flagEnglish (US)(USD)
Back

Privacy policy

Privacy Policy

The following information concerns the processing of personal data in connection with the use of the mobile app (“app”) operated by weekengo GmbH and the website weekend.com (“website”) (together: “portals”). “Personal data” is any data that can be related to you personally, i.e. your name, address, email addresses, user behaviour.

1. Controller/Data Protection Officer

1.1 The controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is weekengo GmbH, Burghofstraße 40, 40223 Düsseldorf, Germany.

Legal representative: Tobias Boese

1.2 You can reach the contact person responsible for data protection at datenschutz@weekend.com or at the address specified under 1.1.

1.3 Should offers of other providers (“third-party offers”) be accessible from our portals, our Privacy Policy will not apply to such third-party offers. In such case, within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR), we are also not deemed the controller of the processing of your personal data by the other provider in the context of such third-party offers.

2. Your rights

2.1 You have the right to request information from us at any time in accordance with Art. 15 GDPR about the data we have stored about you. In addition, you are entitled to information about the other data listed in Art. 15 GDPR.

2.2 If you have given your consent to the use of data, you can revoke such consent for the future at any time. However, such revocation will not affect the legality of the processing carried out on the basis of the consent until it is revoked.

2.3 You also have the right to have incorrect personal data corrected in accordance with Art. 16 GDPR and to have your personal data deleted in accordance with Art. 17 GDPR.

2.4 You may restrict the processing of your personal data under the conditions set out in Art. 18 GDPR.

2.5 According to Art. 21 GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, insofar as you do so on the basis of Art. 6 (1) (e) or (f) GDPR (including profiling based on these provisions). In the event of such objection, we will no longer process this data unless we can prove that there are compelling grounds for processing that outweigh your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims.

2.6 In addition, you have the right to receive the personal data concerning you that you have provided to us, in a structured, common and machine-readable format. You also have the right, insofar as such is technically feasible, to have us transfer this data to another controller at your instruction. The right to the transfer of data applies only in the case of personal data for which processing is based on consent pursuant to Article 6 (1) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and processing is carried out using automated procedures. The right to transfer data to another controller is excluded if such would affect the rights and freedoms of other individuals (such as personal data of third parties, our business and company secrets or copyrights).

2.7 The rights mentioned in this section may be asserted by email to info@weekend.com or to the address specified under 1.1.

You are generally entitled to assert these rights free of charge. However, in the case of manifestly unfounded or — in particular, in the case of frequent repetition — excessive applications, we may, in accordance with Art. 12 (5) GDPR, either

a. require an appropriate fee taking into account the administrative costs of information or notification or implementation of the measure requested, or

b. refuse to act on the basis of the application.

3. Data security

We maintain up-to-date technical measures to ensure data security, in particular the protect your personal data against risks involved in data transfers and to prevent third parties from obtaining knowledge of your data. These technical measures are each adapted accordingly to reflect the current state of the art.

4. Type and scope of the processing of personal data

4.1 Informational use

We collect the following data when the portals are used for information purposes only, i.e. without login or registration:

  • IP address
  • Device identification (UDID)
  • Date and time of the query
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific webpage)
  • Access status/HTTP status code
  • Data quantity transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • User behaviour regarding the app and the website
  • GPS data, if applicable (if you have authorised GPS location determination).

This data is evaluated solely in order to ensure the trouble-free operation of the portals and to improve our offers. The basis for data processing is Art. 6 (1) lit. f) GDPR, since we have a legitimate interest in being able to provide you with a trouble-free, user-friendly offer that best meets your expectations and requirements. Without processing the minimum amount of information, we cannot transfer the page to your terminal and display it there.

The IP address can constitute personal data, since under certain conditions it is possible to find out the identity of the owner of the Internet access used by obtaining information from the respective Internet provider.

