Data Privacy

12.04.2021

The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:

Agroturismo Can Maiol C.B.

What data do we collect?

Below is an overview of the data we may collect:

Non-identified and non-identifiable information that you provide during the registration process or that is collected through the use of our services ("non-personal data"). Non-Personal Information does not identify who it was collected from. Non-Personal Information that we collect consists primarily of technical and aggregate usage information.

Individually identifiable information, which is any information that can be used to identify you or could be used to identify you with reasonable effort ("personal data"). Personally identifiable information we collect through our Services may include information requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses and more. When we combine personal data with non-personal data, as long as it is in combination, we will treat it as personal data.

How do we collect data?

Below are the main methods we use to collect data:

We collect data when you use our services. So when you visit our digital assets and use services, we may collect, record and store usage, sessions and related information.

We collect data that you provide to us yourself, for example, when you contact us directly through a communication channel (such as an email with a comment or feedback).

We may collect data from third party sources as described below.

We collect data that you provide to us when you sign up to our services through a third party provider such as Facebook or Google.

Why do we collect this data?

We may use your data for the following purposes:

to provide and operate our Services;

to develop, customise and improve our Services;

to respond to your feedback, enquiries and requests and to provide assistance;

to analyse request and usage patterns;

for other internal, statistical and research purposes;

to improve our data security and fraud prevention capabilities;

to investigate violations and enforce our terms and policies and to comply with applicable law, regulation or governmental request;

to provide you with updates, news, promotional materials and other information related to our services. For promotional emails, you can decide whether you want to continue receiving them. If not, simply click on the unsubscribe link in these emails.

Who do we share this data with?

We may share your data with our service providers in order to operate our services (e.g. storing data via third party hosting services, providing technical support etc.).

We may also disclose your data in the following circumstances: (i) to investigate, detect, prevent or take action regarding illegal activities or other misconduct; (ii) to establish or exercise our rights of defence; (iii) to protect our rights, property or personal safety, or the safety of our users or the public; (iv) in the event of a change of control of us or any of our affiliates (by way of merger, acquisition or purchase of (substantially) all of the assets, etc.); (v) to protect our rights, property or personal safety, or the safety of our users or the public. (v) to collect, maintain and/or manage your information through authorised third party service providers (e.g. cloud service providers) as appropriate for business purposes; (vi) to work with third party service providers to improve your user experience. For the avoidance of doubt, we may transfer or disclose non-personal data to third parties or use it in any other way at our discretion.

Cookies and similar technologies

When you visit or access our Services, we authorise third parties to use web beacons, cookies, pixel tags, scripts and other technologies and analytics services ("Tracking Technologies"). These Tracking Technologies may allow third parties to automatically collect your information to improve the navigation experience on our digital assets, optimise their performance and provide a tailored user experience, as well as for security and fraud prevention purposes.

We will not share your email address or other personal information with advertisers or ad networks without your consent.

To serve these advertisements to you, we may use cookies and/or JavaScript and/or web beacons (including translucent GIFs) and/or HTML5 Local Storage and/or other technologies. We may also use third parties, such as network advertisers (i.e. third parties who display ads based on your website visits) to serve targeted ads. Third-party ad network providers, advertisers, sponsors and/or website traffic measurement services may also use cookies and/or JavaScript and/or web beacons (including translucent GIFs) and/or Flash cookies and/or other technologies to measure the effectiveness of their ads and customise advertising content for you. These third party cookies and other technologies are governed by the specific privacy policy of the relevant third party provider and not this one.

Where do we store the data?

Non-Personal Data:

Please note that our companies and our trusted partners and service providers are located around the world. For the purposes explained in this Privacy Policy, we store and process any non-personal data we collect in different jurisdictions.

Personal Data:

Personal data may be maintained, processed and stored in the United States, Ireland, South Korea, Taiwan, Israel and to the extent necessary for the proper provision of our services and/or required by law (as further explained below) in other jurisdictions.

How long will the data be retained?

Please note that we will retain the data we collect for as long as is necessary to provide our services, to comply with our legal and contractual obligations to you, to resolve disputes and to enforce our agreements.

We may correct, amend or delete inaccurate or incomplete data at any time at our sole discretion.

