UndrSky Privacy and cookie statement
The following policy provides information regarding the collection of personal data (A) when
- Visiting our website (I)
- Contacting us / Sending a customer enquiry (II)
- Creating user content (III)
- Making a booking (IV)
- Visiting our fan page on Facebook (V).
It also covers your rights in these contexts (B).
Personal data include any information that personally refers to you, such as your name, address, email address, and user behaviour.
The party responsible according to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is:
Minganelli Investments Limited
Address: Leontiou 159, Maryvonne Building, 3rd floor, Office 302,
3022, Limassol, Cyprus
Registration number: HE265315
This site uses SSL or TLS encryption to protect and secure the transfer of private content, such as bookings or enquiries, that you send to us, the site operators. You will know that the connection is encrypted by the fact that the “http://” in the address field changes to “https://” and a lock symbol appears to the left of the URL.
I. Collection of personal data when using our website / app
1. General When you use the website purely to gather information, meaning you do not register or submit any further information, we only collect the personal data that your browser sends to our server. If you’d like to look at our website, we collect the following data, which is technically necessary to show our website to you and to guarantee its stability and security:
- Your device’s IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (exact pages)
- Access status / HTTP status code
- Amount of data transferred
- The website, from which the request originated
- Operating system and its interface
- Browser software language and version
The legal basis for temporarily saving these data is point (f) of Art.6(1) of the GDPR. These data will be deleted as soon as they are no longer required for the fulfilment of the aforementioned purpose.
In addition to the data mentioned above, cookies are saved on your device when you use our website. Cookies are small text files that are assigned to the browser you are using, saved on your hard drive, and through which certain information flows to the location that sets the cookie (here, by us). Cookies cannot run programmes or infect your computer with viruses. Their purpose is to make the internet more user-friendly and more effective.
Transient cookies are erased automatically when you close the browser. These include session cookies, which save a Session ID, which is assigned to your browser’s different requests throughout the entire session. This means that your device will be recognised when you return to our website. Session cookies are erased when you log out or close the browser.
Persistent cookies are removed after a specified amount of time, and this time period can vary by cookie. You can delete saved cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, limit or reject cookies. Please note: It is possible that you may not be able to use all functions of this website if you deactivate cookies.
(2) The IP address relayed by your browser as part of Google Analytics will not be merged with other Google data.
(3) You can prevent cookies from being saved on your device by changing the settings of your browser. Please note, however, that if you do, you may not be able to use some of the website’s functions in full.
(4) This website uses Google Analytics with the “anonymizeIp()” extension. This means that IP addresses are processed in a shortened form, preventing it from being linked to a particular individual. If the data collected about you is personally identifiable, it will be excluded and deleted immediately.
(5) We use Google Analytics to analyse the way our website is used and to improve it accordingly. Using the statistics gathered, we can improve our offers and make them more appealing to you as a user. In the exceptional case that personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is point (a) of Art. 6(1) of the GDPR. ( 6) Contact information of the third-party: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. “For users based in the European Economic Area or Switzerland, the data controller responsible for your information is Google Ireland Limited, unless otherwise stated in a service-specific privacy notice. In other words, Google Ireland Limited is the Google affiliate that is responsible for processing your information and for complying with applicable privacy laws.” (https://policies.google.com/privacy) General privacy information: https://policies.google.com/privacy?#infocollect Terms of Service: https://marketingplatform.google.com/about/analytics/terms/us/
b) Google Tag Manager We use Google Tag Manager on our website. This is a service provided by Google Dublin Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
By using Google Tag Manager, we can incorporate a variety of codes and services into our website in an orderly and simplified way. Google Tag Manager implements tags or triggers integrated tags. When it triggers a tag, Google may process information, including personally identifying data. This does not preclude the possibility that Google also transfers this information to a server in a third-party country.
- Online markers (including cookie identifiers)
- IP address
You can find more detailed information about the Google Tag Manager here: https://www.google.com/analytics/tag-manager/use-policy/, or here: https://policies.google.com/privacy under the paragraph about “Information we collect as you use our services.”
To use Google Tag Manager, we have signed a contract for order processing with Google. This means that Google processes the data on our account in order to trigger stored tags and feature services on our website. Google can transfer this information to third parties if it is legally required to do so, or if they process these data on Google’s behalf.
In the event that you have deactivated individual tracking services (for example, rejecting a cookie), this deactivation applies to all applicable tracking tags implemented by the Google Tag Manager.
We use Google Tag Manager to implement a variety of services simply and clearly. Furthermore, using Google Tag Manager optimises loading times for these different services.
