Data Protection Policy
Policy on the protection of your personal data
We inform you about the processing of your personal data by Seyvillas GmbH and your rights under data protection law in the policy below.
Controller for data processing
Werner-Bock-Str. 40, 33602 Bielefeld
Managing Directors: Julian Grupp, Francesca Ruggero, Walter Cuccarano
HRB 94243 – Bielefeld District Court
E-mail address: firstname.lastname@example.org
You can contact our data protection officer by post using the above-mentioned address, FAO ‘Datenschutzbeauftragter/data protection officer’ or by e-mail at email@example.com
Purposes and legal bases of data processing
We only collect and process your personal data with your consent or in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and all other relevant laws.
If you request information e.g. information about our company, properties or services, we require the information you provide in order to process your request.
When you contact us by e-mail or via a contact form, we will store the data you provide us with (your e-mail address, possibly your name and telephone number) in order to answer your questions. We erase the data that arises here after storage is no longer required, or we restrict the processing if there are legal retention requirements.
If you make a binding booking, we require the information you provide here to draw up a travel contract, for the associated travel services and, of course, to share it with corresponding contractual partners. If you enquire about making a booking, we require the data you provide for the enquiry. If the travel contract becomes effective, we process this data to execute the contractual relationship.
The processing of your enquiry or booking and the conclusion of the travel contract is not possible without processing your personal data.
In addition, we require your personal data within the context of procuring rental cars or travel insurance. We also need it to develop new quality standards or to meet legal requirements. We use the data to take the entire customer relationship into consideration, for example to advise on a contractual amendment or adjustment, to make decisions based on goodwill or to comprehensively provide information.
The legal basis for such processing of personal data for pre-contractual and contractual purposes is Article 6 (1) (b) of the GDPR. If special categories of personal data (e.g. health data) are required for this purpose, we will obtain your consent in accordance with Article 9 (2) (a) in conjunction with Article 7 of the GDPR. If we compile statistics with these data categories, this takes place on the basis of Article 9 (2) (j) of the GDPR in conjunction with Section 27 of the BDSG.
We also process your data in order to protect our legitimate interests or those of third parties (Article 6  [f] of the GDPR). This may in particular be necessary:
- to safeguard IT security and IT operations;
- to advise for the agency properties we offer; and
- to prevent and investigate criminal offences.
In addition, we process your personal data to meet legal obligations such as supervisory and police requirements as well as commercial and tax retention requirements, for example. In this case, the legal bases for processing are the respective statutory regulations in conjunction with Article 6 (1) (c) of the GDPR.
Should we wish to process your personal data for a purpose not mentioned above, we will inform you of this beforehand within the scope of the statutory provisions.
Categories of data we collect
If you are interested in our services and make an enquiry, you may transmit to us:
- Your personal data (e.g. address, e-mail address, telephone number, date of birth)
If you book a trip, individual travel services or associated travel services, we collect data to fulfil your contract with us:
- Your personal information, e.g. your address, e-mail address, telephone number and date of birth, passport details, other identification information
- The personal details of the people travelling with you
- Relevant medical data and any specific data
- Payment details (e.g. credit card details, account information, billing address)
- The products or services you have booked
- Your mobile phone number for changes to flight times and transfer pick-up where you are holidaying
- Your mobile phone number for crisis management notifications in the event of a crisis or incident
If you browse our websites or use our mobile apps, we may collect information:
- Travel preferences
- Information concerning your surfing behaviour on our websites and mobile apps
- Information detailing when you click on one of our advertisements, including those shown on other organisations’ websites
- Information concerning the way you access our digital services, including the operating system, IP address, online identifiers and browser details
- Social preferences, interests and activities
If you contact us or we contact you, or if you take part in promotions, competitions, surveys about our services, we may collect:
- Personal data that you provide when you contact us, including by e-mail, post and telephone or through social media, e.g. your name, user name and contact details
- Details concerning e-mails and other digital communications that we send to you and you open, including links in such communications that you click on
Other sources of personal data
- We may use personal information from other sources, e.g. companies that provide information and data, trading partners and public registers.
