1. Overview
The following Privacy Policy contains information about the way and extent to which personal data is processed by Casamundo. Personal data is information that can be directly or indirectly attributed to or associated with you personally, such as your name or your email address.
2. Name and contact details of the controller responsible for processing
This Privacy Policy applies to the data processing performed by Casamundo GmbH, Pappelallee 78/79, 10437 Berlin, Germany (the "controller", hereinafter "Casamundo"), to be contacted at [email protected] and for the following website or application: www.casamundo.com.
Casamundo’s data protection officer may be contacted at [email protected] (appointed is Waterside DS GmbH, Bergstr. 28, 22095 Hamburg).
3. The purposes for which data is processed, the legal basis and legitimate interests pursued by Casamundo or a third party, as well as categories of recipients
3.1. Accessing our website/application
When you access our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in what is known as a log file. We have no control over this. The following information will also be collected without any action on your part and be stored until it is automatically deleted:
- the IP address of the requesting internet-enabled device
- the date and time of access
- the name and URL of the retrieved file
- the website/application from which access took place (the Referrer URL)
- the browser you are using, and potentially the operating system of your internet-enabled computer, as well as the name of your access provider
- the device used (e.g., a desktop computer or a smartphone)
- the language of the browser you are using
The legal basis for processing your IP address is Article 6 (1) (f) of the General Data Processing Regulation (GDPR). Our legitimate interest is based on the purposes of data collection listed below. We would like to point out that we are unable to draw any direct conclusions regarding your identity from the data that is collected, and that we refrain from doing so.
We use the IP address of your device and the other data listed above for the following purposes:
- ensuring that a trouble-free connection is established
- ensuring the comfortable use of our website/application
- the evaluation of system security and stability
The data will be erased as soon as it is no longer required for the purpose of its initial collection. In the case of data collection to enable making the website available, this is the case when the respective session end. The data is stored in log-files for a period of up to 6 weeks and is then deleted automatically so that it is no longer possible to allocate the user.
We also use what are known as cookies for our website/application, as well as tracking tools, targeting methods and social media plug-ins. The exact procedures used and how your data are used for this purpose are explained in more detail below.
3.2. Creating and using a user account; bookings and booking inquiries
3.2.1. Creating an account
When you create a user account with us, we process personal data in the following alternative manner:
- when logging in using Google (social login), your Gmail address and the information transmitted from your Google account (names, profile picture, link to your Google account and top-level domain, gender and hosted domain)
- when logging in using Facebook (social login: Facebook Connect), your email address and the public information from your Facebook account (names, profile picture, age range, gender, language, country and other public information)
- when logging in using your email, your email address
Likewise, a user account is created when you enter your email address and then make a booking or booking inquiry through our website (see section 3.2.2.). These services require the setup of a user account for technical reasons, storing email address, name and travel dates.
Each time you log in, technical information is stored about your device and your browser, as well as information about your searches. This helps us to improve your overall user experience on the website, as well as the overall services.
The legal basis for this is Article 6 (1) (b) and (f) of the GDPR. You provide us with data based on the contractual relationship between you and us. Our legitimation is also derived from the protection of your identity and the prevention of fraudulent activity.
We will delete the collected data no later than your termination of our platform’s usage contract.
3.2.2. Bookings and booking inquiries
We do not offer travel services ourselves. Rather, we enable you to book travel services offered by providers.
When a booking inquiry is received, we collect the following data solely in order to forward it to providers:
- the desired arrival and departure dates
- your first and last name
- the number of guests
- your email address
- (optionally) your message to the landlord
When you make a booking, we collect the following data solely in order to forward it to providers:
- the arrival and departure dates
- your first and last name
- the number of guests
- your address
- your email address
- your phone number
- (optionally) selected extras
- the payment method, whereby payment processing is performed by Datatrans payment service (Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland), with whom a data processing relationship is in place
With the exception of the email address, name and travel dates, all of the aforementioned data will be deleted by us after it has been forwarded to the respective provider.
The collection of the aforementioned data and its transmission to providers is a pre-contractual step that is required to enter into the contract with your respective provider (Article 6 (1) (b) GDPR).
3.3. Social logins (logging in with Facebook or Google)
3.3.1. Facebook Connect
When you log in through Facebook Connect, a direct connection is created to the servers at Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA ("Facebook"). Facebook detects that you have used your login information from Casamundo as part of this process.
