Skip to main content

Mo – Fr: 9.00 – 17.00 Uhr | Tel. +49 (0)351 563 48 0 | info@augustustours.de

PRIVACY POLICY

Information regarding data protection (privacy policy)


This privacy policy informs you how your personal data is collected and processed when you use our website or contact us by email, telephone or using a contact form. For the purposes of this policy, “personal data” is deemed to be all data that can be referenced to you personally, for example your name, address, email addresses and user behaviour.

AugustusTours privacy policy for download

I. Contact information for the controller and data protection officer

1. The controller as per the EU General Data Protection Regulation (GDPR), s 4(7), is AugustusTours GmbH & Co. KG, managing director Anke Herrmann, Turnerweg 6, 01097 Dresden, Germany, +49 (0) 351 563 480, This email address is being protected from spambots. You need JavaScript enabled to view it. (please also refer to our legal notice at https://www.augustustours.de/en/privacy-policy.html).

2. Our data protection officer is the lawyer Christian Krösch, SLK Compliance Services GmbH, Königsbrücker Straße 76, 01099 Dresden, Germany, +49 (0) 351 896 763 60, This email address is being protected from spambots. You need JavaScript enabled to view it..

II. General information on the collection, passing on and storage of personal data

1. We process your personal data as per the terms of the GDPR, the German Data Protection Act (BDSG) and all other relevant, definitive laws.

2. Data processing is primarily necessary for the establishment and performance of contracts between us and you. If you contact us by email, telephone or using a contact form, the information you disclose (e.g. your email address, and, where applicable, your name and telephone number) will be stored by us in order to enable us to answer your questions. The prerequisites for the processing and storage of your personal data in this way are defined in GDPR, s 6(1)(b). In addition, it may be permissible to regard separate consent given by you as per GDPR, s 6(1)(a) and 7, as a statement of consent to our privacy policy. We will also process your data in order to fulfil our legal obligations in the fields of commercial and tax law in particular. Data processing for this purpose occurs as per GDPR, s 6(1)(c). Where necessary, we will also process your data as per GDPR, s 6(1)(f), in order to protect the legitimate interests of AugustusTours or third parties.

3. Your personal data will not be passed on to third parties for any purpose other than those described in the following. We will only pass your data on to third parties if you have given your explicit consent to the passing on of your personal data as per GDPR, s 6(1)(a), if the passing on of your personal data is necessary for the assertion, exertion or defence of legal rights as per GDPR, s 6(1)(f) and there is no reason to assume that you have an overriding, protection-worthy interest in the non-communication of your data, or if the passing on of your personal data is a legal obligation as per GDPR, s 6(1)(c), legally permissible and necessary for the performance of a contract as per GDPR, s 6(1)(b).

We use the data you submit to process your booking. This may involve disclosing your data to our bank, logistics partners and the payment provider selected by you. We are entitled to disclose the data in question under the terms of GDPR, s 6(1)(b). Our contractors are only authorised to process or use your data for the purpose for which it was disclosed to them. Your data will remain accessible to you at all times. Insofar as your personal data is disclosed to external contractors, please note that we have implemented technical and organisational measures that ensure compliance with data protection regulations.

4. If we wish to commission subcontractors to perform individual elements of our products and services or use your data for advertising purposes, we will inform you in detail of the processes involved at the bottom of the description of the respective offer. We will also inform you of the storage periods involved.

5. We will delete your personal data as soon as it is no longer required for the following purposes. Once our contractual relationship has ended, we will store your data for as long as we are legally obliged to do so. Storage periods are generally governed by legal obligations to perpetuate evidence and store data as defined in statute such as the German Commercial Code (Handelsgesetzbuch) and German Tax Code (Abgabenordnung). Storage periods can be up to ten years in duration. Personal data may also need to be stored until such time as claims can no longer be made against us (here: a statutory period of limitation of between three and thirty years).

 

III. Collection of personal data on our website

1. Data collected when you visit our website

1.1 If you use our website for purely informational purposes (i.e. if you neither register nor actively communicate data to us by other means) we will only collect the personal data sent to our server by your browser. If you wish to view our website, we will collect the data we require in order to be able to display our website on your device and ensure the stability and security of our website. The data will also be stored in logfiles in our system. The data in question will not be stored along with other user-specific personal data. The data stored includes your IP address, the date and time of your request, the difference between your time zone and Greenwich Mean Time (GMT), the content (i.e. specific page) to which your request refers, your access status/HTTP status code, the volume of data transferred, the website from which the request is sent, your browser software (including language and version) and your operating system and interface.