- Your insurance company, its representatives and medical employees may share relevant personal data and special categories of personal data with us in circumstances where we need to act on your behalf or on the behalf of other customers or in an emergency.
- When you use your login details to sign into a social network to connect to our platforms and online services, e.g. Facebook or Instagram, you agree to sharing your user information with us. As an example, this could include your name, e-mail address, date of birth, location, and other information you choose to share with us.
- Personal data that you transmit to us that relates to other people
- We use personal data you provide about other people, e.g. additional information on your booking.
- By transmitting personal data concerning other people, you must ensure that they agree to this and that you are allowed to transmit the data. You should also ensure that these people know how their personal data could be used by us.
Categories of recipients of personal data
Hotels and accommodation:
During the trip, hotels and accommodation in which you are staying receive all necessary data. The same applies if you are looked after locally, if this information is required for your local support.
The selected airline also receives all data required to properly book the outbound and return flight.
Rental car provider:
The rental car provider receives application and contractual data required to execute the contract.
Travel insurance provider:
The travel insurance provider receives application and contractual data required to execute the contract.
External service providers:
We sometimes use external service providers to fulfil our contractual and legal obligations.
You may request a list of the contractors and service providers we use from our data protection officer. This is a list of parties we have more than a temporary business relationship with. We will send you a printout by post.
We may also transmit your personal data to other recipients, such as authorities, to meet statutory notification obligations (e.g. tourist supervisory authorities, financial and social authorities or law enforcement agencies, courts).
Data storage period
We will erase your personal data as soon as it is no longer required for the above-mentioned purposes. Personal data may be retained for the period during which claims may be asserted against our company or other contractual partners (statutory limitation period of three years, or up to thirty years). We also store your personal data if we are legally obliged to do so.
Corresponding obligations to provide evidence and retain records arise from the German Commercial Code (Handelsgesetzbuch) and the Fiscal Code (Abgabenordnung), among other regulations. Accordingly, the storage period is up to ten years.
Data subject rights
You can request details concerning the personal data stored about you by using the above-mentioned address. Under certain circumstances, you may also request that your data is rectified or erased. You may also have a right to restrict the processing of your data and a right to receive the data you provided in a structured, commonly used and machine-readable format:
- Right of access, Article 15 of the GDPR
- Right to rectification, Article 16 of the GDPR
- Right to erasure (‘right to be forgotten’), Article 17 of the GDPR
- Right to restriction of processing, Article 18 of the GDPR
- Right to data portability, Article 20 of the GDPR
- Right to object, Article 21 of the GDPR
Right to object
You have the right to object to the processing of your personal data for direct marketing purposes.
If we process your data to safeguard legitimate interests, you may object to such processing if your particular situation gives rise to grounds against data processing.
To exercise your rights, you can send an e-mail to firstname.lastname@example.org. Please provide the following information for identification:
- Postal address
- E-mail address and booking ID
Please note that we will process your personal data in accordance with Article 6 (1) (c) of the GDPR in order to process your request and identify you.
You will receive an response to your request regarding your rights within 4 weeks, which is the legal deadline.
We will inform you in advance of any processing of your personal data for any other purpose.
Right to lodge a complaint
You have the opportunity to lodge a complaint with the above-mentioned data protection officer or a data protection supervisory authority. The data protection supervisory authority responsible for our company is:
Landesbeauftragte für Datenschutz und
Informationsfreiheit Nordrhein-Westfalen (State Commissioner for the Protection of Data and Freedom of Information in North Rhine-Westphalia)
Kavalleriestr. 2 - 4
40213 Düsseldorf, Germany
Transmission of data to a third country
If we transmit personal data to service providers outside the European Economic Area (EEA), the transmission will only take place if the third country has been confirmed by the EU Commission as having an appropriate level of data protection or if other appropriate data protection guarantees are in place (e.g. binding internal company data protection regulations or EU standard contractual clauses).
