base64Hash

Privacy Policy for the Use of Personal Data on casamundo.com

1. Overview

The following Privacy Policy contains information about the way and extent to which personal data is processed by Casamundo. Personal data is information that can be directly or indirectly attributed to or associated with you personally, such as your name or your email address.

2. Name and contact details of the controller responsible for processing

This Privacy Policy applies to the data processing performed by Casamundo GmbH, Pappelallee 78/79, 10437 Berlin, Germany (the "controller", hereinafter "Casamundo"), to be contacted at [email protected] and for the following website or application: www.casamundo.com.

Casamundo’s data protection officer may be contacted at [email protected] (appointed is Waterside DS GmbH, Bergstr. 28, 22095 Hamburg). 

3. The purposes for which data is processed, the legal basis and legitimate interests pursued by Casamundo or a third party, as well as categories of recipients

3.1. Accessing our website/application

When you access our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in what is known as a log file. We have no control over this. The following information will also be collected without any action on your part and be stored until it is automatically deleted:

  • the IP address of the requesting internet-enabled device
  • the date and time of access
  • the name and URL of the retrieved file
  • the website/application from which access took place (the Referrer URL)
  • the browser you are using, and potentially the operating system of your internet-enabled computer, as well as the name of your access provider
  • the device used (e.g., a desktop computer or a smartphone)
  • the language of the browser you are using

The legal basis for processing your IP address is Article 6 (1) (f) of the General Data Processing Regulation (GDPR). Our legitimate interest is based on the purposes of data collection listed below. We would like to point out that we are unable to draw any direct conclusions regarding your identity from the data that is collected, and that we refrain from doing so.

We use the IP address of your device and the other data listed above for the following purposes:

  • ensuring that a trouble-free connection is established
  • ensuring the comfortable use of our website/application
  • the evaluation of system security and stability

The data will be erased as soon as it is no longer required for the purpose of its initial collection. In the case of data collection to enable making the website available, this is the case when the respective session end. The data is stored in log-files for a period of up to 6 weeks and is then deleted automatically so that it is no longer possible to allocate the user.

We also use what are known as cookies for our website/application, as well as tracking tools, targeting methods and social media plug-ins. The exact procedures used and how your data are used for this purpose are explained in more detail below.

3.2. Creating and using a user account; bookings and booking inquiries

3.2.1. Creating an account

When you create a user account with us, we process personal data in the following alternative manner:

  • when logging in using Google (social login), your Gmail address and the information transmitted from your Google account (names, profile picture, link to your Google account and top-level domain, gender and hosted domain)
  • when logging in using Facebook (social login: Facebook Connect), your email address and the public information from your Facebook account (names, profile picture, age range, gender, language, country and other public information)
  • when logging in using your email, your email address

Likewise, a user account is created when you enter your email address and then make a booking or booking inquiry through our website (see section 3.2.2.). These services require the setup of a user account for technical reasons, storing email address, name and travel dates.

Each time you log in, technical information is stored about your device and your browser, as well as information about your searches. This helps us to improve your overall user experience on the website, as well as the overall services.

The legal basis for this is Article 6 (1) (b) and (f) of the GDPR. You provide us with data based on the contractual relationship between you and us. Our legitimation is also derived from the protection of your identity and the prevention of fraudulent activity.

We will delete the collected data no later than your termination of our platform’s usage contract.

3.2.2. Bookings and booking inquiries

We do not offer travel services ourselves. Rather, we enable you to book travel services offered by providers.

When a booking inquiry is received, we collect the following data solely in order to forward it to providers:

  • the desired arrival and departure dates
  • your first and last name
  • the number of guests
  • your email address
  • (optionally) your message to the landlord

When you make a booking, we collect the following data solely in order to forward it to providers:

  • the arrival and departure dates
  • your first and last name
  • the number of guests
  • your address
  • your email address
  • your phone number
  • (optionally) selected extras
  • the payment method, whereby payment processing is performed by Datatrans payment service (Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland), with whom a data processing relationship is in place

With the exception of the email address, name and travel dates, all of the aforementioned data will be deleted by us after it has been forwarded to the respective provider.

