Regarding the services travelloc GmbH, Isabellastrasse 38, 80796 Munich (“travelloc”, “we”, “us” or “our”) is the controller within the meaning of the General Data Protection Regulation (“GDPR”).
2. Information we collect, use and process
The main reason we use your information is to deliver and improve our services. Additionally, we use your info to help keep you safe and to provide you with advertising that may be of interest to you. Read on for a more detailed explanation of the various reasons we collect, use and process your information.
2.1. When visiting our homepage
b. If you visit the website your browser automatically transmits certain data so that it can access the website. Such so-called server-log files are your IP address, browser type, operating system, referrer URL (previously visited page), host name of the accessing computer, language and version of the browser software and the date and time of the server request. We process this data as without such data the website cannot be accessed. The legal basis for this processing is the pre-contractual relationship with you in accordance with Art. 6 (1) sentence 1 lit. b GDPR.
c. If you provide us with information by sending us an e-mail or on any another way then we will process your data in order to answer your respective requests. The legal basis for this processing of personal data is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need to process the respective data in order to being able to answer your requests).
d. On the website you also have the opportunity to subscribe to our free newsletter. The legal basis for processing the data is your consent according to Art. 6 (1) sentence 1 lit. a GDPR.
2.2. When using our app
a. In order to get access to and use the app you need to register as a user. By doing this, we collect personal information in order to create a user account that enables you to login to travelloc, store locations in your profile, recommend those locations to your followers, benefit from the recommendations of people and/or institutions you follow etc. The legal basis for the processing of this personal data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
b. If you register in the course of your professional or entrepreneurial activity and/or make use of fee-based services further details may be required for the contractual information so that we can meet the legal and especially tax requirements. The legal basis for the processing of this Personal Data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. c GDPR.
c. If you use your Facebook account to register with travelloc, we will also gain access to your public profile, friend list, date of birth and e-mail address. The connection to Facebook can be cancelled at any time without affecting the ability to use travelloc.
d. The full functionalities of the app are only accessible if you grant access to your mobile device’s geo location. When you use the app for the first time you will be asked by your device whether location data may be used. If you do not allow this or if you allow this but later deactivate this functionality in the settings of your mobile device, please note that the app or at least certain features and functionalities of the app might not work or might not be accessible. The legal basis for the processing of Personal Data described is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures) and Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interest is that we can only provide the app services with all its functionalities, if respective geo location data is processed). For the avoidance of doubt: we will not process your geo location data if you choose to not allow your device to share such data with regard to the app.
f. Regarding the app certain data transmitted by your mobile device is collected, namely your IP address, the operating system of your device (Android or iOS), the periods of time in which you use the app, and the type of device you use (e.g. iPhone, Samsung Galaxy), the date of the registration of your account. Such data is collected in order to be able to distinguish actual app users from bots, prevent abusive behaviour and block abusive content that is reported by other users. The legal basis for this processing of personal data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need a way to distinguish users from bots, prevent abusive behaviour and block abusive content when users report it).
h. In addition, you may voluntarily provide us with additional information. Voluntary information will be marked accordingly. This information as well as a link to Facebook and the release of further data from Facebook are based on your consent, Art. 6 (1) sentence 1 lit. a GDPR. You are able to revoke your consent at any time and with effect for the future by dissolving the connection to Facebook, Art. 7 sentence 3 GDPR.
i. We might disclose certain anonymous user data (such as information about check-ins and number of users who stored certain locations in their profiles) to third parties in order to further analyse use patterns of our users and help us classify content created by our users. The respective data disclosed to such third parties cannot be traced back by such third parties to a specific user. The legal basis for this processing of personal data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; we have a legitimate interest to analyse respective data as we use the results of such analysis to continuously improve our understanding of our user base and its preferences).
2.3. Concerning our services in general
We might disclose your Personal Data where such disclosure is required by law. The legal basis for this processing of personal data is Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).
3. Use of Analyzing, Advertising and Plug-Ins
a. Object and purpose of the contract with travelloc are personalized location recommendations tailored to the needs of our users and based on mutual interaction between users and travelloc. Therefore, we analyse the data you provide and your interactions on travelloc to understand your personal interests and represent travelloc in accordance with the contract. The legal basis is therefore the contract with you, Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures). Users always have the ability to delete their profile by using the “delete profile” function in the app settings. We will delete the data related to the personalization when deleting your travelloc account.
e. In general, the legal basis for the processing of the data described in the sections a – b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests is that we use and analyse the respective data (i) to personalize your user experience, (ii) to recognize user patterns in order to protect the app, (iii) to improve our services and (iv) to provide you with certain features of the services (without us using such data some of the functionalities of the services).
