Privacy Policy of Tourlane

Since 25 May 2018, the provisions of the EU General Data Protection Regulation (GDPR) apply. Hereinafter, we would like to inform you about the processing of personal data carried out by Tourlane GmbH in accordance with this new regulation. Please read our privacy policy carefully. If you have any questions or comments about this privacy statement, you can always address them to the e-mail address indicated in section 2.

1. Overview

The following data protection information informs you about the type and extent of the processing of so-called personal data by Tourlane GmbH. Personal data is information that is or can be directly or indirectly attributed to your person.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person (hereinafter the "data subject"). This includes information such as your name, address, postal address, IP address, telephone number or your e-mail address. Information that is not directly related to your real identity (such as favourite websites or number of page users) is not covered.

What is anonymized data?

With every access to contents of our internet offer, general information is automatically stored (for example number and duration of the users of individual pages etc.). This data is not personal because it does not relate to an identified or identifiable natural person. It is therefore processed anonymously. Information of this type serves statistical purposes only and will be used by us to optimize our website.

The data processing on the website of Tourlane GmbH can essentially be divided into two categories:

• For the purpose of providing our offer, in particular for the development of tailor-made travel offers and the conduct of travel, all necessary data will be processed by Tourlane. That way, we can guarantee the best possible service to our customers and potential customers. If third parties, e.g. tour operators, subcontractors, etc., are involved in the respective order or the conduct of the trip, your data will be passed on to the respective extent required.

• By visiting the website Tourlane.com different information between your device and our server will be exchanged. This can also be personal data. The information collected in this way will be used to optimize our website or to display advertisements in the browser of your device.

According to the provisions of the GDPR, you have various rights that you can assert against us. This includes, inter alia, the right to appeal against selected data processing, in particular data processing for advertising purposes. The possibility of contradiction is emphasized by printing technology. If you have any questions about our privacy policy, you can always contact our company data protection officer. The contact details can be found below.

2. Name and contact details of the controller and the data protection officer

This privacy policy applies to the processing of data by Tourlane GmbH, Jägerstrasse 71, 10117 Berlin ("Responsible"), and to our website https://www.tourlane.com/. The data protection officer of Tourlane GmbH may be contacted via the above mentioned address, attn: Department Privacy or dataprotection@tourlane.com.

3. Purposes of data processing, legal bases and legitimate interests pursued by Tourlane or a third party as well as categories of recipients

3.1. Visiting our website

When you visit our website, the browser used on your device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence on this. The following information will also be collected without your intervention and stored until automated deletion:

• The IP address of the requesting Internet-enabled device

• The date and time of access,

• The website from which the access was made (referrer URL),

• Own campaign ID

• The browser you use and, if necessary, the operating system of your Internet-capable computer as well as the name of your access provider.

The legal basis for the processing of the IP address is art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, there is the indication that we cannot draw any conclusions about your identity from the data collected and that we will not be drawn by it.

The IP address of your device and the other data listed above are used by us for the following purposes:

• Ensuring a smooth connection setup,

• Ensuring comfortable use of our website,

• Evaluation of system security and stability as well

• Other administrative purposes.

The data is saved for the duration of the session and automatically deleted when the browser is closed. We also use cookies, tracking tools and a CRM system for our website. What exact procedures these are and how your data is used for this purpose will be explained in more detail in section 3.4 below.

3.2. Data processing for the provision of our offer and for the execution of the contract

3.2.1. Data processing for the determination of travel ideas in the questionnaire

The purpose of Tourlane is to offer tailor-made trips to exotic destinations. The aim is to be able to offer the interested party an individual journey orientated to his preferences and needs. For this purpose, we provide on our website a questionnaire, through which the interested party can provide information on their individual travel plans. In this context, we process the data required for the preparation of proposals which includes:

• First name, surname of the interested party,

• The given contact data,

• The specified gender,

• The information provided on travel ideas,

• The browser information,

• Host name of the accessing computer (IP address),

• Time of the server request

The legal basis for this is art. 6 para. 1 lit. b) GDPR. As far as we do not use your contact data for advertising purposes (see below 3.3.) we store data collected by the questionnaire until the expiry of the statutory limitation period. After this period expires, we will retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

