Data protection and cookies policy

This data protection policy describes how personal data is processed when the websites of RSD Travel Ireland Ltd. [“RSD”] are used, including the mobile applications (our „Apps“). It also explains the choices you have regarding your personal data „(Your rights“), and how you can contact us.

I. Who is responsible and how can I contact the data protection officer?

The responsible body under the terms of the GDPR is RSD Travel Ireland Ltd., Pembroke House, 28-32 Upper Pembroke Street, Dublin 2, Ireland (535087).

Other contact options and the names of company representatives can be found in the legal information. For questions relating to the processing of your personal data by ourselves or the subject of data protection in general, please contact our data protection officer, who can be reached at the address listed under the Legal information or at the following e-mail address: dpo@rsd-travel.ie

II. Your rights as a data subject

Each and every data subject has the following rights:

• right of access (Art. 15 GDPR)
• right to rectification of incorrect data (Art. 16 GDPR)
• right to erasure or “right to be forgotten” (Art. 17 GDPR)
• right to restrict processing of personal data (Art. 18 GDPR)
• right to data portability (Art. 20 GDPR).

You may object to the processing of your personal data for marketing purposes (including profiling associated with direct marketing) at any time and without specifying a reason.

In addition, the data subject has a general right of objection (cf. Art. 21 para. 1 GDPR). In this case the objection to data processing must be justified. If data processing is based on consent, this consent may be withdrawn at any time with future effect.

To exercise your rights as a data subject, please contact privacy@rsd-travel.ie. In addition, you can lodge complaints relating to our data processing with a supervisory authority.

III. Processing of personal data by RSD

Below we would like to offer you a summary of how we safeguard the protection of your personal data when you access our website, and what types of personal data we use for what purpose and to what extent.

1. Processing of personal data from orders

If you book a trip through RSD Travel Ireland Ltd., we will collect the data required for the organisation of the trip from you as a traveller or fellow traveller through the service provider Kesselhaus GmbH, Offenburg, Germany which is commissioned and controlled by us. This involves, in particular, your name, address, telephone number and e-mail address, travel details (date of departure and arrival, departure airport or bus boarding location) and also booking data (trip selected, potentially an extension week). You are obliged to provide us with the data necessary to implement the contract. Otherwise we will not be able to book your trip.

Depending on the destination and the airline, we either use the Amadeus reservation system to book the trip or we pass on the data required for booking and issuing the flight ticket to the respective airline, if necessary with the involvement of a service provider. This also includes the transfer of the required data to the respective airline. Depending on the destination, the required data may be passed on to the following airlines, among others, within the framework of the execution of the contract: Lufthansa; Emirates; Freebird Airlines; Aegean Airlines; Corendon Airlines; Turkish Airlines; TAP Air Portugal; Air Europa Lineas Aereas; Air Baltic; Air France/ KLM Royal Dutch Airlines

For the implementation and handling of the trip at the destination, we pass on the necessary data to an agency which processes your data for this purpose. The agency transfers your data to the extent required for this to the companies involved with the execution of the trip, such as the bus company for transport locally (e.g. to the hotel or for a round trip) or the hotel for the upcoming overnight accommodation. The agency will also pass on a list of participants to the tour manager responsible for you. If your holiday destination is outside the European Union / European Economic Area, both the agency and the other service providers will be based outside the European Union / European Economic Area. In this case, your data will be handled in accordance with the legal system in the relevant country where the companies are based. You will receive separate information on the scope of data processing from the other service providers involved. You can also assert your rights, such as a right to information, against RSD. In this case we will forward the request accordingly.

If you contact us by email with a query or use our contact form, we will collect the data sharedwith us in this way in order to handle your enquiry. According to your requests communicated tous in this way, we will comply with any request to contact you or comply with your other requests for information.

The travel booking data will also be used to handle potential warranty claims or other complaints. This data may also be passed on to external auditors and/or tax advisers for consultancy and auditing purposes. Data will be stored in accordance with the statutory retention requirements under Section 285 of the Companies Act 2014 and Section 886 of the Taxes Consolidation Act, and data will be deleted once the compulsory legal retention periods have elapsed.