1.2 The prerequisites for the lawful temporary storage of data and logfiles are defined in GDPR, s 6(1)(f).

1.3 The temporary storage of your IP address in our system is necessary for the display of our website in your browser. Your IP address must therefore be stored for the duration of your session. Logfiles are stored in order to ensure website functionality. The aforementioned data also enables us to optimise our website and ensure the security of our information systems. These purposes substantiate our legitimate interest in the processing of personal data as per GDPR, s 6(1)(f). This does not constitute an opportunity for the evaluation of data for marketing purposes, nor will it be used as such.

1.4 Data will be deleted as soon as it is no longer required for the purpose it was collected for. In the case of data collected in order to display our website on your device, this is the case at the end of the respective session. Logfiles are deleted within 7 days of when the website was retrieved.

1.5 The collection of data when a user visits our website and the storage of that data in logfiles are essential to the proper operation of our website. You are therefore unable to appeal against it.

2. Use of cookies

2.1 Cookies are stored on your device when you use our website. Cookies are text files stored in your internet browser and/or by your internet browser on your device. Any visit to a website may result in a cookie being stored on your operating system. Each cookie contains a specific character sequence which enables the identification of your browser the next time you visit the website.

2.2 This website uses the following types of cookies, the scope and function of which are described in the following sections:

  • “Essential” category –Transient cookies (temporary;
  • “Statistics” category–Persistent cookies (time-limited);
  • “Marketing” category –Third-party cookies (from third parties, information provided separately.

2.3 Transient cookies are automatically deleted when you close your browser. They include session cookies, which store a so-called session ID that keeps track of various requests sent by your browser during a continuous session. This makes it possible to recognise your device when you return to our website. Session cookies are deleted when you log out or close your browser. The prerequisites for the lawful processing of personal data with the aid of transient cookies are defined in GDPR, s 6(1)(f). The aim of transient cookies is to make websites more convenient for you to use. A number of functions on our website cannot be delivered without the aid of cookies, as they depend on your browser being recognised even when you return from another page. These purposes substantiate our legitimate interest in the processing of personal data as per GDPR, s 6(1)(f).

Persistent cookies are used exclusively in combination with the web analysis services we employ and only for as long as they are actually required. They have a maximum storage life of two years. You can delete these cookies using the security settings in your browser at any time, though this may restrict the usability and user-friendliness of our website. The prerequisites for the lawful processing of personal data with the aid of persistent cookies are defined in GDPR, s 6(1)(f). We use analytical cookies for the purpose of enhancing the quality of our website and the content thereof. Analytical cookies give us insights into how our website is used, thus enabling us to continuously improve the functions and content we provide on it. These purposes substantiate our legitimate interest in the processing of personal data as per GDPR, s 6(1)(f).

2.5 Cookies that are not essential to the performance of our services from a technical perspective are only stored with your consent, which can be revoked at any time. You can manage your consent to the type of cookies stored when you use our website by changing your individual preferences in the cookie banner.
To give an example, you can stipulate that you wish to be informed of any cookies stored and that they may only be stored once you have given your explicit consent. You can also opt to allow cookies in either specific cases or all cases, for example by blocking either third-party cookies only (the “Marketing” category) or all cookies. We nevertheless remind you that this may restrict the usability and user-friendliness of our website. The prerequisites for the lawful processing of personal data with the aid of analytical cookies for which the user has provided their consent are defined in GDPR, s 6(1)(a)

3. Other functions and offers on our website

3.1 In additional to its purely informational function, our website also offers various other services you may be interested in using. The submission of additional personal data is generally essential to the performance of these services, which are again subject to the aforementioned data processing principles.

3.2 In some cases we commission external service providers to process data on our behalf. They are carefully selected by us, given clear instructions to which they are obliged to adhere and assessed on a regular basis.

3.3 We may also pass your personal data on to third parties within the context of initiatives, competitions, contracts or similar services offered in cooperation with external partners. Further information will be provided to you when you submit your personal data or at the bottom of the description of the respective offer.

3.4 If one or more of our subcontractors or partners is based on a country outside the European Economic Area (EEA) we will inform you of any consequences in the description of the respective offer.

4. Use of contact forms

4.1 Any personal data you choose to make available to us using our contact forms will be collected by us. We will also store the information subsequently generated as a result of you making contact with us. In particular, this includes you name, contact details and the date and reason you made contact with is. Your personal data will only be used to make the requested products and services available to you and engage in correspondence with you. The prerequisites for the lawful processing of personal data as described above are defined in GDPR, s 6(1)(b).

