Data protection

Data Protection at COLUMBUS Reisen

 

You are in good hands!

The protection of your personal data is important to us. To ensure this, we naturally work in compliance with all applicable legal provisions and statutory requirements [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), Data Protection Act 2018 (DSG 2018), Telecommunications Act 2003 (TKG 2003)].

In this data protection declaration, we inform you about the processing activities of your personal data within the scope of our website.

 

Data Controller

 

In accordance with Art 4 No. 7 GDPR, the data controller for the website is: COLUMBUS Reisen GmbH & Co KG. Universitätsring 8/24 1010 Vienna

 

Processing of Your Personal Data When Visiting Our Website

 

When you visit our website, we store access data in so-called web server log files. The following data from you are collected:

  • IP address,
  • Date and time of access,
  • Browser including browser version,
  • Operating system,
  • Referrer URL

This data is statistically evaluated to further improve the services offered on our website and make it more user-friendly, to find and fix errors faster, and to manage server capacities. Should there be concrete indications of unlawful use of our website, we will use this data in a personal form for the purpose of legal prosecution.

Your data is stored for two months.

The legal basis for the processing of access data is, pursuant to Art 6 Para 1 lit f GDPR, the legitimate interest of COLUMBUS (online service offering & data security).

 

Processing of Your Personal Data

 

Only personal data for which there is a legal, contractual, or other legal basis, such as "legitimate interest" of COLUMBUS, for its intended use is collected and processed.

 

Contacting, Processing, Travel Contract

 

Your personal data is processed for the purpose of optimal preparation and execution of your travel arrangements, contacting you, and record-keeping.

The following personal data are usually processed:

  • Names of all travelers
  • Contact details (telephone number, e-mail addresses)
  • Address data
  • Payment information
  • Passport data
  • Frequent flyer numbers
  • Where applicable, individual data regarding personal wishes and preferences

By booking your trip, you expressly consent to the data processing in this regard.

The legal basis for the data processed by COLUMBUS in this context is based on pre-contractual measures and contract fulfillment pursuant to the provisions of Art 6 Para 1 lit b GDPR.

For the lawful processing of data concerning religious beliefs or other special categories of personal data, we specifically obtain your express consent (Art 9 Para 2 lit a GDPR).

The data necessary for processing your order will be stored within the framework of statutory retention periods and protected according to the requirements of the GDPR. For any longer retention of your data for marketing purposes or receiving newsletters, your (express) consent is obtained beforehand, which you can revoke at any time.

 

Greeting Cards, Competitions, Product Information

 

You have the option to participate in competitions or register for the sending of greeting cards or product information.

In the context of this registration or participation, COLUMBUS processes the following personal data provided by you:

  • Salutation
  • Title
  • Last name, first name
  • E-mail
  • Address (optional)
  • Telephone number (optional)

Purpose of Processing The data provided by you in connection with the sending of product information and greeting cards or participation in competitions are used for the purpose of providing the best possible information to existing and potential customers by COLUMBUS.

The processing of this data is based exclusively on the consent given by you (Art 6 Para 1 lit a GDPR), which you can revoke at any time

by letter to: COLUMBUS Reisen GmbH & Co KG. Universitätsring 8/24 1010 Wien

or by e-mail to: datenschutz@columbus.at

 

Disclosure of Your Personal Data

 

To optimally prepare and execute your trip, it is, understandably, essential to forward the relevant personal data of all travelers to our partners.

