Privacy policy

The following information concerns the processing of personal data in connection with the use of the mobile app (“app”) operated by weekengo GmbH and the website weekengo.com (“website”) (together: “portals”). “Personal data” is any data that can be related to you personally, i.e. your name, address, email addresses, user behaviour.

1.         Controller/Data Protection Officer

1.1 The controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is weekengo GmbH, Burghofstraße 40, 40223 Düsseldorf, Germany.

Legal representative: Tobias Boese

1.2 You can reach the contact person responsible for data protection at datenschutz@weekengo.com or at the address specified under 1.1.

1.3 Should offers of other providers (“third-party offers”) be accessible from our portals, our Privacy Policy will not apply to such third-party offers. In such case, within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR), we are also not deemed the controller of the processing of your personal data by the other provider in the context of such third-party offers.

2.         Your rights

2.1 You have the right to request information from us at any time in accordance with Art. 15 GDPR about the data we have stored about you. In addition, you are entitled to information about the other data listed in Art. 15 GDPR.

2.2 If you have given your consent to the use of data, you can revoke such consent for the future at any time. However, such revocation will not affect the legality of the processing carried out on the basis of the consent until it is revoked.

2.3 You also have the right to have incorrect personal data corrected in accordance with Art. 16 GDPR and to have your personal data deleted in accordance with Art. 17 GDPR.

2.4 You may restrict the processing of your personal data under the conditions set out in Art. 18 GDPR.

2.5 According to Art. 21 GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, insofar as you do so on the basis of Art. 6 (1) (e) or (f) GDPR (including profiling based on these provisions). In the event of such objection, we will no longer process this data unless we can prove that there are compelling grounds for processing that outweigh your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims.

2.6 In addition, you have the right to receive the personal data concerning you that you have provided to us, in a structured, common and machine-readable format. You also have the right, insofar as such is technically feasible, to have us transfer this data to another controller at your instruction. The right to the transfer of data applies only in the case of personal data for which processing is based on consent pursuant to Article 6 (1) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and processing is carried out using automated procedures. The right to transfer data to another controller is excluded if such would affect the rights and freedoms of other individuals (such as personal data of third parties, our business and company secrets or copyrights).

2.7 The rights mentioned in this section may be asserted by email to info@weekengo.com or to the address specified under 1.1.

You are generally entitled to assert these rights free of charge. However, in the case of manifestly unfounded or — in particular, in the case of frequent repetition — excessive applications, we may, in accordance with Art. 12 (5) GDPR, either

a. require an appropriate fee taking into account the administrative costs of information or notification or implementation of the measure requested, or

b.         refuse to act on the basis of the application.

3.         Data security

We maintain up-to-date technical measures to ensure data security, in particular the protect your personal data against risks involved in data transfers and to prevent third parties from obtaining knowledge of your data. These technical measures are each adapted accordingly to reflect the current state of the art.

4.         Type and scope of the processing of personal data

4.1       Informational use

We collect the following data when the portals are used for information purposes only, i.e. without login or registration:

  • IP address
  • Device identification (UDID)
  • Date and time of the query
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific webpage)
  • Access status/HTTP status code
  • Data quantity transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • User behaviour regarding the app and the website
  • GPS data, if applicable (if you have authorised GPS location determination).

This data is evaluated solely in order to ensure the trouble-free operation of the portals and to improve our offers. The basis for data processing is Art. 6 (1) lit. f) GDPR, since we have a legitimate interest in being able to provide you with a trouble-free, user-friendly offer that best meets your expectations and requirements. Without processing the minimum amount of information, we cannot transfer the page to your terminal and display it there.

The IP address can constitute personal data, since under certain conditions it is possible to find out the identity of the owner of the Internet access used by obtaining information from the respective Internet provider.

