Data Protection: Disclaimer - legal information
A warm welcome to nicko cruises Schiffsreisen GmbH and to our webpages, particularly www.nicko-cruises.de
We are delighted that you are interested in our offerings. Protecting your privacy and your personal data is very important to us. Your data is therefore collected and used in compliance at all times with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG). We – as the controller for data processing – will inform you below about what data we collect and how we process it.
1. Personal data
Personal data within the meaning of the GDPR is all information that relates to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data is stored only if it is required to provide the booked service, to comply with legal provisions, or for the purpose stated below.
2. Anonymised data/log files
You can visit our website without this requiring the collection of personal data. Each time you visit our website, nonetheless, specific anonymised data is stored, e.g. what page or offering has been accessed. This data does not relate to a person, however, and does not fall under the legal regulations of the GDPR or the BDSG. The website operator or the site provider collects data relating to site access and stores this as ‘server log files’. The following data is recorded in such a way: website visited, time of access, quantity of data sent in bytes, source/reference from which you gained access to the site, browser used, operating system used, IP address used. The collected data is used only for statistical evaluations and to improve the website. The website operator reserves the right to subsequently review server log files, however, should specific indications suggest unlawful use. Anonymous data is collected solely for statistical evaluation to improve our services. Please note the point ‘Right of access/right of withdrawal’ in this regard.
3. Purpose of collecting personal data
The collection of personal data does become imperative if you book a trip or other services through our portal, contact us, subscribe to our newsletter or want to use other services on our site, the processing of which services requires personal data. This also includes the purchase of vouchers and taking part in competitions.
In compliance with the legal regulations and in the interest of data minimisation, data is generally collected only if it is required to provide this service. If we ask you to provide further information in our forms, doing so is always voluntary and is indicated as such. To allow the website to be displayed on the user’s machine, the system must temporarily save the IP address. To do so, the user’s IP address must be saved for the duration of the session. The storage in log files, furthermore, guarantees the functionality of the website. Data is also used to optimise the website and to guarantee the security of our IT systems. Data is not evaluated for marketing purposes in this regard. Our legitimate interest in data processing is also based on these purposes, pursuant to Article 6(1)(f) of the GDPR.
If a trip or other service is booked, the data collected is used to process this booking in compliance with the legal provisions for marketing and statistical purposes. The legal basis for sending out newsletters as a result of the sale of goods or services is Section 7 Paragraph 3 of the German Act Against Unfair Competition (Unlauterer Wettbewerbs-Gesetz, UWG).
If you subscribe to our newsletter, we also store and use the data you provide about yourself and your trip when booking on the basis of Article 6(1)(f) of the GDPR, to be able to best assist you as a newsletter subscriber.
The legal basis for processing data after subscribing to the newsletter as a user is the existence of the user’s consent under Article 6(1)(a) of the GDPR.
We also use the personal data we store to maintain customer relationships, assist customers (e.g. information regarding the expiry of your stay), for our advertising and marketing (e.g. sending catalogues, other direct mail to the extent permitted by law, questions regarding customer satisfaction) and for order processing.
4. Legal basis for processing personal data
If we obtain consent from the data subject for personal data processing, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as legal basis. If we process personal data that is required to fulfil a contract where the data subject is the contracting party, Article 6(1)(b) of the GDPR serves as a legal basis. This also applies to processing required to carry out pre-contractual measures. If personal data must be processed to meet a legal obligation that applies to our company, Article 6(1)(c) of the GDPR serves as a legal basis. If interests essential for the life of the data subject or another natural person make personal data processing necessary, Article 6(1)(d) of the GDPR serves as the legal basis for this. If processing is required to safeguard a legitimate interest of our company or that of a third party, and the interests, fundamental rights and freedoms of the data subject do not outweigh those of the former, Article 6(1)(f) of the GDPR serves as a legal basis for the processing.
5. Sharing personal data with third parties
Your personal data is shared solely within the scope of applicable regulations, with particular reference to those of data protection and competition law. If this is required to provide the contractual service or is based on legal obligations, your data is also shared with sub-contractors or service providers to provide the service in our name or by order of us (e.g. technical processing of postal and e-mail correspondence, payment processing, customer service).
Data is also shared with people or companies to process your booking, with particular reference to airlines, tour operators, hotels, travel agents, car rental companies, cruise lines, authorities, etc. Please note that the data protection provisions applicable where such persons and companies reside may deviate from those applicable in Germany. Your data is also shared with and disclosed to third parties if we are obliged to do so by law or on the basis of a final and legally binding court decision. You have the right to request that you receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted to another controller without hindrance from the controller to which the personal data has been provided.