Data protection on this website
The protection of privacy and the security of your personal data is also important to us when you visit our website.
Our applications comply with the provisions of the European General Data Protection Regulation, the Federal Data Protection Act and other industry-specific regulations on data protection online (e.g. the Telecommunications Act [Telekommunikationsgesetz] and the Telemedia Act [Telemediengesetz]). All of our employees are obliged to comply with the EU General Data Protection Regulation and the Federal Data Protection Act.
Anonymised data/log files/IP address
You can visit our website without providing any personal information. We only store access data without any personal references. This data is only evaluated to improve our offering and to ensure no conclusions can be made about you as a person. We collect, store and process your data to process your reservation or booking as well as for advertising purposes. Personal data is collected when you voluntarily provide it to us within the scope of your enquiry or booking or when subscribing to the newsletter. The use of your data within the context of consultancy, advertising, market research, quality assurance and property review can be revoked at any time, including electronically. We share your personal data within the context of execution and reserving the respective travel services, i.e. with the local service provider.
We only use your personal data (such as name, address, phone or e-mail) to process your reservations and bookings and to communicate with you.
We do not share your personal data beyond the contractual purpose, which includes not sharing your personal data with third parties.
These data protection principles will be adapted and further developed in line with developments in data protection and security technology.
We use ‘cookies’ on our website. Cookies are small files that are saved on your computer and save certain settings and data to exchange with our system via your browser. This helps us to design the website accordingly for you and makes it easier for you to use it, for example by saving certain entries meaning you do not have to constantly repeat these entries. Your browser allows you to restrict cookie settings. This may result in you being unable to use our website or it may result in limited functionality. Cookies can also be deleted in settings.
A cookie is a data element that a website can send to your browser to save on your system for later use.
Session cookies are deleted after you close your browser.
We use long-term cookies that stay on your hard drive. The expiration time is set to a date in the future for your convenience. When you visit us again, it will automatically recognise that you have already been on our website and which entries and settings you prefer.
We use the following cookies:
- Session cookie: expires after 10 hours
- Cookie for travel period: expires at the end of the session
- Cookie for personal settings (e.g. newsletter): expires at the end of the session
- Cookie for notepad: expires after 30 days
- Cookie for properties last accessed/already viewed: expires at the end of the session
- Various cookies for web tracking, e.g. *Google-Analytics
- Various cookies for web analysis, e.g. Hotjar
- Various cookies for product recommendations, e.g. Appnexus
- Various cookies for SEM optimisation, e.g. Intelli-Ad and Microsoft Bing
- Various cookies from social networks, e.g. Facebook, YouTube
Web analytics tools
We use technology from the following providers for marketing and for the statistical evaluation of our web pages:
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
This website uses Google Analytics, a web analytics service from Google Inc. (‘Google’) Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses ‘cookies’, text files that are saved on your computer that allow website use to be analysed. Information generated by the cookie about your use of this website is generally sent to a Google server in the USA and saved there. However, if IP anonymisation is activated on this website, your IP address is truncated by Google within the European Union Member States or in other signatory states to the Agreement on the European Economic Area before it is sent. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. By order of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports about website activities and to provide other services to the website operator that relate to website and internet use. The IP address sent from your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by changing your browser settings; please note that in this case, you may be unable to use all of this website’s functions properly. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being captured and processed by Google by downloading and installing the browser plugin. The current link is: https://tools.google.com/dlpage/gaoptout?hl=en.
Note: our website uses Google Analytics with the new, data protection compliant extension ‘_anonymizeIp()’. For this reason, IP addresses are only further processed as truncated addresses in order to exclude any direct personal references.
Microsoft Bing Ads (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA)
If you access our website via a Microsoft Bing ad, a cookie is saved in your browser software. These cookies are not used for personal identification. The information collected by the cookie is only used to compile statistics on the use of the website. This allows us to evaluate and improve our marketing activities.