We evaluate the IP address in addition to the above-mentioned purposes in the event of attacks on our Internet infrastructure. In this case, we have a legitimate interest within the meaning of Art. 6 Par. 1 (f) GDPR in the processing of the IP address. This legitimate interest arises from the need to ward off the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take action against the responsible person under criminal and civil law, and to effectively prevent further attacks.

4.2       Registration

When we offer users the opportunity to register within the framework of our portals by providing personal data, the relevant data is entered into an input mask and transferred to us and stored. The data is only passed on to third parties in the cases specified in this policy. The data collected in the registration process can be seen in the input mask.

At the time of registration, the following data is also stored:

  • The user’s IP address

 

  • Date and time of the registration

 

We use the data provided by the user during registration for the following purposes:

  • Cross-platform favourites

 

  • Personalised offers

 

In the course of the registration process, the user’s consent to the processing of this data is obtained. The legal basis for the processing of data is Art. 6 (1) (a) GDPR if the user has given their consent.

The data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. This is the case for the data collected during the registration process if the user account created in this process is deleted, provided that there are no legal storage obligations or we are otherwise entitled to store such data.

As a user, you have the option of deleting at any time a user account you have created.

4.3       Use of our services via the portals

In the context of the use of our services via the portals, the processing of the following personal data is required. In such case, the personal data is processed in order to fulfil the contract; unless another legal basis is expressly specified, the processing is then permissible pursuant to Art. 6 (1) (b) GDPR.

            a. Website

            When our services are used via the website, we process the personal data specified under 4.1.

In order to make your travel booking, we transfer the relevant travel booking data to the provider of the desired trip. Depending on your travel booking and travel provider, this may be information such as your name, contact details, payment details, special requests or other information in connection with the travel booking as well as the names of the guests travelling with you. A transfer of special categories of personal data within the meaning of Art. 9 (1) GDPR will be carried out only if you have given us your consent, meaning that the processing is then permissible according to Art. 9 (2) (a) GDPR.

If no payment is made during the booking process via the website, we will forward your credit card data to the relevant travel provider for further processing, provided you have provided us with such data.

In the event of disputes relating to travel bookings, we may provide the tour operator with data regarding the travel booking process as required to resolve the disagreements. This may include a copy of your booking confirmation, which serves as proof of the actual travel booking completion.

We use service providers to process your personal data on our behalf. This can serve various purposes, such as verifying the email address you provide during the booking process. All third-party service providers are subject to confidentiality agreements; they are not entitled to process your personal data for purposes other than those which we have specified.

If you are redirected from the website to the page of the providers of the travel services, the data processing conducted by such providers is governed by the data protection regulations of the respective provider. You will find the respective regulations on the providers’ websites.

The transfer of personal data as described in this Privacy Policy may include the transfer of personal data to other countries whose data protection laws are not as comprehensive as those of the countries of the European Union or the European Economic Area. To the extent required by European law, we only transfer personal data to recipients who have an adequate level of data protection in place. In such cases, we will conclude contractual agreements to ensure that your personal data is protected in accordance with European regulations, where necessary. You can contact us to view a copy of such contractual agreements. Please use the contact details below.

 

            b. App

            When our services are used via the app, we process the following additional personal data in addition to the data mentioned in section 4.3.a to enable the functions of the app:

  • Device identification of the device used
  • IMEI (= International Mobile Equipment Identity) of the device used
  • Unique number of the network subscriber (IMSI = International Mobile Subscriber Identity)
  • Mobile phone number (MSISDN)
  • MAC address for WLAN use
  • Name of your smartphone
  • Email address, if applicable. In addition, other data — such as travel destinations, travel data and, optionally, your motivations and special preferences — must be provided for you to be able to use the search engine via the website or the app.