6. Storing and erasing data
Your personal data is stored within the scope of the purposes outlined under the point ‘Purpose of collecting personal data’. Data subjects’ personal data is erased or suppressed as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by European or national legislation in regulations, laws or other provisions under Union law which the controller is subject to. Legislation sets out a number of retention obligations and periods. Data is also suppressed or erased if a prescribed storage period expires due to the specified standards, unless there is a requirement for the data to continue to be stored to conclude or fulfil a contract.
7. Using cookies
The technical specifications stipulate that only the server that has sent the cookie can read it. We assure you that no personal data is stored in cookies.
Unfortunately, if cookies are not accepted our website can be used only under certain conditions. We therefore recommend that you permanently accept cookies for our website. Most web browsers are configured to accept cookies automatically. However, you can disable cookies from being saved and configure your web browser to notify you when cookies are sent.
The legal basis for processing personal data by using cookies is Article 6(1)(f) of the GDPR. The legal basis for processing personal data by using cookies for analytical purposes is given by the user’s consent, under Article 6(1)(a) of the GDPR.
8. Using Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (‘Google’). Google Analytics uses ‘cookies’, which are text files that are saved on your computer and that allow website use to be analysed. Information collected by the cookie about your use of this website (including your IP address) is generally sent to a Google server in the USA and saved there. Google uses this information to evaluate your use of the website, to compile reports about website activities for the website operator, and to provide other services that relate to website and Internet use. Google will also send this information to third parties if doing so is legally permissible or if third parties process this data by order of Google. Google will never link your IP address with other Google data. You can prevent cookies from being installed by changing your browser settings; please note that in this case, however, you may not be able to use all of this website’s functions to the full extent. By using the website you consent to the processing of data that relates to you being collected by Google in the above-mentioned manner for the specified purposes.
This website’s Google tracking codes use the ‘_anonymizeIp()’ function, meaning that IP addresses are truncated before further processing to eliminate direct links being made to a particular individual. You can object to data collection and storage at any time with future effect. You can also prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being captured and processed by Google by downloading and installing the browser plugin via the following link. The current link is http://tools.google.com/dlpage/gaoptout.
You can prevent collection by Google Analytics by clicking on the following link. This will place an opt-out cookie on your machine that will prevent your data from being collected when you visit this website in future: disable Google Analytics.
9. Using Google Fonts
10. Using Google Maps
11. Using Econda
Using solutions and technologies from econda GmbH (www.econda.de), anonymised data is collected and pseudonymous user profiles created based on this data for the needs-based design and optimisation of this website. For this purpose, cookies may be used that allow a web browser to be recognised again. User profiles are not merged with data relating to the owner of the pseudonym without the visitor’s explicit consent. In particular, IP addresses are made unrecognisable immediately after they are received. Visitors of this website can object to such data collection and storage at any time with future effect here
After objecting, an opt-out cookie will be stored on your end device. If you delete cookies, you must click on the link again.
12. Reviews through Trusted Shops
If you have given us your explicit consent to do so during or after placing an order, by clicking on the check box or the button (‘Rate later’) for this, we will send your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de) so that they can send you an e-mail reminder for you to review your order. This consent can be withdrawn at any time by sending a message to the contact details below, or by contacting Trusted Shops directly.
13. Facebook social plugins
Our website uses social plugins (‘plugins’) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). Plugins can be recognised by the Facebook logo (white ‘f’ on a blue tile or a ‘thumbs up’ symbol) or by a reference to ‘Facebook social plugin’. A list and the appearance of Facebook social plugins can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE
If you are a Facebook member and do not want Facebook to collect data about you via our website and to associate it with member data saved by Facebook, you must first sign out of Facebook before visiting our website. It is also possible to block Facebook social plugins using add-ons for your browser, for example the ‘Facebook Blocker’.
14. Facebook conversion pixel
This website uses ‘Facebook Pixel’ from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). This allows us to follow the behaviour of users once these have seen or clicked on a Facebook advertisement. This procedure allows us to evaluate the effectiveness of Facebook advertising for statistical and market research purposes and can contribute to optimising future advertising campaigns.
The data we collect is anonymous for us; we cannot therefore draw from it any conclusions about the identity of the users. The data is, however, saved and processed by Facebook, which enables a connection to the relevant user profile and allows Facebook to use the data for its own advertising purposes according to the Facebook data use guidelines (https://www.facebook.com/about/privacy/). The user can enable Facebook and its partners to place advertisements on and outside of Facebook. A cookie can also be saved on the computer for this purpose.