For more information about data protection at Microsoft Bing and the cookies used, visit the Microsoft website: https://privacy.microsoft.com/en-GB/privacystatement/.
This is how objection or disabling works via the link: Clicking on the link saves an ‘opt-out cookie’ on your data carrier. Please note that if you delete all of the cookies on your end device, these opt-out cookies will also be deleted, i.e. if you wish to continue to object to anonymous data collection, you must save the opt-out cookie again. The opt-out cookies are saved for each browser and end device. If you visit our website from home and from work or with different browsers, you will need to enable opt-out cookies in different browsers or on different end devices.
Personalised product recommendations
We use retargeting functions from Google Adwords (Google Remarketing) (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), Bing (Bing - Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) and Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). You can also find options for saving opt-outs here, thus excluding yourself from data collection.
Use of Visual Website Optimizer
Use of social plugins
This website uses ‘social plugins’ (‘plugins’) from the social network Facebook, which is operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (‘Facebook’). The plugins are marked with a Facebook logo or the addition ‘social plugin from Facebook’ or ‘Facebook social plugin’. An overview of Facebook plugins and what they look like can be found here: https://developers.facebook.com/docs/plugins/
Seyvillas GmbH provides you with free live chat service on its websites. Here, customers and parties interested in travel and travel services from Seyvillas can get in touch with company employees directly and in real time, receive advice and ask questions. The chat is always two-sided, i.e. other users can’t read the conversation. Apart from the costs of the Internet connection, no other costs are charged for this service.
General notes on use
Live chat is a text chat that uses the computer keyboard. Before any information relating to contractual data is disclosed, the user must prove their identity by answering certain questions.
In order to ensure a secure, fair and trustworthy exchange of information, Seyvillas expects live chat users to be polite, open, courteous and respectful. Chats that violate these principles will be terminated. Users may be blocked for particularly serious violations. The chat function is available at the times indicated on the website. Seyvillas has the right to change live chat times without prior notice or to discontinue the service at any time.
The purpose of the live chat is to generally exchange information. The information exchanged is not legally binding. Legal declarations, such as binding contractual offers, declarations of termination or cancellation or notifications of goodwill claims, are neither made nor accepted via live chat. If the request communicated by the user is not suitable for being dealt with in the live chat, for example because it is too complex, it is passed on to the employees in the team responsible.
Falsification of original content cannot be excluded in the case of electronic data transmission. Seyvillas therefore accepts no liability for cases in which live chat posts by Seyvillas employees are not displayed or are not fully legible due to technical defects on the part of the user. We accept no liability for information sent in error. Any responsibility for statements made by a chat participant is also excluded.
The user is not permitted to use the Seyvillas live chat for advertising or other inappropriate content. Seyvillas does not answer any posts in the live chat that infringe criminal law and press law in the Federal Republic of Germany, breach the principles of good manners, the right tone or politeness, and reserves the right to block users from participating in the ‘Seyvillas live chat’ on a temporary or permanent basis.
Seyvillas shall not be liable for any damages arising from the use of live chat, unless Seyvillas is at fault.
To execute the live chat, only data required to provide the consultancy service or to resolve the chat participant’s request is used. You can find detailed information on data protection here. After using the Seyvillas live chat, the following data will be stored for statistical purposes and to improve the service:
- IP address
- Time and duration
- Operating system
- Website from which the user accesses the chat
- Page view
The respective chat history is stored in a log file for a maximum of six months and is then deleted. Seyvillas may also store the chat history for a longer period of time for a particular reason, such as suspicion of criminal acts or threats, in order to preserve evidence. At the end of the chat, the user can save the chat history as a file and print it out.
The service is processed via an encrypted SSL connection and is therefore protected from unauthorised access. Live chat employees work in an area away from public traffic, which guarantees discretion and data protection. During use, users must take suitable precautions to ensure that their personal data, such as their ID number or date of birth, cannot be read by unauthorised third parties. This particularly applies if use takes place in a public place or on devices used by more than one person.
