Datenschutzerklärung

Data protection information according to Art. 13 and 14 of the EU Data Protection Regulation (EU-GDPR)
This data protection declaration informs you about the processing of your personal data by us as well as about the rights you are entitled to when using our services.

(Status:18.07.2023)

1. Who is the controller for data processing and whom can you contact?
The controller for data processing is the incoming agency you cooperate with * as stated under 11.

For questions related to data protection please contact: datenschutz@dertour.com

2. What data and what sources do we use?
We process data that we receive as part of our contractual relationship with you or based on your consent. We receive the data directly from you, e.g. as part of the travel booking or other order placement, e.g. via a tour operator.

If you provide us with personal data of other persons, you must ensure that they have agreed to this and that you are allowed to transmit the data. You must ensure that these persons know how their personal data can be processed by us and what rights they have.

Where necessary, we process the following categories of data:

• Identification/authentication data (e.g. surname, first name)
• Demographic data (e.g. age)
• Physical characteristics (e.g. salutation, gender)
• Communication data (e.g. emergency telephone number)
• Travel data (e.g. travel dates, products booked)
• Family relationship (e.g. children travelling with you)
• Data in the context of complaints and crisis cases

3. On what legal basis and for what purpose is your data used?
Required to carry out pre-contractual measures in response to your request or to fulfil contractual obligations with you (Art. 6 para. 1 lit. b EU-GDPR).

We process your data for the preparation of offers and the execution of our contracts with you, i.e. in particular for the organisation, mediation and execution of the booked travel services, including complaints and crisis management (mediation/travel contract) by us or by authorised third parties. Further purposes are

• To provide contact options to us (e.g. contact form, arranging appointments for consultation)

On the basis of legal requirements (Art. 6 para. 1 lit. c EU-GDPR).

We are subject to various legal obligations and statutory requirements. For the purposes of identity and age verification, prevention of criminal offences (e.g. fraud), the fulfilment of tax law/official control and reporting obligations, the assessment and management of risks, as well as storage under financial and tax law, your data may be processed by us or by authorised third parties.

Data processing for the protection of vital interests (Art. 6 para. 1 lit. d EU-GDPR)

In order to protect vital interests of you or another natural person, e.g. in order to provide emergency services with an evacuation list, your data may be processed by us or authorised third parties.

For the protection of legitimate interests (Art. 6 para. 1 lit. f EU-GDPR)

In the context of a balancing of interests, for the protection of legitimate interests, your data may be processed by us or by authorised third parties. This is done for the following purposes:

• Function, availability and security of business operations (e.g. IT, other services).
• Further development of services/travel services and additional products (e.g. quality management)
• Assertion, exercise or defense of legal claims
• Prevention and investigation of criminal offences (e.g. fraud)
• Processing of enquiries and provision of necessary information (e.g. contact form)

Our interest in the respective processing results from the respective purposes (profit generation, avoidance of legal risks, assertion, exercise or defence of legal claims, provision and security of our business operations, efficient task fulfilment, process optimisation).

As far as the specific purpose allows, we process your data pseudonymously.

Based on your consent (Art. 6 para. 1 lit. a EU-GDPR)

If you have given us consent to process your personal data, this respective consent is the legal basis for the processing referred to therein. In particular, you may have consented to being contacted by e-mail, post, telephone or messenger service. You can withdraw your consent at any time with effect for the future. To do so, please contact us at our contact address. The withdrawal only applies to future processing, not to processing that has already taken place.

4. Who receives my data?
Your personal data will only be passed on in compliance with the requirements of the EU-GDPR and only insofar as this is permitted by a legal basis. Your data will only be passed on to those bodies who need it to fulfil our contractual and legal obligations or to carry out their respective tasks, e.g.

• Internal departments responsible for organising, arranging and carrying out the trip/processing your enquiry
• Destination agency (e.g. tour guide, hotel reservation, transfer and possibly excursion services)
• Transport service provider (airline, rail if applicable)
• Accommodation provider (hotel management)
• Service providers of other booked services
• Public authorities (tax authorities, embassies of the destination country) in the event of a legal or official obligation
• Other parties for which you have given us your consent to data processing

5. How long will my personal data be stored?
As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations.

Once you are disconnected, the personal data processed for each purpose will be kept during the legally prescribed periods, including the period within which a judge or court may require them based on the limitation period of legal proceedings.