15. Using XING social plugins
16. Using LinkedIn social plugins
This website uses plugins from the social network LinkedIn, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (‘LinkedIn’). LinkedIn plugins can be recognised by the logo or the ‘Recommend’ button. Please note that, when visiting our website, plugins establish a link between your web browser and the LinkedIn server. LinkedIn is therefore notified that this website has been visited from your IP address. If you click on LinkedIn’s ‘Recommend’ button whilst you are signed into your LinkedIn account, you have the option of linking content from our website to your LinkedIn profile page on your LinkedIn profile. You are therefore allowing LinkedIn to associate your visit to our website with you or your user account. You must be aware that we have no knowledge of the data transmitted and how LinkedIn uses it.
You can find more information about the collection of data and your legal options and settings options from LinkedIn at http://www.linkedin.com/
17. Using Optimizely
This website uses Optimizely, a web analysis service from Optimizely, Inc. (‘Optimizely’). Optimizely uses ‘cookies’, which are text files that are saved on your computer and that allow website use to be analysed. Information collected by the cookie about your use of this website is generally sent to an Optimizely server in the USA and saved there.
However, if IP anonymisation is activated on this website, your IP address is truncated by Optimizely within the European Union Member States or in other signatory states to the Agreement on the European Economic Area before it is sent. A full IP address is sent to an Optimizely server in the USA and truncated there only in exceptional cases. By order of the operator of this website, Optimizely uses this information to evaluate your use of the website and to compile reports about website activities.
The IP address sent from your browser as part of Optimizely will not be merged with other Optimizely data. You can prevent cookies from being saved by changing your browser settings; please note that in this case, however, you may not be able to use all of this website’s functions properly. You can also disable Optimizely tracking at any time (thus preventing the data generated by the cookie relating to your use of the website – including your IP address – from being captured and processed by Optimizely) by following the instructions on http://www.optimizely.com/opt_out
You can disable tracking by Optimizely at any time by clicking on this link.
18. Security, questions and suggestions, controller
Security is also dependent on your system. You should always treat your login details confidentially, never let your web browser save passwords, and close the browser window when you have finished your visit to our website. This makes it more difficult for third parties to access your personal data.
Use an operating system that can manage user permissions. Also set up several users on your system for the family, and never use the Internet with administrator permissions. Use security software such as virus scanners and firewalls and make sure your system is always up-to-date.
The controller for this website within the meaning of the General Data Protection Regulation and other national data protection laws of Member States and other provisions under data protection law is:
nicko cruises Schiffsreisen GmbH
Mittlerer Pfad 2
70499 Stuttgart, Germany
Telephone: +49 (0) 711 24 89 80 44
Fax: +49 (0) 711 24 89 80 77
Data protection officer:
Noll & Hütten Rechtsanwälte
Lawyer Frank Hütten
nicko cruises Schiffsreisen GmbH
Mittlerer Pfad 2
70499 Stuttgart, Germany
19. Right of access/right of revocation; other data subject rights
You have the right:
under Article 15 of the GDPR, to request information about your personal data that is processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom the data has been or is being disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was collected by us, and the existence of automated decision-making including profiling and meaningful information about the details of this, where applicable;
Under Article 16 of the GDPR, to request that incorrect or incomplete personal data stored by us is immediately rectified;
Under Article 17 of the GDPR, to request that your personal data stored by us is erased, provided that processing is not required to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons in the public interest, or to assert, exercise or defend legal claims;
Under Article 18 of the GDPR, to request that the processing of your personal data is restricted, if the accuracy of the data is disputed by you or processing is unlawful, and you have objected to such data being erased and we no longer require the data, but you require it to assert, exercise or defend legal claims, or if, pursuant to Article 21, you have objected to processing;
Under Article 20 of the GDPR, to request that you receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format, or that it be transmitted to another controller; and
Under Article 7(3) of the GDPR, to withdraw at any time the consent you have previously given. This results in us no longer being able to process data on which this consent is based in the future; and
Under Article 77 of the GDPR, to lodge a complaint with a supervisory authority. You can generally contact the supervisory authorities in your usual place of residence, place of work, or where our registered office is based.
These rights are of course free of charge. To withdraw your consent to the use of data, and to apply for access or rectification, suppression or erasure, or to exercise further data subject rights, please contact:
nicko cruises Schiffsreisen GmbH
Mittlerer Pfad 2
70499 Stuttgart, Germany
Telephone: +49 711 24 89 80 44
Fax: +49 711 24 89 80 77
20. Unsubscribing from newsletters
If you no longer want to receive our newsletter or advertising e-mails, click on the ‘Unsubscribe from newsletters’ link, which you can find at the end of all of the e-mails we send.