Data protection is important to us!
The use of our Internet pages is possible without providing personal data. However, if a data subject wishes to use special services of our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number, is always in accordance with the General Data Protection Regulation and in accordance with the one for Chalo! travel applicable country-specific data protection regulations. The data collected in connection with a trip will be used exclusively for the execution of the travel and fulfillment of the travel contract as well as the customer support. By means of this data protection declaration, our company would like to inform about the nature, scope and purpose of the personal data we collect, use and process. In addition, data subjects are informed about their rights by means of this data protection declaration.
Our employees are familiar with the basics of data protection and data security. If you still receive unsolicited mail from us, we will inform you on request where we received your address.
We also use service providers to assist us in the processing of travel-relevant processes. These service providers receive data in accordance with Section 11 of the Federal Data Protection Act (BDSG) to the extent necessary and only within the scope of the above-mentioned purpose. Your data is protected from unauthorized access by third parties and will not be used for any other purpose.
We have implemented numerous technical and organisational measures to ensure the protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, each data subject is free to transmit personal data to us in alternative ways, such as by telephone.
2. Name and address of the controller
The responsible person for the purposes of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:
Seeweg 9, 14548 Schwielowsee
3. Data Protection Officer
Any data subject can contact our Data Protection Officer directly at any time with any questions or suggestions about data protection.
Seeweg 9, 14548 Schwielowsee
4. Collection of general data and information
The Chalo Reisen website collects a range of general data and information with each call by a data subject or an automated system. This general data and information is stored in the server’s log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system enters our website (so-called referrers), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used to prevent attacks on our information technology systems.
When using this general data and information, Chalo Reisen does not draw any conclusions about the data subject. Rather, this information is needed in order to (1) deliver the contents of our website correctly, (2) to optimize the contents of our website as well as the advertising for it, (3) the long-term functioning of our information technology systems. and the technology of our website, and (4) to provide law enforcement agencies with the information necessary for law enforcement in the event of a cyberattack. This anonymously collected data and information is therefore evaluated statistically by Chalo Reisen on the one hand and further with the aim of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all other personal data provided by a data subject.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as a site operator, our website uses an SSL or SSL or SSL. TLS encryption. This means that data that you transmit via this website is not readable by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock icon in the browser line.
Some cookies are “session cookies.” Such cookies are deleted by themselves at the end of your browsing session. On the other hand, other cookies remain on your device until you delete them yourself. Such cookies help us to recognise you when you return to our website.
With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to delete cookies by themselves when the program is closed. Disabling cookies may result in a limited functionality of our website.
The setting of cookies, which are necessary for the exercise of electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart), is based on Art. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are treated separately in this data protection declaration.
Data submitted via the contact form, including your contact details, will be stored in order to be able to process your request or to be available for follow-up questions. This data will not be passed on without your consent.
The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 sec. 1 lit. a GDPR). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage or no longer have a need for data storage. Mandatory legal provisions, in particular
To send our newsletter, we need an e-mail address from you. A verification of the given e-mail address is necessary and the receipt of the newsletter must be consented. Supplementary data are not collected or are voluntary. The use of the data takes place exclusively for the sending of the newsletter.
The data provided during the newsletter registration will be processed exclusively on the basis of your consent (Art. 6 sec. 1 lit. a GDPR). A revocation of your already given consent is possible at any time. For the revocation, an informal notification by e-mail is sufficient or you log out via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Data entered to set up the subscription will be deleted in the event of unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, these will remain with us.
The controller has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is an Internet-operated social meeting place, an online community that usually allows users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or business-related information. Facebook enables users of the social network, among other things, to create private profiles, upload photos and network via friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the United States or Canada, the person responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
By each call-up of one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component of Facebook. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE.
As part of this technical procedure, Facebook becomes aware of which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to Facebook at the same time, Facebook recognizes with each call-up of our website by the data subject and during the entire duration of the respective stay on our website, which specific sub-page of our website the data subject visits. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject presses one of the Facebook buttons integrated on our website, such as the “Like” button, or if the data subject submits a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information via the Facebook component that the data subject has visited our website whenever the data subject is logged in to Facebook at the time of accessing our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of this information to Facebook is not wanted by the data subject, the data subject can prevent the transmission by logging out of his Facebook account before calling up our website.