We evaluate the IP address in addition to the above-mentioned purposes in the event of attacks on our Internet infrastructure. In this case, we have a legitimate interest within the meaning of Art. 6 Par. 1 (f) GDPR in the processing of the IP address. This legitimate interest arises from the need to ward off the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take action against the responsible person under criminal and civil law, and to effectively prevent further attacks.

4.2 Registration

When we offer users the opportunity to register within the framework of our portals by providing personal data, the relevant data is entered into an input mask and transferred to us and stored. The data is only passed on to third parties in the cases specified in this policy. The data collected in the registration process can be seen in the input mask.

At the time of registration, the following data is also stored:

  • The user’s IP address

 

  • Date and time of the registration

 

We use the data provided by the user during registration for the following purposes:

  • Cross-platform favourites

 

  • Personalised offers

 

In the course of the registration process, the user’s consent to the processing of this data is obtained. The legal basis for the processing of data is Art. 6 (1) (a) GDPR if the user has given their consent.

The data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. This is the case for the data collected during the registration process if the user account created in this process is deleted, provided that there are no legal storage obligations or we are otherwise entitled to store such data.

As a user, you have the option of deleting at any time a user account you have created.

4.3 Use of our services via the portals

In the context of the use of our services via the portals, the processing of the following personal data is required. In such case, the personal data is processed in order to fulfil the contract; unless another legal basis is expressly specified, the processing is then permissible pursuant to Art. 6 (1) (b) GDPR.

a. Website

When our services are used via the website, we process the personal data listed under 4.1 as well as data that we receive from you in the context of our business relationship.

aa. Booking on third-party websites      

If we do not arrange a travel service ourselves, but only refer customers to booking websites operated by third parties, the data required for booking is collected directly by the third-party provider.

In order to bill the third-party providers for the fee to which we are entitled and for the purpose of fraud prevention, we send them your customer ID. This data is used solely for the aforementioned purposes, and it is deleted immediately as soon as a storage for the aformentioned purposes is no longer necessary. Our legal basis for transmitting the customer ID is Article 6 (1) (f) of the EU General Data Protection Regulation (GDPR). Weekend.com has a legitimate interest in being able to trace whether a booking has been made with a third party on the basis of agency services provided via our portals, as such constitutes our basis for billing the third-party providers.

We do not otherwise process any personal data beyond the purposes stated in section 4.1 in such a case.

If you are redirected from our website to the website of the providers of the travel services, the data processing carried out by such providers is governed by their respective privacy policy. You will find these on the websites of the providers.

bb. Travel agency services provided by weekend.com

Insofar as we promote the sale of travel services ourselves, we process your data for booking and billing the relevant service (accommodation, transport, etc.), for managing your contractual relationship with us, for managing your relationship with the service providers and for the relevant communication in connection with your booking as well as for responding to your enquiries, complaints and cancellations.

In order to carry out your travel booking, we send the relevant travel booking data to the relevant service provider of the desired travel service, such as airlines, hotels and transport companies. Depending on your travel booking and the provider, this may include information such as your name, contact details, payment details (including credit card details), ID information, insurance details, special requests or other information in connection with the travel booking as well as the names of the guests travelling with you. The exact information can be found in the input mask.

In the event of disputes relating to travel bookings, we may provide the tour operator with data on the travel booking process as required to resolve any disagreements. This may include a copy of your booking confirmation, which serves as proof of the actual conclusion of a travel booking.

Our legal basis for the aforementioned processing of data is Article 6 (1) (b) GDPR, as the transmission of data serves to fulfil a contract.

We transmit special categories of personal data as defined by Article 9 (1) GDPR – such as relevant medical data, as well as any special dietary wishes or other requirements for religious reasons and reasons of physical impairment – only if you have given us your consent, to ensure that the subsequent data processing is permissible in accordance with Article 9 (2) (a) GDPR.

We use service providers to process your personal data on our behalf. This can serve various purposes, such as verifying the email address you provide during the booking process. All third-party service providers are subject to confidentiality agreements; they are not entitled to process your personal data for purposes other than those which we have specified.

