Privacy Policy on the Processing of Personal Data
In accordance with Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (GDPR) and in compliance with applicable national and European data protection laws and standards, Falk Travel AG provides the following information regarding the processing of personal data.
We greatly appreciate your interest in our company. The protection of personal data is of particularly high importance to the management of Falk Travel AG. The use of Falk Travel AG’s website is generally possible without the provision of any personal data. However, if a data subject wishes to use specific services offered by our company via our website, the processing of personal data may become necessary. Where the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject. The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the GDPR and in compliance with the country-specific data protection regulations applicable to Falk Travel AG. Through this privacy policy, our company seeks to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this privacy policy. As the controller responsible for processing, Falk Travel AG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means.
1. Definitions
This privacy policy is based on the terminology used by the European legislator when adopting the GDPR. It should be easy to read and understand for the public, as well as our customers and business partners.
To ensure this, we would like to explain the terminology used:
a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.
g) Controller or Data Controller
The controller or data controller is the natural or legal person, public authority, agency or other body that determines the purposes and means of the processing of personal data.
h) Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency or another body, to whom personal data is disclosed.
j) Third Party
A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them.
2. Contact Details of the Controller – Joint Controllership
Controller within the meaning of the GDPR and other applicable data protection laws is:
Falk Travel AG
Engelgasse 83a
4052 Basel
Switzerland
Falk Travel AG
Tel DE: +49 (0) 89 201 902 42
urlaub@falk.travel
Website: https://www.falk.travel
On certain occasions, Falk Travel AG acts as joint controller for the provision of services and fulfillment of contractual obligations. You can access the joint controllership declaration under Article 26 GDPR by clicking the corresponding link on our website.
3. Data Protection Officer
In accordance with Articles 37 ff. GDPR, we inform you that Falk Travel AG has appointed a Data Protection Officer, who can be contacted at:
certitudo®
Oberragen 11
39031 Bruneck – Italy
E-Mail support.dpo@certitudo.info
Pec-Mail certitudo@legalmail.it
4. Purpose of Data Processing
The data you provide will be processed for the following purposes:
a. Fulfillment of legal obligations
b. Fulfillment of contractual obligations
c. To provide you with the requested information and services
d. To assess the efficiency of our systems
e. With your consent, for marketing activities (e.g., sending business information, promotional materials, market research)
f. To secure our claims (e.g., payments)
g. To determine your level of satisfaction with our products and services
h. With your consent, to conduct automated profiling of your consumer preferences, habits, and/or decisions in order to offer you tailored products or services.
5. Legal Basis for Processing and Obligation to Provide Data
According to the GDPR, processing is lawful only if and to the extent that certain conditions are met. In particular:
Art. 6(1)(a) GDPR: Consent for processing that is not required by contract or law.
Art. 6(1)(b) GDPR: Processing necessary for performance of a contract or to take steps at the request of the data subject prior to entering a contract.
Art. 6(1)(c) GDPR: Processing necessary for compliance with a legal obligation.
Art. 6(1)(d) GDPR: Processing necessary to protect vital interests of the data subject or another natural person.
Art. 6(1)(f) GDPR: Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided the data subject’s interests or fundamental rights and freedoms do not override those interests.
6. Collection and Nature of Processed Data
Each time our website is accessed, a range of general data and information is collected and stored in the server’s log files, including browser type and version, operating system, referrer URL, pages accessed, date and time of access, IP address, Internet service provider, and similar data used for defense against attacks on our IT systems.
These data are not drawn upon to identify you personally; rather, they are needed to properly deliver the content of our website, optimize our site and advertising, ensure the permanent functionality of our IT systems, and, if necessary, provide law enforcement authorities with the required information in the event of a cyberattack. These anonymized log-file data are stored separately from all personal data provided by you.
7. Disclosure of Data
We do not share the information you provide, including personal data, with third parties unless:
It is necessary for the performance of our contract with you (e.g., engaging third-party service providers);
We employ analysts or search engines to support site optimization;
We distribute parts of our platform via APIs or widgets on our partners’ websites, where public profile information may appear;
We combine information about you—such as personal data and cookies sent or received from our partners—
in accordance with applicable laws and with your consent, and use these combined data for the purposes stated above.
8. International Data Transfers
We may transfer your data to service providers located outside the European Economic Area (EEA). Such transfers occur only if adequate data protection guarantees exist, for example because the country is recognized by the EU as providing an adequate level of protection, or appropriate safeguards are in place.
You may contact us using the details above for further information on any such safeguards.
9. Data Retention Periods
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.
With reference to the purposes of the processing provided for in the above points:
the data of the interested party will be kept for the entire duration of the contractual relationship and after its termination only to the extent that the data is necessary for the termination of the contractual obligations entered into and for the implementation of any legal measures and protective provisions of a contractual nature related to or arising from the contract;
the processing of the data ends at the latest – i.e. if the data subject does not revoke consent beforehand – at the time of termination of the contractual relationship
data processing may continue until consent is withdrawn, but in any case no later than two years after termination of the contractual relationship or renewal of consent.
10. legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
11 Rights of the data subject
a) Right to confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
b) Right to information
Any data subject affected by the processing of personal data has the right to obtain information free of charge at any time from the controller about the personal data stored about him/her and a copy of this information.
Furthermore, the data subject has the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
c) Right to rectification
Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
d) Right to erasure (right to be forgotten)
Any data subject affected by the processing of personal data has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar as the processing is not necessary
The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
The personal data was processed unlawfully.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If the personal data has been made public by Falk Travel AG and if our company is obliged to delete the personal data in accordance with Art. 17 para. 1 GDPR, Falk Tours AG shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other processors who process the published personal data that the data subject has requested the deletion of all links.
e) Right to restriction of processing
Any person affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
f) Right to data portability
Any person affected by the processing of personal data has the right to receive the personal data concerning them, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
g) Right to object
Any person affected by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
Falk Travel AG shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
If Falk Travel AG processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the Falk Travel AG to the processing for direct marketing purposes, the Falk Tours AG will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by Falk Travel AG for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may contact Falk Travel AG or the appointed data protection officer directly.
h) Automated decisions in individual cases including profiling
Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
i) Right to withdraw consent under data protection law
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
12. e-mail marketing
Advertising to existing customers
We reserve the right to process the e-mail address provided by you during the booking process in accordance with the statutory provisions in order to send you the following content by e-mail before, during or after the processing of the contract, provided that you have not already objected to this processing of your e-mail address:
– further interesting offers from our portfolio
– about events organized by our company
– Technical information
– Questions about special requests
– Overview of possible leisure activities
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. We carry out the aforementioned processing for customer care and to improve our services. We delete your data when you unsubscribe from the newsletter, but no later than two years after termination of the contract.
We also process the evaluation of your contact or booking on the basis of user interests. If the sending of electronic information is not required for contract processing (e.g. e-mail with payment information), the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. We carry out the aforementioned processing to optimize our service and our website.
We would like to point out that you can object to receiving direct advertising at any time without incurring any costs. To do so, click on the unsubscribe link in the newsletter.
Newsletter
You have the option of subscribing to our e-mail newsletter on the website, which we use to inform you regularly about the following content:
– Offers from our portfolio, some with a marked best price guarantee
– events organized by our company
– exclusive and time-limited special offers
To receive the newsletter, you must provide the following personal data:
– valid e-mail address
– telephone number, if applicable
Registration for our e-mail newsletter is carried out using the double opt-in procedure. After you have entered the data marked as mandatory, we will send you an e-mail to the e-mail address you have provided, in which we ask you to expressly confirm your registration for the newsletter (by clicking on a confirm link). In this way, we ensure that you actually wish to receive our e-mail newsletter. If confirmation is not received within 24 hours, we will block the information sent to us and delete it automatically after one month at the latest.
The following data is also processed for the duration of the subscription:
– Date/time of subscription to the newsletter
– Time of your confirmation of the confirm link
We process the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and prevent misuse of your personal data. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. We process this data for a period of two years after termination of the contract. If the newsletter registration takes place outside of the conclusion of a contract, we process this data for two years after the end of the usage process. We delete this data when the newsletter subscription ends.
After your confirmation, we process the e-mail address of the recipient concerned for the purpose of sending our e-mail newsletter. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) GDPR. We delete this data when you unsubscribe from the newsletter.
You can withdraw your consent to the processing of your email address for the purpose of receiving the newsletter at any time, either by sending us a message (see the contact details in the section “Responsible provider/representative of the provider in the European Union”) or by clicking directly on the unsubscribe link contained in the newsletter.
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are integrated on our website. For the evaluations, we link the data mentioned in the “Access data” section and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID.
We use the data obtained to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to actions you have taken on our website. The information is processed for as long as you are subscribed to the newsletter. After you unsubscribe, we process the data purely statistically and anonymously.
Our purpose is to evaluate the use and optimization of the e-mail advertising that we send you. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.
You can object to this tracking at any time by clicking on the separate unsubscribe link provided in each newsletter or by informing us using the contact details provided in the “Responsible provider” section. You can also prevent tracking by deactivating the display of images in your email program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place.
E-mail marketing service “Sendeffect”
For sending newsletters, we use the e-mail marketing service “Sendeffect”, based in Simbach am Inn. Schulgasse 5, D-84359, web address: https://www.sendeffect.de. Sendeffect is a service that can be used to organize and analyse the sending of newsletters. The data entered by you for the purpose of receiving the newsletter (e.g. e-mail address) is processed on the servers of Sendeffect and is subject to the GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
13. contact option via the website
The website of Falk Travel AG contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
14 Data protection for applications and in the application process
The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can prevent the collection of data and the processing of this data by Google by downloading and installing the following browser plugin:. https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the terms of use and data protection of Google Analytics can be found at: https://www.google.com/analytics/terms/de.html and at https://support.google.com/analytics/answer/6004245?hl=de.
The site uses Google Analytics by means of IP masking to ensure the anonymized collection of IP addresses.
Please note that we use Google Analytics to analyze data from AdWords and the double-click cookie for statistical purposes. If you do not wish this to happen, please deactivate it at https://adssettings.google.com/?hl=de.
Falk Travel AG
