Data Privacy Statement

Privacy Policy

Updated: May 25, 2018 (Older versions)

 

Privacy Policy as PDF 

 

The protection and security of your information is an important concern for us, the A&O Hotels and Hostels Holding GmbH, and we take it into account in all our business processes. In this privacy policy, we would therefore like to provide you with an overview of those aspects of our online offer that are related to privacy and data protection. In the following, we will explain:

  • What information we collect when you use the online services of A&O Hotels and Hostels GmbH.
  • For what purposes this information is processed by us and third parties.
  • What rights and choices you have in regard to the processing of your information.
  • How to contact us regarding data protection.

When does this privacy policy apply?

This privacy policy applies to the online services of A&O Hotels and Hostels Holding GmbH under the domains aohostels.com, shop.aohostels.com, aoholding.com, including any subdomains (hereafter called “websites”) as well as our social media sites on Facebook, Instagram and YouTube (hereafter called “social media sites”).

Personal data are information that relate to an identified or identifiable person. This includes, in particular, information that makes it possible to deduce your identity, for example your name, telephone number, address or e-mail address. Statistical data that we collect when you, for example, visit our website and that cannot be associated with your person, are not included under the term “personal data”. You can print or save this privacy policy through the usual means contained within your browser.

2. Responsibility and contact persons

Responsible for the processing of your personal information when visiting this website in accordance with the EU General Data Protection Regulation (GDPR) is the
A & O HOTELS and HOSTELS Holding GmbH
Adalbertstr. 50
10179 Berlin
Telephone +49 (0) 30 80 94 7 - 51 09
Fax: +49 (0) 30 80 94 7 - 51 90
E-mail: [email protected]

If you have any questions concerning data protection in connection with our products or the use of our website, you can contact our data protection representative at any time. This person can be reached at the aforementioned postal address as well as at the stated e-mail address (Subject: “For the attention of the data protection representative”.

3. Data processing on our website

3.1. Accessing our website / automatically collected access data

You are able to visit our websites without disclosing any information about your person. Only access data that are automatically transferred by your browser will then be collected. The access data include, in particular:

  • the IP address of the device used for access, 
  • the date and time of access,
  • the address of the visited website and the requesting website,
  • information about the used browser and the operating system,
  • online identifiers (for example device IDs, session IDs).

The data processing of this access data is necessary to enable the visit to the website and to ensure the long term functionality and security of our systems. The access data are also temporarily stored in internal log files for the aforementioned purposes in order to create statistical data about the use of our website, to further develop our website regarding the usage habits of our visitors (for example, when the share of mobile devices being used to access the website increases) and to maintain our website in the general administrative sense. The legal basis is Art. 6 para. 1 lit. b and f of the GDPR. The information stored in the log files does not allow any direct conclusion to your person – in particular, we only store the IP addresses in a shortened, anonymized form. The log files are stored for 30 days and will be archived after subsequent anonymization.

3.2. Contact

You have several different options for contacting us. These include our contact form, our WhatsApp chat and our hotline. In this context, we process data exclusively for the purpose of communicating with you. The legal basis is Art. 6 para. 1 lit. b of the GDPR. The data we collect through the contact form will be automatically deleted after the complete processing of your request, unless we require your request to be able to fulfill our contractual or legal obligations (see the section “Storage duration”). Additionally, we evaluate guests’ opinions about our hostels and hotels in anonymized form and display these on our websites. When doing so, we collaborate with Customer Alliance, an independent rating service provider that operates intelligent feedback systems.

3.3. Bookings

During an order process, we collect necessary data for the execution of the contractual agreement (booking information):

  • first and last name,
  • e-mail address,
  • address,
  • information on whether guest is a minor,
  • desired room.

Optional information necessary for booking additional services is possible (for example: breakfast, early arrival, late departure, parking, pets, public transport tickets, lunch offer). The legal basis for the aforementioned processing is Art. 6 para. 1 lit. b of the GDPR.