3.2.2. Data processing for individual travel advice

If the ideas and the offer match, our respective country experts will then contact you to plan the trip in detail. If you have decided to use the services for individual travel advice and planning, we will try to do so on the basis of art. 6 (1) lit. a) and lit. b) GDPR together with you to identify important key data and circumstances for travel planning. The purpose of this processing is to provide you with the best possible service. In particular, the following data can be processed here:

• Type of trip (round trip, safari, golf holiday, etc.),

• Estimated travel time,

• Number of travellers

• Preferred destinations,

• Type of accommodation,

• Culinary preferences.

The data collected in this way will be stored until the expiry of the statutory limitation period. After this period expires, we will retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

3.2.3. Data processing for payment via Concardis

If a customer decides to pay by credit card, we will be required to ensure smooth payment processing and on the basis of art. 6 para. 1 lit. b) GDPR transmit the customer provided payment data such as name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number to our payment service Concardis GmbH, Helfmann Park 7, 65760 Eschborn (hereinafter "Concardis"). The data is used by Concardis exclusively for the implementation and realization of the respective payment transaction and securely transmitted via the "SSL" encryption method. Concardis is certified as a service provider based in Germany according to PCI DSS (Payment Card Industry Data Security Standard). For more detailed information on privacy at Concardis, see the privacy statement of the provider or directly through the privacy officer of the provider, who may be contacted via officer@concardis.com or the above mentioned address.

3.2.4. Data processing for the provision of personalized travel brochures via Wetu

In order to provide our customers with a brochure containing comprehensive information for the booked trip we use on the basis of art. 6 para. 1 lit. f) GDPR Wetu's Content Management and Presentation Tool, a service of Wetu B.V., Overschiestraat 184-B, 1062 XK, Amsterdam, Holland (hereinafter "Wetu"). For this we submit the following data:

• The ad that brought the visitor to us

• Dates

• Details of the trip

• E-mail address

to Wetu, so that we are able to send our customers an e-mail with comprehensive information material, such as photos, videos, descriptions, documentation, travel tips, etc. for the upcoming trip via this service. This data processing thus serves to optimize our services and in particular the smooth travel handling, which is to be regarded as our legitimate interest. You can object to this data processing at any time by informing us that you no longer wish this processing in the future. For this, please use the contact options of our company data protection officer. In addition, you can address your request directly to the Wetu Data Protection Officer via privacy@wetu.com or the above mentioned. For more comprehensive information on data protection at Wetu, see the privacy policy of the provider.

3.2.5. Data processing for flight booking via Conso

If a customer decides to travel by air, we shall communicate on the basis of Art. 6 Para. 1 lit. b) DSGVO and in the case of "co-booked" persons on the basis of Art. 6 para. 1 lit. f) DSGVO for the purpose of the necessary data for the respective flight booking, such as:

• First name, surname and address of the passengers,

• Gender of air passengers,

• Dates of birth of air passengers,

• Passport numbers of air passengers,

• contact details provided,

• the desired flight data, such as travel dates, departure and destination airports of the trip, etc.

• the information provided on the baggage, where appropriate, information on special needs,

to our booking partner for air travel, Conso, a service of Aerticket GmbH, Boppstraße 10, 10967 Berlin (hereinafter: "Conso"). The data is used by Conso exclusively for the purpose of processing our inquiry and for the execution and realization of the respective flight booking and transmitted securely via the SSL encryption process. If the data required for this purpose is not collected directly from the person concerned, data processing serves to fulfil our contractual obligations, in particular the processing of the inquiry and the booking of the flight, which is considered to be a legitimate interest and our responsibility. You can object to this data processing at any time, by informing us that you no longer wish this processing to take place in the future. Please use the contact details of our data protection officer for this purpose. You can also send your request directly to the provider's data protection officer, Prof. Dr. Lauser, who can be contacted under rolf@lauser-nhk.de or the address Dr. Gerhard-Hanke-Weg 31, 85221 Dachau. Further detailed information on data protection at Conso can be found in the provider's data protection declaration.

