Data protection

The protection of your data is important to us! Introduction

Dear visitors to our website,

Thank you for visiting our website. To ensure that you feel safe and comfortable when visiting our website, we would like to inform you below about how we handle your data. The following data protection provisions are intended to inform you about our handling of the collection, use and disclosure of personal data.

aovo Touristik AG, Esperanto Strasse 4, 30519 Hannover, Germany is responsible for data collection and processing.

Data protection information in accordance with Art. 13 and 14 of the EU General Data Protection Regulation (EU GDPR)

With this data protection declaration, we inform you about the processing of your personal data by us, as well as about the data protection rights to which you are entitled when booking a travel service.

1. Who is responsible for data processing and who can you contact?

When you use the get2fairs website, aovo Touristik AG, as the operator of this site, processes personal data as the controller.

aovo Touristik AG
Data Protection Officer
Esperanto Strasse 4
D-30519 Hanover

If you have any questions or suggestions regarding data protection, please send an e-mail to: datenschutz@aovo.de

2. Handling of personal data

The protection of your privacy is very important to us. We have therefore designed our website in such a way that it can be used anonymously. We use information that we receive and store during your visit to our website exclusively for internal purposes and to improve the design of the website. We only store the IP address transmitted by your web browser for a period of 30 days in order to be able to recognize, limit and eliminate faults or errors (e.g. attacks on our servers). After this period has expired, we delete or anonymize the IP address. We only use the IP address strictly for the above-mentioned security purposes. Further information on the processing of the IP address can be found in the following section “Usage data/log files”.

3. Usage data/Logfiles

We use and store information that we receive during your visit to our website for the purposes of security and improving the functionality of the website. This data record consists of

  • the page from which the file was requested,
  • the name of the file
  • the date and time of the request
  • the amount of data transferred
  • the access status,
  • the description of the type of web browser used
  • the operating system,
  • the IP address of the requesting computer (see above anonymized after the above-mentioned period)

We use this information to enable you to access our website, to monitor and administer our systems and to improve the design and function of the website. We only store the IP address transmitted by your web browser, including the above-mentioned data record, for a period to be able to recognize, limit and eliminate malfunctions or errors (e.g. attacks on our servers). Storage ends after one month at the latest. After this period, we delete or anonymize the IP address.

4. Which data is used for the implementation of pre-contractual measures, decision on conclusion of contract and fulfilment of contract?

Necessity of the provision of personal data 

The provision of personal data for pre-contractual measures, conclusion, and fulfilment of the contract for the booking request/travel booking is voluntary.

For the implementation of pre-contractual measures, conclusion, and fulfilment of the contract, it is only necessary to provide data that is relevant for these purposes. We receive the data directly from you, e.g. as part of the travel booking or another order placement, e.g. via a travel agent/travel agency/association.

If you provide us with personal data of other persons (e.g. fellow travellers) as a travel applicant, you must ensure that they agree to this and that you are allowed to transmit the data. You must ensure that these persons know how their personal data can be processed by us and what rights they have.

Categories of personal data

Where necessary, we process the following categories of data: 

  • Identification/authentication data (e.g. surname, first name of all travellers, transaction number, passport data)
  • Demographic data (e.g. age, date of birth of all travellers)
  • Physical characteristics (e.g. salutation, gender of all travellers)
  • Communication data (e.g. postal address, e-mail address, telephone number, correspondence, e-mail correspondence)
  • Account details (e.g. IBAN/BIC number) in the case of a bank transfer
  • Credit card details in the case of payment by credit card
  • Personal data in the case of payment via PayPal
  • Travel data (e.g. booked products, travel history)
  • special personal data in accordance with Art. 9 para. 1 EU GDPR (e.g. mobility aids, meal preferences)
  • preferences (e.g. your preferences, your ratings regarding your trips, if arranged through us/carried out by us)
  • Behaviour (e.g. behaviour on our websites/app, location)
  • Data in the context of complaints and crises

This also includes associated customer support relating to your booking. We will send you your booking confirmation, travel documents and further information about your booked trip to the e-mail address you have provided.

5. On what legal basis and for what purpose is the data used?

5.1 Data processing based on consent

If you have given your separate consent, the corresponding processing is carried out based on Art. 6 para. 1 lit. a GDPR. Your consent can be withdrawn at any time without affecting the lawfulness of the processing carried out to date. If consent is withdrawn, we will cease the corresponding data processing.

