1. Overview: data collection on our websiteWhat data do we collect and how do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our server provider's IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website and normally deleted after a short time.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website and monitor it against abuse. Other data can be used to analyze how visitors use the site. Other data (e.g. your email address) is only collected for specific services you may request from us (e.g. newsletter, booking a tour and so on).
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory informationData protection
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Geschäftsführer: Dr. Tom Pfeiffer
Registergericht Saarbrücken, HRB 103744
Heideweg 2, D-66606 St. Wendel, Germany
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments via this website
There are no online payments possible directly on this website and we do not collect nor process any payment information (e.g. credit card numbers) ourselves.
However, we offer the possibility to pay online for certain products using 3rd party providers, namely PayPal (https://www.paypal.com) and GiroSolution GmbH (https://www.girosolution.de). These all offer industry-standard secure common means of payment (Visa/MasterCard, direct debit) via encrypted SSL or TLS connections.
When you make a payment for us online through them, we don't receive any of your payment data from them. We only receive essential information about the payment itself: whether it was successful or not, the amount and currency paid, the date and time of the transaction, our and the payment system's associated reference number to match it with an open invoice, and in case of PayPal, your name and email address. We have no access to any critical information such as your credit card number.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
3. Data collection on our websiteServer access log files:
The website provider (*) automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- Your IP address
These data will not be combined with data from other sources. These data are mainly used for basic statistical purposes and to monitor the network for hacking attacks or other abuse.
This is an example entry a visit of a page could leave in our log files:
126.96.36.199 - - [15/Jan/2018:11:37:50 +0100] "GET /privacy.html HTTP/1.1" 200 15063 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25"
It includes the IP (in this case, a network node from the CDN provider CloudFlare that forwarded your request), date and time the server sent out the html response (the page you look at in your browser), the specific page address (in this case, the ".../privacy.html" page), protocol (HTTP/1.1) and response code (200 = success), byte length (15063) and the type of browser that sent the request (e.g. Safari in this example).
The server access data is deleted automatically after a short amount of time (14 days on our origin server).
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
(*) Note on our website providers:
We don't run the server hosting the website ourselves, but through reputable providers who put industry-standard measures in place to protect the data stored on their systems and are fully compliant with DSGVO.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter.
These data are stored in our secured internal database where only we have access. We only use your data in order to send you our newsletter from time to time.
You can opt-out from the newsletter, remove your account, request to have your data copied to you or deleted it any time.
No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
Buying things or services, e.g. tours:
When you buy something from our online shop
or book a tour with us
, we will need more or less detailed personal data as needed to complete a transaction: typically, this includes your full invoice address, a telephone number to reach you, an email, your birthday, nationality and similar standard information.
For legal and bookkeeping reasons, we are required to keep some or all of these data, or documents where they appear (e.g. invoices) for a minimum of the legal retention period. In Germany
, this varies from 2-10 years, depending on the nature of the data. Invoices will need to be kept for 10 years.
After the retention period has passed, we delete all documents permanently.
4. Processing of data (customer and contract data)We only collect the data we need
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmitted to 3rd party service providers when entering into a contract with us
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to buy transportation tickets, book hotel rooms etc when you have booked a tour with us. Your data will not be transmitted for any other purpose.
The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
What are cookies?
Cookies do not harm your computer and do not contain any viruses. A cookie is a small text file that a website instructs your browser to save on your computer or mobile device when you visit the site, and to resend to the server on your next visit. It can be used to store and exchange various information between your browser and the website.
How to control cookies
You are in full control over which cookies are stored on your device
if you use a reputable browser (e.g. Firefox, Chrome, Safari, Internet Exporer etc). The implementation varies from browser to browser, but you can normally adjust the settings looking into the browser's settings under "privacy".
There, you can control and/or delete
cookies as you wish - for more details, see aboutcookies.org
. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and some functionalities may not work.
We don't store any cookie data on our end. On modern browsers, most cookies are only stored as "local storage" on your computer and not sent out when requesting a web page.
3rd party cookiesData collected through third party cookies
A number of 3rd party elements (=anything not hosted on servers controlled by us such as a sharing button, a video etc) are usually present on this website in order to provide additional functionality. The most common include facebook, google, youtube, twitter, the sharing service addThis (see below for full list).
We do not collect any data from or through these 3rd party services ourselves.
However, by visiting this website with all features enabled, you give us permission to show you resources from 3rd parties as well, who can (and usually do) store their own data about your request to include this resource from our site: this is especially true if you have accounts with them and even more if you are logged in with them and choose never to log out, i.e. keep their cookies on your browser even after you leave their websites:
By loading these elements - e.g. the facebook button, or a youtube video on our website, your browser will connect to the service to request the logo image, video etc. In standard configuration of your browser, it will also send out the cookie you have from them along with the standard http header information described above (IP, time, browser, the page that embeds the resource etc). This way, the 3rd party service can know which site you are visiting, in this case, our website. The purpose is in most cases to be able to send you personalized advertising (if you visit other sites that show advertising).
Unfortunately, we have no way of controlling what 3rd parties exactly do with your data and explicitly deny any responsibility for this. Please read their individual policies about privacy if you're in doubt.
3rd party services that may be used on this website:
Please note that a given page may or may not use any of the mentioned services.