3.2.6. Data processing for contract execution

If you decide to book an individual trip, we proposed, we will use your data on the basis of art. 6 (1) lit. b) using GDPR for contract fulfillment, especially to plan and prepare your flights and other planned activities. The necessary data, such as:

• First name and surname,

• Address,

• Date of birth,

• Arrival and departure day,

• Passport number

will be sent to the companies involved to the necessary extent, such as affiliated tour operators, airlines, hotels, tour operators on site, shuttle service etc. The transfer is required to carry out the individual activities and thus serves the smooth completion of the contract. Together with our partners, we have concluded a contract for the commission processing according to the GDPR, which is why your data is only processed according to instructions. We store this travel master data until the expiry of the statutory limitation period. After this period expires, we will retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

3.3. Data processing for customer support, customer care or newsletter delivery

3.3.1. Newsletter registration via Double-Opt-In

On our website we offer you the possibility to subscribe to our newsletter. In order to make sure that no mistakes were made when entering the email address and that this is also attributable to the actual owner, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our mailing list. You can revoke your consent for future newsletters at any time. For this, a short note by email to the email address indicated under 2. is sufficient.

3.3.2. Mailchimp

For the optimized handling of our marketing communication and the inquiry of the customer satisfaction we use on the basis of art. 6 par. 1 lit. b) GDPR the mailing tool MailChimp, an offer of the list provider The Rocket Science Group, LLC, 512 Means St, Suite 404 Atlanta, GA 30318, USA (hereafter "MailChimp"). If you have successfully subscribed to our newsletter, the following data will be processed through the servers of MailChimp:

• Surname,

• E-mail address,

• Travel request (travel destination, travel time, travel type)

• Sign-up process,

• If needed, date of birth,

• Data on the interactions with emails from Tourlane

MailChimp is certified according to the "Privacy Shield Framework" and thus meets the European standards for legally compliant order data processing. Additional information on MailChimp and the data protection at MailChimp can be found in the privacy policy of the provider as well as in the further explanations to the GDPR. For any questions you may have about MailChimp, you can also contact the MailChimp Privacy Officer at privacy@mailchimp.com. You can object to this processing at any time. For this, please use the contact options of our company data protection officer.

3.3.3. Salesforce

In order to manage our customer information and prospects, we use the Salesforce CRM platform, a service of salesforce.com Inc., The Landmark One Market Suite 300, San Francisco, CA 94105, USA ("Salesforce"). This helps us to record customer data, to communicate with the customer, to document this contact, and to create offers corresponding to the wishes.

If you have contacted us, for example via the questionnaire, the following data will be processed via the servers of Salesforce:

• Surname,

• E-mail address,

• Travel request (destination, travel time, travel type, etc.),

• Offers for the customer,

• Data transmitted by the customer through the telephone

• Data on the interactions with emails from Tourlane.

This processing is based on art. 6 para. 1 lit. b) and lit. f) GDPR and serves the improvement of our services as well as the customer service, which is to be regarded as our legitimate interest. Salesforce is certified under the Privacy Shield Framework and thus complies with European standards for lawful order data processing. Additional information about Salesforce and privacy at Salesforce can be found in the Salesforce Privacy Statement. You can object to this processing at any time. For this, please use the contact options of our company data protection officer.

3.3.4. SendGrid

For transaction-related e-mail communication, such as registration and appointment confirmations, we use on the basis of art. 6 para. 1 lit. b) and lit. f) GDPR the Sendgrid software, a service of Sendgrid Inc., 1801 California Street, Denver, CO 80202, USA (hereafter "Sendgrid").

Here is the following data:

• E-mail address,

• Surname,

• Opening and click rates,

• Contents of the respective transaction,

• IP address,

• Sign-up process,

processed through Sendgrid's servers in the United States. Sendgrid serves the processing of customer inquiries and is part of our service as well as the customer service, which is to be regarded as our legitimate interest. Sendgrid is certified according to the "Privacy Shield Framework" and thus meets the European standards for legally compliant order data processing. Additional information on Sendgrid and data protection at Sendgrid can be found in the provider's privacy policy. You can object to this data processing at any time by informing us that you no longer wish this processing in the future. For this, please use the contact options of our company data protection officer.