As an alternative to entering your booking data with us, you can also register directly into our booking system through specific payment service providers. In this case, you will be forwarded directly to the relevant service provider for payment after logging in (see section “Payment”). In addition, the data stored with the service provider (first and last name, e-mail address, address) will be forwarded to us for booking purposes. Direct registration is possible through the following service providers:

  • Amazon Pay: Amazon Payments Europe S.C.A. 5, Rue Plaetis - 2338 Luxembourg,
  • PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg.

The legal basis for the aforementioned processing is Art. 6 para. 1 lit. f of the GDPR, based on the legitimate interest in providing a simple and user-friendly registration process for our guests.

3.4. Payment

We offer different methods of payment. You can pay on arrival (so-called variant FLEX) in which case your payment information will only be recorded by the respective hostel or hotel on site. Alternatively, you can also pay online (so-called variant FIX). For this option, we collaborate with different payment service providers for the processing of the payments. In particular, we have commissioned the following service providers to process the payments:

  • when paying by PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg,
  • when paying by Amazon Payments: Amazon Pay: Amazon Payments Europe S.C.A. 5, Rue Plaetis, L-2338 Luxembourg, Luxembourg,
  • when paying by Sofortüberweisung.de: Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany,
  • when paying by BitCoin: BitPay Inc., 3405 Piedmont Road Ne # 200, Atlanta, Georgia 30405 USA,
  • when paying by Group Pay (Group bookings): mamooble SARL, 54, rte de Mondorf, L-3260 Bettembourg, Luxembourg.

Any information you provide the aforementioned service providers with will not be forwarded to us by them. The only information we receive is that the payment has been completed. In the case of payment by direct debit or credit card, you enter the required payment information (credit card details or bank details) directly on our website. We will in this case forward you to the following service payment provider:

  • Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.

The processing of data by the aforementioned payment service providers is based on our legitimate interest, according to Art. 6 para. 1 lit. b and f of the GDPR, in providing our guests with comfortable and secure payment with a service provider of their choice.

3.5. Additional data collection on site

Our hotels and hostels may collect additional information from you on site. This includes registration forms in which the personal details of our guests are collected. Here we, in particular, collect the date of arrival and expected departure, first and last names, date of birth, nationality, address, number of travelers and their nationality as well as the passport number or number of the passport equivalent for foreigners.

We are legally obligated to collect and temporarily store these data by the Federal Registration Act (Bundesmeldegesetz). The registration forms are generally stored for one year from the day of arrival and will be destroyed within three months of expiry of the retention period. Longer retention periods may however apply for forms that also serve to collect tourism and spa fees. In our accommodation establishments in Italy and the Czech Republic, we must also make copies of identity cards or passports. Data collected in Italy are stored for one year and in the Czech Republic for six years. We are obligated to this data collection on site by different regional laws and official requirements. The data processing is based on Art. 6 para. 1 lit. c of the GDPR in conjunction with the respective statutory obligations (such as the Federal Registration Act).

3.6. Login area for regular customers and cooperation partners

You have the possibility to register for our login area so that you are able to enjoy the full functionality of our website. We have highlighted the data you are required to provide. Without these data, registration is not possible. Legal basis for processing is Art. 6 para. 1 lit. b of the GDPR.

3.7. Newsletter and advertising mailings

You have the possibility to sign up for our newsletter, in which we regularly inform you about news regarding our offers and promotions. For signing up to our newsletter, we use the so-called double opt-in procedure, which means that we will only send you newsletters by e-mail after you, by clicking a link in our notification e-mail, have confirmed that you are the owner of the given e-mail address. If you confirm your e-mail address, we will save your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of storing this information is to provide you with the newsletter and to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A notification sent to the contact details mentioned above or in the newsletter (for example, via e-mail or by mail) is of course also sufficient. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a of the GDPR.