The collection of the aforementioned data and its transmission to providers is a pre-contractual step that is required to enter into the contract with your respective provider (Article 6 (1) (b) GDPR).

3.3. Social logins (logging in with Facebook or Google)

3.3.1. Facebook Connect

When you log in through Facebook Connect, a direct connection is created to the servers at Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA ("Facebook"). Facebook detects that you have used your login information from Casamundo as part of this process.

If you have expressly given your consent to Facebook pursuant to Article 6 (1) (a) of the GDPR, your personal data will be transmitted to us as part of the registration process via the social login. We use the following information from the transmitted data, which is stored by us until it is automatically deleted:

·      your email address

·      your Facebook profile name (first and last name)

·      the profile and wallpaper image you use on Facebook

·      your age group (over 18, over 21 years old)

·      a link to your Facebook account

·      your gender

·      the top-level domain of your logged-in Facebook account

·      the time zone in which you are on Facebook

This data is used to

·      identify you as our contractual partner

·      set up your user account

·      check the entered data for plausibility

The legal basis for the use of this data is Article 6 (1) (b) GDPR. Using this data enables us to fulfill our contractual obligations which arise from our Terms of Service (Article 6 (1) (b) GDPR). We will delete the collected data no later than your termination of our platform’s usage contract.

You can block the connection within your Facebook account.

Please refer to Facebook’s privacy policy for details regarding the purpose and scope of the data collection and further processing and use of the data by your service provider, as well as regarding your associated rights and the settings options you can use to protect your privacy (https://www.facebook.com/about/privacy).

3.3.2. Logging in with Google

When you log in with Google by selecting "G continue with Google", a direct connection is established with the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google detects that you have used your login information from Casamundo as part of this process. We do not obtain your Google Account information. Google then informs you that data from your Google Account will be made available to us and indicates the specific data in question.

Registration with and the use of Google are governed by Google's privacy policy and terms of service (https://policies.google.com/privacy?hl).

If you have expressly given your consent to Google pursuant to Article 6 (1) (a) of the GDPR, your personal data will be transmitted to us as part of the registration process via Google. We use the following information from the transmitted data, which is stored by us until it is automatically deleted:

·      your email address

·      your name on your Google account (first and last name)

·      the profile image (or the avatar) used on Google

·      a link to your Google account

·      your gender

·      the top-level domain of your logged-in Google account

·      the user domain you manage on Google (hosted domain, HD)

This data is used to

·      enable us to identify you as our contractual partner

·      set up your user account

·      check the entered data for plausibility

The legal basis for the use of this data is Article 6 (1) (b) GDPR. Using this data enables us to fulfill our contractual obligations which arise from our Terms of Service (Article 6 (1) (b) GDPR). We will delete the collected data no later than your termination of our platform’s usage contract.

You can block the connection within your Google account.

Please refer to Google’s privacy policy for details regarding the purpose and scope of the data collection and further processing and use of the data by Google, as well as regarding your associated rights and the settings options you can use to protect your privacy (https://policies.google.com/privacy?hl).

3.4. Data processing for advertising purposes

3.4.1. Newsletter

On our website, we offer you the opportunity to sign up for our newsletter. In order to be sure that no errors have occurred when entering your email address, we use what is known as the double opt-in process: after you have entered your email address in the registration field, we send you a confirmation link. Your email will only be added to our mailing list after you click on this confirmation link. You can revoke your consent provided in this manner at any time with effect for the future. To do so, you need only click the unsubscribe link.

3.4.2. Product recommendations

We send you emails which contain product recommendations. You will receive these product recommendations regardless of whether you have subscribed to a newsletter. We do so in order to provide you with information about products from our offerings that may interest you based on your recent searches.

If you do not want to receive product recommendations from us, you can let us know at any time. You can find our contact details under section 2. Naturally, you will also find an unsubscribe link in every email.