3.4. Online appearance and website optimization

3.4.1. Cookies - General Information

We rely on our website on the basis of art. 6 para. 1 lit. f GDPR so-called cookies. Our interest in optimizing our website is considered to be justified in the sense of the aforementioned provision. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. Information is stored within the cookie, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity. The use of cookies mainly serves to make the use of our offer more pleasant for you.

3.4.2. Session cookies

When visiting our website, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our page. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a note always appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all features of our website. The storage period of cookies depends on their purpose and is not the same for all of them.

3.4.3. Google Tag Manager

We manage website tags (website code) with Google Tag Manager. These facilitate the administration and further development of our offer and shorten your loading time. The Google Tag Manager only implements website code. The Google Tag Manager does not set cookies and does not collect personally identifiable information. The tool merely integrates website code that we have stored elsewhere that may be used to collect data. The tool only serves to facilitate the modulation of the respective code, but does not itself access the data processed by the code. We will inform you about all integrated tags in this privacy policy. For more information about the Google Tag Manager and its usage policies, visit the Google Sites.

3.4.4. Google Adwords Conversion-Tracking

In order to control and improve our campaigns, we use on the basis of Art. 6 para. 1 lit. f) DSGVO the online advertising program "Google AdWords" as well as the analysis tool Conversion-Tracking, a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereafter: "Google"). When you click on an ad served by Google, a conversion tracking cookie will be placed on your machine. The information generated by the cookie:

• Browser type / version,

• Used operating system,

• Location,

• Referrer URL (the previously visited page),

• Host name of the accessing computer (IP address),

• Time of server request,

are transmitted to a Google server in the US and stored there. These cookies lose their validity after 30 days, contain no personal data and are thus not used for personal identification. If you visit certain web pages on our website and the cookie has not expired, Google and we may recognize that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. Thus, there is no way that cookies can be tracked through the websites of advertisers. The information obtained through the cookie is used to generate conversion statistics for us as advertisers. This tells us the total number of users who clicked on our ad and were redirected to a conversion tracking tag page. However, we do not receive any information that personally identifies users. This processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest.

You can prevent this processing in advance by generally preventing the installation of cookies by a browser setting of your browser (deactivation option) or by setting these cookies so that cookies from the domain googleleadservices.com. You can also opt out of processing by setting Sliders Off in Google Preferences.

3.4.5. Google Analytics

For the purpose of the needs-based design and continuous optimization of our websites, we use on the basis of Art. 6 para. 1 lit. f) GDPR Google Analytics Analysis Service, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as:

• Browser type / version,

• Device Name

• Used operating system,

• Referrer URL (the previously visited page),

• Keywords / specific query,

• Service providers,

• Host name of the accessing computer (IP address),

• Time of server request,

are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on the activities and to provide other services related to the use of the website and the internet for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (so-called IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of our website may be fully exploited. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on. As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this https://www.tourlane.com/privacy-policy/. An opt-out cookie will be set which prevents the future collection of your data when visiting this website. Please note that the opt-out cookie applies only in the browser used and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information about privacy in connection with Google Analytics, visit the website of Google Analytics.

3.4.6. Google Dynamic Remarketing

On the basis of Art. 6 para. 1 lit. f) GDPR the Remarketing or "Similar Audience" Tool of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereafter "Google"). This feature is for the purpose of analyzing visitor behavior and visitor interests. Google uses cookies to carry out the website usage analysis, which forms the basis for the creation of interest-based advertisements. The cookies are used to record site visits and anonymous data on the use of the website. There is no storage of personal data of visitors to the website. If you subsequently visit another website on the Google Network, you may see ads that are likely to reflect and may be similar to previously viewed product and information areas. If necessary, your data will be processed via the Google servers in the USA. Such processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest.