In addition, we also send out advertising mailings in connection with our services to you. The legal basis for this data processing is Art. 6 para. 1 lit. f of the GDPR, based on our interest in existing customer advertising.

For the dispatch of our newsletter and our advertising mailings, we work together with service providers to whom we, among other things, send your e-mail address and the circumstances of your newsletter registration in order to be able to send you the newsletter and advertising mailings (for example, MailChimp of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). Additionally, our newsletter and advertising mailings will to a small extent adapt to the individual needs of our customers. For this, we use the services of Emarsys eMarketing Systems AG, Märzstraße 1, 1150 Vienna, Austria. On the basis of the booking data collected from you, we adapt, for example, the language settings in our mailings or indicate bookable additional services. The disclosure of data to our service providers in connection with newsletter distribution and advertising mailings is based on our legitimate interest in advertising our services to our customers in an interest-based manner. In our newsletters, we use commercially common technologies that measure the interaction with the newsletters (for example, the opening of e-mails, clicked links). We use this data in pseudonymous form for the purpose of general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). These data are collected exclusively in pseudonymous form and are also not linked with your other personal information. Legal basis for this is our aforementioned legitimate interest in accordance with Art. 6 para. 1 lit. f of the GDPR. Through our newsletter, we aim to share content relevant to our customers and to better understand what readers are actually interested in. If you do not want to have your usage behavior analyzed, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program. The data for the interaction with our newsletters are stored in pseudonymous form for 30 days and subsequently completely anonymized.

3.8. Google Maps

Our website uses the Google Maps mapping service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In order for the Google Maps material we use to be included and displayed in your web browser, your web browser must be able to connect to a Google server, which may also be located in the US, when visiting the contact page. In the event that personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield. This gives Google the information that the IP address of your device has been used to access the contact page of our website. The legal basis is Art. 6 para. 1 lit. f of the GDPR, based on our legitimate interest in the integration of a map service in order to establish contact. If you visit the Google Maps service on our website while logged in to your Google profile, Google may also link this event to your Google profile. If you do not want this linking with your Google profile to occur, you will need to log out of Google before visiting our contact page. Google stores your data and uses them for advertising, market research and personalized viewing of Google Maps. You may object to this data collection with Google. Further information about this can be found in the Privacy Policy of Google and the Additional Terms of Use for Google Maps.

3.9. Job application

You can apply for vacancies via our Careers page. You can send your application to us by e-mail or, if offered by us, via an online application tool. The purpose of the data collection is the selection of applicants for substantiation of possible employment. For the acceptance and processing of your application, we collect the following data, in particular: first and last name, e-mail address, application documents (for example, certificates, curriculum vitae), date of the earliest possible job entry and salary requirements. The legal basis for the processing of your application documents is Art. 6 para. 1 lit. b and Art. 88 para. 1 of the GDPR in conjunction with § 26 para. 1 S. 1 of the Bundesdatenschutzgesetz (Federal Data Protection Act).

3.10. Usage of own cookies

For some of our services, it is necessary that we make use of so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or to download viruses onto your computer. The main purpose of our cookies is rather to provide you with a tailor-made offer and to make the use of our services as time-saving as possible. Most browsers are set to accept cookies by default. You can however change your browser settings to refuse cookies or to only save them with prior consent. If you disable cookies, this will mean that not all our services will work properly for you.

We use cookies, in particular, 

  • for log in authentication,
  • for load distribution,
  • to save your language settings,
  • to note that you have seen certain information placed on our website – so that it will not be displayed again the next time you visit the website.

Through this, we want to enable a more comfortable and individual use of our website. These services are based on our aforementioned legitimate interests, legal basis is Art. 6 para. 1 lit. f of the GDPR.

Additionally, we use cookies and similar technologies (such as web beacons) from partners for analysis and marketing purposes. This will be described in more detail in the following sections.