The legal basis for processing personal data as described here is point (a) of Art. 6(1) of the GDPR. By using Google Tag Manager, we can reduce our maintenance costs, the website’s loading times, as well as server and traffic strain. You have the right to object. You can prevent all Google Tag Manager tags from sending. Please note, though, that if you deactivate them, you will not be able to use our website completely. Processed data will only be saved as long as necessary for its intended purpose or as long as legally required.
c) Facebook, Custom Audiences, and Facebook Marketing Services (1) On the basis of your consent (point (a) of Art. 6(1) of the GDPR), we implement “Facebook Pixel” for the purpose of analysing, optimising, and conducting business operations for our online offers. This is a service provided by the social network, Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
(2) Facebook is certified under the Privacy Shield framework, thereby guaranteeing that they will comply with European privacy rights (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
(3) By using Facebook Pixel, Facebook is able to determine target audiences for showing advertisements (“Facebook ads”) to visitors of our online offers. We implement Facebook Pixel so that any Facebook ads we have activated are only shown to Facebook users that have indicated an interest in our online offers, or that exhibit any particular characteristics (e.g. interest in certain topics or products, determined on the basis of websites visited) that we have communicated to Facebook (“Custom Audiences”). By using Facebook Pixel, we work to ensure that our Facebook ads meet users’ potential interests and are not seen as an annoyance. With Facebook Pixel, we can also trace the effectiveness of Facebook ads for the purpose of statistics and market research, by seeing whether a user was brought to our website by clicking on a Facebook ad (“conversion”).
(4) Facebook embeds the Facebook Pixel directly when you visit our website, and it allows a cookie, a small text file, to be saved on your device. When you then log in to Facebook or visit Facebook when logged in, your visit to our online service is noted in your profile. The data collected about you is anonymous for us, so we cannot draw any conclusions about the identity of the user. The information is saved and processed by Facebook, however; therefore, it is possible for Facebook to create a connection to the respective user profile, and these data can be used for their own market research or advertising purposes. Should we transfer data to Facebook for comparison’s sake with regard to the process of using Facebook Pixel, this information will be encrypted locally in the browser, and then sent to Facebook through a secure https:// connection. The sole purpose of this is to compare it with the data encrypted by Facebook.
(5) Facebook processes the data in accordance with the Facebook Data Usage Policy. For more general information regarding the presentation of Facebook ads, see their Data Policy: https://www.facebook.com/policy.php. Specific information and details about Facebook Pixel and how it works can be found in the Facebook Ads Help Center: https://www.facebook.com/business/help/651294705016616.
(6) You have the right to object to the collection of your data via Facebook Pixels and the use of your information for showing Facebook Ads. To set which types of ads you are shown on Facebook, you can visit Facebook’s Ad Preferences page and follow the instructions for changing the settings for usage-based advertising there: https://www.facebook.com/settings?tab=ads. Settings are set independently from the platform, meaning they will apply to all devices, including computers and mobile devices.
II. Contact / Customer Queries When you contact us (via email, contact form, post, telephone, or social media, for example), we save the data you share with us (such as email address, username, or telephone number) so that we can respond and answer your questions. The legal basis for handling this information is our legitimate interest in responding to your request, according to point (f) of Art. 6(1) of the GDPR. If you contact us to enter into or to execute a contract, handling your personal information is also legally covered under point (b) of Art.6(1) of the GDPR. We delete the data collected in this context once it is no longer necessary to have it saved on file, or we limit processing should there be legal retention requirements that prevent us from deleting it. Should we rely on contracted service providers for individual features of our services, or should we’d like to use your data for marketing purposes, please refer to the information provided in detail below about the respective processes. Here we also inform you of the set criteria for storage periods.
We calculate an average based on all submitted ratings and make this public; this is displayed via a rating widget on the campsite’s homepages where applicable. We also provide campsite operators the option of showing submitted ratings for their campsite on their website within the context of a content-sharing programme.
We have set up a variety of forums so that our users can discuss specific topics. They can sign up for these forums and write posts. The posts they submit are then made public by us without prior verification. Please note that we do not assume any liability for the content you publish. Please also note that we and visitors to the forum can link the content you post to your user account.
The user data that you upload are on servers from hosting providers, which we have ensured compliance with the regulations resulting from the GDPR by mutually signing a contract processing agreement.
These data are deleted once they are no longer required to achieve the purpose of their processing. Even after a contract has ended, there may be a contractual or legal necessity to keep personally identifying data relating to the contracted party. There is no right to deletion in this case, but there is possibly a right to limitation of data processing.
IV. Booking When booking properties and pitches, you will be sent to the website of the respective provider unless a direct booking is made through us. The respective providers are then responsible for processing personal data according to Art. 4(7) of the GDPR. In this case, please also take into account the respective privacy policies on the respective websites of the providers.
If you make a direct booking through our services, you will be sent to our booking engine. The personal data we collect in the context of online booking is processed exclusively for the purpose of contract brokerage and is passed on to the respective contract partner only if necessary for fulfilling the contract. We give campsite operators the option of having booking data transferred to their campsite management system. This transfer of data is automatic and occurs without any notice thereof; it is indispensable for campsite operators to process bookings efficiently. The legal basis for this is point (b) of Art. 6(1) of the GDPR.