The data processed will be maintained for as long as until the referred purposes above are fulfilled and the legal deadlines referred to above do not expire, if there is a legal obligation to maintain them, or, if there is no legal deadline, until the interested party revokes the consent granted.

We will keep all information and communications regarding your purchase or the provision of our service, during the term of the warranties of the products or services, in order to address possible complaints.

Processing for advertising purposes can be revoked to free of charge at any time upon informal request in accordance with Art. 21 EU-GDPR; in this case, the data will be blocked for advertising purposes. Your data will be deleted when prior-raking retention periods have expired.

Your personal data will be deleted on the basis of your consent as soon as the purpose has been fulfilled or until revocation and when priority retention periods have expired.

For tax and financial relevant documentes the German Commercial Code (HGB), the German Fiscal Code (AO) and the 10-year retention period out of both codes need to be considered.

Retention for 10 years begins with the end of the calendar year in which the last entry was made in the commercial register, the inventory was drawn up, the opening balance sheet or the annual financial statements were adopted, the individual financial statements pursuant to § 325 para. 2a or the consolidated financial statements were drawn up, the commercial communication was received or dispatched or the accounting voucher was created in accordance with statutory retention periods from § 257 para. 5 for commercial books, inventories, opening balance sheets, annual financial statements, individual financial statements pursuant to § 325 para. 2a, management reports, consolidated financial statements, group management reports as well as the work instructions and other organisational documents required for their comprehension, documents for entries in books to be kept pursuant to § 238 para. 1 (accounting vouchers) and begins with the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business communication was received or dispatched or the accounting voucher was created, furthermore the recording was made or the other documents were created in accordance with § 147 Para. 4 AO for books and records, inventories, annual accounts, management reports, the opening balance sheet as well as the work instructions and other organisational documents necessary for their understanding, accounting vouchers, documents pursuant to Article 15(1) and Article 163 of the Union Customs Code.

6. Will my data be transferred to a third country?
We transfer your data to recipients outside the scope of the regulation of the EU-GDPR and if there is neither an adequacy decision according to Article 45(3) nor appropriate safeguards according to Article 46, including binding internal data protection regulations exist only to the extent that the transfer is necessary

• for the conclusion or performance of the contract with you or for the performance of pre-contractual measures at your request
• for the performance of a contract concluded in your interest by the controller with another natural or legal person
• for the assertion, exercise or defence of legal claims
• to protect the vital interests of the data subject or other persons, where the data subject is physically or legally incapable of giving his or her consent
• you have given your consent

These data processing operations are permissible exceptions from Art. 49 EU-GDPR.

Insofar as a data transfer outside the scope of the EU Data Protection Regulation is necessary due to our predominantly legitimate interest or you have given us your consent, this is secured, among other things, with EU standard contractual clauses in accordance with Art. 46 (2) lit. c EU Data Protection Regulation. If necessary, the EU standard contractual clauses are supplemented by further contractual assurances. You can obtain information on this via the specified contact.

7. Do I have certain rights when dealing with my data?
You have the right to information (Art. 15 EU-GDPR), to correction (Art. 16 EU-GDPR), to deletion (Art. 17 EU-GDPR), to restriction of processing (Art. 18 EU-GDPR) and to data portability (Art. 20 EU-GDPR) under the respective legal conditions.

In addition, you have the right to revoke at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para 1 lit. f EU-GDPR, in accordance with Art. 21 EU-GDPR. This also applies to so-called “profiling” based on this provision within the meaning of Art. 4 No. 4 EU-GDPR. If a justified revocation is made, we will no longer process this personal data for these purposes. A revocation can be made informally to our contact address. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU-GDPR).