3.11. Use of cookies and similar technologies for analysis

To improve our website, we make use of cookies and similar technologies (such as web beacons) to statistically collect and analyze general usage patterns based on access data. We also use analysis services to evaluate the use of our various marketing channels.

The legal basis for the data processing described in the following section is Art. 6 para. 1 lit. f of the GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.

In the following list of technologies used by us, you will also find information on the possible contradictions with regard to our analysis measures using a so-called opt-out cookie. Please note that after deleting all cookies in your browser or later use of another browser and/or profile, an opt-out cookie must be set once again.

We, in particular, make use of the following services:

  • Google Analytics of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to analyze and improve our website based on your user behavior. However, your IP address is shortened before the usage statistics are evaluated so that no conclusions can be made about your identity. For this purpose, Google Analytics has been enhanced on our website with the code “anonymizeIP” to secure the anonymous collection of IP addresses. You can prevent Google from processing these data by installing a browser add-on provided by Google. As an alternative to a browser add-on or if you access our website from a mobile device, please use this opt-out link. You will find further information on data processing through this service in the Privacy Policy of Google Analytics.
  • Pingdom of Solarwinds Inc., 7171 Southwest Parkway, Bldg 400, Austin, Texas 78735. You can prevent data processing by pressing the following button: OPT-OUT. Further information on data processing through this service can be found in the Privacy Policy of Solarwinds.

3.12. Use of cookies and similar technologies to technologies for online advertising

We also use cookies and similar technologies for advertising purposes. Some of the access data resulting from the use of our website are used for interest-related advertising. By analyzing and evaluating these access data, we are able to display personalized advertising on our website and on the websites of other providers. This means advertising that corresponds to your actual interests and needs. The legal basis for the data processing described in the following sections is Art. 6 para. 1 lit. f of the GDPR, based on our legitimate interest in providing you with personalized advertising.

In the following section, we would like to describe these technologies and the providers we use for them in more detail.

In particular, the collected data may be 

  • the IP address of the device,
  • the date and time of access, 
  • the identification number of a cookie,
  • the device ID of mobile devices,
  • technical information about the browser and the operating system. 

However, the data collected are saved in pseudonymous form so that the identity of the persons cannot be deduced.

In the following descriptions of the technologies we use, you will also find information about the possible contradictions regarding our analysis and advertising measures by means of a so-called opt-out cookie. Alternatively, you can exercise your objection by changing the appropriate settings on the websites Truste or Your Online Choices, which offer bundled possibilities for objections from many advertisers. Both sites allow the listed providers to deactivate all ads at once by means of opt-out cookies or, alternatively, to adjust the settings for each provider individually. Please note that after deleting all cookies in your browser or later use of another browser and/or profile, an opt-out cookie must be set once again.

  • AdRoll of AdRoll Advertising Limited, Level 6, 1 Burlington Plaza, Burlington Road, Dublin 4, Ireland. We use AdRoll, to reach you on partner websites with interest-based ads, as described above. You can prevent AdRoll from collecting the data generated by the cookies and relating to your use of the website and the processing of this data by Google by using the opt-out functions described by AdRoll. For more information, see the Privacy Policy of AdRoll.
  • Bing Ads, a service from the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We use Bing Ads to reach you with interest-based ads on partner and search engine sites in the Bing network, as described above. You can prevent Microsoft from collecting the information generated by the cookies and related to your use of the website and the processing of that information by Microsoft by disabling the personalized ads on the Microsoft Opt-out page. Further information about this can be found in the Privacy Policy of Microsoft.
  • Facebook Conversion and Retargeting Tags (also called “Facebook Pixel”) of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA. We use the tags to analyze the general use of our websites, to track the effectiveness of Facebook advertising (conversion) and to show you individualized advertising messages based on your interest in our products (retargeting). If you are a Facebook member and Facebook has allowed it through your account’s privacy settings, Facebook may also link the information we collect from your visit to us with your member account and use it to direct targeted Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. You can still prevent data processing by clicking the following button: OPT-OUT. Further information about this can be found in Facebook’s Data Policy.
  • Google AdWords Conversion Tracking and Remarketing from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Using AdWords Conversion Tracking, customer actions defined by us (such as clicking on an ad, page views, downloads) are recorded and analyzed. We use Adwords Remarketing to display individualized advertising messages for our products on partner websites of Google. You can prevent Google from using cookies for promotional purposes in Google’s interest-based advertising settings. For more information, see Google’s Privacy Policy.
  • Google DoubleClick from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use Google DoubleClick to reach you on partner websites and various search engines with interest-based ads, as described above. Use of DoubleClick allows Google and its partner sites to present ads based on previous visits to our or other websites on the internet. You can use Google’s interest-based advertising settings to prevent Google from using cookies for advertising purposes. Please refer to Google’s Privacy Policy for more information.