 

4.4       Further processing of personal data

In addition, further personal data is processed as described below.

a. You can download the app from the app store you use, which is operated by a third party. The data your app store provider requires for downloading is transferred to the app store, in particular user name, email address and, if applicable, the customer number of your account, the time of download, payment information and the individual device identification number. We have no influence over this collection of data, however, and we are not responsible for it. We process the data thus provided only as far as it is necessary for downloading the app onto your smartphone. Beyond that, we will not continue to store it. Since you initiate the downloading of the app, this data is processed based on your consent in accordance with Art. 6 (1) (b) GDPR.

b. For advertising purposes, we use so-called “advertising identifiers” (IDFA and AAID). These are non-permanent identification numbers that are assigned once for a specific device and are provided by the iOS or Android operating systems. The data collected by an “advertising identifier” is not linked with any other device-related information. We use these advertising identifiers to be able to provide you with personalised advertising and to evaluate your use. If you activate the option “No ad tracking” under “Advertising” in your smartphone’s settings under “Data protection”, we can only perform the following actions: measuring your interaction with banners by counting the number of times a banner is shown without being clicked on (“frequency capping”), click-through rate, determining unique use (“unique user”) and security measures, combating fraud and troubleshooting. You can delete the advertising identifier in your device’s settings at any time (“Reset ad ID”); a new advertising identifier will then be created that will not be combined with the data previously collected. Please note that you may not be able to use all the functions of our app if you limit the use of the advertising identifier.

c. In addition, we process your data insofar as such is necessary to safeguard our legitimate interests or those of third parties as described below and unless a case-by-case assessment shows that your legitimate fundamental rights and freedoms, requiring the protection of personal data, predominate (cf. Art. 6 (1) (f) GDPR):

  • Review and optimisation of procedures for needs analysis and direct customer approach;
  • Advertising or market and opinion research, as long as you have not objected to the use of your data or have given a legally required consent;
  • Assertion of legal claims and defence in legal disputes;
  • Ensuring IT security and IT operation;
  • Prevention and investigation of criminal offences;
  • Measures for business management and for the further development of services and products.

4.5.      Newsletter/product information

If you have consented to receive information about our products and services by email or other electronic messages (such as email newsletters, push messages, etc.), your email address and, if applicable, your mobile phone number will be stored and used for the purpose of sending advertising for travel offers until you unsubscribe from the corresponding newsletter or notification service or otherwise revoke your consent.

a.         Newsletter

If you register for our newsletter, we will store your email address until you unsubscribe from the newsletter, which is possible at any time. Your email address is stored for the sole purpose of enabling us to send you the newsletter. Furthermore, when you register and confirm your registration by means of the double opt-in procedure, we will store your IP addresses and the times to be able to prove that you have given your consent in case of doubt and to prevent misuse of your personal data.

The only mandatory information for us to send the newsletter is your email address. The indication of further, separately marked information is voluntary; such data will be used solely for the purpose of personalising the newsletter. This data will also deleted in full if you revoke your consent.

The legal basis for the processing of the data after the user registers for the newsletter is Art. 6 (1) (a) GDPR.

If you purchase goods or services on our website or in our app and provide your email address, we can subsequently use the address for sending you an email newsletter, provided that the requirements of § 7 (3) of the Act against Unfair Competition (UWG) are met. In such a case, the newsletter will only be used to send direct advertising for our own, similar goods or services. The legal basis in this case is Art. 6 (1) (f) GDPR.

You are entitled to revoke your consent to receiving the newsletter, at any time. You can declare your revocation by clicking on the link provided in each newsletter email, by an email to info@weekengo.com or by sending a message to the contact details indicated in the Legal Notice. The data you provide will not be passed on to third parties.

The newsletter is sent out via a newsletter delivery platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter “MailChimp”) as a processor commissioned by us. The data described above, collected for the purpose of sending newsletters, is stored on the servers of MailChimp in the US. MailChimp uses this information for sending and evaluating the newsletters on our account. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, for example to technically optimise the sending process and the presentation of the newsletter or for economic purposes, in order to determine the countries the recipients are from. However, MailChimp does not use the data of our newsletter recipients in order to write to them or pass their data on to third parties.