You can object to this data processing at any time by downloading and installing this browser add-on. You can also permanently disable the use of third-party cookies by configuring the Network Advertising Initiative opt-out page accordingly. For detailed information about Google Remarketing and its privacy policy, please visit: https://www.google.com/privacy/ads/

3.4.7. GA Audiences

For the purpose of facilitating interest-based management of our campaigns within the Google ad network, we use on the basis of Art. 6 para. 1 lit. f) GDPR GA Audiences Web Analytics Service, a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). In this context, pseudonymised usage profiles can be created and cookies used. The information generated by the cookie about your use of this website such as:

• Browser type / version,

• Device Name

• used operating system,

• Referrer URL (the previously visited page),

• Keywords / specific query,

• Service providers,

• Host name of the accessing computer (IP address),

• Time of server request,

are transmitted to a Google server in the US and stored there. The cookie makes it possible to recognize the visitor when he visits web pages that belong to the Google advertising network. On these pages, visitors can then be presented with ads that relate to content that the visitor previously visited on websites that use Google's remarketing feature. Such processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest. If you do not wish to receive interest-based advertising, you may disable Google's use of cookies for these purposes by following the instructions on this link.

3.4.8. Bing ad conversion tracking and re-marketing

On the basis of Art. 6 para. 1 lit. f) GDPR Bing's Conversion Tracking and Remarketing Tool, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States (hereinafter "Bing"). This function serves the purpose of analyzing visitor behavior and visitor interests in order to create and control interest-based campaigns for our products and to measure their effectiveness. If you reach our website via a Bing ad, a cookie will be set on your device. On our website Bing-UET tag, i. integrated a snippet of code that can be stored in connection with the cookie data on the use of the website. This way, Bing and we can see that the visitor has reached us via the ad and a conversion page. In particular, the cookie will make the following anonymous data:

• The ad that brought the visitor to us,

• Browser type / version,

• Device Name,

• Used operating system,

• Referrer URL (the previously visited page),

• Keywords / specific query,

• Service providers,

• Host name of the accessing computer (IP address),

• Time of server request,

• Length of stay on the website and visited areas,

• Movement behavior on the website

processed through the servers of Bing and stored there for 180 days. Such processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest. You can prevent the collection of the data generated by the cookie and related to your use of the website as well as the processing of this data before setting the cookie by changing the browser settings and deactivating the setting of cookies. In addition, you can object to this data processing at any time by setting the switch to "Off" under this link under "Interest-based advertising: This browser". As a result, a so-called opt-out cookie is set on the terminal used, this being only relevant per browser and terminal. If you visit our website with different browsers or devices, you must activate the opt-out cookie per browser or device. You can find detailed information about Bing and the corresponding privacy policy on the product page or the website of the provider.

3.4.9. Criteo

For marketing purposes, in particular to enable the interest-based management of our campaigns, we use on the basis of Art. 6 para. 1 lit. f) DSGVO the cookie technology of Criteo SA, Rue Blanche, 75009, Paris, France (hereafter: "Criteo"). For example, we use Criteo to provide our interested users with targeted product recommendations on third-party websites (known as publishers). For this purpose, when visiting our website, a cookie is set, which processes information about your visits to our website, in particular to the offers, destinations and surfing behavior that you view. This data processing is done in an anonymous form, i. the cookie can only be identified by a randomly generated ID. Thus, the information processed by the cookie can not be used to associate a specific person. The cookie has a maximum lifetime of 6 months and is then automatically deleted. Such processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest. For more information about Criteo technology, please see the privacy policy of the provider. In addition, you can object to this anonymous data processing on our website at any time by setting the switches under number 2 to "on" at this link. Then a new opt-out cookie is set so that no further data processing takes place via Criteo. Please note that the opt-out cookie is only valid for the browser and the device used.