For controllers based in the EU you can find the appropriate data protection authority here:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

For controllers based in third country:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf

8. Am I obliged to provide my data?
Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.

9. Is there automated decision-making in individual cases?
As a matter of principle, we do not use automated decision-making pursuant to Art. 22 EU-GDPR for the establishment and implementation of the business relationship. Should we use this procedure in individual cases, you will be informed separately if this is required by law.

10. Will my data be used in any way for profiling?
We do not process your personal data for profiling.

11. Contact details of the data protection officer
If you have any questions on the subject of data protection, please contact:

*
Go Vacation Services S.L.U.
C./Genil 30, 3°planta, Pol. Son Fuster
07009 Palma de Mallorca
Spain
Data Protection Officer
+34971268598
Email: lopd@dtservices.travel

For another controller based in the EU you can contact:

datenschutz@dertour.com

Destination Touristik Services OOD
5 Dunav Str, Box 108
9000 Varna
Bulgaria

DTS Incoming Hellas Touristic Services SA
Kazantzidis & Vosporou 13
71601 Nea Alikarnassos
Heraklion – Crete
Greece

Destination Touristic Services d.o.o.
Head Office Pula
Labinska 2 C
52100 Pula
Croatia

Deutsches Reisebuero S.r.l.
Piazza dell’Esquilino 28-29
00185 Roma
Italy

Destination Touristic Services CYPRUS
2-24, Petrompei Mavromichali street, Athanasios Avenue
4102 Limassol, Cyprus

Following controller based in a third country appointed a representative in the EU:
DERTOUR Group GmbH, Humboldtstraße 140-144, 51149 Köln

datenschutz@dertour.com

Go Vacation Egypt
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Masters Travel Service SAE
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Masters for Hotels and Touristic Services SAE
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Masters Transport Service SAE
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Destination Touristic Services Sarl
Immeuble “Fraj” B3.1 Rue Lac Biwa,
Les Berges du Lac 1,
1053 Tunis
Tunisia

Destination Turistik Hizmetleri Ticaret Limited Sirketi
Gebizli Mah. Termessos Bul.,
BY Plaza Blok No.:50/A
Muratpasa TR-07300 Antalya, Turkey

Miracle Tourism LLC
Thuraya Tower, Barsha Heights
Office 901, 902, & 903
Postbox 454349 Dubai
UAE

Go Caribic SRL
Av. Luis Ginebra, Plaza Turisol 55
Puerto Plata
Dominican Republic

TCI-Go Vacation India Pvt. Ltd.
Tower B Delta Square M.G. Road Sector 25
Gurgaon 122001, Haryana
India

Go Vacation (Cambodia) Co. Ltd.
House#60E1, Street 233, near corner Russian Blvd,
Sangkat Phsar Depo III, Khan Toulkok,
120403 Phnom Penh, Cambodia

DER Asia Tours Co. Ltd.
Chartered Square Building,
152, North Sathon Road, Silom, Bangrak
Bangkok 10500, Thailand

New World Travel Inc.
1040 Avenue of the Americas, 7th Fl,
New York, NY 10018-3736, USA

Go Vacation Vietnam Company Ltd.
3A Floor, 208 Nguyen Trai, Pham Ngu Lao Ward, Dist.1,
Ho Chi Minh City – Vietnam

Go Vacation Africa
Go Vacation Africa (Pty) Ltd.
3rd Floor, Norwich Place West
2 Norwich Close, Sandton
2196 Johannesburg, South Africa

Data protection information for B2B customers
The controller * as stated under 6 processes your data to contact you. This information therefore applies to personal data provided to the controller in the course of its business or other activities by post, telephone, e-mail or online. With this data protection information, we would like to inform you about the scope and purpose of the processing as well as your rights as a data subject.

Persons who transmit personal data of others to us must ensure that the data subjects agree to this and that this data may be transmitted to us as well as be informed about how personal data may be processed by us and what rights data subjects have.

(Status: 18.07.2023).

1. Purposes and legal basis of the processing of personal data
1.1 Establishing contact within the scope of a business relationship
For the initiation or implementation of a business relationship, we will process in particular your contact data (name, address, telephone number and e-mail address), communication data (e.g. correspondence by e-mail), if applicable location data (IP address).