MailChimp is certified under the US-EU “Privacy Shield” data protection agreement and is thus committed to compliance with EU data protection regulations. What is more, we have concluded a data processing agreement with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process such data on our account in accordance with its data protection regulations and in particular not to pass it on to third parties. The contract is available for inspection.

The data protection regulations of MailChimp are available here:

https://mailchimp.com/legal/privacy/.

b.         Push messages

In order to send messages with information about our products and services to your mobile device, weekengo uses OneSignal technology if you have consented to receive such messages.

However, you will only receive push messages if you do not disable them for the app or browser. The push messages can be deactivated and reactivated in the settings at any time.

If push messages are activated, OneSignal receives information — when the app or website is accessed — about the installed app and its usage, the temporary unique device ID (such as IDFA and Android ID) and, linked to this, the current location. It is not possible to draw conclusions about the user’s person from the unique allocation of the device; it is a non-personal ID.

The data required for the delivery of push messages is processed based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

For more information on privacy from the third-party provider, please visit:

https://onesignal.com/privacy_policy.

 

5.         Cookies

Furthermore, cookies are stored on your device when you use the portals. Cookies are small text files that are assigned to the browser you use and stored on your device. They allow certain information to be sent to the location placing the cookie (in this case, weekengo). Cookies cannot run programs or pass on viruses to your computer. They serve to make the offering altogether more user-friendly and more effective.

If you have a user account with us, we use cookies to identify you for subsequent visits so that you do not have to log in again for each visit.

The portals use cookies to the following extent:

– Transient cookies (temporary use)

– Persistent cookies (use limited in time)

– Third-party cookies (provided by third-party providers)

Transient cookies are deleted automatically when you close the browser. These include in particular “session cookies”. Session cookies store a “session ID” that is used to allocate various queries of your browser to the joint session. They allow your computer to be recognised when you return to the website. Such a cookie, for example, can store the content of your shopping basket or a login jam. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified duration, which can vary depending on the cookie. They are also saved after the browser is closed; the login status can thus be stored if you visit the portals after several days. Likewise, such a cookie can be used to store your interests as a user that are used for measuring reach or for marketing purposes. You can delete the cookies in the security settings of your browser at any time.

“Third-party cookies” are cookies that are offered by providers other than the controller.

You can configure your browser settings however you prefer and, for example, refuse to accept third-party cookies or any cookies. If you do so, however, please note that you may not be able to use all the functions of the website. For you to be able to use all the functions, it is necessary for us to recognise your browser also after you move to another webpage.

The information we store this way is stored separately from any further data you may have provided to us. In particular, the data of the cookies is not linked with your other data. The user data collected by technically necessary cookies are not used to create user profiles. We require cookies for the following applications:

(1)       Favourites

(2)       Transfer of country settings

(3)       Remembering search settings such as airports of departure and time periods

We want to offer our users modern, user-friendly portals that automatically adapt to their wishes and needs. For this purpose, we use technical cookies to be able to show you our website and to ensure that it works properly. Technical cookies are also used to create the user account, for login and to manage your bookings. These are absolutely necessary for our website to work properly. The use of such cookies is therefore justified in accordance with Art. 6 (1) (f) GDPR.

We also use functional cookies to store your preferences and to make our portals as efficient and user friendly as possible. When you use the portals, we use these cookies to store your preferred departure airports and destinations, as well as your search queries and the travel providers you have previously viewed. We may also use cookies to store your login information so that you do not have to re-enter your login information each time you visit our website. Passwords, however, are always encrypted. Such functional cookies are not absolutely necessary for our website to work properly. However, they improve user-friendliness and ensure that your visit to our portals is as pleasant as possible. The use of such cookies is likewise justified in accordance with Art. 6 (1) (f) GDPR.

