+49 (0) 89 23 11 000
  • C
  • R
EN
DE HR
Privacy Policy Privacy Policy

Privacy Policy

With this privacy policy, we inform you about the processing of your personal data by us as well as your rights under the EU General Data Protection Regulation (GDPR).

If you provide us with personal data of other individuals (e.g., fellow travelers) as the travel registrant, you must ensure that they agree and that you are authorized to provide this data. You must also ensure that these individuals are aware of how their personal data is processed by us and what rights they have.

(Last updated on 24.02.2025)

1. Who is responsible for data processing, and whom can you contact?

The data controller responsible for processing is:

I.D. Riva Tours GmbH
Bahnhofstraße 101
D–82166 Gräfelfing
Phone: +49 89 23 11 00-0
Fax: +49 89 23 11 00-22
Email: info@idriva.de
www.kroatien-idriva.de

Jointly responsible:
The operation of our Facebook fan page constitutes a joint responsibility under Art. 26 GDPR.

We have no influence on the processing of data by the Facebook operator Meta. The responsibility for processing so-called Insights data and fulfilling related obligations under the GDPR is assumed by Meta. Further information can be found at:

https://www.facebook.com/legal/terms/page_controller_addendum

2. Contact details of the Data Protection Officer:

Attorney Frank Hütten
Noll | Hütten | Dukic Rechtsanwälte GbR
c/o I.D. Riva Tours GmbH
Bahnhofstraße 101
D–82166 Gräfelfing
Email: datenschutzbeauftragter@idriva.de
Phone: +49 89 23 11 00-0

Please do not contact the Data Protection Officer directly for exercising your rights (e.g., access, correction, restriction, or deletion of your personal data). Instead, contact the designated department mentioned above, which will process your request promptly.

3. What rights do you have?

Under the applicable legal conditions, you have the following rights:

  • Right of access (Art. 15 EU-GDPR)
  • Right to rectification (Art. 16 EU-GDPR)
  • Right to erasure (Art. 17 EU-GDPR)
  • Right to restriction of processing (Art. 18 EU-GDPR)
  • Right to data portability (Art. 20 EU-GDPR)

Furthermore, you have the right to object to the processing of your personal data based on Art. 6(1)(f) EU-GDPR at any time for reasons arising from your particular situation, including profiling based on these provisions (Art. 21(1) EU-GDPR). We will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights, and freedoms, or if processing serves to assert, exercise, or defend legal claims.

4. Purposes, Legal Basis, Types of Data, Recipients or Categories of Recipients

Processing Purposes, Legal Basis, Legitimate Interests

For initiating and performing a contractual obligation (e.g., travel booking) under Art. 6(1)(b) EU-GDPR, with optional data based on your consent under Art. 6(1)(a) EU-GDPR.

Data Required for Contract Conclusion (marked with *)

  • [First name, last name] of all travelers
  • [Address] of the travel registrant
  • [Email address] of the travel registrant
  • [Emergency contact number] of the travel registrant
  • [Age] of all travelers
  • [Date of birth] of all travelers
  • Family relations (e.g., children, spouse)
  • Physical characteristics [Gender] of all travelers
  • Travel details [Type of trip, price, destination, dates, duration, accommodation details, room type, flight details, transfer details, other services]
  • [Booking number]
  • Depending on payment method: Bank details [Credit card details (tokenized card number) or bank account details (IBAN, BIC)]

5. From whom do we receive your data?

We receive the data directly from you, e.g., as part of a travel booking or other order placement, from travel agencies, insurers, other service providers involved in the services we provide, or from the travel registrant.

6. Transfer to Third Countries

If no adequacy decision under Article 45(3) EU-GDPR exists, we transfer your data to recipients in a third country if necessary for:

  • Contract execution or pre-contractual measures upon your request
  • Fulfillment of a contract in your interest
  • Establishment, exercise, or defense of legal claims
  • Protection of vital interests if you are unable to consent
  • Your explicit consent

7. Storage Duration

Your data will be stored in accordance with legal retention periods (e.g., 3 years for legal claims, 6-10 years for financial records under tax and commercial law).

9. Automated Decision-Making?

We do not use fully automated decision-making (Art. 22 GDPR).

10. Data Profiling?

We analyze your travel booking behavior to tailor our marketing efforts accordingly.