Privacy Policy

Privacy Policy according to the DGPR

CRUISE ADVANCE GMBH

 

I Background

The following privacy policy describes the principles and measures of Cruise Advance GmbH (hereinafter also referred to as the person responsible) for the privacy of interested parties, customers, suppliers, business partners, business contacts or other users connected with us (hereinafter also referred to as affected person). Personal data that the person responsible processes in a lawful manner, in good faith and in a manner that is comprehensible to the person concerned, are particularly worthy of protection.

In order to protect privacy, the responsible person restricts himself to the necessary level when collecting personal data from data subjects (data minimization).

By processing, the legislator means collecting, collecting, organizing, organizing, storing, adapting or modifying, reading out, querying, using, disclosing through transmission, dissemination or any other form of providing, reconciling or meant the linking, the restriction, the deletion or the annihilation.

In addition, depending on the way in which an affected person contacts the responsible person, it will be described whether and how this data is processed, protected, and, if applicable, passed on to third parties and what rights the data subject has in principle.

 

II Legal Basis

The legal basis is the European General Data Protection Regulation (hereinafter referred to as the GDPR) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, the free movement of persons and the repeal of the Directive 95/46 / EC (General Data Protection Regulation). See also Link:

eur-lex.europa.eu/legal-content/DE/TXT/HTML/

This privacy policy is the legal basis in particular Art. 13 DSGVO.

Further information on the legal basis for the processing of personal data can be found in the various regular business cases under IV and other legal bases and a summary in V.

 

III Responsible / Data Protection Officer

The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Cruise Advance GmbH

Teplitzer Str. 19

14193 Berlin

Telephone +49 30 265 582 70

email info@qualityadvance.de

internet www.qualityadvance.de

VAT ID: DE 288 81 92 90

Commercial Register: HRB Berlin-Charlottenburg No. 182757 B

Managing Director: Jens Huhse

A data protection officer was not appointed for the person in charge because the legal requirements for an order within the meaning of the GDPR are not met.

 

IV Types, Scope and Purpose of the Survey and its Legal Basis

1.) Contact by phone, mobile phone, e-mail, mail

When contacting and in the ordinary course of business personal data on personal (e.g. meeting, discussion notes, business card), postal (letter, sender), electronic (e-mails, sender identification and contact information or via business networking portals such as XING, LinkedIn) or by telephone (telephone call, conversation notes) as:

a) name, first name, title, academic degree, gender

b) Position / Department / Activity / Job title

c) Company Name

d) address, postcode, city

e) telephone, fax, mobile number, email, website

The person responsible processes this data in order to ensure a high-quality and smooth running of his business and uses it in particular to answer inquiries, make offers, provide contracted services, service, invoicing, customer and contact maintenance.

Without the collection of these above-mentioned data would be the fulfilment of the above mentioned service is not possible because the responsible person, e.g. could not contact affected persons, send them any information, and could neither issue nor send contracts.

It serves as the legal basis for Article 6 (1) (f) of the EU General Data Protection Regulation (GDPR). A legitimate interest here is the need to be able to respond to contacts and inquiries in a targeted and service-oriented manner.

As soon as personal data are processed for the fulfilment of a contract or for the implementation of pre-contractual measures, Art. 6 para. 1 b of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

 

These data are processed by the person responsible on a protected internal IT system. The criteria for the duration of processing and storage of personal data are:

a) length and continuity of business and industry / branch relations

b) legal requirements (such as accounting requirements)

c) where applicable, legal obligations

Personal data that are incorrect with regard to the purposes of their processing will be deleted or corrected immediately.

If required by the accountant, the controller forwards personal data to an accounting and tax office. The recipient of the data in this case is: Steuerberatung C. Fitz, Birnhornweg 17 a, 12107 Berlin.

As part of the IT technical support, the above mentioned personal data also be processed at the web host and IT provider of the person in charge. The recipient of the data in this case is: JAKOTA Design Group GmbH, Strandstraße 87, 18055 Rostock.