4. travelloc on third party platforms
travelloc is also active on other (third party) platforms such as social networks (e.g., Facebook Fanpage) (“third party platforms”). However, we do not operate these third party platforms and can only use them within the framework offered by the respective operator and under acceptance of the usage and data protection conditions applicable. More about the privacy conditions of the third party platforms can be found here:
- Facebook: http://www.facebook.com/about/privacy/your-info-on-other#applications
- Twitter: https://twitter.com/privacy
- Instagram: https://help.instagram.com/155833707900388
Depending on which data processing you have agreed with the third party platform operator, the purpose of the third party platform is that we receive certain information about you in your interaction with us in the context of the platform (e.g. being a fan of our Facebook page or following our Instagram accounts). Legal basis is your contract with the third party platform operator, Art. 6 (1) sentence 1 lit. b GDPR or your consent to a voluntary transfer of data to us, Art. 6 (1) sentence 1 lit. a GDPR. Your interaction with us on third party platforms is voluntary. If you also provide us with information there this either serves the fulfilment of the contract with us (Art. 6 (1) sentence 1 lit. b GDPR) or you give us your consent voluntarily, Art. 6 (1) sentence 1 lit. a GDPR. We also use the received information to analyse visits and response to our third party platform presence and, as a result, to improve it continuously. Legal basis is for this processing of data (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR. However, we only use pseudonymous data and anonymous statistics generated from it.
5. How and with whom we share information
Since our goal is to help you find location based on the recommendations of your friends and people you trust, the main sharing of users’ information is, of course, with other users. We also share some users’ information with service providers and partners who assist us in operating the services and, in some cases, legal authorities. Read on for more details about how your information is shared with others.
5.1. travelloc user
When using our app, your data may become known to other travelloc users according to the functionality of travelloc: For all registered users your username, profile picture, the accounts you follow and the places you saved to your profile will be visible. The legal basis here is the purpose of the contract pursuant to Art. 6(1) sentence 1 lit. b GDPR, as travelloc is based on the personal recommendations of other travelloc users. By changing the settings, you can exercise your right to revoke your consent at any time with effect for the future, Art. 7 (3) GDPR.
5.2. Third parties
We do not transfer your personal data to third parties unless you expressly agree, prepare or fulfil a contract with the third party, or we are required by law to do so. If you use third party platforms (see above) in connection with travelloc (for example, via plug-ins) and in this context expressly agree to the transmission of data, the operators of these third party platforms will receive your data.
5.3. Service provider
- Email Provider
- Provider to operate servers
- Provider for sending newsletters
- Provider for a Cookie Approval feature
6. Cross-Border Data Transfers
Sharing of information laid out in Section 6 sometimes involves cross-border data transfers, for instance to the United States of America and other jurisdictions. As an example, where the service allows for users to be located in the European Economic Area (“EEA”), their personal information is transferred to countries outside of the EEA. We use standard contract clauses approved by the European Commission or other suitable safeguard to permit data transfers from the EEA to other countries. Standard contractual clauses are commitments between companies transferring personal data, binding them to protect the privacy and security of your data.
7. Your rights according to GDPR
You have the right to request information from us at any time about your Personal Data stored by us. If the legal requirements are met, you also have rights vis-à-vis us to request from us access to and rectification or erasure or restriction of processing concerning your Personal Data or to object to the processing of your Personal Data as well as the right to receive from us your Personal Data provided to us in a structured, established and machine-readable format (you can transfer this data to other parties or have it transferred; data portability).
If you have given your consent to the use of personal data, you can revoke such consent at any time with effect for the future, Art. 7 (3) GDPR.
If you believe that the processing of your Personal Data by us is in breach of the applicable data protection laws, you can issue a complaint with the competent supervisory authority for data protection.
8. How long we retain your information
You always have the opportunity to completely delete your travelloc account or individual details in your account after logging in. Otherwise the data for the registration will be deleted, if your travelloc account is deleted. If you have not actively used your travelloc account for more than 12 months, we will deactivate your account for 24 months. During this time your travelloc profile as well as your interactions on travelloc will be marked as anonymous or made invisible to other travelloc users. After 24 months of inactivity we anonymize the activities and delete your account. The legal basis for the processing of personal data described above (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
Please keep in mind that even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific timeframe due to technical constraints.
This policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.
10. Keeping your personal data secure
We work hard to protect you from unauthorized access to or alteration, disclosure or destruction of your personal information. As with all technology companies, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information will always remain secure.
We have taken additional extensive security precautions relating to our Services and its use. However you should bear in mind that in spite of such security measures, submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our Services whilst it is in transit over the internet.
11. How to contact us
By e-mail: firstname.lastname@example.org