The safety of your personal data is of utmost concern for COLUMBUS Reisen GmbH & Co KG.

Therefore, we process your data solely on the basis of legal regulations (DSGVO, TKG 2003, DSG 2018 and GDPR regulation (EU) 2016/679).

In this privacy policy information, we inform you about the most important aspects of data processing, which data we collect and how we use them.

Data controller

• IP address
• Date and time of web-site visit
• Browser type and version
• Operating system
• Preferred URL

We collect information that we believe to be relevant to conduct our business, for marketing purposes and to monitor the improvement of our products. Furthermore, we use personal data for the fulfillment of legal obligations. We may also use the information collected to enforce or resolve any claims or disputes arising out of your use of our company's services, or to use them for any other purpose permitted by applicable law.

Your data will be stored for two month.

We collect, use and keep any personal information given to us by you, strictly for the purposes indicated in this policy in strict adherence to local Data Protection laws (EU’s GDPR Art 6 Par. 1).

Processing of personal data

Contact, processing, travel contract

Your personal data will be processed for the purpose of optimally preparing and carrying out your travel arrangements, establishing contact and keeping records.

The following personal data is usually processed:

• Names of all travel participants
• Accessibility data (telephone number, e-mail addresses)
• Address
• Payment information
• Passport details
• Frequent flyer numbers
• If necessary, individual data on personal wishes and preferences

By booking your trip, you explicitly agree to the processing of all relevant data.

The legal basis for the data processed by COLUMBUS in this context is based on pre-contractual measures and fulfillment of the contract in accordance with the provisions of Art 6 Para 1 lit b GDPR.

For the legally compliant processing of data on religious denominations or other special categories of personal data, we specifically obtain your consent (Art 9 Para 2 lit a GDPR).

The data required to process your order will be stored within the framework of the statutory retention periods and protected in accordance with the provisions of the GDPR. Your (express) consent, which you can revoke at any time, will be obtained in advance for any longer-term storage of your data for marketing purposes or the receipt of newsletters.

Greeting cards, sweepstakes, product information

You have the possibility of taking part in sweepstakes, or you can register for receiving greetings cards and product information. As part of this registration or participation COLUMBUS processes the following personal data provided by you:

• Salutation
• Title
• Last name, first name
• E-mail address (optional)
• Phone number (optional)

Purpose of processing

The data you provide when signing up to receive product information and greeting cards, or when participating in sweepstakes, will be used by COLUMBUS for the purpose of providing existing and potential customers with the best possible information.

The processing of this data is based exclusively on the consent you have given (Art 6 Para 1 lit a GDPR), which you can revoke at any time

by letter to:
COLUMBUS Reisen GmbH & Co KG.
Universitätsring 8/24
1010 Vienna

or by e-mail to:
datenschutz@columbus-reisen.at

Transfer of personal data

Third party service providers may be contracted to provide services to us. For this purpose, we will need to provide such companies/organisations with the necessary personal data.

The following data can be transferred if necessary for the fulfillment of the order:

• Personal master data
• Passport data
• Additional information such as dietary or mobility information
• Communication date (e.g. telephone, e-mail)
• Contract master data (contractual relation, product interest)
• Client history
• Payment information
• Control data

We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

• Your credit card information will we processend and safed by our payment provider (Card Complete) only in connection with payments, and transmitted in encrypted form (SSL).
• For the execution of services offered by us or via us, we transfer personal data to the respective contractors: hotels, airlines, travel agents, payment platforms, car rentals, cruise companies, booking platforms, travel insurance.
• Law Enforcement and Compliance: We may disclose personal data or other information if required to do so by law.
• For the fulfillment of our tax liability
• For a customer-oriented and effective fulfilment of your required services, we transfer personal data to the following companies for the purpose of necessary travel preparation and handling:

Amadeus IT Group S.A.
Calle Salvador de Madariaga 1
28027 Madrid
Spain
dataprotection@amadeus.com

Umbrella Organisation AG
Binzstrasse 33
8620 Wetzikon
Schweiz
info@umbrella.ch

Midoco GmbH
Otto-Hahn-Strasse 12
40721 Hilden
Deutschland
stefan.latz@tuevhessen.de

Travel Agency Technologies & Services GmbH
Hahnstrasse 70
60528 Frankfurt
Deutschland
info@ta-ts.de

AERTiCKET Conso GmbH
Boppstraße 10
D-10967 Berlin
Deutschland
www.aerticket.de

FP Passenger Service Gmbh
Fleischmarkt 3-5/14
A-1010 Wien
datenschutz@fairplane.de

EventsAIR
60 Brandl Street
4113 Eight Mile Plains, QLD
Australia
https://eventsair.com

Please note the privacy policies of the respective companies.

The criteria we use to determine the period of storage and storage limitation is in line with GDPR (Art 5(1)(e)) therefore, personal data shall not be retained longer than necessary, in relation to the purpose for which such data is processed.

We would like to point out that data processing not only takes place in member states of the European Union or in another states that are party to the agreement on the European Economic Area, but that personal data can also leave the EU area depending on the services you have booked.
We ask for your understanding that it is not possible for us to guarantee the compliance with EU legal data protection regulations of all data recipients outside the EU area.

Data subject’s rights

You are entitled to be informed of your stored data upon request and free of charge by COLUMBUS:

• Right to access: the right to request, access and copy of the personal information
• Right to rectification: the right to have personal data rectified if it’s incorrect, out of date or incomplete
• Right to be forgotten: the right to withdraw consent given to process data and the right to request the deletion of personal data
• Right to restriction: The right to stop COLUMBUS from using personal data or limit how it is used
• Right to data portability: The right to request the return of any information provided and the right to transmit data to another controller
• Right of appeal, which you can also assert at any time with the Austrian Data Protection Authority (Wickenburggasse 8, 1080 Vienna; e-mail: dsb@dsb.gv.at).