4.2 We will delete your personal data as soon as it is no longer required for the purpose for which it was collected. In the case of personal data submitted via contact forms, this is deemed to be the case when the respective conversation with you ends. A conversation is deemed to end when circumstances clearly indicate that the issue at hand has been brought to a definitive conclusion. Insofar as it is subject to storage periods defined in tax and commercial law, the data submitted by you will be stored for the statutory storage period of ten years. It will then be deleted unless you have consented to a longer storage period or the data is necessary for the assertion, exertion or defence of legal rights (statutory periods of limitation range from three to thirty years).

5. Use of the assessment and comment function on our website

5.1 Our website allows you to submit public comments on a variety of articles we publish. Your comment and chosen user name will be published on the same page as the article itself. We recommend commenting under a pseudonym rather than your given name. You are required to give your user name and email address when you submit a comment; all other information is provided on a voluntary basis. We store your IP address in order to be able to defend ourselves against liability claims filed as a result of the publication of illegal content. We store your email address in order to be able to contact you if a third party claims your comment to be illegal. The prerequisites for the lawful storage of your personal data as described above are defined in GDPR, s 6(1)(b) and (f). Comments are not checked prior to publication. We reserve the right to delete comments to which third parties object on the grounds of illegality.

6. Use of our online enquiry and booking function

6.1 If you wish to make a booking on our website, it is a prerequisite for the conclusion of a contract between us that you submit the personal data we require in order to enable us to process your booking. Compulsory fields for information essential to contractual conclusion and performance are marked as such; all other fields are filled out on a voluntary basis. The prerequisites for the lawful processing of personal data as described above are defined in GDPR, s 6(1)(b).

6.2 Once a contract has been performed, your address and booking data will be stored for the statutory ten-year storage period defined in tax and commercial law. It will then be deleted unless you have consented to a longer storage period or the data is necessary for the assertion, exertion or defence of legal rights. The prerequisites for the lawful processing of personal data for the purpose of the fulfilment of statutory obligations to archive and store data are defined in GDPR, s 6(1)(c).

6.3 We will use the data you submit to process your booking. This may involve disclosing your data to our bank, logistics partners and the payment provider selected by you. We have the right to disclose this personal data as per GDPR, s 6(1)(b). Our contractors are only permitted to process or use your data for the purpose for which it was disclosed to them. Your data will remain accessible to you at all times. Insofar as your personal data is disclosed to external contractors, please note that we have implemented technical and organisational measures that ensure compliance with data protection regulations.

6.4 You are not obliged to submit the aforementioned personal data to us. The data is nevertheless a prerequisite for the conclusion of a contract between us. Failure to submit the data required may prevent communication and/or the conclusion and performance of a contract between us.

7. Newsletter

7.1 You can subscribe to our newsletter informing you of our latest attractive offers by declaring your consent to the mailing of our newsletter to you. The goods and services advertised are named in the corresponding declaration of consent.

7.2 We use the so-called “double-opt-in” process for newsletter subscriptions. This means that once you have registered and given us your email address we will send you a confirmation email to the stated address asking you to confirm that you wish to receive our newsletter. If you fail to confirm your registration within 7 days your information will be deleted no more than 2 months later. We will also store your IP addresses and the times when you registered and confirmed your subscription. The aim of this process is to create a trail of evidence for your registration/subscription and facilitate the investigation of any potential abuse of your personal data. The prerequisites for the lawful processing of personal data as described above are defined in GDPR, s 7(1).

7.3 The only compulsory information you need to submit in order for the newsletter to be sent to you is your email address. Any additional information is submitted on a voluntary basis (and marked as such) and will be used to customize the newsletter to your interests. Once you have confirmed that you wish to subscribe we will store your email address for the purpose of sending you the newsletter. The prerequisites for the lawful processing of personal data as described above are defined in GDPR, s 6(1)(a) DSGVO. Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. A user’s email address will therefore be stored for as long as their newsletter subscription remains active.

7.4 You have the right to revoke your consent to the receipt of the newsletter (i.e. unsubscribe) at any time. You can do so by clicking on the corresponding link provided in each newsletter email or by notifying us using the contact details given in the Imprint on our website.

