Data protection and cookies policy
This data protection policy describes how personal data is processed when the websites of RSD Travel Ltd. [RSD] are used, including the mobile applications (our „Apps“). It also explains the choices you have regarding your personal data „(Your rights“), and how you can contact us.
I. Who is responsible and how can I contact the data protection officer?
The responsible body under the terms of the GDPR is RSD Travel Ltd., 2nd Floor Suite, Cuttlemill Farmhouse, Cuttlemill Business Park, Watling Street, Towcester NN12 6LF, United Kingdom.
Other contact options and the names of company representatives can be found in the legal information. For questions relating to the processing of your personal data by ourselves or the subject of data protection in general, please contact our data protection officer, who can be reached at the address listed under the Legal information or at the following e-mail address: firstname.lastname@example.org.
II. Your rights as a data subject
Each and every data subject has the following rights:
- right of access (Art. 15 GDPR)
- right to rectification of incorrect data (Art. 16 GDPR)
- right to erasure or “right to be forgotten” (Art. 17 GDPR)
- right to restrict processing of personal data (Art. 18 GDPR)
- right to data portability (Art. 20 GDPR).
You may object to the processing of your personal data for marketing purposes (including profiling associated with direct marketing) at any time and without specifying a reason.
In addition, the data subject has a general right of objection (cf. Art. 21 para. 1 GDPR). In this case the objection to data processing must be justified. If data processing is based on consent, this consent may be withdrawn at any time with future effect.
To exercise your rights as a data subject, please contact email@example.com. In addition, you can lodge complaints relating to our data processing with a supervisory authority.
III. Processing of personal data by RSD
Below we would like to offer you a summary of how we safeguard the protection of your personal data when you access our website, and what types of personal data we use for what purpose and to what extent.
1. Processing of personal data from orders
If you book a trip through RSD Travel Ltd., we will collect the data required for the organisation of the trip from you as a traveller or fellow traveller through the service provider Kesselhaus GmbH, Offenburg, Germany which is commissioned and controlled by us. This involves, in particular, your name, address, telephone number and e-mail address, travel details (date of departure and arrival, departure airport or bus boarding location) and also booking data (trip selected, potentially an extension week). You are obliged to provide us with the data necessary to implement the contract. Otherwise we will not be able to book your trip.
Depending on the destination and the airline, we either use the Amadeus reservation system to book the trip or we pass on the data required for booking and issuing the flight ticket to the respective airline, if necessary with the involvement of a service provider. This also includes the transfer of the required data to the respective airline. Depending on the destination, the required data may be passed on to the following airlines, among others, within the framework of the execution of the contract: Lufthansa; Emirates; Freebird Airlines; Aegean Airlines; Corendon Airlines; Turkish Airlines; TAP Air Portugal; Air Europa Lineas Aereas; Air Baltic; Air France/ KLM Royal Dutch Airlines
For the implementation and handling of the trip at the destination, we pass on the necessary data to an agency which processes your data for this purpose. The agency transfers your data to the extent required for this to the companies involved with the execution of the trip, such as the bus company for transport locally (e.g. to the hotel or for a round trip) or the hotel for the upcoming overnight accommodation. The agency will also pass on a list of participants to the tour manager responsible for you. If your holiday destination is outside the European Union / European Economic Area, both the agency and the other service providers will be based outside the European Union / European Economic Area. In this case, your data will be handled in accordance with the legal system in the relevant country where the companies are based. You will receive separate information on the scope of data processing from the other service providers involved. You can also assert your rights,such as a right to information, against RSD. In this case we will forward the request accordingly.
If you contact us by email with a query or use our contact form, we will collect the data sharedwith us in this way in order to handle your enquiry. According to your requests communicated tous in this way, we will comply with any request to contact you or comply with your other requests for information.
The travel booking data will also be used to handle potential warranty claims or other complaints. This data may also be passed on to external auditors and/or tax advisers for consultancy and auditing purposes. Data will be stored in accordance with the statutory retention requirements under Section 388 Companies Act 2006 and Schedule 18 Finance Act 1998, and data will bedeleted once the compulsory legal retention periods have elapsed.
On the use of trip booking data for marketing purposes
RSD as well as appropriately commissioned and controlled service providers (e.g. lettershops such as brand production Axel Bauer, Bühlertal; Direct Center Knoll GmbH, Rottenburg or b+g mailing.de GmbH, Hamburg, Germany) use the name and address of the travellers and fellow travellers for further measures relating to customer retention and customer reactivation. This includes sending out further information about interesting travel products and services by post and also issuing vouchers. This enables RSD to alert its customers to additional interesting options for their holiday and to ensure long-term customer loyalty. Data will not be passed on to third parties for marketing purposes. Telephone numbers and email addresses will be used for promotional purposes, if separate consent has been given. In the absence of additional consent, your name and address will no longer be used for marketing purposes, unless you have communicated an interest in continuing your customer relationship with RSD Travel Ltd. over a period of 7 years. We use the following activity indicators: Start of the trip or date of cancellation of the trip.
