Welcome to the travelloc Privacy Policy. Thank you for taking the time to read it.
We appreciate that you trust us with your information and we intend to always keep that trust. This starts with making sure you understand the information we collect, why we collect it, how it is used and your choices regarding your information. This Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum. The policy applies to both the mobile app (the “app”) and the website https://travelloc.com (the “website”) operated by travelloc GmbH. For simplicity, we refer to all of these as our “services” in this Privacy Policy.
Regarding the services travelloc GmbH, Isabellastrasse 38, 80796 Munich (“travelloc”, “we”, “us” or “our”) is the controller within the meaning of the General Data Protection Regulation (“GDPR”).
This privacy policy shall inform you on how we collect, process and use (“use”) your Personal Data in connection with the services.
The main reason we use your information is to deliver and improve our services. Additionally, we use your info to help keep you safe and to provide you with advertising that may be of interest to you. Read on for a more detailed explanation of the various reasons we collect, use and process your information.
a. In general, you can use our website without providing any personal information such as your name, email address, telephone number or postal address. Therefore, unless otherwise provided for in this privacy policy if you do not provide us directly with Personal Data in any other way or actively consent to the use by us of certain Personal Data, we do not use your Personal Data.
b. If you visit the website your browser automatically transmits certain data so that it can access the website. Such so-called server-log files are your IP address, browser type, operating system, referrer URL (previously visited page), host name of the accessing computer, language and version of the browser software and the date and time of the server request. We process this data as without such data the website cannot be accessed. The legal basis for this processing is the pre-contractual relationship with you in accordance with Art. 6 (1) sentence 1 lit. b GDPR.
c. If you provide us with information by sending us an e-mail or on any another way then we will process your data in order to answer your respective requests. The legal basis for this processing of personal data is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need to process the respective data in order to being able to answer your requests).
d. On the website you also have the opportunity to subscribe to our free newsletter. The legal basis for processing the data is your consent according to Art. 6 (1) sentence 1 lit. a GDPR.
a. In order to get access to and use the app you need to register as a user. By doing this, we collect personal information in order to create a user account that enables you to login to travelloc, store locations in your profile, recommend those locations to your followers, benefit from the recommendations of people and/or institutions you follow etc. The legal basis for the processing of this personal data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
b. If you register in the course of your professional or entrepreneurial activity and/or make use of fee-based services further details may be required for the contractual information so that we can meet the legal and especially tax requirements. The legal basis for the processing of this Personal Data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. c GDPR.
c. If you use your Facebook account to register with travelloc, we will also gain access to your public profile, friend list, date of birth and e-mail address. The connection to Facebook can be cancelled at any time without affecting the ability to use travelloc.
d. The full functionalities of the app are only accessible if you grant access to your mobile device’s geo location. When you use the app for the first time you will be asked by your device whether location data may be used. If you do not allow this or if you allow this but later deactivate this functionality in the settings of your mobile device, please note that the app or at least certain features and functionalities of the app might not work or might not be accessible. The legal basis for the processing of Personal Data described is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures) and Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interest is that we can only provide the app services with all its functionalities, if respective geo location data is processed). For the avoidance of doubt: we will not process your geo location data if you choose to not allow your device to share such data with regard to the app.
e. travelloc makes use of the Google Places API of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). This enables us to provide users with valuable information about locations (address, photos, opening hours etc.) Our app cannot function without the Google Maps API. You can view Google’s terms of use at https://policies.google.com/terms?hl=en. Additional terms of use for Google Maps are available at https://www.google.com/help/terms_maps.html. Google’s privacy policy is available at https://policies.google.com/privacy. The legal basis for the data processing is therefore the contract with you, Art. 6 (1) sentence 1 lit. b GDPR. We use the functions of Google as it is the most efficient way for us to display locations, both functionally and economically.
f. Regarding the app certain data transmitted by your mobile device is collected, namely your IP address, the operating system of your device (Android or iOS), the periods of time in which you use the app, and the type of device you use (e.g. iPhone, Samsung Galaxy), the date of the registration of your account. Such data is collected in order to be able to distinguish actual app users from bots, prevent abusive behaviour and block abusive content that is reported by other users. The legal basis for this processing of personal data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need a way to distinguish users from bots, prevent abusive behaviour and block abusive content when users report it).