5.2 We process the following data in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of

  • the preparation of the offer
  • the fulfilment of our contract with you
  • the processing of complaints/complaints
  • within our crisis management
  • to support our sales organization with your travel support

The data required to fulfil the contract will be stored in accordance with statutory retention periods (e.g. German Fiscal Code (AO), German Commercial Code (HGB)) and deleted after these periods have expired.

5.3 On the basis of legal requirements (Art. 6 para. 1 lit. c EU GDPR).

We are subject to various legal obligations and legal requirements (e.g. German Civil Code (BGB), EU travel law, German Commercial Code (HGB), GoB, Passenger Name Record Act, tax laws of the Federal Republic of Germany). Your data may be processed by us or authorized third parties for the purposes of identity and age verification, the prevention of criminal offences (e.g. fraud), the fulfilment of tax/official control and reporting obligations, the assessment and management of risks and the retention of data under financial and tax law. The data will be deleted after the required retention periods have expired.

5.4 Data processing to protect vital interests (Art. 6 para. 1 lit. d EU GDPR)

To protect the vital interests of you or another natural person, e.g. to be able to provide emergency services with an evacuation list in emergency situations, your data may be processed by us or authorized third parties. The data will be deleted after the required retention periods have expired.

5.5. To protect legitimate interests (Art. 6 Para. 1 lit. f EU GDPR)

As part of a balancing of interests to protect our predominantly legitimate interests and the interests of third parties, your data may be processed by us or by authorized third parties for the following purposes.

  • Function, availability, and security of business operations (e.g. IT, other services)
  • Further development of service/travel services and additional products (e.g. quality management)
  • Asserting, exercising, or defending legal claims – the legitimate interest is particularly present when entering transactions with a risk of financial default
  • Prevention and investigation of criminal offenses (e.g. fraud) – the legitimate interest is particularly present when entering transactions with a risk of financial default
  • Processing inquiries and providing necessary information (e.g. contact form)

Our interest in the respective processing arises from the respective purposes (making a profit, avoiding legal risks, asserting, exercising, or defending legal claims, providing and security of our business operations, efficient fulfilment of tasks, process optimization). As far as the specific purpose allows, we process your data pseudonymously.

6. Who receives the data?

Your personal data will only be passed on in compliance with the provisions of the EU GDPR and only insofar as a legal basis permits this. Your data will only be received by those bodies that need it to fulfil our contractual and legal obligations or to fulfil their respective tasks:

  • departments within and outside the controller (e.g. customer service, data protection management, accounting, internal and external legal advice, compliance) tasked with carrying out the trip/processing your request 
  • Destination agency (e.g. tour guide, hotel reservation, transfer and possibly excursion services)
  • Transportation service provider (airline, rail)
  • Accommodation provider (hotel management)
  • insurers
  • Service providers of other booked services
  • Partners to assist in the investigation of criminal offenses (e.g. fraud), assertion, exercise or defence of legal claims
  • public authorities (tax authorities, embassies of the destination country) in the event of a legal or official obligation (e.g. retention obligations, VISA procurement, obtaining entry requirements)
  • other bodies for which you have given us your consent to data processing

6.1 Payment data

aovo Touristik AG is responsible for the secure processing of payments for your travel booking and uses the following payment service providers, to whom the necessary payment data (amount, booking reference, booking description, payer) is transmitted.

  • Payment by credit card (VISA, MasterCard)
    Our payment service provider for processing credit card payments is Nexi Germany GmbH, Helfmann-Park 7, D-65760 Eschborn. You can find out how Nexi Germany GmbH processes your data in Nexi Germany GmbH’s data protection notice: https://www.concardis.com/datenschutz. The processing of your credit card data for the payment and the application of the security measures of the issuer of your credit card such as 3D-Secure and strong customer authentication are carried out directly by the payment service provider. We do not have access to your full credit card details and only store a reference in the form of an abbreviated credit card number so that you can recognize it. For fraud prevention purposes, a fingerprint of your device or browser is processed together with the payment data with the help of a processor. This serves to protect you and us to prevent the misuse of your payment method for payment at aovo.de. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.
7. How long is personal data stored?

Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations arising from the German Civil Code (BGB) and EU travel law, the German Commercial Code (HGB) and the German Fiscal Code (AO), among others.

