Privacy Information according to Articles 13, 14, and 21 of the EU General Data Protection Regulation (EU GDPR)

Dear Visitors of our Internet Portal,

We are pleased to welcome you to our website www.globalwingsreisen.de. To ensure that you feel comfortable during your visit to this site, we would like to inform you about how we handle your data. The following privacy policy is intended to inform you about the collection, use, and disclosure of personal data.

Protecting your privacy is very important to us. Therefore, we have designed our internet services in such a way that their use can generally be anonymous. We use information that we receive and store during your visit to our websites exclusively for internal purposes and to improve the design of the websites. We store the IP address transmitted by your web browser for a period of seven days to detect, restrict, and eliminate disruptions or errors (e.g., attacks on our servers). After this period, we delete or anonymize the IP address. We use the IP address exclusively for the aforementioned security purposes.

1. Wer ist für die Datenverarbeitung verantwortlich und an wen können Sie sich wenden?

Verantwortlicher für die Datenverarbeitung sind wir – Global Wings Reisen UG, Schniederbergstrasse 144, 49497 Mettingen, E-Mail: office@globalwingsreisen.de

2. What data and sources do we use?

As we are constantly striving to improve our services for our customers in a continuous process, e.g., through customization, the above general data is statistically evaluated anonymously. If you use services, we generally only collect data that we need to provide the services. If we ask for further data, these are voluntary information (fields not marked as mandatory). The processing of personal data is exclusively for the purpose of providing the requested service and to safeguard legitimate business interests.

To protect your data from unauthorized access, we use encryption on our pages. Your information is then transmitted from your computer to our server and vice versa over the Internet using 128-bit TLS encryption (Transport Layer Security) (Note, we recommend at least TLS 1.2 encryption). You can recognize this by the closed lock icon on the status bar of your browser and the address line starting with https://. We do not use encryption if you only exchange publicly available information with us.

2.1 Usage data/log files

When you visit our websites, usage data for statistical purposes is temporarily stored on our web server to improve the quality of our websites. This dataset consists of:

the page from which the file was requested,
the name of the file,
date and time of the request,
amount of data transferred,
access status (file transferred, file not found),
der Beschreibung des Typs des verwendeten Webbrowsers,
the IP address of the requesting computer, shortened in such a way that personal reference is no longer possible.

We use this information to enable access to our website, to control and administer our systems, and to improve the design of our websites. The stored data is anonymized in accordance with applicable legal requirements. The creation of personal user profiles is thereby excluded. Data on individuals or their individual behavior is not collected.

2.2 Permanent and session cookies

Cookies are small files that are stored on a visitor's hard drive. They allow information to be retained for a certain period of time and identify the visitor's computer. We use permanent cookies for better user guidance and individual presentation of performance. We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you.

3. On what legal basis are your data used (purpose of data processing)?

The following information provides information on why and for what purpose we process your data.

3.1 To fulfill contractual obligations (Art. 6 para. 1 lit. b EU GDPR)

We process your data to fulfill our contracts with you, i.e., in particular to carry out and process the booked travel services. The purposes of data processing depend on the specific travel services and the contractual documents (e.g., accommodation, transfers, car rentals, flights).

3.2 Within the scope of balancing interests (Art. 6 para. 1 lit. f EU GDPR)

To protect legitimate interests, your data may be used by us or third parties for the following purposes:

Support of our sales organization in travel advice and support and in sales within the framework of travel support
Further development of travel services and additional products
Advertising, market and opinion research
Asserting legal claims and defending legal disputes
Prevention and investigation of crimes
Ensuring IT security and availability of IT operations

Our interest in the respective processing arises from the respective purposes and is otherwise of an economic nature (efficient task fulfillment, distribution, avoidance of legal risks). Where the specific purpose permits, we process your data pseudonymously or anonymized.

3.3 Based on your consent (Art. 6 para. 1 lit. a EU GDPR)

If you have given us consent to process your personal data, this consent is the legal basis for the processing mentioned therein. You may also have consented to promotional contact by email, telephone, or messenger service. You can revoke consent at any time with effect for the future. This also applies to declarations of consent that you have given us prior to the GDPR, i.e., before 25th May 2018. The revocation only applies to future processing, not to processing that has already occurred. Please contact our contact address for this purpose.