3.4.10. Outbrain Conversion Pixel

In order to implement our campaigns as required, to further optimize them and to measure their conversion, we use on the basis of Art. 6 para. 1 lit. f) DSGVO an individual so-called pixel of Outbrain Inc., 39 West 13th Street, New York, NY 10011, USA (hereafter "Outbrain"). This pixel is embedded in the code of our website. On the one hand, we can ensure that the campaigns we initiate are only displayed to users who have shown an interest in our offer. We also want to ensure that our campaigns meet the potential interest of the user and do not bother him. On the other hand, we can track users' actions after they've seen or clicked one of our campaigns. This helps us to measure the conversion for statistical, market research and billing purposes. The following information is processed during use:

• Clicked display,

• Browser type / version,

• Used operating system,

• Location,

• Referrer URL (the previously visited page),

• Host name of the accessing computer (IP address),

• Time of the server request,

The data collected in this way is anonymous to us and therefore does not give us any information about the identity of the respective user. Such processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be regarded as our acknowledged legitimate interest. The data is stored in accordance with the statutory retention periods and then deleted automatically. For more information about Outbrain's privacy, please see the Outbrain Privacy Policy. You can object to this special data processing at any time by clicking the opt-out button under number 4.

3.4.11. DoubleClick

For the purpose of the needs-based design and continuous optimization of our websites, we use on the basis of Art. 6 para. 1 lit. f) DSGVO the Doubleclick Analysis Service, a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter: "Doubleclick"). Your browser will be assigned a pseudonymous identification number (ID) to check which ads have appeared in your browser and which ads have been viewed. The cookies do not contain any personal information. Using the DoubleClick cookie allows Google and its affiliate websites to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookie about your use of this website such as:

• Browser type / version,

• Used operating system,

• Referrer URL (the previously visited page),

• Host name of the accessing computer (IP address),

• Time of server request,

are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on the activities and to provide other services related to the use of the website and the internet for the purposes of market research and the needs-based design of these websites. You may opt-out of this processing at any time by either downloading and installing the browser add-on available from the following link, or by deactivating the Doubleclick cookies on the Digital Advertising Alliance website at the following link.

3.4.12. Pardot

For the purpose of the needs-oriented design and continuous optimization of our websites as well as for customer communication, we use on the basis of Art. 6 para. 1 lit. f) DSGVO the marketing tool Pardot, a service of Salesforce Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA (hereinafter "Pardot"). The tool helps us to better understand the user behavior of our visitors and to gain insights for further optimization. By using Pardot, the following data is processed:

• Data about the use of our website,

• Surname,

• E-mail,

• Travel request (travel destination, travel time, travel type)

• Data on the interactions with Tourlane emails,

and transmitted via the servers of Pardot in the USA and stored there. From this user profiles can be created, which we use exclusively for the aforementioned purposes. This processing to optimize our offers is to be considered as our acknowledged legitimate interest. You can object to this data processing at any time by informing us that you no longer wish this processing in the future. For this please use the contact options of our company data protection officer.

3.4.13. Visual Website Optimizer

For the purpose of the needs-based design and continuous optimization of our websites, we use on the basis of Art. 6 para. 1 lit. f) GDPR the Visual Website Optimizer, a service provided by Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (hereinafter referred to as Visual Website Optimizer). The tool helps us to better understand the user behavior of our visitors and to gain insights for further optimization. By using Pardot, the following data is processed:

• Device information (type, brand, operating system),

• The IP address of the device used,

• Data about the use of our website,

• The name of the provider (e.g., Vodafone),

and transmitted through the servers of Visual Website Optimizer and stored there. From this anonymous usage profiles can be created, which we use exclusively for the aforementioned purposes. This processing to optimize our offers is to be considered as our acknowledged legitimate interest. You can object to this data processing at any time by activating the "Disable VWO" button via this opt-out link.

3.4.14. Facebook Custom Audiences

For the target group-optimized modulation of Facebook campaigns and the measurement of their conversion, we use on the basis of Art. 6 para. 1 lit. f) GDPR the possibility of the formation of so-called Facebook Lookalike audiences offered to us by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, (hereinafter "Facebook"). Further information on Facebook's Look Alike campaigns can be found on Facebook at: https://www.facebook.com/business/help/365463786964246 This processing for behavioral and interest-based advertising purposes is, according to recital 47 of the GDPR, to be considered as our acknowledged legitimate interest , In the event that you belong to the Facebook Lookalike audience, we will forward your email address and device ID to Facebook. You may opt-out of this specific data processing at any time by either changing your Facebook settings: https://www.facebook.com/settings/?tab=ads or informing us that you no longer wish to do so in the future. For this please use the contact options of our company data protection officer.