3.13. Facebook Connect

Our website allows you to log in to the website with existing information from your Facebook profile. We use Facebook Connect, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”). Once you have logged in using Facebook Connect, no further registration is required.

If you want to use this function, you will first be forwarded to Facebook. There you will be asked to log in with your user name and password. We of course do not record your registration data. If you are already logged in to Facebook, this step will be skipped. Your e-mail address and your public profile information (in particular, name, profile picture, date of birth, gender, language and country, list of friends and personal details) will then be transmitted to us when you confirm the process with the “Log in to Facebook” button. In the event that personal information is transferred to the US, Facebook has submitted to the EU-US Privacy Shield. Legal basis is Art. 6 para. 1 lit. b of the GPDR. 

Further information can be found in Facebook’s Privacy Policy.

3.14. Google Tag Manager

Our website uses the Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website in order to record, for example, predefined usage data. The Google Tag Manager does not require the use of cookies. The Google Tag Manager ensures that the usage data needed by our partners (see data processing procedures described above) are forwarded to them. Some of the data are processed on a Google server in the US. In the event that personal data are transferred to the US, Google has submitted to the EU-US Privacy Shield. The legal basis is Art. 6 para. 1 lit. f of the GDPR, based on our legitimate interest in integrating and managing several tags on our website in an uncomplicated manner. For more information, see Google’s information about the Tag Manager.

4. Data processing for social media sites

We exist and are available for you on the following social networks with our own social media sites:

  • Facebook
  • Instagram
  • YouTube

There we inform you about news and activities and we are happy to use the possibilities of social media networks to communicate directly with their members.

Please note, however, that we have no influence over the data processing of the social networks. Therefore, please check carefully which personal information and messages you provide us with via the social networks and, in case of doubt, use the other contact options we offer. We, therefore, also cannot assume any liability for the conduct of the operators of the social networks and their other members.

When you communicate with us via our social media presences, we process the information made available to us by the respective social network (for example, your name, your profile page and the contents of your messages addressed to us) in accordance with the purpose of your message (for example, a service concern, suggestions and criticism).

The data resulting from this will be either deleted when storage of them are no longer necessary or processing will be limited if legal storage requirements exist. In the case of public posts on our social media presences, we decide whether and when to delete them in individual cases, taking your and our interests into account.

The legal basis for the data processing described above depends on the purpose of your message. If the purpose is to use our customer service or to request services, the legal basis is Article 6 paragraph 1 letter b of the GDPR. Otherwise, the legal basis is Article 6 paragraph 1 letter f of the GDPR (weighing the interests based on our legitimate interest in processing your message). Insofar as you have consented to the processing of the above data, the legal basis is Article 6 paragraph 1 letter a of the GDPR.