Analysis cookies are used to improve the quality of our website and its content. The analysis cookies enable us to learn how the website is used and thus to continuously optimise our offer. The legal basis for the processing of personal data using cookies for analytical purposes, if you as a user have given your consent in this regard, is Art. 6 (1) (a) GDPR.

In addition to our own cookies, we use third-party cookies to display personalised advertising on our websites and other websites. This process is called “retargeting”. It is based on your activity on our website, such as the destinations you are looking for, the accommodation options you have looked at and the prices displayed. In this case as well, the data is only processed on the basis of your consent, in accordance with Art. 6 (1) (a) GDPR.

As a user, you can control the extent to which cookies are used in the settings of your Internet browser by restricting or completely deactivating the transfer of cookies. Cookies that have already been stored can be deleted subsequently at any time. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find such settings for the respective browsers using the following links:

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/kb/PH21411?locale=de_DE&viewlocale=en_US

Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Opera: http://help.opera.com/Windows/10.20/en/cookies.html

If the use of cookies is restricted or completely blocked, parts of our portals may become unusable.

6.         Third-party modules and analysis tools

6.1       Use of Google Analytics

The website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This service is used on the basis of Art. 6 (1) sentence 1 (f) GDPR, on account of our legitimate interest in evaluating the type and scope of use of our website and in making our services more demand oriented. Google Analytics uses so-called cookies, which are text files placed on your computer to help us analyse your use of the website. The information generated by the cookie about your use of this website, such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the website visited beforehand),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

is usually transferred to a Google server in the United States and stored there. On the website, we have extended Google Analytics by adding the code “anonymizeIP”. This guarantees that your IP address will be abbreviated by Google before being transmitted to the United States within the European Union or in other contracting states of the Agreement on the European Economic Area and will thus made anonymous. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and be abbreviated there. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website usage and Internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by making the appropriate settings in your browser software; please note that in this case you may not be able to use all the functions of this Website to the full extent.

You can, however, prevent Google from collecting the information generated by the cookie and related to your use of the website (including your IP address) and from processing this data, by downloading and installing the browser plugin provided by this link: https://tools.google.com/dlpage/gaoptout?%20hl=de.3

We will continue to use Google Analytics to evaluate data from double-click cookies and also AdWords for statistical purposes. If you wish to prevent us from doing so, you can disable the use by way of the Ads Preferences Manager (http://adssettings.google.com).

Doubleclick by Google is another service provided by Google. Doubleclick by Google uses cookies to present you with advertisements that are relevant for you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been accessed. The use of DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet.

The information generated by the cookies is transferred by Google to a server in the United States for analysis and is stored there. Google will only transfer the data to third parties due to legal regulations or within the scope of commissioned processing. Under no circumstances will Google match your data with other data collected by Google.

You can prevent Google from collecting the data generated by the cookies and relating to your use of the website, and from processing this data, by downloading and installing the browser plug-in available under “DoubleClick deactivation extension”: https://www.google.com/settings/ads/onweb/

We use Google AdWords to advertise this website in Google search results and on third-party websites. For this purpose, the so-called “remarketing cookie” from Google is set when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the websites you have visited. This is carried out solely on the basis of your consent in accordance with Art. 6 (1) sentence 1 (a) GDPR. Once we have ended our use of Google AdWords remarketing, the data collected in this context will be deleted. You can also revoke your consent at any time with effect for the future.

Any additional processing will only take place if you have agreed to allow Google to link your web and app browsing history to your Google Account and to allow information from your Google Account to be used to personalise ads you see on the web. If you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To this end, Google will temporarily link your personal data with Google Analytics data to form target groups.

Google AdWords remarketing is an offer of Google LLC (www.google.de). Google LLC has its head office in the United States and is certified under the EU-US Privacy Shield. As a result of this agreement between the United States and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

You can disable the remarketing cookie via the link:

(http://adssettings.google.com).