8. Use of Google Analytics

8.1 This website uses Google Analytics, a web analysis service operated by Google Ireland Ltd. (“Google”). If the “Statistics” category is activated in your cookie preferences, Google Analytics will store text files known as “cookies” on your device in order to analyse how you use the website. As a general rule, the data on your use of this website collected by the cookie is sent to and stored on a Google server located in the USA.

If IP anonymization is activated on this website and you are in an EU member state or another treaty state in the EEA, your IP address will be abbreviated/anonymized by Google prior to being sent to and stored on a server in the USA. Your full IP address will only be sent to and abbreviated/anonymized on a Google server in the USA in exceptional cases. Working on behalf of the operator of this website, Google uses the data collected by the cookie to analyse your use of this website, compile website activity reports and provide the website operator with other services linked to website use and internet use. 

Data collected by the Analytics service will be stored for 2 years; data collected by the Remarketing service will be stored for 1 year. We also use the User ID function. User ID enables us to assign a unique, persistent ID to one or more sessions (as well as the activities within those sessions) and analyse user behaviour across multiple devices.

8.2 The IP address sent by your browser in connection with Google Analytics will not be matched to any other data held by Google. We also use Google Analytics to ensure that ads placed by Google and its partners are only seen by users who have shown an interest in our online content or fulfil specific characteristics communicated to Google by us (Google Analytics Remarketing). Our aim is to show users personalized ads in accordance with their specific interests and preferences.
You may prevent the storage of cookies by deactivating the “Marketing” category in your cookie preferences. Please note that deactivation may render you unable to utilise the full range of functions available on this website.

8.4 This website uses Google Analytics in combination with the “_anonymizeIp()” function. This means that IP addresses are abbreviated prior to processing, thus preventing data from being matched to a specific user. If the personal data collected from you can still be matched to you it will be blocked and deleted immediately.

8.5 We use Google Analytics to analyse and enhance the use of our website. The statistics provided by the service enable us to improve our offers and make them more interesting for you the user.

In exceptional cases in which Google transfers personal data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, such transfers are subject to standard contractual terms and conditions in accordance with GDPR, s 46. Those terms and conditions are available to view here: https://privacy.google.com/businesses/processorterms/mccs/. The level of data protection in the USA is not comparable with that in the EU. There is a risk that your personal data will be accessed by security agencies and that you will be unable to lodge a legal appeal against such access.

The personal data gathered will be deleted as soon as it is no longer required for processing purposes, which is generally deemed to be the case 14 months after it was gathered. The legal grounds for the use of Google Analytics are defined in GDPR, s 6 (1)(a); if personal data is transferred to the USA, GDPR, s 49 (1)(a), also applies.

8.6 Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, user terms and conditions: http://www.google.com/analytics/terms/de.html, general information on privacy: http://www.google.com/intl/de/analytics/learn/privacy.html privacy policy: http://www.google.de/intl/de/policies/privacy

8.5 We use Google Analytics to analyse and enhance the use of our website. The statistics provided by the service enable us to improve our offers and make them more interesting for you the user. In the exceptional cases in which personal data is sent to the USA, Google undertakes to comply with the EU-US-Privacy-Shield (https://www.privacyshield.gov/EU-US-Framework). The prerequisites for the lawful use of Google Analytics are defined in GDPR, s 6(1)(f).

9. Use of Google Fonts

9.1 We use Google Fonts on our website. We use this service in order to ensure that our website is displayed in a uniform and attractive way. Each time you visit a page your browser will load the web fonts required into your browser cache in order to ensure that text and fonts are displayed correctly. If your browser does not support web fonts your device will use a default font instead. The prerequisites for the lawful use of Google Fonts are defined in GDPR, s 6(1)(f).

9.2 When you visit our website Google will receive notification that you have accessed the corresponding section of our website. Data is also transmitted as per section III.1 of this privacy policy, regardless of whether or not you are logged into a Google user account or do not have a Google user account. If you are logged into a Google user account your data will be matched directly to your account. If you do not wish your data to be matched to your Google profile you must log out before activating the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or the needs-oriented design of its own website. In particular, and even in the case of users who are not logged in, data evaluation is used to deliver needs-oriented advertising and inform other social network users about your activities on our website. You have the right to appeal against the generation of such user profiles; please contact Google if you wish to exercise this right.

9.3 Further information on the purpose and scope of the data gathering and processing engaged in by this provider is available in the provider’s privacy policies, which also include information on your rights in this regard as well as settings that enable you to protect your privacy http://www.google.de/intl/de/policies/privacy. In some cases Google processes your personal data in the USA in compliance with the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework To opt out, please visit https://adssettings.google.com/authenticated.

