According to the basic EU data protection regulation (EU-GDPR).
This data protection information applies as of 01.05.2018.
We take the protection of your personal data very seriously and therefore process this data in accordance with the legal data protection laws.
With the following information on data protection we would like to inform you how we use your personal data. In particular, we would like you to know how we process your data, how and for what we use your data. Your personal data will only be stored and processed with your prior consent.
Personal data are information that may refer to you personally, which can be used to identify you.
Your personal data is required at various points for the provision of one or more services. We store your data when you make a booking on our website or send us a booking request. We also store your data if you instruct us by telephone to book a service for you or if you make a booking enquiry by telephone.
The processing of your data is necessary for the fulfillment of a contract or for the execution of pre-contractual measures which take place on the basis of your booking or your request. Without these data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.
As part of our business relationship, you only need to provide the personal data required to establish, conduct and terminate a business relationship or which we are legally obliged to collect.
In accordance with Article 22 of the EU GDPR, we do not in principle use automated decision-making or profiling to establish and carry out the business relationship.
We do not process or store personal data on racial or ethnic origin, political opinions, religious or ideological beliefs, genetic data, health data, sex life data or sexual orientation.
In case of a booking we ask and save the following master data: Your first and last name, your address, your e-mail address and your telephone number. In the event of a booking, we can still request health data to prevent accidents and to protect the traveller(s), which we do not store: e.g. degree of physical disability, severely disabled pass, food intolerances, allergies, pregnancy.
IIn case of a booking enquiry we store and process your first and last name, your e-mail address and your telephone number.
If you instruct us to arrange a flight for you and you travel to a country whose regulations require you to provide extended passenger data (API), we will still need your first, middle and last names as listed in your passport, your passport number, validity of passport, country of issue, nationality and date of birth.
The following countries currently require passport data from every traveller before departure: Australia, Austria, Ireland, New Zealand, Bahrain, Italy, Switzerland, Bangladesh, Japan, Spain, Brazil, Canada, Sri Lanka, China, Qatar, South Africa, Germany, Korea, Czech Republic Great Britain, Malta, USA, India, Netherlands, Cyprus, Indonesia.
According to American law, the US Department of Homeland Security (DHS) receives travel and booking data, so-called Passengers Name Records (PNR), from airlines before departure. This applies to flights to, from or via the USA. The main purpose of this data is to combat terrorism and other serious crimes. These data can be compared with other data. The PNR's are stored for 3 years and 6 months and can be passed on to other authorities. This data is supplemented by data from your passport, the Advanced Passenger Information (API). A detailed explanation of the use of your data can be found in Decision 2004/535/EC of the EU Commission.
We pass on your personal data to third parties for the provision of a service. These include airlines, car rental companies, hotels, holiday apartment providers, insurance companies, tours and transfer companies as well as credit card companies.
We assure you that we only pass on the data to third parties that are necessary for the provision of a service. Also we transmit your data only to companies known by us.
Wurthermore, we will ask for your bank details and/or credit card data, which will never be stored by us..
If a booking on our website or a telephone booking requires you to pay or pay for your booked service immediately, you will be forwarded to an external payment processor.
We must pass on your data to third parties in order to provide a service.
Airlines we transmit your first and last name, your address, your birth data, telephone number, as well as your bank or credit card data.
Rental car landlord we transmit your first and last name, as well as your date of birth, hotels, holiday apartment providers, receive your first and last names from us.
Tour operators and transfer companies will receive your first and last name and telephone number from us.
Credit card companies we transmit your credit card data, your first and last name.
Insurance companies receive your first and last name, address, e-mail address and birthday.
In accordance with Article 7 of the EU-GDPR, your consent is required for the processing, storage and disclosure of your personal data. You give us this consent for the specified purposes when you send us your data. You can revoke your consent at any time with effect for the future. This also applies to declarations of consent that you gave us before the EU-GDPR i.e. before 25 May 2018. The revocation is only effective for future processing, not for processing that has already taken place.
You are entitled at any time and free of charge to receive information according to article 15 EU-GDPR and § 34 Federal Data Protection Act (BDSG) about your personal data stored by us.