3.4.3. Interest-based advertising

In order for you to receive information that is likely to be of interest to you, we categorize your user profile. To do so, we use information about your searches to customize the newsletter articles and promotional emails we send you. The goal is to send you advertising that is oriented towards your actual needs and to avoid sending unnecessary advertising.

The legal basis for the aforementioned processing is Article 6 (1) (f) GDPR. Processing existing customer data this way for advertising purposes is deemed to be a legitimate interest.

3.4.4. Email service

We use the SendGrid service of Twilio / SendGrid, Inc., 1801 California Street, Suite 500, Denver, Colorado 80202, USA, to send some emails (booking and inquiry confirmations and notifications, as well as advertising). Your email address and your first and last name will be processed to personalize the emails sent. A data processing relationship is in place with Twilio / SendGrid.

The legal basis for this is the fulfillment of our contractual obligations pursuant to Article 6 (1) (b) GDPR or the consent pursuant to Article 6 (1) (a) GDPR that you may revoke any time. The lawfulness of the data processing already carried out remains unaffected by the revocation. There is a legitimate interest to process data through Twilio / SendGrid pursuant to Article 6 (1) (f) GDPR.

Further information can be found in Twilio / SendGrid’s Privacy Policy (https://sendgrid.com/policies/privacy/).

3.4.5. Right to object

You have the right, at any time and at no charge, to object to data processing for the aforementioned purposes, separately for each respective communication channel, and with effect for the future. To do so, you need only send an email to [email protected] or send a letter to the Casamundo address mentioned in section 2 above.

In the event that you object, the relevant contact address will be blocked for further promotional processing. We point out that, in exceptional cases, advertising material may temporarily continue to be sent to you even after your objection has been received. This is due to technical reasons related to the lead time required for advertisements and does not mean that your objection will not be observed by us. Thank you for your understanding.

3.5. Cookies – general information

We use cookies on our website on the basis of Article 6 (1) (f) GDPR. Our interest in optimizing our website is deemed to be legitimate within the meaning of the aforementioned provision.

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website or use our app. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. The information stored in the cookie is tied to the specific device used. However, this does not mean that we are immediately aware of your identity. In part, cookies are used to make the use of our service more pleasant for you. For example, we use what are known as session cookies to detect that you have already visited individual pages on our website or that you have already logged in to your user account. These are automatically deleted after you leave our website. In addition, to ensure user-friendliness we also use temporary cookies, which are stored on your device for a specific period of time. If you visit our website again to use our services, it is automatically detected that you have already visited us, as well as what information you entered and the settings you used, so that you do not have to reenter them.

If you already have an account and are logged in or activate the "Stay logged in" feature, the information stored in cookies will be added to your user account.

On the other hand, we use cookies to statistically record the use of our website, to optimize our services, and to display information tailored to your specific needs. These cookies enable us to automatically detect that you have previously visited us when you return to our website. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or to make sure that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website. The storage period of cookies depends on their purpose and therefore varies.

3.6. Analytical tools

In order to customize and continuously optimize our websites in line with users’ needs, we deploy tools on the basis of Article 6 (1) (f) GDPR which permit us to analyze the use of our website.

3.6.1. Google Analytics

We use Google Analytics, a web analytics service provided by Google. In doing so, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, e.g.

  • browser type/version
  • operating system used
  • Referrer URL (the previously visited page)
  • hostname of the accessing computer (IP address)
  • time of server request

is transmitted to a Google server in the US and stored there. Google complies with the Privacy Policy of the US Privacy Shield and is registered with the U.S. Department of Commerce's US Privacy Shield Program. Google is processing on behalf of us.

The information is used to evaluate the use of the website, to compile reports on the activity on the website, and to provide other services related to the use of the website and internet usage for the purposes of market research and to customize the design of these websites in line with the needs of users. This information may also be transferred to third parties if required by law or if third parties are contracted to process this data. Under no circumstances will your IP address be combined with any other data from Google. The IP addresses are anonymized, which means that it is not possible to identify specific individuals (“IP masking”).