Insofar as the responsible person forwards personal data to third parties for processing within the framework of a so-called "order processing contract", Art. 28 of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

 

2.) Call the website

When the responsible person's website is called, the IT system automatically collects data and information from the computer system of the calling computer, such as:

a) Information about the browser type and version used

b) the operating system of the user

c) the Internet service provider of the user, the IP address of the user

d) date and time of access as well

e) websites from which the user's system has reached the website of the person in charge and

f) Websites that are accessed by the user's system through the website of the person responsible

Note: if the e-mail link on the website of the person responsible is clicked on, a regular e-mail is created using the e-mail software of the affected person. Therefore, the explanations under IV paragraph 1 apply, see above.

The processing of these so-called log files is done to ensure the functionality of the website as well as to secure our information technology systems. Without the processing of the logfiles, the website could neither operate nor provide sufficient protection against possible hacker attacks.

It serves as the legal basis for Article 6 (1) (f) of the EU General Data Protection Regulation (GDPR). A legitimate interest is the necessity of the functionality and security of our internet presence.

These data (so-called log files) are processed by the person responsible on a protected internal IT system. A storage of this data together with other personal data of the user does not take place. The criteria for the duration of processing and storage of personal data are:

a) Achieve the purpose of their collection

b) Duration of the meeting on the Internet

Personal data that are incorrect with regard to the purposes of their processing will be deleted or corrected immediately.

As part of the IT technical support, the above mentioned personal data also be processed at the web host and IT provider of the person in charge. The recipient of the data in this case is: JAKOTA Design Group GmbH, Strandstraße 87, 18055 Rostock.

Insofar as we transfer personal data to third parties for processing as part of a so-called "order processing contract", Art. 28 of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

On the website of the responsible person you will find various links to company appearances of third parties (for example, partners or references of the responsible person). By clicking on the link, the person responsible no longer has any influence on which data is processed by third parties and assumes no responsibility whatsoever. For information on the processing of personal data by third parties, please refer to the respective privacy policy published there.

 

3.) Transmission of passenger and so-called manifest data

In addition to the personal data mentioned in point 1.) may also be necessary in the context of business travel and the booking and processing of tourist services (such as travel, cruises, flights, hotels, etc.) the collection of the following personal data, such as:

a) Date of birth

b) Number of the passport / identity card

c) date of issue, expiry date and issuing authority

d) Special requests (such as diets, seats, cabins, presents)

e) credit card information, account information

The person responsible collects this so-called passenger and manifest data in order to meet legal requirements, to ensure a safe and smooth operation of the business and / or the (mediated) (travel) services, forwards them to the tour operator or tourist service provider and uses this data for payment processing.

Without the collection of these above-mentioned data would be the fulfilment of the above-mentioned service is not possible because the person in charge could not provide the necessary passenger and manifest data, the affected persons could thus not take the appropriate trip.

It serves as the legal basis for Article 6 (1c) of the EU General Data Protection Regulation (GDPR). The fulfilment of a legal obligation requires the processing of personal data.

These data are processed by the person responsible on a protected internal IT system. The criteria for the duration of processing and storage of personal data are:

f) length and continuation of the business relationship

g) legal requirements (such as accounting requirements)

h) if applicable, legal obligations

Personal data that are incorrect with regard to the purposes of their processing will be deleted or corrected immediately.

If required by the accountant, the controller forwards personal data to an accounting and tax office. The recipient of the data in this case is: Steuerberatung C. Fitz, Birnhornweg 17 a, 12107 Berlin.

As part of the IT technical support, the above mentioned personal data also be processed at the web host and IT provider of the person in charge. The recipient of the data in this case is: JAKOTA Design Group GmbH, Strandstraße 87, 18055 Rostock.

