communication is stopped and all personal data stored in the course of contact with the user will be deleted, subject to further storage of the data for the reasons mentioned in Section IV.7.]

XI. Rights of the data subject

According to GDPR, the user is entitled to the following rights as a data subject:

1. Right to information (Art. 15 GDPR)
You have the right to request information on whether or not we process your personal data. If our company processes your personal data, you are entitled to information on:-

  • the purposes for which the data is processed;
  • the categories of personal data (type of data) processed;
  • the recipients, or categories of recipients, to whom your data has been disclosed to or is yet to be disclosed; this shall particularly apply, if data has been disclosed, or is to be disclosed, to recipients in third countries outside of the application of the GDPR;
  • the planned storage period, if possible; if it is not possible to specify the storage period, the criteria for defining the storage period (e.g. statutory retention periods or the like) will in any case be communicated;
  • your right to correction and deletion of your data, including the right to have processing restricted and/or the option of opting out (see also the following subsections in this respect);
  • the existence of a right to complain to a supervisory authority; and
  • the origin of the data in the case of personal data not collected directly from you.

Furthermore, you are entitled to information on whether your personal data is the subject matter of an automated decision as specified in Art. 22 GDPR and, if so, what decision-making criteria are taken as a basis for such automated decision (logic), and what effects and implications this automated decision could have for you.

If personal data is transferred to a third country outside of the scope of application of the GDPR, you are entitled to information on whether and, if so, under what guarantees an adequate level of protection, within the meaning of Art.s 45 and 46 GDPR, has been safeguarded at the data recipient in the third country.

You have the right to demand a copy of your personal data. A copy of such request may be kept by us for our legitimate purposes in managing the Service. To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible. In principle, we provide data copies in electronic form, unless specified otherwise. The first copy will be free of charge; we may request an appropriate fee for further copies. The provision of such data copies is subject to the rights and freedoms of other persons possibly affected by the transfer of the data copy.

We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the personal data requested, we may charge you a reasonable fee to account for administrative costs of doing so); or (ii) we are entitled to do so pursuant to applicable data protection laws.

For security reasons, we will take reasonable steps to confirm your identity before providing you with any personal data we may hold about you.

2. Right to correction (Art. 16 GDPR)
You have the right to request that we correct your data if your data is incorrect, inapplicable and/or incomplete; this right to correction includes the right to complete your data by means of supplementary statements or notifications. Correction and/or supplementation shall take place promptly, i.e. without culpable delay.

If we are required to update your personal data, we will inform recipients to whom that personal data have been disclosed (if any), unless this proves impossible or has a disproportionate effort. It is your responsibility that all of the personal data provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible.

3. Right to deletion (Art. 17 GDPR)
You have the right to demand that we delete your personal data if:-

  • your personal data is no longer needed for the purposes for which it was collected and processed;
  • the data is being processed on the basis of consent given by you, and you have revoked your consent, unless there is some other legal basis for processing the data;
  • you have objected to data processing in accordance with Art. 21 GDPR, and no overriding legitimate reasons for continued processing exits;
  • you have objected to data processing for the purpose of direct advertising in accordance with Art. 21 (2) GDPR;
  • your personal data has been processed unlawfully;
  • the data concerned is a child’s data collected in connection with information society services in accordance with Art. 8 (1) GDPR.

No right to delete personal data exists if:-

  • the right to freely express an opinion or the right to information conflicts with the request for deletion;
  • the processing of personal data is (i) necessary for compliance with a legal obligation (e.g. statutory retention duties), (ii) for the performance of public tasks, or the protection of public interests, under European Union law and/or the law of its Member States (this includes interests in the field of public health); or (iii) for archiving and/or research purposes; or
  • the personal data is necessary for asserting, exercising or defending legal claims.

Deletion shall take place promptly, i.e. without culpable delay. If we have made personal data public (e.g. on the Internet), we shall, if this is technically possible and can be reasonably expected, ensure that third-party data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.

