Data protection information according to Art. 13 and 14 of the EU Data Protection Regulation (EU-GDPR)

This data protection declaration informs you about the processing of your personal data by us as well as about the rights you are entitled to when using our services.

(Status: 14.06.2023)

  1. Who is the controller for data processing and whom can you contact? 

DER Touristik DMC GmbH, Humboldtstraße 140-144, 51149 Köln. If you have any questions on the subject of data protection, you can contact us at the following e-mail address:

  1. What data and what sources do we use?

We process data that we receive as part of our contractual relationship with you or based on your consent. We receive the data directly from you, e. g. as part of the travel booking or other order placement, e.g. via a tour operator.

If you provide us with personal data of other persons, you must ensure that they agree to this and that you may transmit the data. You must ensure that these persons know how their personal data can be processed by us and what rights they have.

Where necessary, we process the following categories of data:

  • Identification (e.g. ID or cookie)
  1. On what legal basis and for what purpose is your data used?
  • For the protection of legitimate interests (Art. 6 para. 1 lit. f EU-GDPR)

In the context of a balancing of interests, for the protection of legitimate interests, your data may be processed by us or by authorised third parties. This is done for the following purposes:

  • Function, availability and security of business operations (e.g. IT, other services).

Our interest in the respective processing results from the respective purposes (provision and security of our business operations).

As far as the specific purpose allows, we process your data pseudonymously.

  • Based on your consent (Art. 6 para. 1 lit. a EU-GDPR)

If you have given us consent to process your personal data, this respective consent is the legal basis for the processing referred to therein. You can revoke your consent at any time with effect for the future. To do so, please contact us at our contact address. The revocation only applies to future processing, not to processing that has already taken place.

  1. Who receives my data?

Your personal data will only be passed on in compliance with the requirements of the EU-GDPR and only insofar as this is permitted by a legal basis. Your data will only be passed on to those bodies who need it to fulfil our contractual and legal obligations or to carry out their respective tasks, e.g.

  • Service providers of booked services
  • Other parties for which you have given us your consent to data processing
  1. How long will my personal data be stored?

As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations, which result from the German Civil Code (BGB) and EU travel law, the German Commercial Code (HGB), the German Fiscal Code (AO), among others.

– Retention for 3 years according to §§ 195 ff. BGB

starting from the following year, after the claim has arisen and the creditor becomes aware of the circumstances giving rise to the claim and the person of the debtor or should have become aware of them without gross negligence, for the assertion, exercise or defence of legal claims in accordance with section 199(1) BGB.

Further information you can find under cookie consent management platform.

  1. Will my data be transferred to a third country?

We transfer your data to recipients outside the scope of the regulation of the EU-GDPR and if there is neither an adequacy decision according to Article 45(3) nor appropriate safeguards according to Article 46, including binding internal data protection regulations exist only to the extent that the transfer is necessary

  • you have given your consent

These data processing operations are permissible exceptions from Art. 49 EU-GDPR.

Insofar as a data transfer outside the scope of the EU Data Protection Regulation is necessary due to our predominantly legitimate interest or you have given us your consent, this is secured, among other things, with EU standard contractual clauses in accordance with Art. 46 (2) lit. c EU Data Protection Regulation. If necessary, the EU standard contractual clauses are supplemented by further contractual assurances. You can obtain information on this via the specified contact.

  1. Do I have certain rights when dealing with my data?

You have the right to information (Art. 15 EU-GDPR), to correction (Art. 16 EU-GDPR), to deletion (Art. 17 EU-GDPR), to restriction of processing (Art. 18 EU-GDPR) and to data portability (Art. 20 EU-GDPR) under the respective legal conditions.

In addition, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para 1 lit. f EU-GDPR, in accordance with Art. 21 EU-GDPR. This also applies to so-called “profiling” based on this provision within the meaning of Art. 4 No. 4 EU-GDPR. If a justified objection is made, we will no longer process this personal data for these purposes. An objection can be made informally to our contact address. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU-GDPR).