Seyvillas reserves the right to temporarily suspend the Seyvillas live chat in the event of identified security concerns, such as a virus, manipulation by third parties or hardware and/or software errors.
You can subscribe to a free newsletter via our website. When registering for the newsletter, data from the input screen is transmitted to us. This includes the name or a name synonym and the e-mail address given.
The IP address of the accessing computer and the date and time of registration are collected.
Seyvillas also sends a newsletter to everyone who sends us a booking enquiry with us and have therefore given us their e-mail address as well as to all persons with whom a booking has been made (existing customers). In such a case, the newsletter will only be used to send direct marketing for our own products or services.
The legal basis for the processing of data after a user registers for the newsletter is Article 6 (1) (a) of the GDPR if the user has given consent.
The legal basis for sending the newsletter to existing customers as a result of a previous booking is Section 7 (3) of the German Act Against Unfair Competition (Unlauterer Wettbewerbs-Gesetz, UWG).
The collection of the user’s e-mail address serves the purpose of data processing to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. The user’s e-mail address will therefore be stored for as long as the subscription is active. Other personal data collected in the course of the registration process is usually erased after a period of seven days.
The newsletter subscription can be cancelled by the user at any time. There is a corresponding link in every newsletter to do so.
Seyvillas uses the mailing provider MailChimp to send the newsletter. MailChimp is a service from The Rocket Science Group, LLC, 512 Means Street, Ste 404 Atlanta, GA 30318.
If you register for our newsletter, the data that you enter when registering for the newsletter will be transmitted to MailChimp and stored there. After registration, you will receive an e-mail from MailChimp to confirm your registration (‘double opt-in’).
MailChimp offers extensive analytics options relating to how newsletters are opened and used. Such analyses are group-related and we do not use them for individual evaluation. MailChimp also uses the analytics tool Google Analytics and may embed it into the newsletter. For more details about Google Analytics, see the section ‘Web analytics using Google Analytics’.
You can find more information about MailChimp and data protection at MailChimp here: http://mailchimp.com/legal/privacy/ In addition to the newsletter, people with whom a successful travel arrangement has been made receive a request to provide feedback on our services and the property arranged following their trip. TrustPilot (Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark) is used as a review platform here.
You can find more information about TrustPilot and data protection at TrustPilot here: https://uk.legal.trustpilot.com/end-user-privacy-terms
Our safety measures are in line with the latest state of technology:
Transmission of sensitive data
If you access pages within our website that give you the option of entering data and are requested to enter and send data that relates to you, we use SSL (secure socket layer) encryption technology with a key length of at least 128 bits when sending such data for data transmission over the Internet. To date, there are no known methods for analytically decrypting such 128-bit encryption.
You can tell that SSL is used in the address bar (if it starts with HTTPS) or by the padlock in your browser’s status bar.
We do not send messages containing personal data by e-mail if they are unencrypted. If you send unencrypted e-mails to us, please note that these are not protected against knowledge or manipulation by unauthorised third parties during online transmission.
Before you send us an e-mail, please remember that online content is not protected against unauthorised access, falsification, etc. For this reason, we recommended that you use a contact form if you would like to send a message to Seyvillas.
Phishing scammers falsify e-mails and web pages to gain access to your confidential data such as passwords or other sensitive data. Please note that we will never send e-mails or text messages asking you to provide strictly confidential personal data such as your bank account details, credit card number or password, giving reasons that may appear strange (e.g. end of insurance cover). You can find more information about phishing e-mails and how you can protect yourself on the web pages of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).
Access protection measures
Our data processing systems are protected from the outside world by firewall systems. Login procedures and authorisation systems ensure that internal applications are only accessible to authorised users.
You can find more information on the subject of security online via the following link:
Bielefeld, 13/11/2019 – V.1.1