The legal basis for this processing of your personal data is Art. 6 para. 1 lit. a GDPR (your consent) and lit. b GDPR (pre-contractual measures, performance of contract) if we receive the data directly from you or we enter into a direct contractual relationship with you.

If you are not an existing or potential business partner yourself, we have usually received your contact details from our business partner who has named you as a contact person. In this case, the processing of your data is based on Art. 6 para. 1 lit. f GDPR (balancing of interests, based on our legitimate interest in contacting existing or potential business partners).

The provision of personal data about you for the purpose of contacting you in the context of a business relationship is on a voluntary basis. Insofar as your contact data is absolutely necessary for the initiation and fulfilment of a contract, you must disclose your contact data, as otherwise the contract with you cannot be concluded.

2. Recipients of personal data
As a general rule, your data collected by us will not be disclosed to unauthorised persons.

However, in some cases we use service providers to process personal data, e. g. for sending emails. Your data (contact data, communication data is stored in a secure data center and databases.

We also use service providers located in third countries outside the European Union to process your data. Countries outside the European Union handle the protection of personal data differently than countries within the European Union. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection. We have therefore taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries, we conclude the data protection contract (standard contractual clauses) provided by the Commission of the European Union for the processing of personal data in third countries. If necessary, the EU standard contractual clauses are supplemented by further contractual assurances or implement other permissible guarantees or legally permissible exceptions from Art. 49 GDPR. This provides appropriate safeguards for the protection of your data with service providers in the third country. You can request a copy of these guarantees using the contact details above.

3. Storage period; deletion periods
We store the data processed by you for as long as it is required to achieve the purpose and a legal basis exists. When this case applies, your data will generally be deleted. Your data will be stored/not deleted for as long as contractual or statutory retention periods exist for them. These amount is to a maximum of 10 years when your data is part of tax and/or financial relevant documents due to the German Commercial Code (HGB), the German Fiscal Code (AO) and the 10-year retention period out of both codes need to be considered.

Retention for 10 years begins with the end of the calendar year in which the last entry was made in the commercial register, the inventory was drawn up, the opening balance sheet or the annual financial statements were adopted, the individual financial statements pursuant to § 325 para. 2a or the consolidated financial statements were drawn up, the commercial communication was received or dispatched or the accounting voucher was created in accordance with statutory retention periods from § 257 para. 5 for commercial books, inventories, opening balance sheets, annual financial statements, individual financial statements pursuant to § 325 para. 2a, management reports, consolidated financial statements, group management reports as well as the work instructions and other organisational documents required for their comprehension, documents for entries in books to be kept pursuant to § 238 para. 1 (accounting vouchers) and begins with the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business communication was received or dispatched or the accounting voucher was created, furthermore the recording was made or the other documents were created in accordance with § 147 Para. 4 AO for books and records, inventories, annual accounts, management reports, the opening balance sheet as well as the work instructions and other organisational documents necessary for their understanding, accounting vouchers, documents pursuant to Article 15(1) and Article 163 of the Union Customs Code.

4. Automated decision-making in individual cases
We do not use your personal data for automated decision-making or profiling.

5. Your data subject rights
Insofar the controller processes your personal data, you as the data subject are entitled to the following data subject rights in particular, subject to the requirements of data protection law.

5.1 Information
You can request information about your personal data processed by the controller (Art. 15 GDPR).

5.2 Correction
If your information is not (or no longer) accurate, you can request to correct your data. If your data is incomplete, you can request completion of your data (Art. 16 GDPR).

5.3 Deletion
You have the right to request the deletion of your data. Please note that a right for deletion depends on the existence of a legitimate purpose. In addition, there must be no regulations that oblige us to retain your data or other legitimate purposes of the controller that conflict with the deletion of your personal data. (Art. 17 GDPR)

5.4 Restriction of processing
You have the right to request the restriction of the processing of your data. Please note that a request to restriction of processing depends on the existence of a legitimate purpose (Art. 18 GDPR).