The transfer of personal data as described in this Privacy Policy may include the transfer of personal data to other countries whose data protection laws are not as comprehensive as those of the countries of the European Union or the European Economic Area. To the extent required by European law, we only transfer personal data to recipients who have an adequate level of data protection in place. In such cases, we will conclude contractual agreements to ensure that your personal data is protected in accordance with European regulations, where necessary. You can contact us to view a copy of such contractual agreements. Please use the contact details below.

 

b. App

When our services are used via the app, we process the following additional personal data in addition to the data mentioned in section 4.3.a to enable the functions of the app:

  • Device identification of the device used
  • IMEI (= International Mobile Equipment Identity) of the device used
  • Unique number of the network subscriber (IMSI = International Mobile Subscriber Identity)
  • Mobile phone number (MSISDN)
  • MAC address for WLAN use
  • Name of your smartphone
  • Email address, if applicable. In addition, other data — such as travel destinations, travel data and, optionally, your motivations and special preferences — must be provided for you to be able to use the search engine via the website or the app.

 

4.4 Further processing of personal data

In addition, further personal data is processed as described below.

a. You can download the app from the app store you use, which is operated by a third party. The data your app store provider requires for downloading is transferred to the app store, in particular user name, email address and, if applicable, the customer number of your account, the time of download, payment information and the individual device identification number. We have no influence over this collection of data, however, and we are not responsible for it. We process the data thus provided only as far as it is necessary for downloading the app onto your smartphone. Beyond that, we will not continue to store it. Since you initiate the downloading of the app, this data is processed based on your consent in accordance with Art. 6 (1) (b) GDPR.

b. For advertising purposes, we use so-called “advertising identifiers” (IDFA and AAID). These are non-permanent identification numbers that are assigned once for a specific device and are provided by the iOS or Android operating systems. The data collected by an “advertising identifier” is not linked with any other device-related information. We use these advertising identifiers to be able to provide you with personalised advertising and to evaluate your use. If you activate the option “No ad tracking” under “Advertising” in your smartphone’s settings under “Data protection”, we can only perform the following actions: measuring your interaction with banners by counting the number of times a banner is shown without being clicked on (“frequency capping”), click-through rate, determining unique use (“unique user”) and security measures, combating fraud and troubleshooting. You can delete the advertising identifier in your device’s settings at any time (“Reset ad ID”); a new advertising identifier will then be created that will not be combined with the data previously collected. Please note that you may not be able to use all the functions of our app if you limit the use of the advertising identifier.

c. In addition, we process your data insofar as such is necessary to safeguard our legitimate interests or those of third parties as described below and unless a case-by-case assessment shows that your legitimate fundamental rights and freedoms, requiring the protection of personal data, predominate (cf. Art. 6 (1) (f) GDPR):

  • Review and optimisation of procedures for needs analysis and direct customer approach;
  • Advertising or market and opinion research, as long as you have not objected to the use of your data or have given a legally required consent;
  • Assertion of legal claims and defence in legal disputes;
  • Ensuring IT security and IT operation;
  • Prevention and investigation of criminal offences;
  • Measures for business management and for the further development of services and products.

4.5. Newsletter/product information

If you have consented to receive information about our products and services by email or other electronic messages (such as email newsletters, push messages, etc.), your email address and, if applicable, your mobile phone number will be stored and used for the purpose of sending advertising for travel offers until you unsubscribe from the corresponding newsletter or notification service or otherwise revoke your consent.

a. Newsletter

If you register for our newsletter, we will store your email address until you unsubscribe from the newsletter, which is possible at any time. Your email address is stored for the sole purpose of enabling us to send you the newsletter. Furthermore, when you register and confirm your registration by means of the double opt-in procedure, we will store your IP addresses and the times to be able to prove that you have given your consent in case of doubt and to prevent misuse of your personal data.

The only mandatory information for us to send the newsletter is your email address. The indication of further, separately marked information is voluntary; such data will be used solely for the purpose of personalising the newsletter. This data will also deleted in full if you revoke your consent.

