Privacy Policy According to Art. 13, 14 and 21 GDPR

This privacy policy clarifies how the collection, use and disclosure of personal data is handled.

1. Responsible for Data Processing

Responsible acc. Art. 4(7) EU General Data Protection Regulation (GDPR):

Reisebüro Poppner
Owner: Ines Poppner
Sulinger Straße 16
D-27211 Bassum

Phone: (+49 4241) 4022
Fax: (+49 4241) 4021

2. Data Sources

If you make use of our services, in general only such data will be collected as we need to provide the services. As far as we ask you for more detailed data, it is voluntary information (fields that are not marked as mandatory). The processing of personal data takes place exclusively for the fulfillment of the requested service and for the preservation of our justified business interests.

To protect your information from unauthorized access, we use an encryption method on our website. Your information is then transferred from your computer to our server and vice versa via the Internet by means of a TLS encryption (Transport Layer Security), we recommend at least a TLS 1.2 encryption. You can recognize this by the closed lock icon on the status bar of your browser and the address bar beginning with https: //.

2.1. Usage Data / Log Files

When you visit our website, so-called usage data for statistical purposes are temporarily stored on our web server as a log in order to improve the quality of our website. This log consists of

We use this information to allow access to our website, to control and administer our systems and to improve the design of our website. This data will be stored anonymously in accordance with applicable legal requirements. The creation of personal user profiles is thus excluded. Data about persons or their individual behavior are hereby not collected.

2.2. Google Maps

This website uses the service Google Maps from Google Inc. By using this site, you consent to the collection, processing and use of the automated data collected by Google Inc, its agents and third parties.

The terms of use for this at Google Maps.

3. Purpose of Data Processing

The following information provides insight into what and for what purpose we process your data.

3.1. Fulfillment of Contractual Obligations (Art. 6(1)(b) GDPR)

We process your data to carry out our contracts with you, in particular for execution and processing of booked travel services. The purposes of the data processing are depended on the specific travel services and the contract documents (e.g. accommodation, transfers, car rental, flights).

3.2. Balancing of Interests (Art. 6(1)(f) GDPR)

To pursue legitimate interests, your information may be used by us or by third parties. This is done for the following purposes:

Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, distribution, avoidance of legal risks). As far as the specific purpose allows it, we process your data pseudonymized or anonymized.

3.3. Your Consent (Art. 6(1)(a) GDPR)

If you have given us consent to the processing of your personal data, this respective consent is the legal basis for the processing mentioned therein. In addition, you may have given permission for a promotional approach by e-mail, phone or messenger service. You can revoke your consent at any time with effect for the future. This also applies to declarations of consent which you have given us before the validity of the GDPR, thus before 25 May 2018. The revocation applies only to future processing, not to ones that had already taken place. Please contact us by using our contact address.

3.4. Legal Requirements (Art. 6(1)(c) GDPR)

We are subject to various legal obligations and legal requirements (e.g. German Civil Code (BGB), German Commercial Code (HGB), Generally Accepted Accounting Principles (GoB), Passenger Name Record Act (FlugDaG), EU Package Travel Directive, Tax Laws of the Federal Republic of Germany). The purposes of the processing include identity and age checks, fraud prevention, the fulfillment of tax control and reporting obligations as well as the assessment and management of risks.

4. Use of Your Data

The disclosure of your data takes place only in compliance with the GDPR and only insofar as a legal basis allows it. Within our sales organization, entities will receive only those information they need to fulfill our contractual and regulatory obligations or to perform their respective duties (e.g. sales, customer care, tour guides, tour operators, hotels, rental cars or transfer companies).

In addition, the following places can receive your data:

5. Duration of Storage of Your Personal Data

If necessary, we process your personal data for the duration of our business relationship, which includes the initiation and execution of a contract for the execution of a travel service. In addition, we are subject to various storage and documentation obligations arising from the German Civil Code (BGB), the German Commercial Code (HGB), the Fiscal Code of Germany (AO) and the EU Package Travel Directive. The periods for storage and documentation specified there are two to a maximum of ten years. Finally, the storage period is also defined by the statutory limitation periods, which is for example according to §§ 195 et seq. of the German Civil Code (BGB) usually three years. The storage of your personal data based on your consent takes place until further notice.

6. Data Disclosure to a Third Country

We only disclose your data to countries outside the European Union if this is necessary for the execution and completion of the travel services or if it is required by law or if you have given us your consent (e.g. long-distance travel).

7. Rights in the Handling of Your Data

Under the respective legal requirements you have the right of information (Art. 15 GDPR, § 34 Federal Data Protection Act (BDSG) in its version valid from 25 May 2018), correction (Art. 16 GDPR), deletion (Art. 17 GDPR or § 35 BDSG), limitation of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR). In addition, you have the right of appeal to a data protection supervisory authority (Art. 77 GDPR or § 19 BDSG).

8. Obligation to Provide Your Data

As part of our business relationship, you only need to provide the personal information that is required to establish, conduct and terminate a business relationship or that we are required to collect by law. Without this data, we will generally have to refuse to conclude the contract or to execute the order or to be unable to complete an existing contract and to terminate it if necessary.

9. Automated Decision-Making in Individual Cases

In support and implementation of the business relationship, we generally do not use automated decision-making pursuant to Art. 22 GDPR. Should we use this method in some cases, you will be informed separately, where this is prescribed by law.

10. Profiling

We process your data partially automated with the aim to evaluate your potential interest in certain products, offers and services (so-called “profiling&rldquo; according to Art. 4(4) GDPR). The evaluation is based on statistical procedures, taking into account your previously booked travel and services with us. We use the results of these analyzes for a targeted and needs-based approach to our customers.

11. Rights as a Customer

You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Article 6 (1)(f) of the GDPR (data processing to protect a legitimate interests). This also applies to profiling based on this regulation within the meaning of Art. 4(4) GDPR, which can be used for example in customer service and support. If you object, we will no longer process your personal data. In addition, according to Art. 15 and 21 GDPR, you have a permanent right to revoke your consent to data processing for further purposes, should you have given us your consent before. The revokation can be made in each case form-free to the contact address known to you.

Every person concerned has the right to complain to the supervisory authority if they consider that the processing of data referable to them violates data protection regulations. The right of appeal may in particular be made with the supervisory authority of your federal state or be asserted at the place of the relevant infringement. An up-to-date list of the responsible authorities can be found at