3.4.15. Google Maps integration

On our website, we use on the basis of Art. 6 para. 1 lit. f) GDPR the Google Maps API of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereafter "Google"). This allows us to show you interactive maps directly in the website and allow you to conveniently use the map feature. In this context, a cookie may be used. The information generated by the cookie about your use of our website such as

• The visit of the corresponding subpage,

• Browser type / version,

• Used operating system,

• Referrer URL (the previously visited page),

• Host name of the accessing computer (IP address),

• Time of the server request

This processing to improve our site and the user experience is to be considered as our acknowledged legitimate interest. For more information about Google Maps privacy, please refer to the Google Privacy Policy. You can opt out of this data processing by changing the settings in Privacy Center or Google's activity settings.

3.4.16. Facebook Connect

In order to be as barrier-free as possible for our offers, we enable you to log in via Facebook, so-called Facebook login function, a service of Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA (hereinafter "Facebook"). ). This replaces the otherwise necessary registration. To log in, you will be redirected to the Facebook servers, where you can log in with your Facebook usage data. This will link your Facebook profile to our offer. If you use this simplified login function, we collect different master data of your publicly visible profile, in particular:

• Surname

• Locality,

• Birthday,

• Gender,

• E-mail address,

• Time zone

• Friends or

• Profile Photo.

The legal basis for the aforementioned processing is art. 6 (1) lit. b) GDPR. The processing that takes place in this way serves the purpose of simplified log-in as well as contract substantiation and processing or the provision of pre-contractual measures. The information processed in this way is necessary for the conclusion of the contract in order to be able to identify you. For the purpose and scope of the data collection by Facebook and the further processing and use of the data, as well as your rights in this regard and setting options for the protection of your privacy, please refer to the relevant data protection information from Facebook and the other information of the provider to the Facebook Connect function.

4. Consignees outside the EU

Except for under 2.4. We do not forward your data to recipients based outside the European Union or the European Economic Area. The under 2.4. mentioned processing causes a data transmission to the servers of the commissioned by us supplier of Web analysis technology (s.o.). These servers are located in the USA. The data transmission takes place in accordance with the principles of the so-called Privacy Shield as well as on the basis of so-called standard contractual clauses of the European Commission. You can receive a copy of these standard contract clauses from us.

5. Your rights

5.1. Overview

In addition to the right of revocation of your consent granted to us, you are entitled to the following further rights if the relevant legal requirements apply:

• Right to information about your personal data stored with us in accordance with. Art. 15 GDPR,

• Right to correction of incorrect or to the completion of correct data acc. Art. 16 GDPR,

• Right to delete your stored data in accordance with. Art. 17 GDPR,

• Right to restriction of the processing of your data acc. Art. 18 GDPR,

• Right to data portability acc. Art. 20 GDPR.

To assert your rights a short notice to our data protection officer is sufficient via e-mail dataprotection@tourlane.com or by postal route Tourlane GmbH, attn: Department of Privacy, Jägerstrasse 71, 10117 Berlin.

5.2. General right of objection

Under the conditions of Article 21 (1) GDPR data processing can be objected to for reasons that arise from the particular situation of the person concerned.

The above general right of objection applies to all processing purposes described in this privacy policy, which are based on Art. 6 para. 1 lit. f) GDPR be processed. Unlike the special right of objection directed to the processing of data for advertising purposes (see above), according to the GDPR, we are only obliged to implement such a general objection if you give us reasons of overriding importance (eg a possible danger to life or health). , In addition, it is possible to contact the supervisory authority responsible for the Tourlane, the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.

6. Data security

All personally transmitted data, including your payment data, will be transmitted using the common and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. is also used in online banking. You will see a secure SSL connection, including the attached “s” at the http (i.e. https: // ...) in the address bar of your browser or the lock icon at the bottom of your browser.

Incidentally, we use appropriate technical and organizational security measures to protect your personal data stored against us against manipulation, partial or complete loss and against unauthorized access by third parties.