g. When downloading the app, information is also processed by the provider of the app store (Apple App Store for iOS, Google Play Store for Android) you use in connection with the app. This data processing is initiated and is the responsibility of the respective app store provider in accordance with its privacy policy.
h. In addition, you may voluntarily provide us with additional information. Voluntary information will be marked accordingly. This information as well as a link to Facebook and the release of further data from Facebook are based on your consent, Art. 6 (1) sentence 1 lit. a GDPR. You are able to revoke your consent at any time and with effect for the future by dissolving the connection to Facebook, Art. 7 sentence 3 GDPR.
i. We might disclose certain anonymous user data (such as information about check-ins and number of users who stored certain locations in their profiles) to third parties in order to further analyse use patterns of our users and help us classify content created by our users. The respective data disclosed to such third parties cannot be traced back by such third parties to a specific user. The legal basis for this processing of personal data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; we have a legitimate interest to analyse respective data as we use the results of such analysis to continuously improve our understanding of our user base and its preferences).
We might disclose your Personal Data where such disclosure is required by law. The legal basis for this processing of personal data is Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).
a. Object and purpose of the contract with travelloc are personalized location recommendations tailored to the needs of our users and based on mutual interaction between users and travelloc. Therefore, we analyse the data you provide and your interactions on travelloc to understand your personal interests and represent travelloc in accordance with the contract. The legal basis is therefore the contract with you, Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures). Users always have the ability to delete their profile by using the “delete profile” function in the app settings. We will delete the data related to the personalization when deleting your travelloc account.
b. The website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the website will normally be transmitted to and stored by Google on servers in the United States. Google will use this information on behalf of the operator of the website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services for the website operator relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use all functions of the website. You can also opt-out from the storage by Google of the data that is created by the cookie and is related to the use of the website (including your IP address) and the processing of such data by Google by downloading and installing the Google Analytics opt-out Browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=en. For further information on Google Analytics please refer to: http://www.google.com/analytics/terms/gb.html, https://support.google.com/analytics/answer/6004245?hl=en, http://www.google.de/intl/en-GB/policies/privacy/. To our best knowledge Google complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Google (and its wholly-owned US subsidiaries) has certified that it adheres to the relevant Privacy Shield Principles, including for Google Analytics. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.
c. We use the Firebase SDK of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Firebase”; Firebase is a subsidiary of Google, LLC) with regard to the app. Firebase SDK is a real-time database, which we are using for real-time data exchange and data storage. Firebase SDK also allows for analyzing anonymized behavioral data, in particular the tracking of active users and actions (e.g. check ins, shout outs etc.), as well as information about crashes, application distribution, application usage and adoption rates for specific app versions. Certain (anonymized) user data is sent to Firebase servers outside the EU. For further information regarding the Firebase SDK please refer to the Firebase privacy policy available over the following link: https://www.firebase.com/terms/privacy-policy.html.
d. travelloc also integrated functions of third-parties (so-called plug-ins). For the use of third-party plug-ins, the terms of use and privacy policy of the respective third-parties apply. Only if you actively and voluntarily use those functions, e.g. if you click on a plug-in, data about your respective usage can be retrieved from the respective third party via the plug-in. Legal basis is therefore your consent to the third party provider, Art. 6 (1) sentence 1 lit. a GDPR. The third-party provider also provided you with privacy information when registering for this portal, which contains information about the data processed and for which purposes when using the plug-in. We do not transmit any information that allows to directly determine you as a person. As far as we get data from the third-party provider, these information are only aggregated and leave no relation to an you as an individual. According to Art. 7 (3) GDPR, you have the right at any time to withdraw your consent with effect for the future. Simply click on the plug-in to deactivate the respective function. Which data is stored in the respective third party portal and whether these data should also be deleted there must be set or changed in the respective third party-party settings.
e. In general, the legal basis for the processing of the data described in the sections a – b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests is that we use and analyse the respective data (i) to personalize your user experience, (ii) to recognize user patterns in order to protect the app, (iii) to improve our services and (iv) to provide you with certain features of the services (without us using such data some of the functionalities of the services).