The following personal data, which are necessary for the fulfillment of the contract, may be forwarded:

  • Personal master data
  • Passport data
  • Additional information such as meal and mobility information
  • Communication data (e.g., telephone, e-mail)
  • Contract master data (contractual relationship, product or contract interest)
  • Customer history
  • Contract billing and payment data
  • Planning and control data

Your data will be forwarded to third parties for the following purposes:

  • Your credit card information is processed and stored by our payment provider (Card Complete) and used exclusively in connection with payments, transmitted in encrypted form (SSL), and neither stored nor further processed for other purposes.
  • For the execution and processing of services brokered by us to our contract partners: Tour operators, hotels, airlines, payment platforms (payment providers), travel insurances, car rentals, shipping companies, booking platforms, transfer services.
  • To fulfill our tax law obligations to our tax consulting firm.
  • In the context of mandatory legal regulations to state institutions and authorities.
  • To make the booking of trips and services customer-oriented and effective, personal data is transferred to the following companies and processed for the purpose of trip preparation and trip processing:
    • Amadeus IT Group S.A. Calle Salvador de Madariaga 1 28027 Madrid Spain dataprotection@amadeus.com
    • Umbrella Organisation AG Binzstrasse 33 8620 Wetzikon Schweiz (Switzerland) info@umbrella.ch
    • Midoco GmbH Otto-Hahn-Strasse 12 40721 Hilden Deutschland (Germany) stefan.latz@tuevhessen.de
    • Travel Agency Technologies & Services GmbH Hahnstrasse 70 60528 Frankfurt Deutschland (Germany) info@ta-ts.de
    • AERTiCKET Conso GmbH Boppstraße 10 D-10967 Berlin Deutschland (Germany) www.aerticket.de
    • FP Passenger Service Gmbh Fleischmarkt 3-5/14 A-1010 Wien (Vienna) datenschutz@fairplane.de
    • EventsAIR 60 Brandl Street 4113 Eight Mile Plains, QLD Australia https://eventsair.com Please note the data protection declarations of the respective companies.

The legal basis for the data processed by COLUMBUS in this context is based on pre-contractual measures and the fulfillment of a contract pursuant to the provisions of Art 6 Para 1 lit b GDPR and for compliance with a legal obligation pursuant to Art 6 Para 1 lit c GDPR.

We would like to point out that data processing takes place not only in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area, but depending on the services booked by you, personal data may also leave the EU area.

We ask for your understanding that it is not possible for us to obtain the necessary guarantees within the meaning of the GDPR, regarding compliance with legal data protection requirements, for all recipients of the personal data concerning you and your travel companions outside the EU area.

Please ensure before booking that the persons travelling with you agree to the disclosure of their data to COLUMBUS and a possible transmission to countries outside the EU area. For further questions, please send an e-mail to datenschutz@columbus.at.

 

Data Subject Rights

 

As a data subject, you have the following rights, which you can assert against COLUMBUS at any time:

  • Right of access pursuant to Art 15 GDPR
  • Right to rectification pursuant to Art 16 GDPR
  • Right to erasure pursuant to Art 17 GDPR
  • Right to restriction of processing pursuant to Art 18 GDPR
  • Right to data portability pursuant to Art 20 GDPR
  • Right to object pursuant to Art 21 GDPR
  • Right to withdraw consent pursuant to Art 7 GDPR
  • Right to lodge a complaint, which you can also assert at any time with the Austrian Data Protection Authority (Wickenburggasse 8, 1080 Wien; e-mail: dsb@dsb.gv.at).

You can assert the above rights against COLUMBUS at any time:

by letter to: COLUMBUS Reisen GmbH & Co KG. Universitätsring 8/24 1010 Wien

or by e-mail to: datenschutz@columbus.at

 

Your Contact Person for Data Protection in the Company:

 

Data Protection Coordinator: COLUMBUS Reisen GmbH & Co KG. Universitätsring 8/24 1010 Wien datenschutz@columbus.at +43 1 534 11 – 0

 

What is a Cookie and What do the Cookie Warnings Mean?

 

A cookie is a small package of information that is transferred between your browser and a website such as www.columbus-reisen.at.

COLUMBUS uses cookies to store some technical data such as browser type or JavaScript status, so that access to our website always works optimally. You can also use www.columbus-reisen.at without cookies, but usage becomes more convenient when cookies can be used.