10. Use of Google Ads Conversion

10.1 We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to data collected during advertising campaigns how successful each individual advertising measure is. This enables us to pursue our interest in showing you advertisements that are of interest to you, making our website more interesting for you and ensuring the fair calculation of advertising costs.

10.2 The advertising materials are delivered by Google via so-called “ad servers”. We therefore use ad server cookies (the “Marketing” category in your cookie preferences) to measure specific parameters for success such as pop-up advertisements or user clicks. If you access our website via a Google ad, Google Ads will store a cookie on your device. These cookies generally expire after 30 days and are not intended to identify you personally. The cookie generally stores analytical data in the form of a unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (a note signalling that the user no longer wishes to be addressed). Data collected by the Ads service will be stored for 1 year.

10.3 These cookies enable Google to recognise your internet browser. If a user visits certain pages on an Ads customer’s website and the cookie stored on their device has not expired, Google and the customer can detect that the user has clicked on the ad and has been redirected to this page. A different cookie is assigned to each Ads customer. Cookies therefore cannot be traced via the websites of Ads customers. We ourselves do not collect or process any personal data within the context of the aforementioned advertising measures. Google only provides us with statistical evaluations. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any additional data on the use of the advertising materials; more specifically, the information available to us does not enable us to identify specific users.

10.4 As a result of the marketing tools used your browser will automatically establish a direct connection to the Google server. We have no influence on either the scope of the data collected by Google using this tool or the way in which it is used.
The following information is therefore provided to the best of our knowledge: As a result of the integration of Ads Conversion into our website, Google receives notification that you have accessed a specific section of our website or clicked on one of our advertisements. If you are registered with a Google service, Google is able to match your visit to your account. Even if you are not registered with Google or have not logged in, it is still possible for the provider to obtain and store your IP address.

10.5 You can avoid participating in this tracking process in various ways: a) by deactivating the “Marketing” category in your cookie preferences (NB: if you elect to block third-party cookies you will no longer receive ads from third-party providers); b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain “www.googleadservices.com” (also see https://www.google.com/settings/ads; please note that this setting is deleted each time you delete your cookies); c) by disabling interest-based ads from providers participating in the “About Ads” self-regulation campaign at http://www.aboutads.info/choices (please note that this setting is deleted each time you delete your cookies); d) by permanently disabling cookies in your browser (Firefox, Internet Explorer or Google Chrome) by installing the plugin available at http://www.google.com/settings/ads/plugin. Please note that if you permanently disable cookies you may not be able to make full use of all functions available on this website.

10.5 You can avoid participating in this tracking process in various ways: a) by adjusting the corresponding settings in your browser software (example: if you elect to block third-party cookies you will no longer receive any ads from third-party providers); b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain “www.googleadservices.com” (also see https://www.google.com/settings/ads; please note that this setting is deleted each time you delete your cookies); c) by disabling interest-based ads from providers participating in the “About Ads” self-regulation campaign at http://www.aboutads.info/choices (please note that this setting is deleted each time you delete your cookies); d) by permanently disabling cookies in your browser (Firefox, Internet Explorer or Google Chrome) by installing the plugin available at http://www.google.com/settings/ads/plugin. Please note that if you permanently disable cookies you may not be able to make full use of all functions available on this website.

The personal data gathered will be deleted as soon as it is no longer required for processing purposes, which is generally deemed to be the case 6 months after it was gathered.

10.6 The legal grounds for the processing of your data are defined in GDPR, s 6 (1)(a); if personal data is transferred to the USA, GDPR, s 49 (1)(a), also applies.

In cases in which Google transfers personal data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, such transfers are subject to standard contractual terms and conditions in accordance with GDPR, s 46. Those terms and conditions are available to view here: https://privacy.google.com/businesses/processorterms/mccs/. The level of data protection in the USA is not comparable with that in the EU. There is a risk that your personal data will be accessed by security agencies and that you will be unable to lodge a legal appeal against such access.

Further information on Google’s privacy policy is available at http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. You can also visit the website operated by the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google undertakes to process your data in compliance with the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

11. Facebook, Pinterest, Instagram, YouTube and Flickr

Our website features links to the social media services Facebook, Pinterest, Instagram, YouTube and Flickr. The links are marked with the logos of the respective social media services. Clicking on one of these links will take you to the AugustusTours profile on the respective social media service and establish a connection with the service’s servers. The fact that you have visited our website will therefore be communicated to the servers used by the respective social media service. Additional data will also be transmitted to the provider of the social media service, for example:

  • The address of the website on which the link was activated;
  • The date and time when the website was accessed and/or the link was activated,
  • Information on the browser and operating system used,
  • Your IP address.