On the use of trip booking data for marketing purposes

RSD as well as appropriately commissioned and controlled service providers (e.g. lettershops such as brand production Axel Bauer, Bühlertal; Direct Center Knoll GmbH, Rottenburg or b+g mailing.de GmbH, Hamburg, Germany) use the name and address of the travellers and fellow travellers for further measures relating to customer retention and customer reactivation. This includes sending out further information about interesting travel products and services by post and also issuing vouchers. This enables RSD to alert its customers to additional interesting options for their holiday and to ensure long-term customer loyalty. Data will not be passed on to third parties for marketing purposes. Telephone numbers and email addresses will be used for promotional purposes, if separate consent has been given. In the absence of additional consent, your name and address will no longer be used for marketing purposes, unless you have communicated an interest in continuing your customer relationship with RSD Travel Ltd. over a period of 7 years. We use the following activity indicators: Start of the trip or date of cancellation of the trip.

RSD Travel Ltd. also processes the booking data to personally customise your travel booking, to offer continuous enhancements and to present you with offers in future which are in line with your interests. We therefore use trip booking data to provide you with optimum support regarding your reservation and to point out interesting destinations from our range. Within the company, we process this data under a pseudonym in order to comply with your legitimate interests in the protection of your personal data. This data processing allows us to present you with personalised offers (e-mail or as part of a postal promotion) that present products which we assume you may be interested in.

Travel booking data will no longer be used for promotional purposes, including direct marketingrelated profiling, unless you have expressed an interest in continuing your customer relationship with RSD for a period of up to 5 years. We use the following activity indicators: Start of the trip or date of cancellation of the trip. Once this 5 year period has elapsed, we will continue to use your name, address, date of birth, latest travel booking and destination for postal marketing purposes for an additional two years. If there is no response to our advertising within this period, we will no longer use this data either for this purpose after a period of two years has elapsed.

On the use of prospective client data for marketing purposes

If you ask us by telephone to send you travel offers or a catalogue, we will collect your name and address from you through the service provider F&S Dialogmarketing GmbH, Offenburg, Germany which is commissioned and controlled by us, so that we can send you the requested documents. You are obliged to provide us with the data necessary to do this. Otherwise we will not be able to send you the catalogue. We also ask for your permission to continue using this information to send you RSD catalogues and other written travel offers until you object to these.

Credit card payment

Your credit card data is collected by First Cash Solution GmbH, Offenburg, and used exclusively to handle payment for the trip booked with us. Your data will not be used for any other purposes by FirstCash. RSD will not receive your credit card data in plain text format; instead, as evidence of payment, FirstCash simply provides us with an ID plus your credit card number in truncated, non-readable format (123456******7890).

2. Processing of data from access to our website – log files

Information of a general nature is documented automatically when you access our website. This information (server log files) includes the type of web browser and operating system used, the domain name of your Internet service provider and similar details. Your IP address is also transferred and used to offer you the service you want. This information is technically required in order to correctly provide you with the website content you have requested, and is generated anyway when you use the Internet.

We immediately anonymise or delete this log file data once the usage process has finished. The legal foundation for the processing of data is Art. 6 (1) (1f) of the GDPR.

According to our IT security concept, the log file data generated is stored for a period of six weeks in order detect any attacks on our website and analyse them. The legal foundation for the processing of data is Art. 6 (1) (1f) of the GDPR.

3. Processing of data from use of our website – your requests

If you send us a request via e-mail or via the contact form, we collect the data you have shared with us for processing and to answer your query. We store this information for audit purposes for a period of up to two years. The legal foundation for the processing of data is Art. 6 (1) (1f) of the GDPR.

4. Subscription to an e-mail newsletter

We use the double opt-in method to process subscriptions to our newsletter. This means that, after you provide us with your e-mail address, we send a confirmation e-mail to your specified e-mail address in which we ask you to confirm that you would like to receive our newsletter. If you do not confirm your registration within 4 weeks, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will save your e-mail until you unsubscribe from the newsletter. This data is stored in order to allow us to send you the newsletter. When you register and confirm, we also store your IP addresses and the times of your registration in order to prevent any misuse of your personal details and to provide proof that we are sending you the information correctly. The legal foundation for the processing of your personal data is Art. 6 (1) (1a) of the GDPR.