How do we protect the data?

The hosting service for our digital assets provides us with the online platform through which we can offer our services to you. Your data may be stored via our hosting provider's data storage, databases and general applications. It stores your data on secure servers behind a firewall and it provides secure HTTPS access to most areas of its services.

All payment options offered by us and our hosting provider for our digital assets comply with the PCI Security Standards Council's PCI-DSS (Credit Card Industry Data Security Standard) regulations. This is the collaboration of brands such as Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card data (including physical, electronic and procedural measures) by our shop and service providers.

Notwithstanding the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection and security of the data you upload, post or otherwise share with us or others.

For this reason, we ask that you establish strong passwords and, where possible, do not provide us or others with confidential information that you believe could cause you significant or lasting harm if disclosed. In addition, as email and instant messaging are not considered secure forms of communication, we ask that you do not disclose confidential information through either of these communication channels.

How do we deal with minors?

The Services are not intended for users who are under the legal age of majority. We will not knowingly collect data from children. If you are under the age of majority, you should not download or use the Services or provide any information to us.

We reserve the right to request proof of age at any time so that we can verify whether minors are using our Services. In the event that we become aware that a minor is using our Services, we may prohibit such users from accessing our Services and block them, and we may delete any information we hold about that user. If you have reason to believe that a minor has disclosed data to us, please contact us as explained below.

Category: User Collected Data from Minors

Children can use our services. However, if they wish to access certain features, they may be required to provide certain information. The collection of some data (including data collected via cookies, web beacons and other similar technologies) may be automatic. If we knowingly collect, use or disclose information collected from a child, we will indicate this in accordance with applicable law and obtain parental consent. We do not condition a child's participation in an online activity on the child providing more contact information than is reasonably necessary to participate in that activity. We will only use the information we collect in connection with the services the child has requested.

We may also use a parent's contact information to communicate about the child's activities in the Services. Parents may review data we have collected from their child, prohibit us from collecting further data from their child, and request that any data we have collected be deleted from our records.

Please contact us to view, update or delete your child's information. For your child's protection, we may ask you to provide proof of your identity. We may deny you access to the data if we believe your identity is questionable. Please note that certain data cannot be deleted due to other legal obligations.

We will only use your personal data for the purposes set out in the Privacy Policy and only if we are satisfied that:

the use of your personal data is necessary to perform or enter into a contract (for example, to provide you with the Services themselves or customer care or technical support);

the use of your personal data is necessary to comply with relevant legal or regulatory obligations; or

the use of your personal data is necessary to support our legitimate business interests (provided that at all times this is done in a way that is proportionate and respects your data protection rights).

As an EU resident, you may:

request confirmation as to whether or not personal data relating to you is being processed and request access to your personal data held and certain additional information;

obtain the personal data you have provided to us in a structured, commonly used and machine-readable format;

request the correction of your personal data that we have stored;

request the deletion of your personal data

object to the processing of your personal data by us;

request the restriction of the processing of your personal data, or

lodge a complaint with a supervisory authority.

However, please note that these rights are not unlimited and may be subject to our own legitimate interests and regulatory requirements. If you have any general questions about the personal data we collect and how we use it, please contact us as set out below.

In the course of providing the Services, we may transfer data across borders to affiliates or other third parties and from your country/jurisdiction to other countries/jurisdictions around the world. By using the Services, you consent to the transfer of your data outside the EEA.

If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we are satisfied that there is an adequate or comparable level of protection for personal data. We will take appropriate steps to ensure that we have adequate contractual arrangements in place with our third parties to ensure that appropriate safeguards are in place so that the risk of unlawful use, alteration, deletion, loss or theft of your personal data is minimised and that such third parties act at all times in accordance with applicable laws.

Rights under California Consumer Protection Law

If you are a California resident using the Services, then you may be entitled under the California Consumer Privacy Act ("CCPA") to request access to and deletion of your information.

To exercise your right to access and delete your information, please see below for how to contact us.

We do not sell users' personal data for the purposes and purposes of the CCPA.