RSD Travel Ltd. also processes the booking data to personally customise your travel booking, to offer continuous enhancements and to present you with offers in future which are in line with your interests. We therefore use trip booking data to provide you with optimum support regarding your reservation and to point out interesting destinations from our range. Within the company, we process this data under a pseudonym in order to comply with your legitimate interests in the protection of your personal data. This data processing allows us to present you with personalised offers (e-mail or as part of a postal promotion) that present products which we assume you may be interested in.
Travel booking data will no longer be used for promotional purposes, including direct marketingrelated profiling, unless you have expressed an interest in continuing your customer relationship with RSD for a period of up to 5 years. We use the following activity indicators: Start of the trip or date of cancellation of the trip. Once this 5 year period has elapsed, we will continue to use your name, address, date of birth, latest travel booking and destination for postal marketing purposes for an additional two years. If there is no response to our advertising within this period, we will no longer use this data either for this purpose after a period of two years has elapsed.
On the use of prospective client data for marketing purposes
If you ask us by telephone to send you travel offers or a catalogue, we will collect your name and address from you through the service provider F&S Dialogmarketing GmbH, Offenburg, Germany which is commissioned and controlled by us, so that we can send you the requested documents. You are obliged to provide us with the data necessary to do this. Otherwise we will not be able to send you the catalogue. We also ask for your permission to continue using this information to send you RSD catalogues and other written travel offers until you object to these.
Credit card payment
Your credit card data is collected by TeleCash GmbH & Co. KG (TeleCash), Bad Vilbel, and used exclusively to handle payment for the trip booked with us. Your data will not be used for any other purposes by TeleCash. RSD will not receive your credit card data in plain text format; instead, as evidence of payment, TeleCash simply provides us with an ID plus your credit card number in truncated, non-readable format (123456******7890).
In order to verify whether the credit card details you have supplied are correct, our payment service provider TeleCash temporarily reserves a sum of 1 € on your credit card. However, this sum is immediately released again. The actual debit will not take place until later.
2. Processing of data from access to our website – log files
Information of a general nature is documented automatically when you access our website. This information (server log files) includes the type of web browser and operating system used, the domain name of your Internet service provider and similar details. Your IP address is also transferred and used to offer you the service you want. This information is technically required in order to correctly provide you with the website content you have requested, and is generated anyway when you use the Internet.
We immediately anonymise or delete this log file data once the usage process has finished. The legal foundation for the processing of data is Art. 6 (1) (1f) of the GDPR.
According to our IT security concept, the log file data generated is stored for a period of six weeks in order detect any attacks on our website and analyse them. The legal foundation for the processing of data is Art. 6 (1) (1f) of the GDPR.
3. Processing of data from use of our website – your requests
If you send us a request via e-mail or via the contact form, we collect the data you have shared with us for processing and to answer your query. We store this information for audit purposes for a period of up to two years. The legal foundation for the processing of data is Art. 6 (1) (1f) of the GDPR.
4. Subscription to an e-mail newsletter
We use the double opt-in method to process subscriptions to our newsletter. This means that, after you provide us with your e-mail address, we send a confirmation e-mail to your specified e-mail address in which we ask you to confirm that you would like to receive our newsletter. If you do not confirm your registration within 4 weeks, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will save your e-mail until you unsubscribe from the newsletter. This data is stored in order to allow us to send you the newsletter. When you register and confirm, we also store your IP addresses and the times of your registration in order to prevent any misuse of your personal details and to provide proof that we are sending you the information correctly. The legal foundation for the processing of your personal data is Art. 6 (1) (1a) of the GDPR.
The only mandatory information required for us to send you the newsletter is your e-mail address. You have the right to withdraw your consent to being sent the newsletter at any time. Your withdrawal of consent will not affect the legality of the processing of your personal data up until that point. You can communicate your withdrawal of consent by clicking on the link included in every newsletter e-mail, by e-mailing firstname.lastname@example.org or by sending a message to the contact details set out in the Legal information.
5. Use of a content management platform
On our website, we use the content management platform operated by our commissioned and monitored service provider. This tool is used to manage consent to the setting of cookies and the integration of external service providers, along with their verification. In order to prove your consent, we store information on the device you use, information on your browser, anonymised IP address, date and time of your visit as well as opt-in and opt-out data, for three years. The legal foundation for the storage of this data is Art. 6 (1) (1c) GDPR.