In addition, you can also contact the Digital Advertising Alliance to find out how cookies are placed and how to make the relevant settings.

6.2       Use of Google Tag Manager

weekengo uses Google Tag Manager, a Google application, to manage tags on our portals.

Tags are small code elements that serve, for example, to measure traffic and visitor behaviour, to capture the impact of online advertising and social media channels, to optimise remarketing and the focus on target groups as well as to facilitate the testing and optimising of the website and the app.

Google Tag Manager serves to implement and manage website tags. The tags set up via the Google Tag Manager serve to collect data that is passed on to the respective target system. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn collect data if necessary. Google Tag Manager does not access this data, however. As the data is only passed through, the system does not itself collect or store the data obtained. The individual tools addressed by the tags are deactivated via the respective tool itself. If there has been a deactivation of the tools at a domain or cookie level, the deactivation will remain in place for all tracking tags that are implemented with Google Tag Manager.

6.3       Use of Appsflyer

This app uses technologies provided by AppsFlyer Ltd. (https:/www.appsflyer.com) to collect and store data for marketing and optimisation purposes. This data can be used to create pseudonymous use profiles.

AppsFlyer is certified under the US-EU Privacy Shield data protection agreement and is thus obligated to comply with a data protection level comparable to the EU data protection requirements.

The information generated by AppsFlyer about the use of the app is usually transferred to a server outside Germany and stored there. In the code of the app, we have activated IP anonymisation to ensure that users’ IP address is abbreviated before it is stored by AppsFlyer Ltd. On our behalf, Google and AppsFlyer Ltd. use the information to evaluate the use of the app, to compile reports on the activities in the app and to provide us with other services related to the use of the app and the Internet. In the privacy settings of the app, you can determine whether or not Google Analytics or AppsFlyer is allowed to collect, process or use your data. You can also send an email to privacy@appsflyer.com if you do not want to allow AppsFlyer.

Unless the data subject grants their consent separately, the data collected with the technologies will not be used to identify the user of the app personally nor will it be merged with personal data about the holder of the pseudonym. The use is based on Art. 6 (1) sentence 1 (f) GDPR on the basis of our legitimate interest in analysing user behaviour in order to optimise our offer.

Information provided by the third-party provider: AppsFlyer Ltd., 111 New Montgomery St., San Francisco, CA 94105, USA;

https://www.appsflyer.com/privacy-policy/

6.4       Use of Amplitude

weekengo uses the web analytics service “Amplitude”, provided by Amplitude Inc., to evaluate user access to the weekengo website and the weekengo app.

Unless the data subject grants their consent separately, the data collected with the technologies will not be used to identify the user personally nor will it be merged with personal data about the holder of the pseudonym. The information collected will be stored on a server in the United States.

The use is based on Art. 6 (1) sentence 1 (f) GDPR on the basis of our legitimate interest in analysing user behaviour in order to optimise our offer.

Information provided by the third-party provider: Amplitude Inc., 501 2nd Street, Suite 100, San Francisco, CA 94107, USA; https://www.amplitude.com/privacy.

6.5       Use of Crashlytics

weekengo uses the web analytics tool “Crashlytics” from Google LLC on its portals. The weekengo app automatically sends error messages in the event that the app crashes or has errors. These error reports send to the tool information about the type and version of the device, the version of the app that is installed, the time the error occurred, the feature used, the status of the application when the error occurred as well as other technical information. We only use the tool on an anonymised basis. This information does not include the IP address, personally identifiable information or any other data from the mobile device.

weekengo receives an evaluation of the error messages from Google. You have the option, at any time, to disable the logging of the error reports in accordance with this section by deactivating this option in the weekengo app under Settings.

For more information on privacy from the third-party provider, please visit:

https://try.crashlytics.com/terms/privacy-policy.pdf

6.6       Use of Firebase

weekengo uses the Firebase database to manage user accounts. This is a real-time database, designed to embed real-time information into the website and app. It also serves to send you emails for password resetting. In addition, information is collected for analysing the use of our offer. The user data is transferred to Firebase solely on an anonymised basis.