The legal basis for the processing of the data after the user registers for the newsletter is Art. 6 (1) (a) GDPR.

If you purchase goods or services on our website or in our app and provide your email address, we can subsequently use the address for sending you an email newsletter, provided that the requirements of § 7 (3) of the Act against Unfair Competition (UWG) are met. In such a case, the newsletter will only be used to send direct advertising for our own, similar goods or services. The legal basis in this case is Art. 6 (1) (f) GDPR.

You are entitled to revoke your consent to receiving the newsletter, at any time. You can declare your revocation by clicking on the link provided in each newsletter email, by an email to info@weekend.com or by sending a message to the contact details indicated in the Legal Notice. The data you provide will not be passed on to third parties.

The newsletter is sent out via a newsletter delivery platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter “MailChimp”) as a processor commissioned by us. The data described above, collected for the purpose of sending newsletters, is stored on the servers of MailChimp in the US. MailChimp uses this information for sending and evaluating the newsletters on our account. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, for example to technically optimise the sending process and the presentation of the newsletter or for economic purposes, in order to determine the countries the recipients are from. However, MailChimp does not use the data of our newsletter recipients in order to write to them or pass their data on to third parties.

MailChimp is certified under the US-EU “Privacy Shield” data protection agreement and is thus committed to compliance with EU data protection regulations. What is more, we have concluded a data processing agreement with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process such data on our account in accordance with its data protection regulations and in particular not to pass it on to third parties. The contract is available for inspection.

The data protection regulations of MailChimp are available here:

https://mailchimp.com/legal/privacy/.

b. Push messages

In order to send messages with information about our products and services to your mobile device, weekend.com uses OneSignal technology if you have consented to receive such messages.

However, you will only receive push messages if you do not disable them for the app or browser. The push messages can be deactivated and reactivated in the settings at any time.

If push messages are activated, OneSignal receives information — when the app or website is accessed — about the installed app and its usage, the temporary unique device ID (such as IDFA and Android ID) and, linked to this, the current location. It is not possible to draw conclusions about the user’s person from the unique allocation of the device; it is a non-personal ID.

The data required for the delivery of push messages is processed based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

For more information on privacy from the third-party provider, please visit:

https://onesignal.com/privacy_policy.

 

5. Cookies

Furthermore, cookies are stored on your device when you use the portals. Cookies are small text files that are assigned to the browser you use and stored on your device. They allow certain information to be sent to the location placing the cookie (in this case, weekend.com). Cookies cannot run programs or pass on viruses to your computer. They serve to make the offering altogether more user-friendly and more effective.

If you have a user account with us, we use cookies to identify you for subsequent visits so that you do not have to log in again for each visit.

The portals use cookies to the following extent:

– Transient cookies (temporary use)

– Persistent cookies (use limited in time)

– Third-party cookies (provided by third-party providers)

Transient cookies are deleted automatically when you close the browser. These include in particular “session cookies”. Session cookies store a “session ID” that is used to allocate various queries of your browser to the joint session. They allow your computer to be recognised when you return to the website. Such a cookie, for example, can store the content of your shopping basket or a login jam. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified duration, which can vary depending on the cookie. They are also saved after the browser is closed; the login status can thus be stored if you visit the portals after several days. Likewise, such a cookie can be used to store your interests as a user that are used for measuring reach or for marketing purposes. You can delete the cookies in the security settings of your browser at any time.

“Third-party cookies” are cookies that are offered by providers other than the controller.

You can configure your browser settings however you prefer and, for example, refuse to accept third-party cookies or any cookies. If you do so, however, please note that you may not be able to use all the functions of the website. For you to be able to use all the functions, it is necessary for us to recognise your browser also after you move to another webpage.