6. Notes regarding the safeguarding of data security
On our sites, we take technical and operational security precautions in order to protect the personal data we store against access by third parties, loss or misuse, and to safeguard a secure transfer of data.
We must point out, however, that the structure of the Internet means that unwanted data access by third parties can still occur. It is therefore your responsibility to protect your data through encryption or other means against misuse. Without suitable protective measures, data transferred in unencrypted format especially, even if this is done via e-mail, can be read by third parties.
IV. Integration of third-party services
1. Integration of YouTube
Our website uses plugins from the YouTube site operated by Google. The site is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit one of our pages which is equipped with the YouTube plugin, a connection with YouTube’s servers will be established. This will tell the YouTube server which of our pages you have visited.
If you are logged in to your YouTube account, you enable YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this by signing out of your YouTube account.
YouTube is used in the interests of displaying appropriate offerings online and therefore is based on Art. 6 para. (1) (f) GPDR. We only record the extent to which the YouTube videos integrated into our site are called up, and we delete this data after two years.
Further information on the use of user data can be found in YouTube’s data protection policy at: https://policies.google.com/privacy.
2. Integration of Google Maps
On this website we use the Google Maps service, a further service provided by Google Ireland Limited. This serves the purpose of displaying interactive maps directly on the website, making it easy for you to find the places we have indicated on the website and enabling you to use the map function conveniently.
This application is accessed directly from Google’s servers so that the company receives the IP address currently assigned to you. By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. Whether and to what extent or over what period of time the IP address is stored and used internally by Google is beyond our knowledge. The legal foundation for the integration of this service is Art. 6 (1) (1f) GDPR.
If you are registered for a Google service, Google can assign the visit to your account. Even if you are not registered with Google and/or are not logged in, it is possible for Google to store your IP address and use it for profile building. Google saves the data collected about you as a user profile and uses it for the purposes of advertising, market research and/or the needs-led design of its website. This type of analysis takes places in particular (including for users who are not logged in) to display needs-led advertising and to notify other users of the social network about your activities on our website. You have the right to refuse the creation of these user profiles by Google.
V. Our cookies guidelines
You have the choice of whether to allow cookies or not. You can make changes in your browser settings. You basically have the choice of whether to accept all cookies, be notified when cookies are installed or reject all cookies. If you choose the last option, you may not be able to use all of the functions on our website.
If cookies are used, a distinction must be made between mandatory cookies and those used for other purposes (such as measuring access figures, advertising purposes).
2. Mandatory cookies when using the website
We use session cookies on our websites that are mandatory for the use of our website. These include cookies that allow us to recognise you while you visit the site in the context of a single session. These session cookies help to ensure the safe use of our service by allowing the secure processing of the basket function and payment process.
Below is a summary of the cookies that we use with your consent, obtained when you start using the website. For every instance of use, you will also find an opt-out option.
Tracking by Google Analytics
This website uses Google Analytics, a web analysis service from Google Ireland Limited („Google“). Google Analytics uses „cookies“, text files that are stored on your computer and which permit an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. If IP anonymisation is enabled on this website, Google first truncates your IP address within the Member States of the European Union or in other states of the European Economic Area Agreement. The full IP address is only communicated in full to a Google server in the USA and truncated there in exceptional cases. On our behalf, Google will use this information to evaluate your use of the website, to create reports about website activities and to provide us with other services associated with website use and Internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged by Google with other data.
You can prevent the installation of cookies by making the appropriate settings in your browser software; we do point out, however, that by doing so you may be unable to use the full functionality of this website. You can also prevent any data generated by the cookies or data relating to your use of this website (including your IP address) from being transferred to Google or being processed by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en
We use Google Analytics to be able to analyse the use of our website and regularly improve it. The statistical information we obtain from this allows us to improve our services and make them more interesting for you as a user. Your data will also be processed in the USA. Your data will only be transferred to the USA after your express consent. The legal foundation for the storage of the cookie and the associated data processing for a period of 12 months is the consent given (Art. 6 (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings.
Online marketing – Google Adwords tracking and remarketing
We use the Google Adwords service to draw attention to our attractive offers on external websites through the use of advertising materials (Google Adwords). These advertising materials are provided by Google through „ad servers“. Ad server cookie are used, which allow the evaluation of performance parameters such as ad impressions, clicks and conversions. This means that we are able to determine in relation to the advertising campaign data how successful the individual advertising measures are. If you access our website via a Google advertisement, Google Adwords stores a cookie on your PC. Generally speaking, these cookies become obsolete after 30 days and must not be used to identify you personally. The following analysis values are generally stored for this cookie:
- Unique cookie ID
- Number of ad impressions per placement (frequency)
- Last impression (relevant for post-view conversions)
- Opt-out information (stipulates that the user no longer wishes to be approached)
These cookies allow Google to remember your Internet browser. If a user visits certain pages of the website of an Adwords customer, and the cookie stored on his computer has not yet expired, Google and the customer are able to detect that the user has clicked on the advertisement and has been forwarded to this page. Every Adwords customer is assigned a different cookies. Cookies therefore cannot be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the specified advertising measures. Google simply provides us with statistical analyses. These analyses allow us to determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials, and in particular we cannot identify users based on this information. The legal foundation for the storage of cookies by Google is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings.
Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. We also have no influence on the scope and further use of the data collected by Google through the use of this tool, and therefore inform you based on our current understanding:
Through the use of „tracking tools“, Google receives information that you have visited the relevant page of our website or have clicked one of our advertisements. If you are registered for a Google service, Google can assign the visit to your account. Even if you are not registered with Google and/or are not logged in, it is possible for the provider to learn your IP address and store it. You can find more information on data protection at Google here: https://policies.google.com/privacy and https://services.google.com/sitestats/en.html.
You can refuse the setting of a cookie by refusing to give your consent to the setting of cookies at the beginning of your visit to our website or in the Cookie settings. This can be done in the browser settings, which generally disables the automatic setting of cookies. Alternatively you can disable cookies for conversion tracking by setting your browser so that cookies from the
Alternatively, you can also visit the website of the Network Advertising Initiative (NAI): http://www.networkadvertising.org/
Facebook Pixel / Custom Audience
We have integrated a Facebook Pixel from Facebook Ireland Limited into our website. When our site is accessed, users are forwarded to Facebook via a redirect mechanism. The following data can be transferred during this process:
- Unique cookie ID
- Website visited
Facebook can then tag the terminal device you are using with a cookie and unique ID, or any cookie that is already present can be read. If you are logged in to Facebook, this data can be used to post targeted advertising for us on your Facebook pages. Your data will also be processed by Facebook in the USA. Your data will only be transferred to the USA after your express consent. The legal foundation for the storage of cookies is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings. The further evaluation of the collected data is the sole responsibility of Facebook. You can change your Facebook settings for advertising here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Criteo – Retargeting
On our pages and online offers, information about the surfing behaviour of website visitors is collected for marketing purposes using technology from Criteo (Criteo GmbH, Unterer Anger 3, 80331 Munich, Germany) and cookies are set to mark devices for the display of further advertising.
Criteo is able to analyse surfing behaviour and then display targeted product recommendations as appropriate banner ads when other websites are visited. On each banner there is a small „i“ (for information) at the bottom right, which opens on mouse-over and leads to a page on which the system is explained and a withdrawal of consent is offered. If Opt-Out is clicked, an „Opt-Out“ cookie is set, which will prevent the display of these banners in the future. There will be no other use or transfer to third parties. The legal foundation for the storage of cookies is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings.
You can also find out more information from Criteo at https://www.criteo.com/privacy/ and object to the recording and analysis of your surfing behaviour.
Hurra – Retargeting
On our pages and online offers, information about the surfing behaviour of website visitors is collected for marketing purposes using technology from Hurra Communications GmbH (Hurra Communications GmbH, Wollgrasweg 27, 70599 Stuttgart, Germany) and cookies are set to mark devices for the display of further advertising.
Hurra is able to analyse surfing behaviour and then display targeted product recommendations as appropriate banner ads when other websites are visited. On each banner there is a small „i“ (for information) at the bottom right, which opens on mouse-over and leads to a page on which the system is explained and a withdrawal of consent is offered. If Opt-Out is clicked, an „Opt-Out“ cookie is set, which will prevent the display of these banners in the future. There will be no other use or transfer to third parties. The legal foundation for the storage of cookies is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings.
You can also find out more information from Hurra at https://privacy.hurra.com/ and object to the recording and analysis of your surfing behaviour.
Adup – Axel Springer Teaser Ad GmbH – Retargeting
On our pages and online offers, information about the surfing behaviour of website visitors is collected for marketing purposes using technology from Axel Springer Teaser Ad GmbH (Axel Springer Teaser Ad GmbH, Axel-Springer-Straße 65, 10888 Berlin, Germany) and cookies are set to mark devices for the display of further advertising.
Adup is able to analyse surfing behaviour and then display targeted product recommendations as appropriate banner ads when other websites are visited. On each banner there is a small „i“ (for information) at the bottom right, which opens on mouse-over and leads to a page on which the system is explained and a withdrawal of consent is offered. If Opt-Out is clicked, an „Opt-Out“ cookie is set, which will prevent the display of these banners in the future. There will be no other use or transfer to third parties. The legal foundation for the storage of cookies is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings.
You can also find out more information from Adup at https://www.adup-tech.com/privacy and object to the recording and analysis of your surfing behaviour.
Last updated: November 12th 2020