The data policy published by Facebook, which is available under
provides information on the collection, processing and use of personal data by Facebook. It also explains what settings Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transfer to Facebook.
Google Analytics (with anonymization function)/Matamo
Our website uses features of the web analytics service Google Analytics/Matamo. The provider of the web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA/ InnoCraft, 150 Willis St, 6011 Wellington, New Zealand, [email protected]
The setting of Google Analytics cookies is based on Art. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the analysis of user behaviour in order to optimize our website and, if necessary, advertising.
We use Google Analytics in conjunction with the IP Anonymization feature. It ensures that Google will shorten your IP address within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the United States. There may be exceptions where Google transfers the full IP address to a server in the UNITED States and shortens it there. On our behalf, Google will use this information to evaluate your use of the website, to generate reports on website activity and to provide us with other services related to website and internet usage. There is no merging of the IP address transmitted by Google Analytics with other data from Google.
Opposition to data collection
In order to fully comply with the legal data protection requirements, we have concluded a contract with Google for the processing of orders.
Demographics at Google Analytics
Our website uses the “demographic characteristics” feature of Google Analytics. It can be used to create reports that contain statements about the age, gender and interests of the page visitors. This data comes from interest-based advertising from Google as well as from visitor data from third parties. It is not possible to assign the data to a specific person. You can deactivate this feature at any time. This is possible through the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics, as explained in the item “Opposition to data collection”.
The controller has integrated components of YouTube on this website. YouTube is an Internet video portal that allows video publishers to set video clips for free and other users to view, review and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and TV shows, as well as music videos, trailers or videos made by users themselves are available on the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each call to one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser is displayed on the information technology system of the data subject automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/de/.
As part of this technical procedure, YouTube and Google will be informed about which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube will recognize the specific sub-page of our website by calling up a sub-page containing a YouTube video, which specific subpage of our website the data subject is visiting. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged in to YouTube at the time of accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not wanted by the data subject, the data subject can prevent the transmission by logging out of his YouTube account before calling up our website.
The data protection provisions published by YouTube, which are available under
provide information on the collection, processing and use of personal data by YouTube and Google.
5. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or if this is the case by the European legislator or another legislator has been provided for in laws or regulations to which the controller is subject.
If the purpose of the storage expires or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be processed routinely and in accordance with the legal requirements of the regulations are blocked or deleted.
6. Rights of the data subject
a) Right to confirmation
b) Right to information
c) Right to rectification
d) Right to erasure (right to be forgotten)
e) Right to restrict processing
f) Right to data portability
g) Right to object
h) Automated decisions on a case-by-case basis, including profiling
i) Right to revoke consent under data protection law
7. Legal basis for processing
Article 6 I lit. a GDPR serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of any other performance or consideration, the processing is based on Article 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or any other natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data or other vital information were then passed on to a doctor, hospital or other third party. Should. The processing would then be based on Article 6 I lit. d GDPR.
Ultimately, processing operations could be based on Article 6 I lit. f GDPR. This legal basis is the basis for processing operations which are not covered by any of the above legal bases where the processing is necessary to safeguard the legitimate interest of our company or a third party, provided that the interests of the fundamental rights and freedoms of the person concerned. We are allowed to process such processing operations in particular because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, GDPR).
8. Legitimate interests in the processing pursued by the controller or a third party
Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business for the benefit of the well-being of all our employees and our shareholders.
9. Duration for which personal data is stored
The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer necessary for the performance of the contract or the initiation of the contract.
10. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provisioning
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information about the contractual partner).
Sometimes it may be necessary to conclude a contract that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
Before the data subject has provided personal data, the data subject must contact one of our employees. Our employee shall inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or whether it is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data. data and the consequences of non-provision of personal data.
11. Existence of automated decision-making
As a responsible company, we do not require automatic decision-making or profiling.