The only mandatory information required for us to send you the newsletter is your e-mail address. You have the right to withdraw your consent to being sent the newsletter at any time. Your withdrawal of consent will not affect the legality of the processing of your personal data up until that point. You can communicate your withdrawal of consent by clicking on the link included in every newsletter e-mail, by e-mailing info@rsd-travel.ie or by sending a message to the contact details set out in the Legal information.

5. Use of a content management platform

On our website, we use the content management platform operated by our commissioned and monitored service provider. This tool is used to manage consent to the setting of cookies and the integration of external service providers, along with their verification. In order to prove your consent, we store information on the device you use, information on your browser, anonymised IP address, date and time of your visit as well as opt-in and opt-out data, for three years. The legal foundation for the storage of this data is Art. 6 (1) (1c) GDPR.

6. Notes regarding the safeguarding of data security

On our sites, we take technical and operational security precautions in order to protect the personal data we store against access by third parties, loss or misuse, and to safeguard a secure transfer of data.

We must point out, however, that the structure of the Internet means that unwanted data access by third parties can still occur. It is therefore your responsibility to protect your data through encryption or other means against misuse. Without suitable protective measures, data transferred in unencrypted format especially, even if this is done via e-mail, can be read by third parties.

IV. Integration of third-party services

1. Integration of YouTube

Our website uses plugins from the YouTube site operated by Google. The site is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you visit one of our pages which is equipped with the YouTube plugin, a connection with YouTube’s servers will be established. This will tell the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you enable YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this by signing out of your YouTube account.

YouTube is used in the interests of displaying appropriate offerings online and therefore is based on Art. 6 para. (1) (f) GPDR. We only record the extent to which the YouTube videos integrated into our site are called up, and we delete this data after two years.

Further information on the use of user data can be found in YouTube’s data protection policy at: https://policies.google.com/privacy.

V. Our cookies guidelines

1. General information on the use of cookies

Our website uses cookies. Cookies are small text files that are stored on your terminal device and saved by your browser. They are used to make our website more user-friendly, effective and secure. We use both temporary cookies, which are deleted automatically when your browser is closed („session cookies“), and persistent (permanent) cookies.

You have the choice of whether to allow cookies or not. You can make changes in your browser settings. You basically have the choice of whether to accept all cookies, be notified when cookies are installed or reject all cookies. If you choose the last option, you may not be able to use all of the functions on our website.

If cookies are used, a distinction must be made between mandatory cookies and those used for other purposes (such as measuring access figures, advertising purposes).

2. Mandatory cookies when using the website

We use session cookies on our websites that are mandatory for the use of our website. These include cookies that allow us to recognise you while you visit the site in the context of a single session. These session cookies help to ensure the safe use of our service by allowing the secure processing of the basket function and payment process.

3. Use of cookies with your consent

Below is a summary of the cookies that we use with your consent, obtained when you start using the website. For every instance of use, you will also find an opt-out option.

Tracking with Matomo

On this website we use the web analytics service Matomo. This tool uses „cookies“, text files that are stored on your computer and which permit an analysis of your use of the website. With the help of the tool, we collect information about your last visits to our website, or how you move around our website, and use this information to evaluate your use of the website, as well as to compile reports on website activity

The data collected by the web analytics service Matomo is stored and processed on the servers in Germany.

We use the web analytics service to analyse the use of our website to better understand how visitors use our website so that we can make it more intuitive. The legal basis for the storage of the cookie is your consent according to Art. 6 (1) p. 1 lit. a GDPR and the further evaluation of the collected data over a period of 13 months is the balance of interests according to Art. 6 (1) p. lit. f GDPR. You can revoke your consent with effect for the future at any time in our cookie settings.