If you have expressly given your consent to Facebook pursuant to Article 6 (1) (a) of the GDPR, your personal data will be transmitted to us as part of the registration process via the social login. We use the following information from the transmitted data, which is stored by us until it is automatically deleted:
· your email address
· your Facebook profile name (first and last name)
· the profile and wallpaper image you use on Facebook
· your age group (over 18, over 21 years old)
· a link to your Facebook account
· your gender
· the top-level domain of your logged-in Facebook account
· the time zone in which you are on Facebook
This data is used to
· identify you as our contractual partner
· set up your user account
· check the entered data for plausibility
The legal basis for the use of this data is Article 6 (1) (b) GDPR. Using this data enables us to fulfill our contractual obligations which arise from our Terms of Service (Article 6 (1) (b) GDPR). We will delete the collected data no later than your termination of our platform’s usage contract.
You can block the connection within your Facebook account.
Please refer to Facebook’s privacy policy for details regarding the purpose and scope of the data collection and further processing and use of the data by your service provider, as well as regarding your associated rights and the settings options you can use to protect your privacy (https://www.facebook.com/about/privacy).
3.3.2. Logging in with Google
When you log in with Google by selecting "G continue with Google", a direct connection is established with the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google detects that you have used your login information from Casamundo as part of this process. We do not obtain your Google Account information. Google then informs you that data from your Google Account will be made available to us and indicates the specific data in question.
Registration with and the use of Google are governed by Google's privacy policy and terms of service (https://policies.google.com/privacy?hl).
If you have expressly given your consent to Google pursuant to Article 6 (1) (a) of the GDPR, your personal data will be transmitted to us as part of the registration process via Google. We use the following information from the transmitted data, which is stored by us until it is automatically deleted:
· your email address
· your name on your Google account (first and last name)
· the profile image (or the avatar) used on Google
· a link to your Google account
· your gender
· the top-level domain of your logged-in Google account
· the user domain you manage on Google (hosted domain, HD)
This data is used to
· enable us to identify you as our contractual partner
· set up your user account
· check the entered data for plausibility
The legal basis for the use of this data is Article 6 (1) (b) GDPR. Using this data enables us to fulfill our contractual obligations which arise from our Terms of Service (Article 6 (1) (b) GDPR). We will delete the collected data no later than your termination of our platform’s usage contract.
You can block the connection within your Google account.
Please refer to Google’s privacy policy for details regarding the purpose and scope of the data collection and further processing and use of the data by Google, as well as regarding your associated rights and the settings options you can use to protect your privacy (https://policies.google.com/privacy?hl).
3.4. Data processing for advertising purposes
3.4.1. Newsletter
On our website, we offer you the opportunity to sign up for our newsletter. In order to be sure that no errors have occurred when entering your email address, we use what is known as the double opt-in process: after you have entered your email address in the registration field, we send you a confirmation link. Your email will only be added to our mailing list after you click on this confirmation link. You can revoke your consent provided in this manner at any time with effect for the future. To do so, you need only click the unsubscribe link.
3.4.2. Product recommendations
We send you emails which contain product recommendations. You will receive these product recommendations regardless of whether you have subscribed to a newsletter. We do so in order to provide you with information about products from our offerings that may interest you based on your recent searches.
If you do not want to receive product recommendations from us, you can let us know at any time. You can find our contact details under section 2. Naturally, you will also find an unsubscribe link in every email.
3.4.3. Interest-based advertising
In order for you to receive information that is likely to be of interest to you, we categorize your user profile. To do so, we use information about your searches to customize the newsletter articles and promotional emails we send you. The goal is to send you advertising that is oriented towards your actual needs and to avoid sending unnecessary advertising.
The legal basis for the aforementioned processing is Article 6 (1) (f) GDPR. Processing existing customer data this way for advertising purposes is deemed to be a legitimate interest.
3.4.4. Email service
We use the SendGrid service of Twilio / SendGrid, Inc., 1801 California Street, Suite 500, Denver, Colorado 80202, USA, to send some emails (booking and inquiry confirmations and notifications, as well as advertising). Your email address and your first and last name will be processed to personalize the emails sent. A data processing relationship is in place with Twilio / SendGrid.
The legal basis for this is the fulfillment of our contractual obligations pursuant to Article 6 (1) (b) GDPR or the consent pursuant to Article 6 (1) (a) GDPR that you may revoke any time. The lawfulness of the data processing already carried out remains unaffected by the revocation. There is a legitimate interest to process data through Twilio / SendGrid pursuant to Article 6 (1) (f) GDPR.
Further information can be found in Twilio / SendGrid’s Privacy Policy (https://sendgrid.com/policies/privacy/).
3.4.5. Right to object
You have the right, at any time and at no charge, to object to data processing for the aforementioned purposes, separately for each respective communication channel, and with effect for the future. To do so, you need only send an email to [email protected] or send a letter to the Casamundo address mentioned in section 2 above.
In the event that you object, the relevant contact address will be blocked for further promotional processing. We point out that, in exceptional cases, advertising material may temporarily continue to be sent to you even after your objection has been received. This is due to technical reasons related to the lead time required for advertisements and does not mean that your objection will not be observed by us. Thank you for your understanding.