travelloc is also active on other (third party) platforms such as social networks (e.g., Facebook Fanpage) (“third party platforms”). However, we do not operate these third party platforms and can only use them within the framework offered by the respective operator and under acceptance of the usage and data protection conditions applicable. More about the privacy conditions of the third party platforms can be found here:
Depending on which data processing you have agreed with the third party platform operator, the purpose of the third party platform is that we receive certain information about you in your interaction with us in the context of the platform (e.g. being a fan of our Facebook page or following our Instagram accounts). Legal basis is your contract with the third party platform operator, Art. 6 (1) sentence 1 lit. b GDPR or your consent to a voluntary transfer of data to us, Art. 6 (1) sentence 1 lit. a GDPR. Your interaction with us on third party platforms is voluntary. If you also provide us with information there this either serves the fulfilment of the contract with us (Art. 6 (1) sentence 1 lit. b GDPR) or you give us your consent voluntarily, Art. 6 (1) sentence 1 lit. a GDPR. We also use the received information to analyse visits and response to our third party platform presence and, as a result, to improve it continuously. Legal basis is for this processing of data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR. However, we only use pseudonymous data and anonymous statistics generated from it.
Since our goal is to help you find location based on the recommendations of your friends and people you trust, the main sharing of users’ information is, of course, with other users. We also share some users’ information with service providers and partners who assist us in operating the services and, in some cases, legal authorities. Read on for more details about how your information is shared with others.
When using our app, your data may become known to other travelloc users according to the functionality of travelloc: For all registered users your username, profile picture, the accounts you follow and the places you saved to your profile will be visible. The legal basis here is the purpose of the contract pursuant to Art. 6(1) sentence 1 lit. b GDPR, as travelloc is based on the personal recommendations of other travelloc users. By changing the settings, you can exercise your right to revoke your consent at any time with effect for the future, Art. 7 (3) GDPR.
We do not transfer your personal data to third parties unless you expressly agree, prepare or fulfil a contract with the third party, or we are required by law to do so. If you use third party platforms (see above) in connection with travelloc (for example, via plug-ins) and in this context expressly agree to the transmission of data, the operators of these third party platforms will receive your data.
In order to be able to offer travelloc and the services described in this privacy policy, we process data internally. In addition, we have commissioned the following categories of instruction-bound service providers to become bound by our instructions in the context of order processing contracts pursuant to Art. 28 GDPR:
Sharing of information laid out in Section 6 sometimes involves cross-border data transfers, for instance to the United States of America and other jurisdictions. As an example, where the service allows for users to be located in the European Economic Area (“EEA”), their personal information is transferred to countries outside of the EEA. We use standard contract clauses approved by the European Commission or other suitable safeguard to permit data transfers from the EEA to other countries. Standard contractual clauses are commitments between companies transferring personal data, binding them to protect the privacy and security of your data.
You have the right to request information from us at any time about your Personal Data stored by us. If the legal requirements are met, you also have rights vis-à-vis us to request from us access to and rectification or erasure or restriction of processing concerning your Personal Data or to object to the processing of your Personal Data as well as the right to receive from us your Personal Data provided to us in a structured, established and machine-readable format (you can transfer this data to other parties or have it transferred; data portability).
If you have given your consent to the use of personal data, you can revoke such consent at any time with effect for the future, Art. 7 (3) GDPR.
If you believe that the processing of your Personal Data by us is in breach of the applicable data protection laws, you can issue a complaint with the competent supervisory authority for data protection.
You always have the opportunity to completely delete your travelloc account or individual details in your account after logging in. Otherwise the data for the registration will be deleted, if your travelloc account is deleted. If you have not actively used your travelloc account for more than 12 months, we will deactivate your account for 24 months. During this time your travelloc profile as well as your interactions on travelloc will be marked as anonymous or made invisible to other travelloc users. After 24 months of inactivity we anonymize the activities and delete your account. The legal basis for the processing of personal data described above (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
Please keep in mind that even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific timeframe due to technical constraints.
This policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.
We work hard to protect you from unauthorized access to or alteration, disclosure or destruction of your personal information. As with all technology companies, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information will always remain secure.
We have taken additional extensive security precautions relating to our Services and its use. However you should bear in mind that in spite of such security measures, submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our Services whilst it is in transit over the internet.
If you have questions about this Privacy Policy, here’s how you can reach us:
By e-mail: dataprotection@travelloc.com
By post:
travelloc GmbH
Isabellastraße 38
80796
Munich
Germany
© 2020 travelloc GmbH, All Rights Reserved.