Data protection declaration
Data protection declaration of TUI AG
TUI AG (acting here on behalf of Iberotel Hotels & Resorts) treats the protection of your private sphere and personal data as a matter of great importance. This standpoint is also central to how we carry out our online activities. Our data protection procedures are therefore fully compliant with all applicable legal rules and regulations regarding the protection of personal data.
We employ a range of technical and organisational security measures to secure your data with the best possible protection against accidental or malicious manipulation, loss, destruction or unauthorised access. Our security measures are continuously revised in line with the latest technical developments.
We would like to take this opportunity to list the personal data that we record and how it is used. We will also explain who we provide this data to, how we protect your data and how you may change your data.
What is personal data?
Personal data is information that could be used to discover your identity. This includes details such as your full name, address, post code, IP address, telephone number or e-mail address.
What is anonymised data?
General information (e.g. the number of users to each page and how long they stay there) is recorded automatically every time a user visits one of these web pages. This data is not personal and is therefore treated as anonymised data. This type of information is used exclusively for statistical purposes and allows us to enhance the online services.
What data do we take from you?
We record, process and use personal data in order to process the offers and services that you have chosen. Examples include hotel booking, completing forms, entering promotions, subscribing to a newsletter, taking part in surveys, rating travel services, sending e-mails and using online services.
Please note that personal data relating to fellow travellers may also be recorded, especially when booking tourist services. For this reason it is important that you obtain permission from the individuals in question before submitting any of their personal data.
How do we use and handle your personal data?
The focus of our company is the sale of hotel services including any associated financial or general services. Data is recorded, handled and used for this purpose.
Personal data obtained exclusively from using our website is used to determine the content of a contractual relationship for telemedia services and to improve the quality of our online facilities. Data obtained from taking part in promotions is used to carry out the promotions in question. Data provided for newsletter subscriptions is used to decide on the content and subsequent despatch of newsletters.
If personal data is taken and processed with regard to booking a tourist service, then this data is used within the framework of the contractual relationship to procure the product and to perform any other related services.
Recording, handling and using your personal data for advertising or market research purposes is always carried out in line with legal guidelines. You may bar your personal data from being used for this purpose at any time. Your right to revoke the use of your data at any time will be stated on every occasion that your data is used for advertising, market research or opinion polling, or alternatively, a simple cancellation option (e.g. a link) will be provided.
To whom do we pass your personal data?
To process the tourist services we provide, we will pass on your personal data to your respective contractual partner (e.g. hotel or travel insurance).
In the case of promotions, your data will be passed on to the respective promotion partner if this is necessary to redeem a prize.
Personal data will be made available to our service providers responsible for delivering newsletter subscriptions.
Data concerning your usage of our online services will be passed on to our online system service providers (operator of hosting systems, internet booking engines, mid-office systems, web analysis service providers, global distribution systems and marketing service providers). Our system service providers help us to continuously improve our offers and services for your benefit.
In compliance with the governing legal framework, personal data is only passed on when necessary in order to process your booking or any associated payment transactions. Anonymised data will be used in all other instances, which cannot be used to identify any personal details.
Public bodies and authorities are only granted access to personal data in the event that this is a mandatory legal requirement.
The sale of personal data, especially addresses, to third parties is expressly prohibited.
How do we protect your data?
In order to give your personal data the best possible protection, especially when booking a tourist service offered by ourselves, we will always implement the SSL (Secure Socket Layer) protocol when data is transferred from your computer to our server. This ensures that all data transfers are encrypted.
Your personal data will only ever be saved in line with the legal regulations in force in the Federal Republic of Germany and the United States of America. Data stored in the USA is also subject to the Safe Harbour Agreement as recognised by the European Union.
In the event that we may pass on your personal data to our service providers as part of the services described above, your data is protected not only by mandatory legal guidelines, but also by additional contractual obligations that we impose with regard to data protection.
To protect your credit card details we must expressly remind you to only ever enter this data into the fields on the booking form intended for this purpose. Data security can only be guaranteed upon adherence to the designated data transmission methods.
You are entitled to request that all data held in relation to yourself be provided to you completely free of charge. You also have the right to correct, delete or block erroneous data. Data required for certain legal obligations, especially in regard to accounting and bookkeeping, may not be deleted.