  • Storage for 3 years according to §§ 195 ff. BGB
    beginning at the end of the year in which the claim arose, and the creditor becomes aware of the circumstances giving rise to the claim and the identity of the debtor or should have become aware of them without gross negligence for the assertion, exercise or defence of legal claims in accordance with Section 199 (1) BGB
  • Retention for 6 years
    begins at the end of the calendar year in which the last entry was made in the trading book, the inventory was prepared, the opening balance sheet or the annual financial statements were adopted, the individual financial statements pursuant to Section 325 (2a) or the consolidated financial statements were prepared, the commercial letter was received or sent or the accounting voucher was created in accordance with the statutory retention periods from Section 257 (5) HGB for commercial letters and begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance sheet, annual financial statements or management report was prepared. 5 HGB for commercial letters and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting document was created, furthermore the record was made or the other documents were created in accordance with § 147 para. 4 AO for commercial and business letters, other documents, insofar as they are relevant for taxation.
  • Retention for 10 years
    begins at the end of the calendar year in which the last entry was made in the trading book, the inventory was prepared, the opening balance sheet or the annual financial statements were adopted, the individual financial statements pursuant to Section 325 (2a) or the consolidated financial statements were prepared, the commercial letter was received or sent or the accounting document was created in accordance with the statutory retention periods from Section 257 (5) HGB for trading books, inventories, opening balance sheets, annual financial statements, individual financial statements pursuant to Section 325 (2a), management reports, consolidated financial statements, group management reports and their understanding. 5 HGB for trading books, inventories, opening balance sheets, annual financial statements, individual financial statements in accordance with Section 325 (2a), management reports, consolidated financial statements, group management reports and the work instructions and other organizational documents required for their understanding, documents for entries in books to be kept in accordance with Section 238 (1) (accounting documents) and begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting voucher was created, the record was made or the other documents were created in accordance with Section 147 para. 4 AO for books and records, inventories, annual financial statements, management reports, the opening balance sheet as well as the work instructions and other organizational documents necessary for their understanding, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code in the case of other claims for damages pursuant to Section 199 (3) BGB after ten years from their creation.
  • Retention for 30 years
    in the case of claims for damages based on injury to life, limb, health or freedom 30 years from the commission of the act, the breach of duty or the other event causing the damage (e.g. judgments, default summonses, court files, notarial deeds)

    Processing for advertising purposes can be objected to free of charge at any time upon informal request in accordance with Art. 21 EU GDPR; in this case, the data will be blocked for advertising purposes. Your data will be deleted when priority retention periods have expired.

    Your personal data will be deleted on the basis of your consent as soon as the purpose has been fulfilled or until revocation and when priority retention periods have expired.
8. Will personal data be transferred to a third country and will automated decision-making take place?

A transfer to a third country is not intended.

In principle, we do not use automated decision-making in accordance with Art. 22 EU GDPR to establish and conduct the business relationship. Should we use these procedures in individual cases, you will be informed separately if this is required by law.

9. Rights of the data subject

You have the right to obtain information from the controller about the personal data concerning you and to have incorrect data corrected or deleted if one of the reasons stated in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. There is also the right to restriction of processing if one of the conditions specified in Art. 18 GDPR applies and, in the cases of Art. 20 GDPR, the right to data portability. If data is collected based on Art. 6 para. 1 lit. e or lit. f, the data subject has the right to object to the processing at any time for reasons arising from their particular situation.

We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise, or defence of legal claims.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU GDPR, Section 19 BDSG). 

State Commissioner for Data Protection of Lower Saxony (LfD)
Prinzenstrasse 5,30159 Hanover, Germany

10. is there an obligation to provide personal data?

As part of our business relationship, you only have to provide the personal data that is necessary for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it.

11. Is the aforementioned data used in any way for profiling?

Language. To ensure that you receive our emails in your language.

12. Data security

To protect your data from unauthorized access, we use an encryption process on our website. Your data is then transmitted from your computer to our server and vice versa via the Internet using TLS 1.2 encryption. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

However, when you contact us by e-mail, the confidentiality of the information transmitted on the Internet is often not encrypted and is therefore not protected against unauthorized access during transmission. We therefore recommend sending confidential information exclusively by letter.

