TUI Deutschland GmbH privacy policy

TUI Deutschland GmbH takes the protection of your privacy and personal data extremely seriously. We also pay significant attention to these aspects during our internet activities. Our data protection practices comply with the provisions of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) as well as further provisions for data protection on the internet.
We apply technical and organisational security measures to protect your data from inadvertent or deliberate manipulation, loss, destruction or access by unauthorised persons. We shall continuously optimise these security procedures in line with technical advances.

Personal data
Personal data is information that can be used to determine your identity. This includes information such as your real name, mailing address, email address or telephone number. This does not include information that cannot be directly associated with your true identity (e.g. preferred websites or the number of users of a page).

Anonymised data
Every time that contents of our website are accessed, some general information is stored automatically (e.g. number of users and duration of the users’ visits to the individual pages, etc.). This data is not personal and is therefore processed in an anonymised format. Such information is used by us exclusively for statistical purposes to optimise our website.

Which data do we collect from you?
We collect personal data (name, address, email) in order to process the offers and services you have selected. In particular, this takes place when you book travel that we have arranged, but also for example when you complete a form, take part in a prize drawing, subscribe to our newsletter, participate in a survey, rate travel services, send us an email, or use our online services.
Please note that the personal data of travelling companions may also be collected when you book tourism services. You should therefore ensure that all information relating to third parties is provided with their consent.

How do we use and process your personal data?
The purpose of our company is the sale of tourism services and the associated services and accounting. Data is collected, processed and used for these purposes.

If we collect your personal data (name, address, email) exclusively during the use of our website, we shall use this to define the content of a contractual relationship for telemedia services as well as to improve the quality of our online services. When you participate in prize drawings, we shall use your data to process your entry. When you subscribe to the newsletter, we shall collect and process your data for the compilation of content in addition to the dispatch of an email newsletter.

Should your personal data (name, address, email) be collected and processed in conjunction with the reservation or booking of tourism services, we shall use this within the scope of the intended purpose of the contractual relationship to mediate the product and process the associated services.

Your personal data (name, address, email) shall be collected, processed and used for advertising or market research purposes only within the scope of the statutory provisions.

You are also able to object to the use of your personal data (name, address, email) for customer service and marketing purposes at any time via email. In particular, every time we use your data for advertising, marketing or market research purposes, we will advise you of the option to object at any time to your data being used and provide a simple option to unsubscribe (e.g. via a link). Please direct any objections to [online@first-bt.de].

Important for travellers to the USA
Due to a US federal law for the investigation of terrorists, airlines are obliged to inform the US immigration authorities of the flight and reservation numbers of every passenger prior to their entry into the country. You consent to this when you book travel to the USA.

Transfer of personal data to third parties
Should information be made available to service providers, they must comply with the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), other statutory provisions and the mandatory contractual commitments of TUI Deutschland GmbH regarding data protection. To perform and process the travel services we procure, we shall forward your personal data (name, address, email) to your respective contractual partner (e.g. airline, hotel provider, travel provider, car hire company, Deutsche Bahn AG, CTS EVENTIM AG, mydays GmbH, arvato services GmbH, accounting or distribution system provider, or travel insurance company).
In the case of prize drawings, we shall forward your information to the respective prize drawing partners insofar as this is necessary to redeem a prize.
We shall only forward personal data (name, address, email) to the extent permitted by law in cases in which this is necessary for processing of your booking or the associated payment process. In all other cases, only anonymised data not enabling any identification of your person shall be forwarded. The collection and/or transmission of personal data to state institutions or authorities shall only take place within the scope of the mandatory legal provisions.

Rights of the user
Upon request, you are entitled to request information on the data stored on you for free pursuant to § 34 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). Moreover, you have the right to have incorrect information corrected, deleted or blocked. Data for billing and accounting purposes are not affected by termination and/or deletion.
You are able to object to the use of your personal data for customer service and marketing purposes at any time.
In case of questions, requests or comments regarding data protection matters, please email TUI Deutschland GmbH’s data protection officer: [datenschutz@tui.de].

Links to other websites
Our online presence contains links to other websites. This privacy policy does not extend to other providers. We have no influence whatsoever over whether their operators adhere to the provisions of the privacy policy.