Users of the Services who are California residents and under the age of 18 may request and obtain removal of their posted content by emailing us at the address provided in the "Contact Us" section below. These requests must all be marked "California Removal Request". All requests must include a description of the content you wish to have removed and sufficient information to help us locate the material. We will not accept notices that are not marked or properly submitted, and we may not be able to respond if you do not provide sufficient information. Please note that your request does not ensure that the material will be fully or completely deleted. For example, material posted by you may be republished or re-posted by other users or third parties.

Provision of chargeable services.

Nature and purpose of processing:

In order to provide chargeable services, we request additional data, such as payment details, to enable us to fulfil your order.

Legal basis:

The processing of the data required for the conclusion of the contract is based on Art. 6 (1) lit. b DSGVO.

Recipients: Recipients of the data are order processors, if applicable.

Storage period:

We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.

Provision mandatory or required: The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to our offered contents and services.

Contact form

Type and purpose of processing:

The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid e-mail address and your name. This serves the purpose of assigning the enquiry and subsequently answering it. The provision of further data is optional.

Legal basis:

The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 para. 1 lit. f DSGVO). By providing the contact form, we would like to enable you to contact us in an uncomplicated manner. The information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions.

If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b DSGVO).

Recipients: Recipients of the data may be order processors.

Storage period:

Data will be deleted no later than 6 months after the request has been processed.

If a contractual relationship arises, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired.

Provision mandatory or required:

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the request.

Use of Google Analytics

If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter: "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Withdrawal of consent:

You can stop tracking by Google Analytics on our website by clicking this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.

You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser Add On to deactivate Google Analytics.

Use of Typekit web fonts from Adobe Fonts

We may use Typekit web fonts from Adobe Fonts for the visual design of our website. Adobe Fonts is a service provided by Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; hereinafter "Adobe"), which provides us with access to a font library.

To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. Adobe thereby receives the information that our website was accessed from your IP address.

Further information on Adobe Fonts can be found in the Adobe Fonts privacy policy, which you can access here: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

If your browser does not support web fonts or you do not give your consent, a standard font from your computer will be used.

Withdrawal of consent:

No option is currently offered by the provider to simply opt-out or block data transfer. If you wish to prevent your activities on our website from being tracked, please revoke your consent for the relevant cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website at all or only to a limited extent.

Use of Google Maps

On this website, we use the services of Google Maps. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
You can find more information about data processing by Google in the Google data protection information: https://policies.google.com/privacy. There you can also change your personal data protection settings in the data protection centre.

Detailed instructions on how to manage your own data in connection with Google products can be found here: https://www.dataliberation.org.

When you visit the website, Google receives information that you have accessed the relevant sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.

If you do not want your data to be assigned to your Google profile, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Withdrawal of consent:

No option for a simple opt-out or blocking of data transmission is currently offered by the provider. If you wish to prevent tracking of your activities on our website, please revoke your consent for the relevant cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website at all or only to a limited extent.

Embedded YouTube videos

YouTube videos may be embedded on our website. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA (hereinafter "Google"). When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells YouTube which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account first.

If a YouTube video is started, the provider uses cookies that collect information about user behaviour.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the provider's data protection declarations, where you will also find further information on your rights in this regard and setting options for protecting your privacy (https://policies.google.com/privacy).

Withdrawal of consent:

Social plugins

Type and purpose of processing:

We offer you the option of using so-called "social media buttons" on our website. To protect your data, we rely on the "Shariff" solution for implementation. This means that these buttons are only integrated on the website as a graphic that contains a link to the corresponding website of the button provider. By clicking on the graphic, you are thus redirected to the services of the respective provider. Only then will your data be sent to the respective providers. If you do not click on the graphic, there is no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers. You can find more information about the Shariff solution here: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

Information about your right to object according to Art. 21 DSGVO

Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipients of an objection

Your data subject rights

You can exercise the following rights at any time using the contact details provided for our data protection officer:

Information about your data stored by us and its processing (Art. 15 DSGVO),

Correction of incorrect personal data (Art. 16 DSGVO),

deletion of your data stored by us (Art. 17 DSGVO),

Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),

objection to the processing of your data by us (Art. 21 DSGVO) and

Data portability, insofar as you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).

If you have given us consent, you can revoke this at any time with effect for the future.

You can lodge a complaint with a supervisory authority at any time, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller.

A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Changes to our data protection regulations

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit.