Privacy policy

in accordance with Article 13 GDPR

We are delighted that you are interested in our website. The confidentiality of all our visitors and customers, the security of your data and the protection of your privacy are our top priority.

Your personal data will therefore be handled by us in accordance with the applicable data protection regulations and this privacy policy. Personal data is information that can be used to find out your identity. Typical personal data includes your first name, surname, address, telephone number, IP address, cookies and email address.

If you view our website and use or otherwise expressly transmit information to us, we automatically process the data transmitted to us with every request your browser makes (see also section “Log data”). Insofar as you voluntarily transmit personal data to us, the processing shall be exclusively for the purpose of the request or specific order. We would like to point out that online data transmission can never be completely protected from being accessed by a third party.

Please find a more detailed explanation in the following sections as to what data we process, when and for what purpose. We explain how the services we offer work and in doing so how we guarantee the protection of your personal data.

Name and address of the data controller:

The data controller within the meaning of the EU General Data Protection Regulation and other data protection regulations is:

RailAdventure GmbH
Blutenburgstraße 37
80636 Munich
Germany
info@railadventure.de

Legal basis for processing the personal data

As a supplier, we may only process personal data of visitors to our website if one of the conditions explained below exists as a legal basis:

If we obtain the consent of the data subject for processing personal data, Art. 6 (1) lit a GDPR serves as a legal basis.

For processing personal data required to fulfil a contract whose contracting party is the data subject, Art 6 (1) lit b GDPR serves as a legal basis. This also applies to processing operations that are required for carrying out pre-contractual measures.

If personal data processing is required for the fulfilment of a legal obligation that our company is subject to, Art. 6 (1) lit c GDPR serves as a legal basis.

In the case that vital interests of the data subject or another natural person make it necessary to process personal data, Art 6 (1) lit d GDPR serves as a legal basis.

If data processing is necessary to protect a legitimate interests of our company or a third party and the interests, basic rights and basic freedoms of the data subject do not override the first-mentioned interest, Art 6 (1) lit f serves as a legal basis for data processing.

Data erasure and storage period

Personal data of the data subject is erased as soon as the purpose of the storage ceases to apply.

Data can also be stored if it is provided for by European and German laws or other regulations to which the data controller is subject.

Data is blocked or erased if a storage period specified in the aforementioned regulations expires, unless further storage of the data is required in order to conclude or fulfil a contract.

Contact

When you contact us (e.g. via a contact form, email, telephone call or via social media), your details are processed for the purposes of handling the contact request and processing it in accordance with Art. 6 (1) lit b) GDPR (procedure prior to entering into a contract).

We erase the requests if they are no longer required. We review this necessity every two years. Furthermore, statutory archiving obligations apply.

Legal basis

The legal basis for processing this data is procedures prior to entering into a contract in accordance with Art 6 (1) lit b) GDPR

Log data

The internet provider automatically collects “log data” in server log files.

The log data includes the following information:

  • Data and time of the respective request
  • Website address (URL) requested
  • URL that the visitor visited immediately beforehand (referrer)
  • Browser and language used
  • Operating system used
  • Visitor’s IP address and host name
  • Access status/http status code
  • Data volume transferred in each case

This data is automatically transmitted to us and cannot be assigned to your person with a proportionate effort.

Legal basis

The legal basis for processing this data is our legitimate interest in accordance with Art. 6 (1) sentence 1 lit f GDPR.

Logging serves to control access and monitor technical processes and optimise them. Furthermore, this data in accordance with Section 76 Federal Data Protection Act (BDSG) serves to check the processing procedures under data protection aspects.

There is no disclosure to third parties, except to law enforcement agencies by order of the court in the event of an incident.

Data is erased as soon as the data is no longer required for the fulfilment of the purpose of its collection or after the legally required deletion period has been reached.

Consequently, there is no possibility for the user to object.

Your rights

You have a right to free information about the personal data we have stored about you and, where required, a right to the rectification, restriction of processing or erasure of this data. You also have a right to data portability. You ultimately also have the right to complain to the data protection supervisory authority about the processing of your personal data by us.

Right to object

We also would point out that you can object at any time to the future processing of your personal data in line with legal requirements in accordance with Art. 21 GDPR. Objection can be made in particular against processing the data for the purposes of direct advertisement.

Right to provision of information

If you have any questions about the collection, processing or use of your personal data, for information, for the rectification, blocking or erasure of data as well as the revocation where required of consent given or objection against certain data usage, please contact us at the following email address:

info@railadventure.de

Encryption through SSL/TLS

For security reasons, our website uses SSL or TLS encryption. We do this to protect transmitted data and ensure that it cannot be read by third parties. You can tell successful encryption if you see the protocol designation in the status bar of the browser change from “https://” to “https://” and you can see a locked lock symbol.

Web hosting via HostEurope

We use the services of Host Europe GmbH, Hansestraße 111, 51149 Cologne for the web hosting of our websites. We also have a contract with Host Europe for order processing in accordance with Art. 28 GDPR. You can find further information about the privacy policy from Host Europe at

https://www.hosteurope.de/AGB/Datenschutzerklaerung/

Legal basis

The legal basis for processing this data is our legitimate interest in the operation and maintenance of the operational security of this website in accordance with Art. 6 (1) sentence 1 lit f GDPR.

Borlabs Cookie

This website uses Borlabs Cookie, which places a technically necessary cookie (Borlabs Cookie) to store your cookie consent.

Borlabs Cookie does not process any personal data.

The consents you have given when accessing the website are stored in the Borlabs Cookie . If you wish to revoke these consents, you can simply delete the cookie in your browser. If you access/reload the website again, you will be asked again about your cookie settings.

Cookie settings (Borlabs)

[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Einstellungen”/]

Consent history (Borlabs)

Your consent history:

[borlabs-cookie type=”consent-history”/]

In the case of enquiries, please contact us referencing the following UID.

UID: [borlabs-cookie type=”uid”/]

Cookie list (Borlabs)

We use the following cookies:

[borlabs-cookie type=”cookie-list”/]

Google Maps

In order to be able to offer you an engaging website, our website has an interface to Google Maps. In order to be able to use Google Maps, your IP address must be stored on a Google server in the USA.

The recipient of the data is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

This service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We would point out that there is a possibility that data will be transmitted to the USA and be processed by US authorities. Under current law, the USA is considered to be an unsafe third country with an inadequate level of data protection.

At the moment, there is no inadequacy decision in accordance with Art. 45 GDPR.

Google is, however, obliged to comply with the standard contract clauses for the transmission of personal data to third countries in accordance with Directive 95/46/EC (Standard Contractual Clauses – SCC).

You can get more detailed information about the standard contract clauses at
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de
sowie unter https://policies.google.com/privacy/frameworks?hl=de

To protect your personal data, we have concluded a contract with Google for order data processing in accordance with Art. 28 GDPR and a special, additional addendum to the data processing, and accepted the change in Google’s terms and conditions and the amended order data processing conditions with regard the use of standard contract clauses.

More detailed information can be found at:
https://privacy.google.com/businesses/processorterms/

Additional information is made available in the Google privacy policy at https://www.google.de/intl/de/policies/privacy .

Legal basis

The legal basis for processing the data is your consent in accordance with Art. 6 (1) lit. a GDPR.