Privacy Policy
General Note and Mandatory Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you could be personally identified. Detailed information on data protection can be found in our privacy policy listed below this text.
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. A complete protection of the data against access by third parties is not possible.
Data Collection on this Website
The data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section “Designation of the Responsible Entity” in this privacy policy.
Designation of the Responsible Entity
The controller responsible for data processing on this website is
JR Secreto Travel UG (limited liability)
Am Grenzgraben 26D
D-40468 Düsseldorf
The controller alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, contact details, etc.).
How do we collect your data?
Your data is collected in part by you providing it to us. This could, for example, be data that you enter into a contact form. Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter our website.
What do we use your data for?
A part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse your user behaviour. Additionally, we use the data from contact and booking inquiry forms, if entered, to provide you with offers and contract information upon your request.
Storage Duration
Unless a specific storage period is mentioned in this privacy policy, your personal data will remain with us until the purpose for which it was collected ceases to apply. If you assert a legitimate deletion request or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have a right to lodge a complaint with the competent supervisory authority.
Revocation of your consent to data processing
Only with your express consent, some processes of data processing are possible. A revocation of your already given consent is possible at any time. For the revocation, an informal message by email is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to complain to the competent supervisory authority
As the data subject, in the event of a breach of data protection law, you have a right of appeal to the competent supervisory authority. The competent supervisory authority regarding data protection issues is the State Data Protection Commissioner of the federal state in which our company is based. The following link provides a list of data protection commissioners and their contact details: https://www.bfdi.bund.de/EN/Home/home_node.html
Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent that it is technically feasible.
Right to information, correction, blocking, deletion
You have the right at any time within the framework of the applicable legal provisions to receive free information about your stored personal data, its origin and recipient, the purpose of data processing and, if applicable, a right to correct, block or delete this data. For further questions on the subject of personal data, you can contact us at any time using the contact options listed in the imprint.
Analysis Tools and Third-Party Tools
When visiting this website, your surfing behaviour may be statistically evaluated. This is done primarily with so-called analysis programs; we use the website statistics of the hosting provider IONOS.
Hosting
We host the content of our website with the following provider: IONOS
Provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter IONOS). When you visit our website, IONOS collects various log files, including your IP addresses. Details can be found in the IONOS privacy policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung
The use of IONOS is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in a reliable presentation of our website. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time. We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a data protection contract required by law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
IONOS WebAnalytics
This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Strasse 57, D – 56410 Montabaur. In the course of the analyses with IONOS, visitor numbers and behaviour (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. from which page the visitor comes), visitor locations as well as technical data (browser and operating system versions) can be analysed. For this purpose, IONOS stores the following data in particular:
- Referrer (previously visited website) requested website or file browser type and browser version used operating system type of device used
- Time of access
- IP address in anonymized form (used only for determining the location of access)
The data collection is carried out by IONOS completely anonymised, so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics. The storage and analysis of the data are based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the statistical analysis of user behaviour to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
For more information, please see the privacy policy of IONOS: https://www.ionos.de/terms-gtc/datenschutzerklaerung
SSL and TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL or TLS encryption. This ensures that data transmitted through this website is not readable by third parties. You can recognize an encrypted connection by the “https://” address line in your browser and the padlock icon in the browser bar.
Server Log Files
In server log files, the website provider automatically collects and stores information that your browser automatically transmits to us. This includes:
- Visited page on our domain
- Date and time of the server request
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- IP address
There is no merging of this data with other data sources. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, the server log files must be recorded.
Cookies
Our website only uses necessary cookies. These are small text files that your web browser stores on your device. Cookies help us make our offer more user-friendly, effective and secure.
Some cookies are “session cookies.” Such cookies are automatically deleted at the end of your browser session. On the other hand, other cookies remain on your device until you delete them yourself. These cookies help us recognize you when you return to our website.
With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when the program is closed. Disabling cookies may result in limited functionality of our website.
The setting of cookies necessary for the performance of electronic communication processes or the provision of certain functions you desire is based on Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If the setting of other cookies (e.g. for analytics functions) occurs, these will be separately addressed in this privacy policy.
Data Transmission during Contract Conclusion
Personal data will only be transmitted to third parties if it is necessary for the fulfilment of the contract. Third parties may include other tourism-related companies such as hotels and tour providers. Further transmission of the data does not take place unless you have expressly consented to it.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.
