1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
We do not use analysis tools
Processing personal data and the purposes of data processing
a) When you visit our website
You can access our website www.kreta-inside.com without having to disclose details of your identity. The browser installed on your device will only automatically send information to our website servers (e.g. your computer’s operating system and the browser you use, the name of your ISP, the name and URL of the file accessed, the date and time it was accessed, the originating website of the access).
This also includes the IP address of your device from which the request is sent. This is stored temporarily in a log file and automatically deleted after four weeks.
Processing the IP address occurs for technical and administrative purposes for the establishment and stability of the connection, to ensure the security and functionality of our website and enable us to trace any unlawful attacks on it.
Article 6 (1)(1)(f) of the GDPR is the legal basis for processing the IP address. Our legitimate interest follows from the requirement for security, as mentioned above, and the need for uninterrupted availability of our website.
Processing the IP address and other information in the log file does not enable us to draw any direct conclusions about your identity.
b) When registering on our platform
As a holidaymaker, you can browse the range of holiday homes and apartments on our platform and send booking requests to respective landlords. Complimentary registration is required to make a request to or booking with a provider for holiday accommodation as a holidaymaker. This also allows you to use extended functions such as managing your booking requests and communicating with the landlord.
As a landlord, you must register on our platform to be able to offer holiday homes on our platform.
In the process of registering on our website as a holidaymaker or landlord, we will collect and store the following data about you as obligatory information:
You will then have the option to add further information to your user account.
This data is collected and stored
to provide us with information on who our contracting party is;
for reasons of content arrangement, processing, and amendment of a contractual relationship with you regarding the use of our platform as a registered holidaymaker;
to fulfill the license agreement or agency contract between us and the user;
to check the plausibility of the data entered;
to make the necessary contact with you, where applicable
Processing within the registration process is carried out upon your request and is required in accordance with Article 6(1)(1)(b) GDPR for the purposes mentioned above for using the platform and therefore fulfilling the agreement and pre-contractual measures.
We will also use your email address, collected in the registration process or within the process of implementing the agreement, to inform you of particular services or goods or more generally about www.kreta-inside.com via email. In this case, the email address is processed on the basis of our legitimate interests in promoting our goods and services (Article 6(1)(f) GDPR).
The data provided by you will be stored for the duration of the contractual relationship with you and will then be erased.
c) When you send an inquiry
If you are interested in a holiday home you can use our inquiry form to contact the owner. The following mandatory information must be entered:
You also have the option to volunteer for further information and put questions to the owner.
All the information provided by you is forwarded to the owner for the purposes of the contact inquiry. The owner will use the information to check your inquiry and to respond to you.
Processing occurs when you make your inquiry and is required in accordance with Article 6 (1)(1)(b) of the GDPR for the above-mentioned purposes of completing the contract and pre-contractual measures.
If you send an inquiry as a registered user, the information provided by you will be stored in your user account as a booking inquiry until it is erased.
d) When you use our contact form
You can make general inquiries to us using the contact form on our website. Here you are required to provide your surname and a valid email address. Additional data such as a message can be entered voluntarily.
This data is collected so that we know who sent the inquiry and to enable us to reply in the best way. Data processing occurs upon your inquiry and only insofar as it is required to carry out pre-contractual measures in response to a contact inquiry in accordance with Article 6 (1)(1)(b) of the GDPR or to safeguard the legitimate interests of ourselves or third parties in accordance with Article 6 (1)(1)(f) of the GDPR.
The personal data collected by us for the use of the contact form is automatically erased once the inquiry sent by you has been processed in full.
e) When you sign up for our newsletter
If you have given your express consent in accordance with Article 6 (1)(1)(b) of the GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, you just have to submit your email address. You will then receive a confirmation email in order to register for the newsletter (“double opt-in”). This serves as proof for us that the registration really was initiated by you.
You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you can email us your request to unsubscribe from the newsletter at any time to email@example.com.
3. Forwarding personal information to third parties
To the extent permitted and necessary to administer contractual relationships with you in accordance with Article 6 (1)(1)(f) of the GDPR or to guarantee our interests or those of a third party in accordance with Article 6 (1)(1)(f) of the GDPR, your personal data will be forwarded or accessible to third parties in the following cases:
If you as an owner place an advertisement for a holiday home your first name and surname and the telephone number you have provided will be visible to prospective renters.
If you as a traveler make contact with an owner, we will forward them your first name and surname as well as your telephone number and email address along with any other details you have provided.
Beyond this, your personal information may also be passed on
if you have given your express consent in accordance with Article 6 (1)(1)(a) of the GDPR;
in the event that there is a legal requirement to pass on the information in accordance with Article 6 (1)(1)(c) of the GDPR; and
insofar as this is necessary in accordance with Article 6 (1)(f) of the GDPR for us to enforce our rights, in particular, to enforce claims resulting from a contractual relationship with you.
The forwarding of personal information to a third country or an international organization is excluded.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Stadtländer Strasse 74
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked, or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data collection on our website
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
4. Social media
Facebook plugins (Like & Share buttons)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.
Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1’d a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.
Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.
Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
Our website contains functions of the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.
When you visit a page containing the Pinterest social plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits this log data to Pinterest servers in the United States. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.
More information about the purpose, scope, and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in the privacy notices of Pinterest: https://about.pinterest.com/de/privacy-policy.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members’ area) remain unaffected.
This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service that organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA.
MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.
We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp’s servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.
If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.
Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the members’ area) remains unaffected.
Completion of a data processing agreement
We have entered into a data processing agreement with MailChimp, in which we require MailChimp to protect the data of our customers and not to disclose said data to third parties. This agreement may be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.
7. Plugins and tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.
If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and facilitating the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.