4. Right to restriction of processing (Art. 18 GDPR)
You have the right to have the processing of your personal data restricted in the following cases:

  • If you have disputed the accuracy of your personal data, you may request that we do not use your data for other purposes and that their use is restricted, whilst we check the accuracy.
  • If your data is unlawfully processed, you may request that we restrict the use of your data in accordance with Art. 18 GDPR instead of deleting it in accordance with Art. 17 (1), lit. d GDPR.
  • If you need your personal data for asserting, exercising or defending legal claims, but further processing of your personal data is not necessary, you may request that we limit processing to the aforementioned legal defense purposes.
  • If you have objected to data processing in accordance with Art. 21 (1) GDPR, and it has not yet been established whether our interests in processing outweigh your interests, you may request that we do not use your data for other purposes and that their use is restricted, until the outweighing of interests is confirmed.

We will process personal data, whose processing has been restricted at your request, only (i) with your consent, (ii) for asserting, exercising or defending legal claims, (iii) for protecting the rights of other natural persons or legal entities, or (iv) for reasons of important public interest- except for storage. If a processing restriction is lifted, you will be informed thereof.

5. Right to data portability (Art. 20 GDPR)
Subject to the following provisions, you have the right to request that your personal data be surrendered in a commonly used electronic, machine-readable data format. The right to data portability includes the right to transfer the data to you or another data controller. On request, we shall therefore – insofar as technically possible – transfer data directly to a data controller designated, or yet to be designated, by you. The right to data portability shall apply only to data provided by you and which we hold electronically and requires that the processing takes place on the basis of consent or for the implementation of a contract and be carried out with the aid of automated procedures. The right to data portability under Art. 20 GDPR does not affect the right to data deletion under Art. 17 GDPR. The data shall be transferred only if no rights or freedoms of other persons are impaired because of the data transfer.

6. Right to object (Art. 21 GDPR)
If we process personal data for the performance of tasks that are in the public interest (Art. 6 (1) lit. e GDPR) or for the protection of legitimate interests (Art. 6 (1) lit. f GDPR), you may at any time, with effect for the future, object to the processing of your personal data. If you exercise your right to object, we shall refrain from all further processing of your data for the aforementioned purposes, unless:-

  • the reasons for processing are compelling and worthy of protection and outweigh your interests, rights and freedoms, or
  • the processing is necessary for asserting, exercising or defending legal claims.

You may object to the usage of your data for direct advertising at any time, with effect for the future; this shall also apply to profiling, if it relates to direct advertising. If you exercise your right to object, we shall refrain from all further processing of your data for direct advertising.

7. Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions, that entail a legal consequence for you or materially impair you, shall not be based exclusively on automated processing of personal data, including profiling. This shall not apply if such automated decision:-

  • is necessary for the conclusion or performance of a contract with you;
  • is permissible under legal provisions of the European Union or its Member States, insofar as these legal provisions contain appropriate measures for protecting your rights, freedoms and legitimate interests; or
  • is made with your express consent.

In principle, decisions based exclusively on automated processing of particular categories of personal data are impermissible, unless Art. 22 (4) in conjunction with Art. 9 (2), lit. a or lit. g GDPR apply, and appropriate measures for protecting your rights, freedoms and legitimate interests have been taken.

8. Legal protection options/right to complain to the supervisory authority
If you have any complaints, you may at any time turn to the relevant supervisory authority of the European Union or its Member States. For our company, the supervisory authority specified in Section II is the relevant supervisory authority.

XII. Personal Data Breach Reporting

We will notify serious Personal Data Breaches (as defined in the GDPR) in respect of your personal data to the applicable supervisory authority without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay. However, it is not necessary to notify the regulator where the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons. A Personal Data Breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

We will keep a record of any Personal Data Breaches, including their effects and the remedial action taken, and will notify you of any Personal Data Breach affecting your personal data (which poses a high risk to you) when we are required to do so under applicable data protection laws. We are not required to notify you of a Personal Data Breach where (i) we have implemented appropriate technical and organisational measures that render your personal data unintelligible to anyone not authorised to access it, such as encryption; (ii) we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or (iii) it would involve disproportionate effort, in which case we may make a public communication instead.

XIII. Alterations of the Data Protection Information

We reserve the right to alter this Policy from time to time at our sole discretion. The date of the most recent revisions will appear at the top of this Policy. If you do not agree to these changes, please do not continue to use our services to submit your personal data. If material changes are made to the Policy we will notify you by placing a prominent notice on our websites. You have access to the respective current version on our website.

It’s easy to get started

And it’s free. Two things everyone loves

Sign Up