In addition, you have the right at any time to request the deletion of your data in accordance with Article 17 EU-GDPR or § 35 BDSG, the blocking or correction in accordance with Article 16 EU-GDPR, the restriction of processing in accordance with Article 18 EU-GDPR and the transferability of data in accordance with Article 20 EU-GDPR.
In addition, you have a right of appeal to a data protection supervisory authority pursuant to Article 77 EU-GDPR or § 19 BDSG.
This does not apply to data that conflict with legal regulations, in particular billing or accounting data.
You assure us that if you provide us with the data of another traveller that you have the express permission of the other travellers, you will provide us with the personal data.
Your data may be used by us or by third parties to protect legitimate interests.
This is done for the following purposes:
Accounting purposes (external provider)
Ensuring IT security and IT development (external and internal)
Advertising and marketing purposes (external and internal)
Your personal data from booking requests, by phone, e-mail or via our website will be completely deleted after 6 months. This includes your first and last name, your e-mail address, your telephone number, all information on the 2nd traveller, all e-mail correspondence.
All other data will be stored in accordance with the legally prescribed retention periods and then deleted. In any case we will inform you in writing about the correction or deletion of your personal data.
We are subject to various legal obligations such as the commercial and tax retention periods in accordance with the German Commercial Code.
According to § 257 HGB* we are obliged to keep the stored data for your booking in order to be able to keep complete trading books and also to be able to provide all information relevant for our taxation according to §147 AO*.
*AO = tax code *HGB = code of commerce
We will only transfer your data to countries outside the European Union if this is necessary for the performance and processing of the services ordered or is prescribed by law or if you have given us your consent (e.g. for long-haul travel).
Your data is encrypted from your computer to our server and vice versa via the Internet using 128 bit TLS encryption (Transport Layer Security) or better known as SSL (Secure Socket Layer). You can recognize this by the fact that the lock symbol on the status bar of your browser is closed and the address line starts with https://.
When you visit our web pages, so-called usage data are temporarily stored as a protocol on our web server. This data set consists of:
The page from which the file was requested, the name of the file that was called up.
The date and time of the query.
The amount of data transferred.
The access status (file transferred, file not found).
Type of web browser used.
IP address of the requesting computer, which is shortened in such a way that a personal reference cannot be established.
Data about individuals or their individual behavior is not collected.
The data will be deleted at midnight at the end of the day.
We no longer use Social Media Plug-ins on our websites.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you. You do not have to provide any further information. You will receive a confirmation email with an activation link. If you click this activation link, your e-mail will be entered in our newsletter system. We use this e-mail exclusively for sending the requested newsletter and do not pass it on to third parties.
You can unsubscribe from the newsletter at any time, for example via the link "Newsletter unsubscribe" in the newsletter. Our newsletters contain images that allow us to know if and when an e-mail has been opened. Even if a link is clicked in a newsletter, we save it. We do not know who opened a newsletter or who clicked on which link.
However, we only use the data statistically (i.e. without personal reference) in order to optimize our newsletters and offers and to better understand customer interests.
Once you have made a booking, you will receive an email from us with a link to a hotel review. The hotel rating is completely anonymous. Your personal data will not be published. Your email will be stored for a period of 3 months, unless you redeem the voucher code you have received from us on a website before the end of the 3 months. In this case your e-mail will be deleted immediately.
You have the right to object to the processing of your personal data at any time (Article 21EU-GDPR). If you object, we will no longer process your personal data. You have the right to have your personal data corrected (Article 16 EU-GDPR), informed (Article 15 EU-GDPR) and deleted (Article 17 EU-GDPR). You also have the right to data transmission (Article 20 EU-GDPR).
Any data subject has the right of appeal to the supervisory authority if he or she considers that the processing of data concerning him or her is contrary to data protection law. The right of appeal may be exercised in particular before the supervisory authority of your federal state or on the place of the relevant infringement. An up-to-date list of the competent supervisory authorities can be found at
To revoke your consent to the use of your data, to request the deletion of information, correction or blocking, please send an e-mail or call us.
Please direct enquiries to the data protection officer:
Or in writing to the above address.