You can prevent the installation of cookies by setting your browser software accordingly. However, disabling cookies completely may mean that you will not be able to use all the features of our website. You may also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information regarding data privacy related to Google Analytics, visit the Google Analytics website: https://support.google.com/analytics/answer/6004245?hl=en.

3.6.2. Google Tag Manager

We use the Google Tag Manager. This Google service allows website tags to be managed through an interface. Only tags are implemented, i.e. no cookies are set and no personal data is collected. The Tag Manager triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been done at the domain or cookie level, it will apply to all tracking tags implemented with Google Tag Manager. More information can be found in the Google Tag Manager use policy: https://www.google.com/intl/de/tagmanager/use-policy.html.

3.6.3. New Relic

To perform accessibility and performance monitoring for our servers, we use the "New Relic" web analytics service provided by New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA. Using pseudonymized usage data, technical performance data (e.g., response and load times) is measured and analyzed to improve our server performance. Further details and information can be found in the New Relic Privacy Policy at https://newrelic.com/privacy.

3.6.4. Snowplow

We use the Snowplow open source web analytics service provided by Snowplow Analytics Limited, 32-38 Scrutton Street, London, EC2A 4RQ, United Kingdom. Cookies are used as part of this. The information generated by the cookie about your use of this website, e.g.

  • browser type/version
  • operating system used
  • Referrer URL (the previously visited page)
  • hostname of the accessing computer (IP address)
  • time of server request
  • search queries and filter settings
  • clicks on the website

is transmitted to a Casamundo server in Frankfurt and stored there.

The information is used to evaluate the use of the website, to compile reports on the activity on the website, and to provide other services related to the use of the website and internet usage for the purposes of market research and to customize the design in line with the needs of users.

3.6.5. Adform

We use conversion tracking by Adform ApS, Wildersgade 10B, 1, 1408 Copenhagen, Denmark. The temporary cookie (see section 3.5) for conversion tracking is dropped when a user is in contact with an ad placed by Adform. The cookies do not contain any information with which users can be personally identified. Users who do not wish to participate in tracking can deactivate Adform’s cookie via their browser or object to the data processing for the future via this link (https://site.adform.com/privacy-center/platform-privacy/opt-out/).

You can find further information in Adform’s privacy policy (https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy/).

3.6.6. Adjust

In our app, we use the analytics service of Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany. The analytics service is implemented in our app via a development environment (SDK - Software Developer Kit). The information generated by the development environment, e.g.

  • hashed (anonymized) IP address
  • mobile identifiers such as the Advertising ID for iOS (IDFA) or the Google Advertising ID
  • installation and initial opening of an app on your mobile device
  • your interaction within an app (e.g., in-app purchases, registration),
  • viewed and clicked ads

is collected and used by Adjust GmbH to evaluate the use of the app, to compile performance reports on app activity, and to provide other services related to the use of the app for purposes of market research and customization of the app. Under no circumstances will the collected data be combined with other data that Adjust obtains via other apps.

You can find more information about Adjust's privacy policy here: https://www.adjust.com/privacy-policy. You can object to tracking by Adjust at any time within the "Opt-out" section of Adjust's Privacy Policy. To do this, you must select the device for which you do not want Adjust to perform tracking and specify your Device Identifier. Behavior tracking from apps that use Adjust will then be immediately removed on your device.

3.6.6. TrackJS

We use the services of TrackJS LLC. TrackJS allows us to analyze technical errors in JavaSkript, so that we can check and improve the quality of our website and app. More information can be found in TrackJS privacy policy: https://trackjs.com/privacy/.

3.7. Targeting

The targeting measures listed below and used by us are implemented on the basis of Article 6 (1) (f) GDPR. Targeting is used to perform targeted advertising. Through the targeting measures we use, we want to make sure that advertisements which are geared to your interests are displayed on your devices.

3.7.1. Google AdWords

Casamundo uses Google's AdWords service, which uses conversion tracking to measure the effectiveness of individual ads, offers and features. For this, a cookie is set as soon as you click on a Google ad. This cookie does not personally identify you, but rather makes it possible to determine whether you return to the page with the specific offer during the 30-day period in which the cookie is valid.