Saving of access data
Every time a user accesses a page offered by FIRST Business Travel and every time a file is retrieved, access data about this procedure is recorded in a log file on our server.
Each data record consists of information on:

• the page on which the file was requested
• the name of the file
• the date and time of the request
• the volume of data transmitted
• the retrieval status (file transferred, file not found, etc.)
• a description of the type of web browser used
• the IP address of the client
• other...

Processing of this information takes place for the purpose of enabling use of the website (establishment of a connection), system security, technical administration of the network infrastructure and optimisation of the internet offers. The IP address shall only be evaluated in the event of fraudulent access to the network structure of TUI Deutschland GmbH.

Insofar as the opportunity exists within the internet offer to enter personal or business information (names, addresses, emails), disclosure of this information by the user is expressly on an voluntary basis. Your data will also be handled confidentially here. Your data will not be linked to the aforementioned access data.

Saving of contractual data
Your data will only be saved for as long as this is necessary for the processing of data. For this reason, it may be that you are required to re-enter your data if you do not use your profile data for a longer period.

Given that the information on travellers may also relate to third parties, you must ensure that all information relating to other travellers has been made available with the consent of these persons.

Cookies
We use cookies in some areas of our website. Cookies may also be used on linked pages without any opportunity on our part to inform you of this in advance.
Cookies are required during login in particular, as we shall in future use a so-called single sign-on concept for reasons of user friendliness during authentication and for access control in the various areas of our portal.
This includes the establishment of a “session” between the client and server, which allows you to use the entire portal without having to sign into each individual area. This session is represented by a cookie in which a randomly generated number is stored. Furthermore, the login information assigned to you is stored in another cookie for access control. This can be understood as a kind of backup login information. Instead of prompting you to re-enter your login information, a cookie will be sent to the server and accepted as proof of your identity. The validity of both cookies is limited to the duration of your visit to our portal. They will automatically be deleted when the browser is closed. No link is made with personal data, nor can any conclusions be drawn about a user’s activities.

Most browsers are set to automatically accept cookies. However, you are able to deactivate the storage of cookies or configure your browser to notify you as soon as cookies are sent.

Cookies from third-party providers
During your visit to our website, you may notice cookies from one of our partners. You may receive cookies from these websites if you visit one of our web pages with such linked content. We have no control whatsoever over the settings for these cookies. Should you be concerned about these cookies, you should visit the websites of these third-party providers to obtain more detailed information on management of their cookies.

Use of eTracker
Technology created by eTracker GmbH (www.etracker.com) is used on www.first.business-travel.de to collect and save data for marketing and optimisation purposes. This data can be used to create user profiles under a pseudonym. Cookies may be used for this. Cookies are small text files that are saved locally in the cache of the website visitor's internet browser. Cookies enable recognition of the internet browser. The data collected using eTracker technology will not be used to identify the visitor to this website personally without their prior consent and will not be merged with personal data relating to the person to whom the pseudonym refers. You may revoke your consent for data to be collected and saved in the future at any time.

Use of Facebook social plugins
Our website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
The Facebook plugins are identifiable by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” icon) or feature the words “Facebook Social Plugin”. Please see here for a list of the Facebook social plugins and details of their appearance: http://developers.facebook.com/plugins.
When you visit a page on our website containing such a plugin, your browser will establish a direct connection to the Facebook servers. Facebook transmits the plugin contents directly to your browser, which then integrates the contents into the website. As a consequence, we have no influence over the amount and content of data collected by Facebook using this plugin and therefore inform you according to our state of knowledge: (www.facebook.com/help/?faq=186325668085084):
Use of a plugin grants Facebook access to the information that you have visited the respective page on our website. If you are logged into Facebook at the time, Facebook can also link your visit to your Facebook account. If you interact with the plugins, e.g. by activating the ‘Like’ button or leaving a comment, your browser will transmit the corresponding information directly to Facebook and save it there. Even if you do not have a Facebook account, it is still possible that Facebook will acquire and store your IP address.
Please see Facebook’s data policy for details of the scope and purpose of data collection and subsequent processing and use of the data by Facebook as well as your rights and settings options to protect your privacy. The policy is available at www.facebook.com/policy.php.
If you have a Facebook account and do not want Facebook to collect information about your visit to our website or for this to be linked to your Facebook account data, please log out of Facebook before visiting our website and delete the cookies from your browser. Cookies are explained in greater detail elsewhere in this privacy policy.
You can also block Facebook social plugins by using add-ons for your browser, e.g. Facebook Blocker.