5.5 Revocation
If data is collected on the basis of Art. 6(1)(f) GDPR (data processing to protect overriding legitimate interests), you have the right to revoke to the processing of your data on grounds relating to your particular situation. In the event of a revocation, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims (Art. 21 GDPR).

5.6 Right of complaint
You have the right to lodge a complaint with the competent data protection supervisory authority if you do not agree with the processing of your data (Art. 77 GDPR).

For controllers based in the EU you can find the appropriate data protection authority here:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

For controllers based in third country:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf

5.7 Data portability
You have the right to receive personal data that you have provided to us in an electronic format (Art. 20 GDPR).

5.8 Withdrawal of your consent
You have the right to withdraw consent (Art. 6(1)(a) GDPR) to the processing of your data which you have given to us at any time. Your personal data will be deleted on the basis of your consent as soon as the purpose has been fulfilled or until withdrawal and when prior-ranking retention periods have expired.

The easiest way to revoke consent you have given is to send an email to the contact details below. The withdrawal of consent does not affect the lawfulness of the processing of your data carried out until the revocation.

6. Contact details of the data protection officer
Data protection officer

If you have any questions on the subject of data protection, please contact:

*
Go Vacation Services S.L.U.
C./Genil 30, 3°planta, Pol. Son Fuster
07009 Palma de Mallorca
Spain
Data Protection Officer
+34971268598
Email: lopd@dtservices.travel

For another controller based in the EU you can contact:

datenschutz@dertour.com

Destination Touristik Services OOD
5 Dunav Str, Box 108
9000 Varna
Bulgaria

DTS Incoming Hellas Touristic Services SA
Kazantzidis & Vosporou 13
71601 Nea Alikarnassos
Heraklion – Crete
Greece

Destination Touristic Services d.o.o.
Head Office Pula
Labinska 2 C
52100 Pula
Croatia

Deutsches Reisebuero S.r.l.
Piazza dell’Esquilino 28-29
00185 Roma
Italy

Destination Touristic Services CYPRUS
2-24, Petrompei Mavromichali street, Athanasios Avenue
4102 Limassol, Cyprus

Following controller based in a third country appointed a representative in the EU:
DERTOUR Group GmbH, Humboldtstraße 140-144, 51149 Köln

datenschutz@dertour.com

Go Vacation Egypt
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Masters Travel Service SAE
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Masters for Hotels and Touristic Services SAE
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Masters Transport Service SAE
Airport Road 5, in front of Rajac Schools
Hurghada
Egypt

Destination Touristic Services Sarl
Immeuble “Fraj” B3.1 Rue Lac Biwa,
Les Berges du Lac 1,
1053 Tunis
Tunisia

Destination Turistik Hizmetleri Ticaret Limited Sirketi
Gebizli Mah. Termessos Bul.,
BY Plaza Blok No.:50/A
Muratpasa TR-07300 Antalya, Turkey

Miracle Tourism LLC
Thuraya Tower, Barsha Heights
Office 901, 902, & 903
Postbox 454349 Dubai
UAE

Go Caribic SRL
Av. Luis Ginebra, Plaza Turisol 55
Puerto Plata
Dominican Republic

TCI-Go Vacation India Pvt. Ltd.
Tower B Delta Square M.G. Road Sector 25
Gurgaon 122001, Haryana
India

Go Vacation (Cambodia) Co. Ltd.
House#60E1, Street 233, near corner Russian Blvd,
Sangkat Phsar Depo III, Khan Toulkok,
120403 Phnom Penh, Cambodia

DER Asia Tours Co. Ltd.
Chartered Square Building,
152, North Sathon Road, Silom, Bangrak
Bangkok 10500, Thailand

New World Travel Inc.
1040 Avenue of the Americas, 7th Fl,
New York, NY 10018-3736, USA

Go Vacation Vietnam Company Ltd.
3A Floor, 208 Nguyen Trai, Pham Ngu Lao Ward, Dist.1,
Ho Chi Minh City – Vietnam

Go Vacation Africa
Go Vacation Africa (Pty) Ltd.
3rd Floor, Norwich Place West
2 Norwich Close, Sandton
2196 Johannesburg, South Africa