Each AdWords advertiser receives a different cookie. As a result, cookies cannot be tracked via the website of AdWords advertisers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. We track the total number of users who have clicked on an ad and were redirected to the website with a conversion-tracking tag.

You can permanently prevent the storage of the Google conversion cookie by setting your browser software accordingly. Google's privacy policy on conversion tracking can be found here: https://services.google.com/sitestats/en.html.

3.7.2. Google Dynamic Remarketing

We use the features of Google Dynamic Remarketing with the cross-device features of Google AdWords.

This feature allows us to link the advertising audiences created with Google Dynamic Remarketing to the cross-device features of Google AdWords. In this way, interest-based, personalized advertising messages that have been customized for you based on your past usage and browsing behavior on a device (e.g., smartphone) may also be displayed on another device you use (e.g., tablet or PC).

If you have given the appropriate consent to Google, Google will link your web and app browsing history with your Google Account for this purpose. That way, the same personalized advertising messages can appear on any device you use to sign in to your Google Account.

To support this feature, Google Analytics collects Google-authenticated IDs of users who are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account. To do so, follow this link: https://adssettings.google.com/authenticated?hl.

For more information, as well as the provisions regarding data privacy, please see the Google Privacy Policy at https://policies.google.com/technologies/ads?hl.

3.7.3. Google AdSense

On our website, we use Google AdSense for displaying advertisements. In this way we can show you advertisements that may be of interest to you. These advertisements can be recognized by the reference "Google Ads". To do this, Google uses web beacons and cookies (see section 3.5.). The information generated by cookies and web beacons about the use of the website (including your IP address) and delivery of advertising formats is transmitted to a Google server in the US and stored there. Google may share this information with third parties.

We have enabled third-party Google AdSense ads. The data may be transferred to third parties (named at https://support.google.com/dfp_sb/answer/94149).

You can prevent Google AdSense from installing cookies by disabling interest-based ads on Google via the link https://adssettings.google.com/authenticated?hl.

For more information, as well as the provisions regarding data privacy, please see the Google Privacy Policy at https://policies.google.com/technologies/ads?hl.

3.7.4. Criteo

Pixel technologies (see section 3.6.5.) from Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo") collect and store data for marketing and optimization purposes.

The pixels send your IP address, the Referrer URL of the visited website, the time when the pixel was viewed, the browser used and previously set cookie information to a web server. This data can be used to create usage profiles under a pseudonym.

Criteo's pixel technologies allow us to evaluate our advertising campaigns and advertising content. Using an algorithm, Criteo analyzes surfing behavior and can then display targeted product recommendations as personalized advertising banners on other websites (“publishers”). You can find more information about Criteo’s technology in Criteo’s Privacy Policy (https://www.criteo.com/privacy).

Using Criteo will load additional pixels from contractual partners with whom Criteo works. An overview of all publishers and networks that load pixels can be found at https://www.criteo.com/privacycriteo-works-with-the-following-platforms/. The data collected with Criteo technology will not be used to determine the personal identity of the website visitor unless agreed to separately by the data subject. Any use of data other than that described above or transfer to third parties is excluded.

Most browsers accept pixels automatically. You can use the appropriate tools or browser add-ons to prevent the use of pixels on our website (for example, by using the "AdBlock" add-on for the Firefox browser).

You can also object to the pseudonymous analysis of your surfing behavior by us at any time. For instructions on disabling Criteo's service, please visit the following Criteo link: https://www.criteo.com/privacy.

Please note that if you opt out of displaying personalized ads from Criteo and other affiliates, you will still receive advertisements, however these will be less tailored to your interests/browsing habits.

3.7.5. Bing Ads

We use Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA ("Microsoft"). This allows us to track user activity on our website when users reach our website through advertisements from Bing Ads.