Use of Google Plus plugins
Our website uses social plugins (“plugins”) provided by the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
The Google Plus plugins are identifiable by the “+1” sign on a white or coloured background.
When you visit a page on our website containing such a plugin, your browser will establish a direct connection to the Google servers. Google transmits the plugin contents directly to your browser, which then integrates the contents into the website.
As a consequence, we have no influence over the amount and content of data collected by Google using this plugin. According to Google, no personal data is collected without clicking on the button. Only the data, including IP address, of members who are logged in is collected and processed.
Please see Google’s privacy policy for details of the scope and purpose of data collection and subsequent processing and use of the data by Google as well as your rights and settings options to protect your privacy. The policy is available at www.google.com/intl/de/policies/privacy.
If you have a Google Plus account and do not want Google to collect information about your visit to our website or for this to be linked to your Google account data, please log out of Google Plus before visiting our website and delete the cookies from your browser. Cookies are explained in greater detail elsewhere in this privacy policy.

Use of Twitter plugins
Our website uses social plugins (“plugins”) from the social network Twitter, which is operated by Twitter Inc. with headquarters in 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”).
The Twitter plugin is identifiable by the bird icon and the “Tweet” lettering.
When you visit a page on our website containing such a plugin, your browser will establish a direct connection to the Twitter servers. Twitter transmits the plugin contents directly to your browser, which then integrates the contents into the website.
Use of the plugin grants Twitter access to the information that you have visited the respective page on our website. If you are logged into Twitter at the time when you use one of the plugins, Twitter can link your visit to your account. If you interact with the plugins, e.g. by activating the ‘Tweet’ button, your browser will transmit the corresponding information directly to Twitter and save it there Even if you do not have a Twitter account or have logged out of Twitter before visiting our website, it is possible that Twitter will still acquire and store your IP address.
Please see Twitter’s privacy policy for details of the scope and purpose of data collection and subsequent processing and use of the data by Twitter as well as your rights and settings options to protect your privacy. The policy is available at https://twitter.com/privacy.
If you have a Twitter account and do not want Twitter to collect information about your visit to our website or for this to be linked to your Twitter account data, please log out of Twitter before visiting our website and delete the cookies from your browser. Cookies are explained in greater detail elsewhere in this privacy policy.

Use of XING plugins
Our website uses plugins of the social network XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. The XING plugins are identifiable by the XING logo on our website. If you click on the logo when you visit our website, a direct connection shall be established between your browser and the XING server via the logo. Please note that as the website provider, we have no knowledge of the content of the data transmitted or its use by XING. Please see XING’s privacy policy for further details: www.xing.com/privacy.

Google Analytics
When you log in to FIRST Business Travel, your flight, hotel and hire car bookings shall be processed via the booking engine operator ypsilon.net AG. ypsilon.net AG sometimes also uses Google Analytics, which is a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files that are saved on your computer and enable analysis of your use of the website. Information on your use of this website (including your IP address) generated by the cookie is transmitted to a Google server in the USA and saved there. Google uses this information to evaluate your use of the website in order to compile reports on website activities for the website operator, and to provide additional services related to website and internet use. Google may also transmit this information to third parties, insofar as this is legally stipulated or third parties process this data on behalf of Google. Under no circumstances shall Google link your IP address to other data saved by Google. You can prevent the installation of cookies by selecting the corresponding settings in your browser; however, we would like to point out that doing so may mean that you are unable to take full advantage of all functions of this website. By using this website, you declare that you consent to the processing of data collected about you by Google in the manner described above, and for the purposes described above.

Questions and comments
In case of questions, requests or comments regarding data protections matters, please email TUI Deutschland GmbH’s data protection officer: [datenschutz@tui.de].
The rapid development of the internet means that we may have to amend our privacy policy from time to time. We will make information on any amendments available here.

Last updated: 4 October 2013