Most browsers accept cookies automatically. You can change your browser settings so that cookies are not accepted or are only accepted with your consent. If you do not want a warning to be issued every time, you can also deactivate the warning messages. You can deactivate the use of third-party cookies by visiting the Network Advertising Initiative deactivation page.

The legal basis for setting cookies is, pursuant to Art 6 Para 1 f GDPR, the legitimate interest of COLUMBUS (online service offering).

 

Use of Google Analytics

 

This website uses Google Analytics, a web analysis service provided by Google LLC. ("Google"). Google Analytics uses so-called "cookies", which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (but not your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website use and internet use. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google's behalf.

 

Google also offers a browser add-on for all common browsers with which you can object to the use of Google Analytics.

The legal basis for the use of Google Analytics is, pursuant to Art 6 Para 1 lit f GDPR, the legitimate interest of COLUMBUS. The analysis of website use and the statistical evaluation are carried out to further improve the services offered on the website and to make it more user-friendly.

 

Remarketing

 

Remarketing is operated via this website. Remarketing is an advertising tool where ads are placed on other websites on the internet. Our partners use cookies so that our ads can be shown to you on other websites based on your previous visits to our website. The data protection regulations of the respective companies apply. COLUMBUS assumes no liability for this content and the respective provider of the linked website is solely responsible for the content and accuracy of the information provided there. On the following linked pages, you can inform yourself about the data protection of our Remarketing partners and their settings for interest-based advertising:

  • Google LLC, Mountain View, USA: Data Protection Declaration or Settings for Interest-Based Advertising
  • Facebook Ireland Ltd., Dublin, Ireland: Data Protection Declaration or Cookie Policy or Settings for Interest-Based Advertising

The legal basis for remarketing is, pursuant to Art 6 Para 1 f GDPR, the legitimate interest of COLUMBUS (online service offering).

 

Data Security

 

The security of your personal data is a particular concern for us.

COLUMBUS takes appropriate technical and organizational measures within the meaning of Art 32 GDPR, taking into account the state of the art, implementation costs, and the nature, scope, circumstances and purposes of the processing, as well as the probability of occurrence and severity of the risk for the rights and freedoms of natural persons.

The following measures are therefore taken to protect your data and secure it against loss, destruction, access, alteration, and distribution by unauthorized persons:

  • Ensuring the confidentiality, integrity, availability, and resilience of the systems and services in connection with the processing;
  • Ensuring the rapid recovery of the availability of personal data in the event of a physical or technical incident;
  • Implementing procedures for regular review, assessment, and evaluation of the effectiveness of the technical and organizational measures to ensure the security of processing.

Please note that we assume no liability for the disclosure of information due to errors in data transmission not caused by us or attributable to us, and/or unauthorized access by third parties (e.g., hacker attacks).

 

Data Security for Credit Card Payments

 

We use technologies to transmit your data securely. Thanks to the powerful encryption technologies SSL (Secure Sockets Layer), all your transactions are protected. SSL encrypts credit card number, name, address, telephone number, etc. before they are sent over the internet. This makes conducting business over the internet as safe as over the phone. SSL encryption is set as standard in all browsers. If your browser does not support secure transactions, or you do not wish to carry out online transactions, you can call us with your order at +43 1 534 11 100 Mon-Fri from 9 a.m. to 6 p.m. and Sat from 9 a.m. to 12 p.m. An employee will personally take your information. What is a cookie and what do the cookie warnings mean? A cookie is a small information package that is transferred between your browser and a website like ours. Columbus uses cookies to store some technical data such as browser type or JavaScript status, so that access to our pages always works optimally. However, we do not store any personal data such as your address or name in our cookies. You can also use this homepage without cookies, but usage becomes more convenient if cookies can be used. Most browsers accept cookies automatically. You can change your browser settings so that cookies are not accepted or are only accepted with your consent. If you do not want a warning to be issued every time, you can also deactivate the warning messages.