If you reach our website via a Bing Ads advertisement, a cookie will be placed on your computer (see section 3.5.). A Bing UET tag is integrated into our website. This is a code that is used to store data about the use of the website in connection with the cookie. Among others, this includes the time spent on the website, which areas of the website were accessed, and what ads brought users to the website. Information about your identity is not collected.

This information is transmitted to Microsoft servers in the US and stored there for a maximum of 180 days.

More information on Bing Ads’ analytical services can be found on Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2). For more information about Microsoft’s privacy practice, please see Microsoft’s Privacy Policy (https://privacy.microsoft.com/en-us/privacystatement).

3.7.6. Taboola

Our website uses technologies from Taboola Inc., 28 West 23rd St., New York, NY 10010, USA ("Taboola"). Taboola uses cookies (see section 3.5.) that determine which content you use and which of our pages you visit (conversion tracking). The cookie enables us to create pseudonymous usage profiles by collecting device-related data as well as log data, and enables us to recommend content that matches your personal interests. This permits us to individually customize our offerings for you. These usage profiles cannot be used to establish your identity.

You can find more information about Taboola and the ability to disable the Taboola cookie here: https://www.taboola.com/privacy-policy.

3.7.7. Facebook Custom Audiences

In addition, we also use Facebook Custom Audiences. Facebook Custom Audiences is a Facebook marketing service. It allows us to display personalized and interest-based advertising on Facebook to certain groups of pseudonymized visitors to our website who also use Facebook.

A Facebook Custom Audience pixel is integrated into our website. This is a Java Script code used to store non-personal information about your use of the site. This includes your IP address, the browser you are using, and the source and destination pages. This information is transmitted to Facebook servers in the United States. There, an automatic check is performed to see if you have saved a Facebook cookie. The Facebook cookie automatically determines whether you belong to the relevant target group for us. If you belong to the target group, we will show you relevant ads on Facebook. You will not be personally identified by us or by Facebook as part of this process.

You may object to the use of the Custom Audiences service on the Facebook website (https://www.facebook.com/ads/website_custom_audiences). After logging in to your Facebook account, you will be taken to the settings for Facebook ads.

For more information on privacy on Facebook, see Facebook’s Privacy Policy (https://www.facebook.com/privacy/explanation).

3.7.8. Ad Up

Technology from Ad Up, a service provider of Axel Springer Teaser Ad GmbH, Axel-Springer-Str. 65, 10969 Berlin, Germany, is also integrated on our website. Ad Up uses cookies for conversion tracking, the evaluation of the effectiveness of advertisements and keywords. By collecting anonymized and/or pseudonymous data, Ad Up can display advertisements according to your interests for a certain period of time.

More information can be found in Ad Up’s privacy policy here: https://www.adup-tech.com/en/privacy. You can deactivate Ad Up in your browser by clicking the button “activate opt-out cookie” there.

3.7.9.  Option to object/opt-out

You can prevent the targeting technologies we described by activating the appropriate cookie setting in your browser (see also section 3.5.). In addition, you have the option of deactivating preference-based advertising with the help of the preference manager available here: http://www.youronlinechoices.com/uk/your-ad-choices.

4. Third party services and plugins

4.1. Google Maps

We use Google Maps API for displaying interactive maps directly on our website and to enable the simplified use of map functionality. Your IP address is transmitted and stored on one of Google’s servers in the US for the usage of Google Maps functionality (see section 3.6.1 regarding the US Privacy Shield). Legal basis is Article 6 (1) (f) GDPR. 

Please see the Terms of Service for Google Maps here: https://www.google.com/intl/en/help/terms_maps.html. You can find further information on data privacy in Google’s Privacy Policy here: https://policies.google.com/privacy.

4.2. WhatsApp

You can contact Casamundo’s service via the service by WhatsApp Ireland Limited. To do that, you send a WhatsApp message with your mobile phone to our number or contact us directly via WhatsApp in your browser. The legal basis is your express consent pursuant to Article 6 (1) (a) GDPR that you may revoke any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.

We are not liable for the security of data transferred via WhatsApp. You can also approach us via phone or email.