Firebase is a subsidiary of Google LLC based in San Francisco (CA), USA. For more information on privacy from the third-party provider, please visit:

https://www.firebase.com/terms/privacy-policy.html.

6.7       Use of Facebook Pixel

The website uses the visitor activity pixel provided by Facebook, Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) for conversion measurement.

Facebook is certified under the Privacy Shield agreement and thus guarantees a data protection level comparable to European data protection law:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Facebook Pixel can be used to track the behaviour of website visitors after they are redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for weekengo; we cannot draw conclusions about the users’ identity. However, the data is stored and processed by Facebook to enable a connection to the respective user profile and allow Facebook to use the data for its own advertising purposes in accordance with Facebook’s data usage guidelines. Facebook can then place ads both on Facebook pages and outside of Facebook. We as the website operator cannot influence this use of the data.

Please see Facebook’s privacy policy for more information on how your privacy is protected: https://www.facebook.com/about/privacy/.

You can also disable the remarketing feature “Custom Audiences” in the “Ad Settings” section at:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

You must be logged in to Facebook in order to do so.

If you do not have a Facebook account, you can disable Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

6.8       Use of Facebook SDK

The app also features the integration of the Facebook Software Development Kit (SDK). The Facebook SDK is made available by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”).

This software allows us to track which social network advertising campaign is prompting Facebook users to download our apps. To this end, we send pseudonymous data to Facebook: the app ID, the app version and the information that the app has been started. We do not send any other data to Facebook.

The advertising ID provided by the operating system of the device serves as the pseudonym.

The advertising ID is not used to optimise advertising, however, but is discarded by Facebook: weekengo generally prevents Facebook’s use of the advertising ID for optimised advertising purposes. The individual user thus cannot be exactly determined at any given time. Information about the identity of the user is therefore not known to weekengo, even if the share functionalities are used.

For more information about the Facebook SDK for iOS, please visit:

https://developers.facebook.com/docs/ios.

For Android:

https://developers.facebook.com/docs/android.

6.9       Use of Google AdWords conversion tracking

weekengo uses the online advertising program “Google AdWords” on the website and, in the context of Google AdWords, the conversion tracking tool. Google conversion tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

If you access the website via an ad placed by Google, Google AdWords sets a cookie on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Google and weekengo can see that you have clicked on the ad and were redirected to such page. However, they do not receive any information that would allow them to personally identify users.

If you do not wish to participate in the tracking, you can object to such use by preventing the installation of cookies, making the corresponding settings in your browser software (deactivation option). You will then not be included in the conversion tracking statistics.

“Conversion cookies” are stored on the basis of Art. 6 (1) (f) GDPR. weekengo has a legitimate interest in analysing user behaviour in order to optimise both the website and the advertising.

For further information and Google’s privacy policy, please visit:

http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/

7.         Booking with third-party providers

7.1 With its portals, weekengo only offers a search engine for hotel and flight offers on booking websites operated by third parties. Accordingly, the deals are booked on the web pages of the respective booking websites. In any case, in booking the travel service, you are entering into a contract with the booking website and not with weekengo. The data is collected there directly by the third-party provider, who is also the controller within the meaning of Art. 4 No. 7 GDPR. Please also note the privacy policy of the respective booking website.

7.2 In order to bill the third-party providers for our fee and to prevent fraud, we send them your customer ID. Your ID is used solely for the aforementioned purposes and is deleted immediately as soon as there is no longer any need to store it. The legal basis for sending the customer ID is Art. 6 (1) (f) GDPR. weekengo has a legitimate interest in being able to trace whether a booking has been made with a third-party provider as a result of a connection established via our portals: this constitutes the basis for our billing to the third-party providers.