The information we store this way is stored separately from any further data you may have provided to us. In particular, the data of the cookies is not linked with your other data. The user data collected by technically necessary cookies are not used to create user profiles. We require cookies for the following applications:

(1)       Favourites

(2)       Transfer of country settings

(3)       Remembering search settings such as airports of departure and time periods

We want to offer our users modern, user-friendly portals that automatically adapt to their wishes and needs. For this purpose, we use technical cookies to be able to show you our website and to ensure that it works properly. Technical cookies are also used to create the user account, for login and to manage your bookings. These are absolutely necessary for our website to work properly. The use of such cookies is therefore justified in accordance with Art. 6 (1) (f) GDPR.

We also use functional cookies to store your preferences and to make our portals as efficient and user friendly as possible. When you use the portals, we use these cookies to store your preferred departure airports and destinations, as well as your search queries and the travel providers you have previously viewed. We may also use cookies to store your login information so that you do not have to re-enter your login information each time you visit our website. Passwords, however, are always encrypted. Such functional cookies are not absolutely necessary for our website to work properly. However, they improve user-friendliness and ensure that your visit to our portals is as pleasant as possible. The use of such cookies is likewise justified in accordance with Art. 6 (1) (f) GDPR.

Analysis cookies are used to improve the quality of our website and its content. The analysis cookies enable us to learn how the website is used and thus to continuously optimise our offer. The legal basis for the processing of personal data using cookies for analytical purposes, if you as a user have given your consent in this regard, is Art. 6 (1) (a) GDPR.

In addition to our own cookies, we use third-party cookies to display personalised advertising on our websites and other websites. This process is called “retargeting”. It is based on your activity on our website, such as the destinations you are looking for, the accommodation options you have looked at and the prices displayed. In this case as well, the data is only processed on the basis of your consent, in accordance with Art. 6 (1) (a) GDPR.

As a user, you can control the extent to which cookies are used in the settings of your Internet browser by restricting or completely deactivating the transfer of cookies. Cookies that have already been stored can be deleted subsequently at any time. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find such settings for the respective browsers using the following links:

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/kb/PH21411?locale=de_DE&viewlocale=en_US

Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Opera: http://help.opera.com/Windows/10.20/en/cookies.html

If the use of cookies is restricted or completely blocked, parts of our portals may become unusable.

6. Third-party modules and analysis tools

6.1 Use of Google Analytics

The website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This service is used on the basis of Art. 6 (1) sentence 1 (f) GDPR, on account of our legitimate interest in evaluating the type and scope of use of our website and in making our services more demand oriented. Google Analytics uses so-called cookies, which are text files placed on your computer to help us analyse your use of the website. The information generated by the cookie about your use of this website, such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the website visited beforehand),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

is usually transferred to a Google server in the United States and stored there. On the website, we have extended Google Analytics by adding the code “anonymizeIP”. This guarantees that your IP address will be abbreviated by Google before being transmitted to the United States within the European Union or in other contracting states of the Agreement on the European Economic Area and will thus made anonymous. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and be abbreviated there. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website usage and Internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by making the appropriate settings in your browser software; please note that in this case you may not be able to use all the functions of this Website to the full extent.

You can, however, prevent Google from collecting the information generated by the cookie and related to your use of the website (including your IP address) and from processing this data, by downloading and installing the browser plugin provided by this link: https://tools.google.com/dlpage/gaoptout?%20hl=de.3

We will continue to use Google Analytics to evaluate data from double-click cookies and also AdWords for statistical purposes. If you wish to prevent us from doing so, you can disable the use by way of the Ads Preferences Manager (http://adssettings.google.com).

Doubleclick by Google is another service provided by Google. Doubleclick by Google uses cookies to present you with advertisements that are relevant for you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been accessed. The use of DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet.

The information generated by the cookies is transferred by Google to a server in the United States for analysis and is stored there. Google will only transfer the data to third parties due to legal regulations or within the scope of commissioned processing. Under no circumstances will Google match your data with other data collected by Google.