WhatsApp uses end-to-end encryption so that the content of a conversation is protected against access by third parties. You accept the terms of use and privacy policy of WhatsApp when you use the service. Further information can be found here: https://www.whatsapp.com/legal/.

4.3. Trusted Shops

The Trustedshop Trustbadge is implemented on our website to display our ratings collected through Trusted Shops. This is based on our legitimate interest to optimize our marketing. The legal basis is Article 6 (1) (f) GDPR. The Trustbadge and the advertised services are provided by Trusted Shops. Subbelrahter Str. 15c, 50823 Cologne, Germany.

When you access the Trustbadge the webserver automatically stores a server log file that includes, e.g., your IP address, date and time of the access, amount of data transferred and the calling provider (access data) and that documents the access. These access data are not evaluated and are automatically overwritten at the latest seven days after the end of your website visit. Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after placing an order or if you have already registered to use them. In this case, the agreement between you and Trusted Shops applies.

4.4. YouTube

We use a service provided by the video portal YouTube operated by Google. Operator of the sites is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94006, USA. YouTube enables us to integrate and display videos.

YouTube connects to the YouTube servers when a page with an integrated YouTube plug-in is opened. By this, YouTube knows which page is being accessed via Casamundo. If you are logged in to YouTube, YouTube can allocate your surfing behavior to your personal profile on YouTube. If you have logged out before visiting our website, you can disable this.

Casamundo uses YouTube in the interest of an interesting representation of its online services. The legal basis is Article 6 (1) (f) GDPR.

You can find further information in YouTube’s privacy policy (https://policies.google.com/privacy).

4.5. Google Fonts

On our website we use fonts (“Google Fonts”) provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

For this your browser loads the required font into your browser cache when Casamundo is opened. This is necessary so that the browser can display a visually improved version of our texts. If your browser does not support this feature, a default font will be used by your computer for display. The integration of these fonts is completed by a server call, usually a Google server in the USA. This will communicate to the server which Casamundo websites you have visited.

When the page is accessed, cookies are not sent by users to the Google Fonts API. Data transferred in connection with the pageview is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. You will not be associated with any information collected or used in connection with the parallel use of authenticated Google services, such as Gmail. You can set your browser so that the fonts from Google servers are not loaded.

Casamundo uses Google fonts to ensure an appealing presentation of its services. The legal basis is Article 6 (1) (f) GDPR.

Further information can be found in Google’s privacy policy (https://policies.google.com/privacy).

4.6. TradeTracker

We use the services of TradeTracker Deutschland GmbH, Uhlandstr. 26, 22087 Hamburg, Germany. TradeTracker is an affiliate network for marketing.

This distribution network is used to place advertisements for Casamundo on third party websites. A commission is paid after a sale or click. For this, Casamundo provides various advertising methods which can be used by members of the affiliate network.

TradeTracker drops a cookie (see section 3.5) in which the affiliate partner’s identification number, a user’s serial number and the advertising method are specified. This facilitates the processing of commission payments between Casamundo and the affiliate partner via TradeTracker. This tracking cookie does not store any personal data.

You can find further information in TradeTracker’s privacy policy (https://tradetracker.com/privacy-policy/).

4.7. AWIN

We use the services of AWIN AG, Eichhornstr. 3, 10785 Berlin, Germany. AWIN is an affiliate network for marketing. This distribution network is used to place advertisements for Casamundo on third party websites. A commission is paid after a sale or click. For this, Casamundo provides various advertising methods which can be used by members of the affiliate network.

AWIN drops a cookie (see section 3.5) in which the affiliate partner’s identification number, a user’s serial number and the advertising method are specified. This facilitates the processing of commission payments between Casamundo and the affiliate partner via AWIN. This tracking cookie does not store any personal data.

Further information can be found in AWIN’s privacy policy (https://www.awin.com/gb/legal/privacy-policy-gb).