11.2 f you were already logged into the respective social media service when the link was activated, the data transmitted may enable the service provider to identify your user name (and perhaps even your real name) and match that information to your personal user account on that social media service. You can prevent your information from being matched to your personal user account by logging out of your user account before activating the link.

11.3 The servers used by the social media services listed in section 11.1 are located in the USA and other countries outside the European Union. The providers of those social media services may therefore process data in countries outside the EU. Please note that the data protection laws to which companies in those countries are subject generally do not protect personal data to the same degree as the laws in force in EU member states.

11.4 Please note that AugustusTours has no influence on the scope, type, or purpose of the data processing activities engaged in by providers of social media services. Detailed information on the use of your data by the providers of the social media services featured on our website is available in the privacy policy published by the respective provider.

12. Data security

12.1 Data communicated via our website is protected with the aid of the widely used SSL procedure (Secure Socket Layer) in combination with the highest level of encryption supported by your browser, which is generally 256-bit encryption. If your browser does not support 256-bit encryption we will use 128-bit v3 technology instead. A key or closed padlock icon in your browser’s lower status bar indicates that the respective page of our website is transmitted in encrypted form.

12.2 We also implement appropriate technical and organisational measures in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction and unauthorised access by third parties. We continually optimise our safety measures in order to keep up with technological developments.

 

IV. Gathering of personal data by other web service providers

1 Use of services provided by Zoom

1.1 We hold video conferences and online meetings using the “Zoom” service provided by Zoom Video Communications, Inc., USA (“Zoom”). We are only responsible for the processing of data which is directly associated with our video conferences and online meetings. Zoom bears sole responsibility for data processing and data protection within the context of (i) all other interaction between you and Zoom and (ii) the use of Zoom services independent of our video conferences and online meetings. The processing of personal data within the context of online meetings conducted as part of a contractual relationship is provided for in GDPR, s 6(1)(b). If a contractual relationship does not exist then GDPR, s 6(1)(b) applies. Our legitimate interest in the processing of your personal data as described above is justified by the need for the effective delivery of video conferences and online meetings.

1.2 The use of Zoom involves the processing of a variety of data types. The extent to which your data is processed depends on the data preferences you set either before or during an online meeting. If we wish to record an online meeting, we will clearly communicate this to you in advance and request your consent where required. The Zoom app will also alert you to the fact that the meeting is being recorded. We may also log chat content in exceptional cases where the documentation of the outcomes of the online meeting is required. In the case of webinars, questions posed by webinar participants may be processed in connection with the documentation and review of the webinar. If you are a registered Zoom user, reports on online meetings (contents: meeting metadata, data on the telephone used to access the meeting, webinar questions and answers and webinar surveys) can be stored in your Zoom account for up to a month. The following personal data will be processed: User data (here: surname, first name, telephone number (optional), email address, password (if the user has not opted to use SSO), profile picture (optional) and department (optional)), meeting metadata (here: topic, description (optional), participant IP addresses, device/hardware information), meeting documentation (optional) (here: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file documenting entries in the meeting chat), telephone data (if the participant joins the meeting via telephone) (here: data on the incoming and outgoing telephone number, country name, start and end of call and, where applicable, other call data such as the IP address of the device used) and other data in text, audio and video formats. You may be given the option to use chat, Q&A or survey functions during the online meeting. Any text you opt to enter will be processed in order to facilitate the display and, where applicable, documentation thereof in the online meeting. Data from your device’s microphone and/or video camera will be processed throughout the duration of the meeting in order to facilitate video display and audio playback. The Zoom app enables you to switch off or mute your camera and/or microphone at any time. Submission of information on your name is the minimum requirement for admission to the meeting room and participation in an online meeting.

1.3 As a basic principle, personal data processed in connection with participation in online meetings will not be passed on to third parties unless it is intended for that purpose. Please note that the content of online meetings and face-to-face discussions alike often forms the basis for the provision of information to customers, interested parties, suppliers and third parties, and is therefore gathered with the intention of passing it on. Zoom necessarily becomes aware of the aforementioned data insofar as this is provided for in the data processing agreement concluded between us and Zoom.

1.4 Zoom is a service provided by a company located in the USA. The use of that service therefore involves the processing of personal data in a non-EU country. The data processing agreement concluded between us and Zoom complies with the requirements set out in Art. 28 DSGVO, with standard contractual clauses used to guarantee an appropriate level of data protection. We have also configured Zoom to include a number of additional technical and organisational measures, for example the exclusive use of data processing centres located within the EU when holding online meetings with end-to-end encryption.

1.5 As a basic principle, we delete personal data at such time as there is no reason for the continued storage thereof. One potential reason for continued storage is that the data in question is required in connection with the performance of contractual services or the assessment and approval or rejection of guarantee and warranty claims. In the case of data that is subject to statutory storage periods, the data in question will only be deleted further to the expiry of the respective statutory storage period.

2 Use of the services of WhatsApp

2.1 We use the WhatsApp messenger service provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland ("WhatsApp"). When you contact us via WhatsApp, WhatsApp processes your personal data (e.g. usage, log, device and connection data, location data if applicable) in accordance with WhatsApp's privacy policy. WhatsApp is responsible for the provision of the service and the associated data processing. You can find information on this at: https://www.whatsapp.com/legal/privacy-policy-eea.

2.2. We process your personal data that you have provided to us as part of WhatsApp communication. This includes, in particular, your telephone number, profile name, profile picture (if applicable), message content and the date and time of the messages sent. The use of WhatsApp serves to support the performance of the contract (legal basis Art. 6 para. 1 b) GDPR) and to provide fast and efficient communication with you (legal basis Art. 6 para. 1 f) GDPR), in particular to contact you as a customer in emergencies and to transmit important information to you at short notice. We communicate with our service providers and partners to ensure efficient and timely coordination and provision of our services.

2.3 In cases where personal data is transferred under WhatsApp's own responsibility to Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR and the EU-US Data Privacy Framework (DPF). The data transfer addendum with reference to the standard contractual clauses is available here:
https://www.facebook.com/legal/EU_data_transfer_addendum.

2.4 The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Chat histories are deleted as soon as it can be assumed that your questions and information have been answered, no resumption of communication with reference to previous messages is to be expected and no statutory retention obligations prevent deletion.

V. Collection of personal data when you contact us by email, post or telephone

1. Collection of personal data from customers, interested parties and suppliers

1.1 We only collect personal data from customers, interested parties and suppliers if they disclose it to us voluntarily by email, post or telephone. When a customer, interested party or supplier enters into contact with us we collect the data generated as a result, and in particular names, contact details and the date and time when contact was made. The personal data we collect from you will only be used for the purpose of providing you with the desired products and services (the prerequisites for the lawful processing of personal data for this purpose are defined in GDPR, s 6(1)(b)) or other purposes to which you have consented (the prerequisites for the lawful processing of personal data for such purposes are defined in GDPR, s 6(1)(a)) as described in this privacy policy. You have the right to revoke your consent to the processing of your personal data at any time.

1.2 You are not obliged to disclose the aforementioned personal data to us. The data may nevertheless be a prerequisite for the conclusion of a contract between us. Failure to submit the data required may prevent communication and/or the conclusion and performance of a contract between us.

1.3 Any disclosure of your personal data will occur in accordance with statutory regulations and contractual agreements. Where relevant, data may be disclosed to official bodies (provided there is a legitimate legal reason to do so), external service providers, other contractors or other external bodies insofar as you have given your consent or disclosure is permissible for a compelling reason. We have no intention to disclose your data to recipients in third countries (i.e. countries outside the EU/EEA) or international organisations.

1.4 Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of any personal data collected from you, this is deemed to be the case when the respective conversation with you ends. A conversation is deemed to end when circumstances clearly indicate that the issue at hand has been brought to a definitive conclusion. To the extent that it is subject to storage periods defined in tax and commercial law, any personal data collected will be stored for the statutory period of ten years. It will then be deleted unless you have consented to a longer storage period or the data is necessary for the assertion, exertion or defence of legal rights. The prerequisites for the lawful processing of personal data for the purpose of the fulfilment of statutory obligations to archive and store data are defined in GDPR, s 6(1)(c).

 

2. Collection of personal data from applicants

2.1 We only collect personal data from applicants if they disclose it to us voluntarily by email, post or telephone. This applies to applications for advertised positions and unsolicited applications alike. When an applicant enters into contact with us we collect the data they disclose to us within the context of their application, and in particular their name, contact details, interests, qualifications and educational and professional careers. The prerequisites for the lawful processing of personal data within the context of application processes are defined in GDPR, s 6(1)(a), (b) and (f) and § 26 BDSG.