7.3 In certain cases you can book offers directly with the third-party provider by means of an interface to the respective booking website. To this end, we may collect certain information from you, including your name, address and credit card details, on behalf of the third party that operates the booking page that is then your contracting party. We then provide this data to the respective third-party provider to enable you to effectively submit your booking request through us. The legal basis for such provision of data is Art. 6 (1) (b) GDPR: the provision of data serves to help fulfil a contract.

8.         Receivers of the data

8.1 Within the scope of the purposes mentioned above in sections 4 to 7 and also sections 9 and 10, we send your personal data to the following categories of recipients:

  • When you book with a third-party provider, your customer ID we have created is sent to them for the purpose of billing.

8.2 At our request, your data will not normally be processed in countries outside the scope of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ EC No. L 281 p. 31), unless the third-party providers or other bodies mentioned in this Privacy Policy are concerned that have their registered office outside the European Economic Area (EEA). This pertains in particular to the Facebook social plug-ins as well as the Google measurement and/or evaluation methods (such as Google Analytics). In addition, data is transferred if such is necessary for the purposes of contract fulfilment and execution (for example, to airlines, hotels, etc.).

9.         Login with Facebook

You can register with us and log in through your Facebook account. When you register on Facebook, Facebook will request your consent to the release of certain data on your Facebook account to weekengo. Such data includes your first name, last name and your email address to verify your identity and your gender, along with the general location, a link to your Facebook profile, your time zone, your date of birth, your profile picture, your “Like” information and your friends list.

This data is collected by Facebook and sent to us in compliance with the provisions of the Facebook Data Policy. You can the control the information that we receive from Facebook by changing the privacy settings on your Facebook account.

If you register with us through Facebook, your weekengo account will automatically be associated with your Facebook account, and you can share information about your activities on weekengo and publish it in your Timeline and News Feed for friends.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You will find information regarding the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and your options for making settings to protect your privacy, in the Facebook privacy policy: http://www.facebook.com/policy.php

10.       Login with Google+

You can register and log in using your Google+ account. If you register through Google+, Google will request your consent for the release of certain data from your Google+ account to weekengo. This includes your first name, last name and your email address for verifying your identity and your gender, as well as a link to your Google+ profile, your profile picture and your friends list. This data is collected by Google and sent to us in compliance with the provisions of the Google privacy policy.

If you register with weekengo using Google+, information about your activities will be visible on Google for everyone in your Google+ groups if you release this information accordingly on weekengo, and it will be shared with Google in accordance with the Google Terms of Use and the Google Privacy Policy. For more information about managing activities shared in your Google+ account, visit the Google support page:

http://www.google.com/intl/de/+/policy/+1button.html. On the Google+ app settings page, you can specify which people in your Google+ circles can see your weekengo activities.

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

11.       Obligation to provide data

You are under no obligation whatsoever to provide your personal data. However, if you do not provide us with the data that is deemed absolutely necessary for certain services or functions in this Privacy Policy, you will not be able to use the relevant service or function.

12.       Right to complain

If you are of the opinion that we are not properly complying with our data protection obligations, you can contact the data protection supervisory authorities at any time. You can contact our data protection officer as follows:

            State Commissioner for Data Protection and Freedom of Information

North Rhine-Westphalia

Postfach 20 04 44

40102 Düsseldorf

            Tel.: 0211/38424-0

Fax: 0211/38424-10

Email: poststelle@ldi.nrw.de

13.       Update of this Privacy Policy

From time to time it may be necessary to update this Privacy Policy, for example due to new legal or official requirements and new offers on our website. We will then inform you accordingly on this site. In general, we recommend that you regularly access this Privacy Policy to check whether there have been any changes in this regard. You will be able to see if any changes have been made by checking the “Last updated” information at the bottom of this document.

14.       Printout and storage of this Privacy Policy

You can directly print out and store this Privacy Policy, for example by using the print and/or save function in your browser.

Last updated: May 2018