Insofar as the responsible person forwards personal data to third parties for processing within the framework of a so-called "order processing contract", Art. 28 of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

 

V Further and Summary of Legal Basis

As next to the above mentioned in other, possibly special cases, the processing of personal data is possible or necessary, is followed by a summary list of legal bases with examples.

As far as the processing of personal data of the data subject by the person responsible

a) is only permitted with the consent of the data subject (such as subscribing to the newsletter), Art. 6 para. 1 a of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

b) is required to fulfil a contract or to carry out pre-contractual measures of which the data subject is a party (such as in negotiations, service contracts), Article 6 (1) (b) of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

c) is required to fulfil a legal obligation to which the controller is subject (such as passenger and manifest data), Article 6 (1c) of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.

d) vital interests, such as in humanitarian emergencies in the case of natural disasters or man-made disasters (such as emergency management), Article 6 (1) (d) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

e) is required in the exercise of a task that is in the public interest or in the exercise of public authority (e.g. legal proceedings), which has been transferred to the controller, as the legal basis Art. 6 para. 1 e of the EU Data Protection Regulation (GDPR),

f) is in legitimate interest (such as calls, e-mail requests, website visits), and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) (f) of the EU General Data Protection Regulation (GDPR) as legal basis.

 

VI Forwarding to a Third Country

If, in case of need, we have to transfer personal data to a third country (meaning outside the EU) or an international organization, this will only be done if either your consent or other legal grounds, such as the fulfilment of a contract or the protection of vital interests, exist. We also inform you whether a so-called adequacy decision of the Commission exists. As part of the distinction between safe and unsafe third countries, the European Commission can approve an appropriate level of data protection by a decision on adequacy. If such a level of protection is provided by a third country, the data transfers do not require any special authorization.

 

VII Data Security

Taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different likelihood and severity of the risk to the rights and freedoms of individuals, we comply with Article 32 et seq. Of the EU General Data Protection Regulation (GDPR) and our processors have taken appropriate technical and organizational measures to ensure a level of protection commensurate with the risk; These measures include inter alia:

a) Securing the IT system through appropriately licensed software

b) password secured access to the IT system and personal data

c) Password secured backup of personal data

d) Electronic security and physical access control to the premises of storage

 

VIII Rights of Persons Affected concerning Personal Data

Concerning its personal data, the person affected has the following rights against the person responsible:

(a) information on the duration of the personal data being stored or, if this is not possible, the criteria for determining that duration;

b) Information (Article 15 of the GDPR) concerning the personal data concerned, as well as rectification or deletion (Articles 16 and 17 of the GDPR) or restriction (Article 18 of the GDPR) on processing or opposition (Article 21 DSGVO) against the processing as well as data transferability (article 20 of the GDPR);

c) revoke consent granted at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation if the processing is based on Article 6 paragraph 1 a of the EU General Data Protection Regulation (GDPR) or Article 9 paragraph 2 a is based,

d) the existence of a right of appeal to a supervisory authority (in Germany: The Federal Commissioner for Data Protection and Freedom of Information, Husarenstr. 30, 53117 Bonn, phone + 49-228-997799-0)

(e) for information as to whether the personal data are required by law or contract or required for the conclusion of a contract, whether the data subject is required to provide the personal data and the potential consequences of non-provision

The person in charge can be contacted at any time via: info@cruiseadvance.de

A process of automated decision-making, including profiling according to Article 22 (1) and (4) of the EU General Data Protection Regulation (GDPR) is not used by the person responsible.

If the controller processes the personal data for a purpose other than that for which the personal data was collected, he shall provide the data subject with information about that other purpose and all other relevant information in accordance with Article 13 (2) of the EU General Data Protection Regulation (DSGVO).

 

IX Validity and Update of the Privacy Policy

This privacy policy is currently valid and is valid as of May 2018.

In the course of the development of the website and the services and offers of the person responsible, it may become necessary to adapt this privacy policy and thus to update it. The respective current privacy policy of the responsible person can be found under

www.qualityadvance.de/en/ueber-uns/privacy-statement.html