2.2 You are not obliged to disclose the aforementioned personal data to us. The data may be a prerequisite for the conclusion of a contract between us further to the conclusion of the application process. Failure to submit the data required may prevent communication, the completion of the application process and the conclusion of a contract between us.

2.3 Any disclosure of your personal data will occur in accordance with statutory regulations and contractual agreements. Relevant data will be disclosed to employees responsible for recruitment and human resource management, management level employees and the head of the respective department or relevant trainers. Your personal data will not be disclosed to any third parties. There is no intention to disclose your data to recipients in a third country (i.e. a country outside the EU/EEA) or an international organisation.

2.4 Data will be deleted as soon as it is no longer required for the purpose for which it was collected. If your application is rejected we will store your data for a period of six months after you have been notified that your application has been rejected. If you consent to a longer storage period your data will be stored for a period of one year. When that period expires we will either delete your data or request that you renew your consent. You have the right to revoke your consent to the processing of your personal data at any time.

 

VI. Appealing against and revoking your consent to the processing of your data

1. If you consent to the processing of your data you have the right to revoke that consent at any time. Revocation only affects the permissibility of the processing of your personal data after such time as we receive notification of the revocation of your consent.

2. If we process your personal data on the basis of the balancing of interests alone you have the right to appeal against such processing. This applies in particular to processing which is not essential to the performance of a contract with you. If you wish to exercise your right of appeal we request that you explain the reasons why we should not process your personal data in the way to which you object. If your appeal is legitimate we will examine the situation and either cease to process your data, adjust the way in which we process your data or provide compelling reasons why we will continue to process your data in the way to which you object.

3. You naturally have the right to appeal against the processing of your personal data for the purposes of advertising and data analysis at any time. Please use the following contact details if you wish to appeal against the processing of your personal data for advertising purposes: AugustusTours GmbH & Co. KG, Katja Marquardt, Turnerweg 6, 01097 Dresden, email: This email address is being protected from spambots. You need JavaScript enabled to view it..

 

VII. Your rights

1. Section 15 of the GDPR gives you the right to demand information on the personal data we have collected on you. In particular, you can demand information on the purposes for which your data is processed, the categories of personal data held, the categories of recipients to whom your data has been or may be disclosed, the foreseen storage period, the existence of a right of correction, deletion, restriction on processing or appeal, the existence of a right of complaint, the origin of your data (insofar as it was not collected by us), the existence of a system of automated decision-making (including profiling) and, where applicable, definitive information on any decisions made using that system.

2. Section 16 of the GDPR gives you the right to demand the immediate correction or completion of incorrect or incomplete personal data we store on you. Section 17 of the GDPR gives you the right to demand the deletion of personal data we store on you insofar as the processing of that data is not essential i) to the exertion of the right to free speech, ii) to the fulfilment of a legal obligation, iii) for reasons in the public interest or iv) to the assertion, exertion or defence of legal rights.

3. Section 18 of the GDPR gives you the right to demand restrictions on the processing of your personal data insofar as you dispute the correctness of that data and the processing thereof is not lawful but you object to the deletion thereof – even though we no longer require the data in question – due to the fact that you require it for the assertion, exertion or defence of legal rights or have filed an appeal against the processing thereof as per section 21 of the GDPR.

4. Section 20 of the GDPR gives you the right to demand that your personal data is made available to you or another responsible person in a structured, conventional, machine-readable format.

5. Section 7(3) of the GDPR gives you the right to revoke consent you have granted us in the past at any time. The exertion of this right prohibits us from continuing with the data processing to which that consent referred in the future.

6. In addition, section 77 of the GDPR gives you the right to lodge a complaint regarding the processing of your personal data by us with a supervisory authority, for example with the supervisory authority responsible for our region (Saxony): Sächsischer Datenschutzbeauftragter, Bernhard-von-Lindenau-Platz 1, 01067 Dresden, Germany, tel. +49 (0) 351 49 35401, email: This email address is being protected from spambots. You need JavaScript enabled to view it..

 

VIII. Topicality of and changes to this privacy policy

1. This privacy policy is valid in its current form, which was published in March 2024. The German version is binding; the English version is provided for information only.

2. Changes to our website, products and services as a result of changes to statutory and/or official regulations may necessitate changes to this privacy policy. The current version of this privacy policy is always available to retrieve and print at https://www.augustustours.de/en/privacy-policy.html.