You can assert the above mentioned rights with COLUMBUS at any time

by letter to:
COLUMBUS Reisen GmbH & Co KG.
Universitätsring 8/24
1010 Wien

or by e-mail to:
datenschutz@columbus-reisen.at

Your contact for data policy:
COLUMBUS Reisen GmbH & Co KG.
Universitätsring 8/24
1010 Wien
datenschutz@columbus-reisen.at
+43 1 534 11 – 0

Cookies and cookie warnings

Cookies are small text files or pieces of information that are stored on your computer or mobile device when you visit our website. A cookie contains the name of the website and a value, which can be used for a variety of purposes. Some cookies are essential for the smooth operations of our website and necessary for the website to work.

You can also use www.columbus-reisen.at without cookies, but use will be more convenient if cookies can be used. Most browsers accept cookies automatically. You can change your browser settings so that cookies are not accepted or only accepted with your consent. If you do not want a warning to be issued every time, you can also disable the warning messages. You can disable the use of cookies by third parties by visiting the Network Advertising Initiative opt-out page.

The legal basis for the setting of cookies is the legitimate interest of COLUMBUS (online service offer) in accordance with Art. 6 Para. 1 f GDPR.

Google analytics

This website uses Google Analytics, a web analytics service provided by Google LLC. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (but not your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on behalf of Google.

Google also offers a browser add-on for all common browsers, with which you can object to the use of Google Analytics.

The legal basis for the use of Google Analytics is the legitimate interest of COLUMBUS in accordance with Article 6 Paragraph 1 lit f GDPR. The analysis of the use of the website and the statistical evaluation is carried out in order to further improve the offer on the website and to make it more user-friendly.

Remarketing

This website uses remarketing. Remarketing is an advertising medium in which ads are placed on other websites on the Internet. Our partners use cookies so that our ads can be shown to you on other websites based on your previous visits to our website. The data protection regulations of the respective companies apply. COLUMBUS assumes no liability for this content. The respective provider of the linked website is solely responsible for the content and accuracy of the information provided there. You can find out more about the data protection of our remarketing partners and their settings for interest-based advertising on the following linked pages:

• Google LLC, Mountain View, USA: data protection declaration or settings for interest-based advertising
• Facebook Ireland Ltd., Dublin, Ireland: Privacy policy or cookie policy or settings for interest-based advertising

The legal basis for remarketing is the legitimate interest of COLUMBUS (online service offer) in accordance with Article 6 Paragraph 1 f GDPR.

Data security

• Ensuring the confidentiality, integrity, availability and resilience of the systems and services related to processing;
• Ensuring a rapid restoration of the availability of personal data in the event of a physical or technical incident;
• Implementation of procedures for regular review, assessment and evaluation of the
• Effectiveness of the technical and organizational measures to ensure the security of data processing.

Please note that we accept no liability for the disclosure of information due to errors in data transmission and/or unauthorized access by third parties (e.g. hack attacks) not caused by us or attributable to us.

Data security for credit card payments

We use technology to securely transmit your data. Thanks to the powerful SSL (Secure Sockets Layer) encryption technologies, all your transactions are protected. SSL encrypts credit card number, name, address, phone number, etc. before they are sent via the Internet. This makes business transactions over the Internet as secure as over the phone. SSL encryption is set by default in all browsers. If your browser doesn't support secure transactions, or you don't want to make online transactions, you can call us on +43 1 534 11 100 Mon-Fri 9am-6pm and Sat 9am-12pm to place your order.

Use of Facebook social plug-ins

Our website uses Social Plug-Ins („Plug-Ins”) of facebook.com operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) . The Facebook plugins can be recognized by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins.

If you access a website of our internet presence that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. We therefore have no influence on the scope and content of the data that Facebook collects with the help of this plugin and therefore inform you according to our state of knowledge (http://www.facebook.com/help/?faq=186325668085084): By integrating the Plugins, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged into Facebook, Facebook can assign the web-site visit to your Facebook account. If you interact with plugins, for example by pressing a Like button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, there is still the possibility that Facebook will find out and store your IP address. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's data protection information: http://www.facebook.com/policy.php.

If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your member data stored on Facebook, you must log out of Facebook before visiting our website and delete the cookies that have been set. You can find more information about cookies in this data protection declaration. You can also block Facebook social plugins with add-ons for your browser, for example with the "Facebook Blocker".

Use of Google Plus Plugins

Social plugins (“plugins”) from the Google Plus social network operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”) are integrated into our website. You can recognize the Google Plus plugin by the "+1" sign on a white or colored background. If you access a website of our internet presence that contains such a plugin, your browser establishes a direct connection to the Google servers. The content of the plugin is transmitted directly to your browser by Google and integrated into the website by it. We therefore have no influence on the scope and content of the data that Google collects with the help of this plugin. According to Google, no personal data is collected without a click on the button. Such data, including the IP address, is only collected and processed for logged-in members. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options for protecting your privacy can be found in Google's data protection information at www.google.com/intl/de/policies/privacy/. If you are a Google Plus member and do not want Google to collect data about you via our website and link it to your member data stored on Google, you must log out of Google Plus and delete cookies before you visit our website. You can find more information about cookies in this data protection declaration.

Use of Twitter plug-ins

Use of WhatsApp for customer communication

Use of Facebook Messenger for customer communication

Use of Instagram Direct Messenger for customer communication

Use of Google Business Messages for customer communication