During payment, we provide your payment information to the commissioned credit institute if this is necessary for the payment process. If a site operator requires a deposit, which they can set at anywhere between 10% — 100% of the total booking price, payment is handled by Paddle.com Market Limited Adyen, 40 S Lemon Avenue, Los Angeles, California 91789, USA. The camper (depending on their country and the country where the campsite is located) can pay using the following methods: Visa or MasterCard, American Express, Ideal, or Sofortüberweisung, PayPal. Your data is only transferred for the purpose of payment and only insofar as it is necessary to do so. The legal basis for transferring these data to the Paddle.com Market Limited Adyen is point (b) of Art. 6(1) of the GDPR.
V. Facebook Fan Pages UndrSky.com operates an online presence on Facebook and Instagram, a so-called Facebook fan page and Instagram fan page. Information about the data protection of Facebook products can be found here: https://www.facebook.com/about/privacy/.
1. Joint Responsibility, Contact Details, Company Data Protection Officer: We share responsibility with Facebook for the operation of our fan page as per Art. 26 of the GDPR. For this reason, we have entered into an agreement with Facebook to determine who fulfils which data protection obligations. This agreement can be accessed here: https://www.facebook.com/legal/terms/page_controller_addendum. According to this, Facebook is primarily responsible for providing the party concerned with information about this joint processing and making it possible for them to exercise their data protection rights. We are informing you about your visit to our fan pages here independently of this agreement.
Our contact data can be found below.
Facebook’s contact data: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Facebook can be reached online here: https://www.facebook.com/help/contact/2061665240770586
To contact Facebook’s data protection officer, visit: https://www.facebook.com/help/contact/540977946302970.
2. Collection and Storage of Personal Data as well as Type and Purpose of Their Use a) Data collected by Facebook: If you are a registered user, Facebook gathers the data described in the Facebook Data Policy under the section “What kinds of information do we collect?”. If you are not a registered user, cookies, which are small text files with identifiers, may still be stored in your browser to enable tracking of your user behaviour.
Typically, user data collected upon visiting the fan page is processed for market research and advertising purposes. With user behaviour (including visiting our fan page), complex user profiles are created, which Facebook can use to show tailored ads within and outside of Facebook and Instagram. Further information about this can also be found in their Data Policy.
If you are opposed to this, you can opt-out here.
b) Data used by us (“Page Insights”) and legal basis: Facebook provides us with statistics and usage data, with which we can analyse the use of our fan pages (also known as “Page Insights”). This lets us continually improve our fan page. As an operator, we cannot make any decisions regarding how Insights data are processed and all other information resulting from Art. 13 of the GDPR, such as the storage period of cookies on user devices. According to the GDPR, Facebook is primarily responsible for processing Insights data, and Facebook fulfils all of its GDPR obligations with regard to the processing of Insights data.
As page administrators, we have no other way to assess user behaviour on our fan page, not even via user tracking. It is also not possible for us to identify fan page visitors using Page Insights. In particular, according to the agreement, we have no right to demand Facebook to provide us with individual user data. Identification is only possible if we can assign individual profiles to “like” information for the page, but only if our fan page “liked” or “followed” by the corresponding visitor and the “like” information is set to “public.”
You can see what data Facebook uses to generate Page Insights here.
Operating fan pages and using Page Insights serves our legitimate interests in creating an effective public image and communicating efficiently with our customers and interested parties. This interest justifies the operation of these pages in the legitimate interest of both users and the visitors of our fan pages who do not have an account. The legal basis is, therefore, point (f) of Art. 6(1) of the GDPR.
3. Transferring Data to Third Parties: Data collected by Facebook are shared and processed within all Facebook companies. Companies that belong to Facebook include Instagram, WhatsApp, and Oculus, among others. That means that information collected on Facebook can be used to show tailored advertising on Instagram, or that data from WhatsApp can be used to take action on Facebook against accounts that send spam through WhatsApp. This information can be found in Facebook’s Data Policy under “How do the Facebook Companies work together?”.
When processing data through Facebook, user data may be transferred outside the European Economic Area (EEA), in particular to the USA. For this reason, Facebook has submitted itself to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A….
4. Rights of Parties Concerned: In principle, you can assert your rights (see below B) with Facebook as well as with us. Since Facebook exclusively has direct access to your user data, you can most effectively assert your rights with Facebook.
B. Your Rights as the Party Concerned
You have the following rights with regard to your personal data: * Right of access by the data subject, Art. 15 of the GDPR
- Right to rectification, Art. 16 of the GDPR
- Right to erasure (‘Right to be Forgotten’), Art. 17 of the GDPR
- Right to restriction of processing, Art. 18 of the GDPR
- Right to data portability, Art. 20 of the GDPR
- Right to object, Art. 21 of the GDPR
As long as you have provided us with consent in accordance with point (a) of Art. 6(1) of the GDPR, you have the right to revoke this at any time. A revocation does not affect the legality of the processing carried out on the basis of your consent until receipt of the revocation.
You also have the right to file a complaint with a data privacy supervisory authority regarding the way we process your personal data.
You will find the responsible supervisory authority for data protection issues under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html