Online marketing – Google Adwords tracking and remarketing

We use the Google Adwords service to draw attention to our attractive offers on external websites through the use of advertising materials (Google Adwords). These advertising materials are provided by Google through „ad servers“. Ad server cookie are used, which allow the evaluation of performance parameters such as ad impressions, clicks and conversions. This means that we are able to determine in relation to the advertising campaign data how successful the individual advertising measures are. If you access our website via a Google advertisement, Google Adwords stores a cookie on your PC. Generally speaking, these cookies become obsolete after 30 days and must not be used to identify you personally. The following analysis values are generally stored for this cookie:

• Unique cookie ID
• Number of ad impressions per placement (frequency)
• Last impression (relevant for post-view conversions)
• Opt-out information (stipulates that the user no longer wishes to be approached)

These cookies allow Google to remember your Internet browser. If a user visits certain pages of the website of an Adwords customer, and the cookie stored on his computer has not yet expired, Google and the customer are able to detect that the user has clicked on the advertisement and has been forwarded to this page. Every Adwords customer is assigned a different cookies. Cookies therefore cannot be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the specified advertising measures. Google simply provides us with statistical analyses. These analyses allow us to determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials, and in particular we cannot identify users based on this information. The legal foundation for the storage of cookies by Google is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings.

Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. We also have no influence on the scope and further use of the data collected by Google through the use of this tool, and therefore inform you based on our current understanding:

Through the use of „tracking tools“, Google receives information that you have visited the relevant page of our website or have clicked one of our advertisements. If you are registered for a Google service, Google can assign the visit to your account. Even if you are not registered with Google and/or are not logged in, it is possible for the provider to learn your IP address and store it. You can find more information on data protection at Google here: https://policies.google.com/privacy and https://services.google.com/sitestats/en.html.

You can refuse the setting of a cookie by refusing to give your consent to the setting of cookies at the beginning of your visit to our website or in the Cookie settings. This can be done in the browser settings, which generally disables the automatic setting of cookies. Alternatively you can disable cookies for conversion tracking by setting your browser so that cookies from the „www.googleadservices.com“ domain are blocked. You can also prevent the recording of the data generated by the cookie relating to your use of the website by Google by installing a browser plug: https://tools.google.com/dlpage/gaoptout?hl=en If you do not wish to receive any interests-based advertising, you can disable the use of cookies by Google for such purposes by visiting the page https://www.google.com/settings/ads/. You can find more information on data protection at Google here: https://policies.google.com/privacy.

Alternatively, you can also visit the website of the Network Advertising Initiative (NAI): http://www.networkadvertising.org/

Facebook Pixel / Custom Audience

We have integrated a Facebook Pixel from Facebook Ireland Limited into our website. When our site is accessed, users are forwarded to Facebook via a redirect mechanism. The following data can be transferred during this process:

• Unique cookie ID
• Website visited
• Time

Facebook can then tag the terminal device you are using with a cookie and unique ID, or any cookie that is already present can be read. If you are logged in to Facebook, this data can be used to post targeted advertising for us on your Facebook pages. Your data will also be processed by Facebook in the USA. Your data will only be transferred to the USA after your express consent. The legal foundation for the storage of cookies is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings. The further evaluation of the collected data is the sole responsibility of Facebook. You can change your Facebook settings for advertising here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Criteo – Retargeting

On our pages and online offers, information about the surfing behaviour of website visitors is collected for marketing purposes using technology from Criteo (Criteo GmbH, Unterer Anger 3, 80331 Munich, Germany) and cookies are set to mark devices for the display of further advertising.

Criteo is able to analyse surfing behaviour and then display targeted product recommendations as appropriate banner ads when other websites are visited. On each banner there is a small „i“ (for information) at the bottom right, which opens on mouse-over and leads to a page on which the system is explained and a withdrawal of consent is offered. If Opt-Out is clicked, an „Opt-Out“ cookie is set, which will prevent the display of these banners in the future. There will be no other use or transfer to third parties. The legal foundation for the storage of cookies is the consent given (Art. 6 para. (1) (1a) GDPR. You can withdraw your consent at any time in our Cookie settings.

You can also find out more information from Criteo at https://www.criteo.com/privacy/ and object to the recording and analysis of your surfing behaviour.

Last updated: 17.05.2022