You can prevent Google from collecting the data generated by the cookies and relating to your use of the website, and from processing this data, by downloading and installing the browser plug-in available under “DoubleClick deactivation extension”: https://www.google.com/settings/ads/onweb/

We use Google AdWords to advertise this website in Google search results and on third-party websites. For this purpose, the so-called “remarketing cookie” from Google is set when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the websites you have visited. This is carried out solely on the basis of your consent in accordance with Art. 6 (1) sentence 1 (a) GDPR. Once we have ended our use of Google AdWords remarketing, the data collected in this context will be deleted. You can also revoke your consent at any time with effect for the future.

Any additional processing will only take place if you have agreed to allow Google to link your web and app browsing history to your Google Account and to allow information from your Google Account to be used to personalise ads you see on the web. If you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To this end, Google will temporarily link your personal data with Google Analytics data to form target groups.

Google AdWords remarketing is an offer of Google LLC (www.google.de). Google LLC has its head office in the United States and is certified under the EU-US Privacy Shield. As a result of this agreement between the United States and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

You can disable the remarketing cookie via the link:

(http://adssettings.google.com).

In addition, you can also contact the Digital Advertising Alliance to find out how cookies are placed and how to make the relevant settings.

6.2 Use of Google Tag Manager

weekend.com uses Google Tag Manager, a Google application, to manage tags on our portals.

Tags are small code elements that serve, for example, to measure traffic and visitor behaviour, to capture the impact of online advertising and social media channels, to optimise remarketing and the focus on target groups as well as to facilitate the testing and optimising of the website and the app.

Google Tag Manager serves to implement and manage website tags. The tags set up via the Google Tag Manager serve to collect data that is passed on to the respective target system. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn collect data if necessary. Google Tag Manager does not access this data, however. As the data is only passed through, the system does not itself collect or store the data obtained. The individual tools addressed by the tags are deactivated via the respective tool itself. If there has been a deactivation of the tools at a domain or cookie level, the deactivation will remain in place for all tracking tags that are implemented with Google Tag Manager.

6.3 Use of Appsflyer

This app uses technologies provided by AppsFlyer Ltd. (https:/www.appsflyer.com) to collect and store data for marketing and optimisation purposes. This data can be used to create pseudonymous use profiles.

AppsFlyer is certified under the US-EU Privacy Shield data protection agreement and is thus obligated to comply with a data protection level comparable to the EU data protection requirements.

The information generated by AppsFlyer about the use of the app is usually transferred to a server outside Germany and stored there. In the code of the app, we have activated IP anonymisation to ensure that users’ IP address is abbreviated before it is stored by AppsFlyer Ltd. On our behalf, Google and AppsFlyer Ltd. use the information to evaluate the use of the app, to compile reports on the activities in the app and to provide us with other services related to the use of the app and the Internet. In the privacy settings of the app, you can determine whether or not Google Analytics or AppsFlyer is allowed to collect, process or use your data. You can also send an email to privacy@appsflyer.com if you do not want to allow AppsFlyer.

Unless the data subject grants their consent separately, the data collected with the technologies will not be used to identify the user of the app personally nor will it be merged with personal data about the holder of the pseudonym. The use is based on Art. 6 (1) sentence 1 (f) GDPR on the basis of our legitimate interest in analysing user behaviour in order to optimise our offer.

Information provided by the third-party provider: AppsFlyer Ltd., 111 New Montgomery St., San Francisco, CA 94105, USA;

https://www.appsflyer.com/privacy-policy/

6.4 Use of Amplitude

weekend.com uses the web analytics service “Amplitude”, provided by Amplitude Inc., to evaluate user access to the weekend.com website and the weekend.com app.

Unless the data subject grants their consent separately, the data collected with the technologies will not be used to identify the user personally nor will it be merged with personal data about the holder of the pseudonym. The information collected will be stored on a server in the United States.

The use is based on Art. 6 (1) sentence 1 (f) GDPR on the basis of our legitimate interest in analysing user behaviour in order to optimise our offer.

Information provided by the third-party provider: Amplitude Inc., 501 2nd Street, Suite 100, San Francisco, CA 94107, USA; https://www.amplitude.com/privacy.