13. contact details of the data protection officer

If you have any questions or suggestions about data protection, please contact our data protection officer:

aovo Touristik AG
Data Protection Officer
Esperanto Strasse 4, 30519 Hanover, Germany

E-mail: datenschutz@aovo.de

Website analysis and tracking

14. General information

As a user, you can decide for yourself about the use of cookie-based services / technologies and the collection of data by them on our portal and adjust or revoke them at any time with effect for the future. This is possible via an information and consent banner, which is displayed on first visits and when changing services, as well as via the cookie settings, which can be accessed at any time via a link at the bottom of each page. As part of a GDPR-compliant approach, we only use services requiring consent after you have given your prior consent. You can also use our website without this consent.

As a user, you have other, alternative ways such as browser extensions, settings, adblockers or opt-out links of individual tools to prevent the setting of cookies or data collection by services. We would like to point out that these methods are not equivalent to the use of a consent management system. Browser extensions, settings and adblockers can prevent cookies and, where applicable, data collection by services. However, you cannot always decide for yourself what you want to allow or prevent. It is possible that your decisions made via the consent management system may be overridden or even prevent the necessary use of the consent management system. In addition, extensions and adblockers can cause unexpected problems with the basic functions of the portal.
Many marketing services provide their own opt-out options via opt-out links or cookies. We list these in the privacy policy, if available. The opt-out often applies to the basic portal-independent use of the service, but only takes place subsequently and on a page of the provider, independent of the consent management of our portal. In many cases, opt-out cookies are set, which in turn can be revoked by the cookie settings of your browser or by deleting cookies.
If you use the alternative methods mentioned, it is not possible for us to document your settings and decisions.

15. Use of cookies

When you visit our website, information may be stored on your computer in the form of cookies in order, for example, to recognize visitor preferences and optimize the website accordingly. This helps us, for example, to make navigation easier and to achieve a high level of user-friendliness.

Cookies are text files that are stored on the user’s hard disk when they visit a website. They are harmless to your computer and cannot be viewed by third parties. They make it possible to store information for a certain period and to identify the user’s computer.

If you accept our cookies, they will remain on your computer for a period of 30 days unless you delete them beforehand. During an online booking, cookies are stored temporarily for the duration of the booking. These are automatically deleted after 30 minutes of inactivity or after closing the website.

You can object to the collection and storage of your data via this service at any time. If you want to avoid the activation of cookies, deactivate them in your browser. Please note, however, that disabling cookies may restrict the use of the website and the services offered.

16. Use of Google Analytics

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of the processing

Google Analytics uses cookies that enable your use of our website to be analysed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. A transmission of this data has been extended by “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so-called IP masking). If IP anonymization is activated on our websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google will only transfer your data to third parties on the basis of legal regulations or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

By using this website, you consent to the processing of data about you by Google and the manner of data processing described above as well as the stated purpose. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. You can also prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at
https://policies.google.com/?hl=en&gl=de.

During your website visit, your user behaviour is recorded in the form of “events”. Events can be:

  • Page views
  • First visit to the website
  • Start of the session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • file downloads
  • Viewed / clicked ads
  • language setting

Also recorded:

  • approximate location (region)
  • IP address (in abbreviated form)
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Internet provider
  • the referrer URL (via which website/advertising medium you came to this website)

Purposes of the processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.

Recipients

Recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Storage period

The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR

Withdrawal of consent

You can withdraw your consent at any time with effect for the future by accessing the cookie settings https://policies.google.com/technologies/ads?hl=en and changing your selection there. This does not affect the lawfulness of the processing carried out based on the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

  1. Not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=en.

General linking to third-party profiles

17. Integration of Google Maps

The map service Google Maps is connected to our website via an API. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on Google servers in the USA. As the provider of this site, we have no influence on data transmission.

We use Google Maps on our websites to present our offers in an appealing way and to show you the exact location of our products (legitimate interest according to Art. 6 para. 1 lit. f GDPR).

Further information on the handling of your data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=de

The legal basis here is Art. 6 para. 1 lit. f GDPR. The legitimate interest of the provider is to improve the quality of use of the website.

How up-to-date is this data protection notice?

We adapt the data protection notice to changed functionalities or changed legal situations. We therefore recommend that you read the data protection notice at regular intervals.

Current status: February 2024

close arrow_back_ios arrow_forward_ios