5. Group

Casamundo is a company of the HomeToGo Group. We may share your personal data with our associated companies within the HomeToGo Group on an occasional basis. The HomeToGo Group includes all (current and future) entities that are directly or indirectly controlled by HomeToGo GmbH (“HomeToGo”) or are under common control of HomeToGo. The transfer of data within the HomeToGo Group takes place for the following purposes:

a)    Provision of our intermediary services and of our portal

b)   Provision of customer service services

c)    Sending advertising with your consent or if permitted by applicable law

d)   Analysis, optimization and improvement of our website and app

e)   Identification and investigation of fraud and illegal activities

f)     Compliance with laws and regulations

The legal basis for the transfer of data within the HomeToGo Group is Article 6 (1) (a), (b) and (f) GDPR.

In detail, the legal basis for the purposes a) and b) is Article 6 (1) (b) GDPR. Sharing this data enables us to fulfill our contractual obligations arising from our terms of service.

The legal basis for purpose c) is your explicit consent (Article 6 (1) (a) GDPR) that you may revoke any time, or our legitimate interest to do marketing for existing customers (Article 6 (1) (f) GDPR). The lawfulness of the data processing already carried out remains unaffected by the revocation.

For purposes d), e) and f), our legitimate interest derives from the improvement of our services as well as the protection of your identity and the prevention of fraudulent activities (Article 6 (1) (f) GDPR).

6. Your rights

6.1. Overview

In addition to the right to revoke the consent you have granted to us, you are entitled to the following further rights if the relevant legal requirements apply:

  • Right of access to information about your personal data stored with us pursuant to Article 15 GDPR
  • Right of rectification of inaccurate personal data and right to have incomplete personal data completed pursuant to Article 16 GDPR
  • Right to erasure of your personal data stored by us pursuant to Article 17 GDPR
  • Right to restriction of processing of your data pursuant to Article 18 GDPR
  • Right to data portability pursuant to Article 20 GDPR

6.2. Right to object

Under the conditions of Article 21 (1) GDPR, data processing can be objected to on grounds relating to the particular situation of the data subject.

The above general right of objection applies to all processing purposes described in this Privacy Policy which are based on Article 6 (1) (f) GDPR. Unlike the special right of objection to data processing for advertising purposes, under the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance for this (for example, possible danger to life or health). In addition, you may also contact the supervisory authority responsible for Casamundo, the Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany, Tel.: +49 (0) 40 428 54-4040, E-Mail: [email protected]

7. Your California Privacy Rights

In case the California Consumer Privacy Act (“CCPA”) applies, you are entitled to the following rights:

  • Right to request disclosure of your personal information we collected and used over the past 12 months
  • Right to request deletion under certain circumstances

If you exercise your access right in a verified way, we will disclose the following information in a portable and (if technically feasible) readily usable form to you: categories of personal information collected, categories of sources for that information, business or commercial purpose for the collection, categories of third parties with whom we share the information, and the specific pieces of personal information we collected on you.

We do not sell (as such term is defined in the CCPA) personal information and will not sell it without providing a right to opt out. 

Please note that we use third-party cookies for advertising purposes and may share personal information with third parties for business purposes as further described above in this Privacy Policy.

We will not discriminate against you for exercising the rights under CCPA. In particular, we will not, deny you goods or services, charge you different prices for goods or services, whether through denying benefits or imposing penalties, provide you with a different level or quality of goods or services, and/or threaten you with any of the above.

As a California resident you may make a request and exercise your rights under CCPA by contacting us at the email address or telephone number indicated at the top of this page (in our imprint). Please provide sufficient information that allows us to reasonably verify that you are either the person on whom we collected personal information or an authorized representative of that person. 

We may have collected the following categories of personal information on California residents in the past 12 months: 

  • Identifiers (e.g. name, postal address, email address, IP address, etc.)
  • Commercial information (e.g. booking inquiries, bookings)
  • Internet activity (e.g. browser information, referral URL, usage of our website)
  • Geolocation data (country and region)
  • Inferences about personal preferences and attributes via cookies

Detailed and further information on the collected personal information can be found above in this Privacy Policy. 

 

Version 2 – As of October 1st, 2019

 

image-tag