Where data is stored / data protection bodies
TUI AG is responsible for storing and handling data as well as the service provider. More information and contact details can be found on our legal notice page.
Please send any questions, requests or comments concerning data protection to: firstname.lastname@example.org.
The rapid development of the internet means that our data protection regulations may need updating from time to time. You will be advised of any such changes here.
Embedded Facebook social plugins
Social plugins ("plugins") belonging to the social network facebook.com - operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") - are embedded in our website.
Facebook plugins can be identified by the Facebook logo (a white "f" on a blue tile or a "thumbs up") or are expressly marked as a "Facebook Social Plugin". The list and appearance of Facebook social plugins can be found here: http://developers.facebook.com/plugins.
On opening one of our web pages containing such a plugin, your browser will establish a direct connection to the Facebook servers. Facebook sends the plugin content directly to your browser, which then embeds this into the web page. We accordingly have no influence over the scope and content of the data that Facebook acquires using this plugin and therefore draw your attention to the information we have available in this respect (http://www.facebook.com/help/?faq=186325668085084).
An embedded plugin grants Facebook access to the information that you have visited the respective page of our online portfolio. If you are logged in to Facebook at the time, Facebook can also link your visit to your Facebook account. By interacting with a plugin, such as clicking the Like button or adding a comment, your browser will send the corresponding information directly to Facebook at which point it will be saved. Even if you are not a member of Facebook there is a possibility that Facebook will acquire and store your IP address.
Please see the Facebook data protection policy for details on the scope and purpose of data acquisition and subsequent data handling and usage by Facebook as well as your rights and configuration options regarding the protection of your personal sphere. The policy can be found at: http://www.facebook.com/policy.php.
If you a Facebook member and do not want Facebook to collect data concerning your visit to our website and do not want this linked to your Facebook membership data, please log out of Facebook before visiting our website and delete the cookies from your browser. Cookies are explained in more detail elsewhere in this data protection declaration.
You can also block Facebook social plugins by using add-ons for your browser, such as "Facebook Blocker".
When visiting our website, information is stored in the internet browser software on your computer in the form of a cookie. This contains details about how you use the website. Cookies allow us to tell when your computer accesses our site again, facilitating the use of functions and entering repeated data.
The majority of browsers are set to automatically accept cookies. However, you do have the option to block cookies, or set your browser to notify you every time a cookie is sent. You are also able to delete cookies saved to your hard drive at any time.
Cookies are necessary in order to make a booking. Restricted use of our services is also possible without cookies.
Use of Google Analytics
This website uses the Google Analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies" (text files saved to your computer) to analyse how you use the website. All usage information obtained by the cookie (including your IP address) is forwarded and saved on a Google server in the USA. Google uses this information to analyse your usage of the website in order to compile website activity reports for the website owner and to supply services connected to website and internet usage behaviour. Google may also pass on this data to authorised third parties in line with the relevant legislation. Google will never link your IP address to other Google data. You can configure your browser software to block the installation of cookies. However, it may not be possible to provide you with the full functionality of our website if cookies are blocked in this manner. By using this website you declare your express permission for Google to use the data it collects in the manner and for the purpose outlined above.
You can withdraw permission for Google to collect and store your data at any time. This will have no retroactive effect. To do so you may use the following plugin.
Our website uses the anonymisation function of Google Analytics. IP addresses are only saved and handled in abbreviated form to eliminate all individual references.
Use of Google Maps
This website uses Google Maps for its maps and directions. Google Maps is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website you declare your express permission for Google, one of its representatives or a third-party provider to record, handle and use the data acquired automatically or actively entered by yourself. The conditions of use for Google Maps can be found under the conditions of use for Google Maps.
Links to other websites
Our online offers contain links to other websites. This data protection declaration does not extend to other providers. We have no influence on the data protection activities of third party providers and therefore accept no responsibility for the accuracy, topicality and completeness of information that they provide.
TUI AG, Iberotel Hotels & Resorts, Karl-Wiechert-Allee-4, 30625 Hanover
Chair of the Supervisory Board: Prof. Klaus Mangold
Executive Board: Dr. Michael Frenzel (Chairman), Friedrich Joussen, Peter Long, Horst Baier