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestraße 2-4

40213 Düsseldorf

  1. Am I obliged to provide my data?

Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.

  1. Is there automated decision-making in individual cases?

As a matter of principle, we do not use automated decision-making pursuant to Art. 22 EU-GDPR for the establishment and implementation of the business relationship. Should we use this procedure in individual cases, you will be informed separately if this is required by law.

  1. Will my data be used in any way for profiling?

We do not process your personal data for profiling.

  1. Contact details of the data protection officer

If you have any questions on the subject of data protection, please contact:

DER Touristik DMC GmbH


Emil-von-Behring-Straße 6

60424 Frankfurt am Main


  1. Usage data/log files

We use information that we receive and store during your visit to our websites for the purposes of security and improving the functionality of the website.

This data set consists of:

  • the page from which the file was requested
  • the name of the file
  • the date and time of the request
  • the amount of data transferred
  • the access status
  • the description of the type of web browser used
  • the IP address of the requesting computer (see above anonymised after the period mentioned below).

We use this information to enable you to access our website, to control and administer our systems and to improve the design and function of the website.

We only store the IP address transmitted by your web browser, including the above-mentioned data record, for a period of time in order to be able to recognise, limit and eliminate malfunctions or errors (e.g. attacks on our servers). The storage ends after one month at the latest. After this period, we delete or anonymise the IP address.

This is done due to our predominantly justified interest in the security and functionality of our website Art. 6 para. 1 lit. f GDPR.

Cookie Consent Management Platform

When you visit our website, information may be stored on your computer in the form of cookies in order, to provide our website and recognize visitors’ preferences and to be able to design the website optimally.


We use BorlabsCookie on our website, which is, among other things, a tool for storing your cookie consent. Service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can find out more about the data processed by using BorlabsCookie in the privacy policy at

As part of our cookie management tool, you can manage funcional cookies yourself. The declaration of your consent will be saved so that we do not have to ask you each time you visit our website and we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage period of your cookie consent varies. This data (e.g. pseudonymous user ID, time of consent, detailed information on the cookie categories or tools, browser, device information) is usually stored for up to

This is done due to our predominantly legitimate interest in the functionality and user-friendliness of our website Art. 6 para. 1 lit. f GDPR.

Essential WordPress Session Cookies: These only help to load the website faster and to use it properly, the cookies are deletes when ending the browser session.

They are also session cookies as they expire once the user logs out or exits the page. Mainly cookies are used for login to dashboard.

We use 3 types:

  • wordpress_logged_in_[hash]: to indicate when you are logged in, and who you are. This cookie is maintained on the front-end of the website as well when logged in.
  • wp-settings-{time}-[UID]: to customize the view of your admin interface and the front-end of the website. The value represented by [UID] is the individual user ID of the user as given to them in the users’ database table.
  • wordpress_test_cookie: to check if the cookies are enabled on the browser to provide appropriate user experience to the users. This cookie is used on the front-end, even if you are not logged in.

Borlabs Cookie

PROVIDER   Owner of this website, Imprint

PURPOSE     Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.

COOKIE NAME       borlabs-cookie



PROVIDER   Owner of this website

PURPOSE     Stores the current language.

COOKIE NAME       _icl_*, wpml_*, wp-wpml_*


These cookies are strictly necessary without which the website will not function properly

This is done due to our predominantly legitimate interest in the functionality and user-friendliness of our website Art. 6 para. 1 lit. f GDPR.

Functional Language Cookies: WordPress Multilanguage (WPML) is used as a cookie to store the current language settings. It expires after 1 day.

The use is based on a legal basis Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent with effect for the future at any time under the CMP settings.

TLS encryption with https

TLS, encryption and https all sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transmit data securely on the Internet. This means that the complete transmission of all data from your browser to our web server is secured – nobody can “eavesdrop”.

We have thus introduced an additional security layer and comply with data protection through technology design (Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this protection of data transmission by the small lock symbol in the top left of the browser, to the left of the Internet address and the use of the https scheme (instead of http) as part of our Internet address.