6.5 Use of Crashlytics

weekend.com uses the web analytics tool “Crashlytics” from Google LLC on its portals. The weekend.com app automatically sends error messages in the event that the app crashes or has errors. These error reports send to the tool information about the type and version of the device, the version of the app that is installed, the time the error occurred, the feature used, the status of the application when the error occurred as well as other technical information. We only use the tool on an anonymised basis. This information does not include the IP address, personally identifiable information or any other data from the mobile device.

weekend.com receives an evaluation of the error messages from Google. You have the option, at any time, to disable the logging of the error reports in accordance with this section by deactivating this option in the weekend.com app under Settings.

For more information on privacy from the third-party provider, please visit:

https://try.crashlytics.com/terms/privacy-policy.pdf

6.6 Use of Firebase

weekend.com uses the Firebase database to manage user accounts. This is a real-time database, designed to embed real-time information into the website and app. It also serves to send you emails for password resetting. In addition, information is collected for analysing the use of our offer. The user data is transferred to Firebase solely on an anonymised basis.

Firebase is a subsidiary of Google LLC based in San Francisco (CA), USA. For more information on privacy from the third-party provider, please visit:

https://www.firebase.com/terms/privacy-policy.html.

6.7 Use of Facebook Pixel

The website uses the visitor activity pixel provided by Facebook, Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) for conversion measurement.

Facebook is certified under the Privacy Shield agreement and thus guarantees a data protection level comparable to European data protection law:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Facebook Pixel can be used to track the behaviour of website visitors after they are redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for weekend.com; we cannot draw conclusions about the users’ identity. However, the data is stored and processed by Facebook to enable a connection to the respective user profile and allow Facebook to use the data for its own advertising purposes in accordance with Facebook’s data usage guidelines. Facebook can then place ads both on Facebook pages and outside of Facebook. We as the website operator cannot influence this use of the data.

Please see Facebook’s privacy policy for more information on how your privacy is protected: https://www.facebook.com/about/privacy/.

You can also disable the remarketing feature “Custom Audiences” in the “Ad Settings” section at:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

You must be logged in to Facebook in order to do so.

If you do not have a Facebook account, you can disable Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

6.8 Use of Facebook SDK

The app also features the integration of the Facebook Software Development Kit (SDK). The Facebook SDK is made available by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”).

This software allows us to track which social network advertising campaign is prompting Facebook users to download our apps. To this end, we send pseudonymous data to Facebook: the app ID, the app version and the information that the app has been started. We do not send any other data to Facebook.

The advertising ID provided by the operating system of the device serves as the pseudonym.

The advertising ID is not used to optimise advertising, however, but is discarded by Facebook: weekend.com generally prevents Facebook’s use of the advertising ID for optimised advertising purposes. The individual user thus cannot be exactly determined at any given time. Information about the identity of the user is therefore not known to weekend.com, even if the share functionalities are used.

For more information about the Facebook SDK for iOS, please visit:

https://developers.facebook.com/docs/ios.

For Android:

https://developers.facebook.com/docs/android.

6.9 Use of Google AdWords conversion tracking

weekend.com uses the online advertising program “Google AdWords” on the website and, in the context of Google AdWords, the conversion tracking tool. Google conversion tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

If you access the website via an ad placed by Google, Google AdWords sets a cookie on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Google and weekend.com can see that you have clicked on the ad and were redirected to such page. However, they do not receive any information that would allow them to personally identify users.

If you do not wish to participate in the tracking, you can object to such use by preventing the installation of cookies, making the corresponding settings in your browser software (deactivation option). You will then not be included in the conversion tracking statistics.

“Conversion cookies” are stored on the basis of Art. 6 (1) (f) GDPR. weekend.com has a legitimate interest in analysing user behaviour in order to optimise both the website and the advertising.

For further information and Google’s privacy policy, please visit:

http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/

7. Receivers of the data

7.1 Within the scope of the purposes mentioned above in sections 4 to 6 and also sections 8 and 9, we send your personal data to the following categories of recipients:

  • If you book with a third-party provider, they will receive the customer ID which we have created for you.
  • When you book using weekend.com, we transfer your data to the tour operator, payment service provider and service provider in order to verify the data you provide.