Contact and Booking Inquiry Form
Data transmitted via the contact or booking inquiry form, including your contact details, will be stored to process your inquiry or to be available for follow-up questions. These data will not be disclosed without your consent.
The processing of data entered into the contact or booking inquiry form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. A revocation is sufficient via an informal email. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation.
Data transmitted via the contact or booking inquiry form will remain with us until you request deletion, revoke your consent to storage or there is no longer a need for data storage. Mandatory legal provisions – especially retention periods – remain unaffected.
Communication and Inquiry via Email, Phone, WhatsApp Messenger, or Social Media Messenger (Instagram, Facebook)
When you contact us via email, phone or messenger service, your inquiry, including all associated personal data (name, inquiry), is stored and processed by us for the purpose of handling your request. We do not disclose this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if it has been requested; the consent can be revoked at any time.
The data you send to us through contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer exists (e.g. after completing the processing of your inquiry). Mandatory legal provisions – especially legal retention periods – remain unaffected.
What are Messenger & Communication Functions?
We offer various communication options on our website (such as messenger and chat functions, booking inquiry or contact forms, email, phone) to interact with us. Your data is processed and stored as necessary to respond to your inquiry and subsequent actions.
In addition to traditional communication methods such as email, contact forms or phone, we also use chats and messengers. The most commonly used messenger function is WhatsApp, but there are many different providers specifically for websites that offer messenger functions. We also use the messenger functions of Facebook and Instagram. If contents are end-to-end encrypted, this is indicated in the respective data protection texts or in the privacy policy of the respective provider. End-to-end encryption means that the contents of a message are not visible to the provider. However, information about your device, location settings, and other technical data may still be processed and stored.
Why do we use Messenger & Communication Functions?
Communication with you is of great importance to us. We want to talk to you and provide the best possible answers to all your questions about our service. Effective communication is an essential part of our service. With the convenient messenger and communication functions, you can choose the ones you prefer at any time. In exceptional cases, we may not answer certain questions via chat or messenger, such as internal contractual matters. In such cases, we recommend other communication methods such as email or phone.
We generally assume that we remain responsible for data protection even when using services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us in terms of Art. 26 GDPR. If this is the case, we will explicitly point it out and work based on an agreement in this regard. The essence of the agreement is provided below for the respective platform.
Please note that when using our integrated elements, your data may be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. Consequently, you may find it more challenging to enforce your rights regarding your personal data.
Facebook and Instagram Messenger Privacy Policy
We offer you the option to communicate with us through the instant messaging services Facebook Messenger or Instagram Messenger. The service provider is the American company Meta Platforms Inc. For the European region, the responsible company is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
What are Facebook and Instagram Messengers?
Facebook and Instagram Messengers are chat messaging features developed by Meta Platforms, allowing you to send and receive text messages, voice and video calls, photos and other media files to other users. When you use these messenger services, your personal data is also processed on Meta Platforms servers. This includes, among other things, your phone number, chat messages, sent photos, videos, profile data, address or location.
WhatsApp Privacy Policy
We offer our customers the option to contact us through the messenger service WhatsApp. The service provider is the American company WhatsApp Inc., a subsidiary of Meta Platforms Inc. (formerly Facebook Inc.). For the European region, the responsible company is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For more information about how we handle your data, please refer to our general privacy policy for this website. Legal declarations (such as offers, contracts or contract changes) are not made via WhatsApp and cannot be accepted through this platform.
The terms of use and privacy policies of WhatsApp apply: www.whatsapp.com/legal
Why do we use WhatsApp?
We aim to stay in contact with you, and WhatsApp is an effective means for this purpose. The service works seamlessly and WhatsApp remains the most widely used instant messaging tool worldwide. It provides a practical and straightforward way for us to communicate with you quickly and efficiently.
Plugins and Tools: YouTube
This website may embed videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our web pages with embedded YouTube content, a connection is established to YouTube servers. YouTube’s server is informed about which of our pages you have visited. Furthermore, YouTube may store various cookies on your device or use similar technologies for recognition (e.g. device fingerprinting). This allows YouTube to obtain information about visitors to this website, which is used, among other things, to capture video statistics, improve user-friendliness and prevent fraud.
If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.
For more information on how user data is handled, please refer to YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States, ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to adhering to these data protection standards. For more information, you can visit the provider’s website at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Fonts (local hosting)
This page uses Google Fonts for the uniform display of fonts, provided by Google. The Google Fonts are locally installed, and there is no connection to Google servers. For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en