3.4 Based on legal requirements (Art. 6 para. 1 lit. c EU GDPR)

We are subject to various legal obligations and legal requirements (e.g., Civil Code (BGB), Commercial Code (HGB), GoB, Passenger Data Act, EU Package Travel Directive, tax laws of the Federal Republic of Germany). The purposes of processing include identity and age verification, fraud prevention, compliance with tax control and reporting obligations, as well as the assessment and management of risks.

4. Who receives my data?

Your data will only be disclosed in accordance with the EU GDPR and only to the extent permitted by law. Within our sales organization, only those departments receive your data that require it to fulfill our contractual and legal obligations or to perform their respective tasks (e.g., sales, customer service, tour guides, tour operators, hotels, car rental or transfer companies).

In addition, the following entities may receive your data:

Contract processors appointed by us (Art. 28 EU GDPR), especially in the area of booking systems and IT services, logistics, and printing services, who process your data on our behalf in accordance with instructions.
Public authorities and institutions (tax authorities, embassies of the destination country) where there is a legal or regulatory obligation (retention obligations, visa procurement, obtaining entry requirements) as well as
Other entities for which you have given us your consent to transfer data.

5. How long will my personal data be stored?

If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract for the provision of travel services. In addition, we are subject to various retention and documentation obligations, which result, among other things, from the Civil Code (BGB), the Commercial Code (HGB), the Tax Code (AO), and the EU Package Travel Directive. The deadlines for storage or documentation specified there range from two to a maximum of ten years. Finally, the storage period also depends on statutory limitation periods, which typically expire after three years, for example according to Sections 195 ff. of the Civil Code (BGB). The storage of your personal data based on your consent is carried out until revoked.

6. Will my data be transferred to a third country?

We only transfer your data to countries outside the European Union if this is necessary or legally required for the execution and processing of travel services, or if you have given us your consent (e.g., long-distance travel).

7. Do I have specific rights regarding my data?

Under the respective legal conditions, you have the right to information (Art. 15 EU GDPR, § 34 Federal Data Protection Act (BDSG) in its valid version from 25th May 2018), correction (Art. 16 EU GDPR), deletion (Art. 17 EU GDPR or § 35 BDSG), restriction of processing (Art. 18 EU GDPR) and data portability (Art. 20 EU GDPR). You also have the right to lodge a complaint with a supervisory authority (Art. 77 EU GDPR or § 19 BDSG).

8. Am I obligated to provide my data?

In the context of our business relationship, you only need to provide personal data that is necessary for the establishment, implementation, and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or may have to terminate an existing contract.

9. Is there any automated decision-making in individual cases?

We generally do not use automated decision-making in accordance with Art. 22 EU GDPR to establish and implement business relationships. If we use these procedures in individual cases, you will be informed separately if this is required by law.

10. Are my data used in any way for profiling?

We partially process your data automatically to evaluate your potential interest in certain products, offers, and services (so-called "profiling" according to Art. 4 No. 4 EU GDPR). The evaluation is based on statistical methods, taking into account your previous bookings and services with us. We use the results of these analyses for targeted and needs-based customer communication.

11. What rights do I have as a customer?

For reasons arising from your particular situation, you have the right to object at any time to the processing of your personal data, which is based on Article 6 (1) ( f) EU GDPR (data processing based on balancing interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 EU GDPR, which can be used, for example, for customer advice and support. If you object, we will no longer process your personal data. In addition, according to Art. 15 or Art. 21 EU GDPR, you have a permanent right of revocation regarding your consent to data processing for other purposes, if you have given us such consent. The objection can be made informally to the contact address known to you.

Every data subject has the right to lodge a complaint with the supervisory authority if they consider that the processing of personal data concerning them infringes data protection regulations. The right to lodge a complaint can be exercised in particular with the supervisory authority of your federal state or at the place of the relevant infringement. An up-to-date list of the responsible supervisory authorities can be found at https://www.bfdi.bund.de/EN/Infothek/Contact/addresses_links-node.html (accessed on 15th March 2018). 15.03.2018