7.2 If your data is processed at our instigation, it will not normally be processed in countries outside the European Economic Area (EEA) unless the third-party providers mentioned in this Data Privacy Statement or other bodies that have their registered office outside the EEA are concerned. This applies in particular to Facebook social plug-ins and Google measurement and analysis methods (such as Google Analytics).

Insofar as Facebook and Google process the transmitted data in the United States, both providers are certified according to the EU-U.S. Privacy Shield. The EU-U.S. Privacy Shield grants you certain rights in the event that your personal data is transmitted from the European Union to a Privacy Shield-certified U.S. company, in particular the right to information, the right to object to data processing if necessary, the right to access, the right to rectification of inaccurate data, the right to erasure if necessary, the right to make use of complaint/redress procedures and the right to submit an application to appeal to the “Ombudsperson”. For more information about the EU-U.S. Privacy Shield and a list of the certified companies, please visit www.privacyshield.gov.

In addition, data is transferred if such is necessary for the purposes of contract fulfilment and execution (for example, to airlines, hotels, etc.).

8. Login with Facebook

You can register with us and log in through your Facebook account. When you register on Facebook, Facebook will request your consent to the release of certain data on your Facebook account to weekend.com. Such data includes your first name, last name and your email address to verify your identity and your gender, along with the general location, a link to your Facebook profile, your time zone, your date of birth, your profile picture, your “Like” information and your friends list.

This data is collected by Facebook and sent to us in compliance with the provisions of the Facebook Data Policy. You can the control the information that we receive from Facebook by changing the privacy settings on your Facebook account.

If you register with us through Facebook, your weekend.com account will automatically be associated with your Facebook account, and you can share information about your activities on weekend.com and publish it in your Timeline and News Feed for friends.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You will find information regarding the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and your options for making settings to protect your privacy, in the Facebook privacy policy: http://www.facebook.com/policy.php

9. Login with Google+

You can register and log in using your Google+ account. If you register through Google+, Google will request your consent for the release of certain data from your Google+ account to weekend.com. This includes your first name, last name and your email address for verifying your identity and your gender, as well as a link to your Google+ profile, your profile picture and your friends list. This data is collected by Google and sent to us in compliance with the provisions of the Google privacy policy.

If you register with weekend.com using Google+, information about your activities will be visible on Google for everyone in your Google+ groups if you release this information accordingly on weekend.com, and it will be shared with Google in accordance with the Google Terms of Use and the Google Privacy Policy. For more information about managing activities shared in your Google+ account, visit the Google support page:

http://www.google.com/intl/de/+/policy/+1button.html. On the Google+ app settings page, you can specify which people in your Google+ circles can see your weekend.com activities.

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

10. Obligation to provide data

You are under no obligation whatsoever to provide your personal data. However, if you do not provide us with the data that is deemed absolutely necessary for certain services or functions in this Privacy Policy, you will not be able to use the relevant service or function.

11. Right to complain

If you are of the opinion that we are not properly complying with our data protection obligations, you can contact the data protection supervisory authorities at any time. You can contact our data protection officer as follows:

State Commissioner for Data Protection and Freedom of Information

North Rhine-Westphalia

Postfach 20 04 44

40102 Düsseldorf

Tel.: 0211/38424-0

Fax: 0211/38424-10

Email: poststelle@ldi.nrw.de

12. Update of this Privacy Policy

From time to time it may be necessary to update this Privacy Policy, for example due to new legal or official requirements and new offers on our website. We will then inform you accordingly on this site. In general, we recommend that you regularly access this Privacy Policy to check whether there have been any changes in this regard. You will be able to see if any changes have been made by checking the “Last updated” information at the bottom of this document.

13. Printout and storage of this Privacy Policy

You can directly print out and store this Privacy Policy, for example by using the print and/or save function in your browser.

Last updated: August 2018