5. Cooperation with cooperation partners

Principally, we only process data that we receive directly from you. We, however, also work together with various cooperation partners that provide us with interested parties for our products. These include, in particular, travel agencies and tour operators as well as tourism offices. We will only process personal data that we receive legitimately (for example, on the basis of contracts or your consent) from our cooperation partners

6. Disclosure of data

The data collected by us will only be passed on if:

  • you have given your explicit consent in accordance with Art. 6 para. 1. lit. a of the GDPR,
  • the disclosure in accordance with Art. 6 para. 1 lit. f of the GDPR is necessary in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • we are legally obliged in accordance with Art. 6 para. 1 lit. c of the GDPR to disclosure or
  • this is permitted by law and, in accordance with Art. 6 para. 1 lit. b of the GDPR, is required for the execution of contractual relationships with you or for the execution of precontractual measures, which will be carried out upon your request.

Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include data centers that store our website and our databases, IT service providers that maintain our systems as well as consulting firms. If we pass on data to our service providers, they may use the data exclusively for the fulfillment of their tasks. The service providers have been carefully selected and commissioned by us. The providers are contractually bound by our instructions, they have appropriate technical and organizational measures in effect in order to protect the rights of the persons concerned and are regularly monitored by us. We also pass on the booking data collected to the local A&O HOTEL and HOSTEL operating companies (depending on where you book). A complete list of the operating companies can be found in our general terms and conditions. In addition, the data may be passed on in connection with official inquires, court orders and legal proceedings if they are necessary for legal prosecution or enforcement.

7. Storage duration

Principally, we only store personal information for as long as it is necessary to fulfill the contractual or statutory obligations for which we have collected the data. Thereafter, we immediately delete the information, unless we need the data for purposes of proof for civil law claims or due to statutory retention obligations.

For evidence purposes, we must keep contractual data for another three years starting from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the legal limitation period, earliest at this point in time.

Even after this period, we still need to store some of your data for accounting purposes. We are required to do so by legal requirements on documentation that may arise from the German Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The time periods specified there for retention of documents are two to ten years.

8. Your rights

You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing and provide you with an overview of the data stored about you as part of the provision of information.

If data stored with us are incorrect or no longer up to date, you have the right to have this information corrected.

Furthermore, you have the right to request the deletion of your data. Should the deletion in exceptional cases not be possible due to other legal provisions, the data will be blocked so that they are only available for this legal purpose. Furthermore, you may also have the processing of your data restricted, for example, if you believe the data we have stored are incorrect.

You also have the right to data portability, meaning that we would send you a digital copy of the personal data you have provided upon your request.

To exercise your rights as described here, you can contact us at any time using the aforementioned contact details. This is also the case if you wish to receive copies of warranties to prove an adequate level of data protection.

In addition, you have the right to object to data processing based on Art. 6 para. 1 lit. e or f of the GDPR. Finally, you have the right to file a complaint with the data protection authority responsible for our supervision. You may exercise this right before a supervisory authority in the member state in which you are staying, working or in the place of the alleged violation. In Berlin, the responsible supervisory authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin (Berlin Data Protection and Freedom of Information Commissioner).

9. Right of revocation and objection

In accordance with Article 7 para. 2 of the GDPR, you have the right to revoke a consent once given to us at any time. As a result, we will not continue to process data based on this consent in the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent prior to the revocation.

Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f of the GDPR, you have the right, in accordance with Art. 21 of the GDPR, to appeal against the processing of your data if there are reasons for this due to your particular situation or if your appeal concerns an objection to direct advertising. In the latter case, you have a general right of objection, which we will implement without requesting reasons.

If you would like to exercise your right of revocation or objection, it is sufficient to send us an informal message using the aforementioned contact details.

10. Data security

We maintain updated technical measures to guarantee data security and, in particular, to protect your personal data from dangers during data transfers as well as from the acquisition of data by third parties. These measures are adjusted and updated to the newest technological standards for each of them. In order to secure the personal information you provide via our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

11. Changes to the privacy policy

From time to time, we may update this privacy policy, for example, when we make changes to our website or if the legal or regulatory requirements change.

Version: 1.0 / Updated: May 2018