 

Integration of Facebook Social Plugins

 

Social plugins ("Plugins") of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), are integrated into our website. The Facebook plugins are recognizable by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins.

If you access a page of our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website by it. We therefore have no influence on the extent and content of the data that Facebook collects with the help of this plugin and inform you according to our knowledge (http://www.facebook.com/help/?faq=186325668085084): By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged into Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by pressing the Like button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. Even if you are not a member of Facebook, there is still the possibility that Facebook finds out and stores your IP address. For the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and setting options for protecting your privacy, please refer to the Facebook data protection notices: http://www.facebook.com/policy.php.

If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your member data stored on Facebook, you must log out of Facebook and delete any set cookies before visiting our website. You can find more information about cookies within this data protection declaration. You can also block Facebook social plugins with add-ons for your browser, for example with the "Facebook Blocker".

 

Integration of Google Plus Plugins

 

Social plugins ("Plugins") of the social network Google Plus, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"), are integrated into our website. You can recognize the Google Plus plugin by the "+1" sign on a white or colored background. If you access a page of our website that contains such a plugin, your browser establishes a direct connection with the Google servers. The content of the plugin is transmitted by Google directly to your browser and integrated into the website by it. We therefore have no influence on the extent and content of the data that Google collects with the help of this plugin. According to Google, no personal data is collected without clicking the button. Only for logged-in members are such data, including the IP address, collected and processed. For the purpose and scope of data collection and the further processing and use of the data by Google, as well as your related rights and setting options for protecting your privacy, please refer to the Google data protection notices www.google.com/intl/de/policies/privacy/. If you are a Google Plus member and do not want Google to collect data about you via our website and link it to your member data stored on Google, you must log out of Google Plus and delete any set cookies before visiting our website. You can find more information about cookies within this data protection declaration.

 

Integration of Twitter Plugins

 

Social plugins ("Plugins") of the social network Twitter, operated by Twitter Inc. with its registered office at 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, ("Twitter"), are integrated into our website. You can recognize the Twitter plugin by the bird symbol and the lettering "Tweet".

 

Use of WhatsApp for Customer Communication

 

If you use WhatsApp to contact us, we process your telephone number, name, and other data communicated by you to answer your inquiry or, if you have expressly consented, to send you promotional messages. For sending and receiving messages via our various communication channels, including WhatsApp, we use the Superchat service provided by SuperX GmbH, Oranienburger Str. 91, 10178 Berlin ("Superchat"). The data is stored on Superchat servers in Germany on our behalf. The operator of the WhatsApp service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"), a group company of Meta Platforms, Inc. (formerly Facebook). WhatsApp processes the data in accordance with its data protection notices, which you can view here. The communication content is end-to-end encrypted. WhatsApp may also collect other so-called "metadata", which may contain information about the identity of the sender and recipient, as well as the phone number, device information, and information about the use of WhatsApp (e.g., duration and frequency). WhatsApp also uses this data for its own purposes, such as improving the WhatsApp service. Further information can be found in the WhatsApp data protection notices. We have no knowledge of the details of this data processing and no influence on it. We cannot rule out disclosure to other recipients within the Meta group of companies in countries outside the EU that do not offer an adequate level of data protection (especially in the USA). The legal basis for the data processing by us is

  • Art. 6 Para 1 lit b) GDPR, if the communication serves to initiate or process a contractual relationship;
  • Your consent pursuant to Art. 6 Para 1 lit a) GDPR, if you have registered for the newsletter dispatch via WhatsApp
  • and in all other cases, our legitimate interest pursuant to Art. 6 Para 1 lit f) GDPR in processing your inquiry.

Insofar as the processing is based on your consent, the data will be deleted as soon as you withdraw your consent. You can withdraw your consent at any time by sending a message with the content "Stop" in the chat or an e-mail to datenschutz@columbus.at.

Otherwise, we delete your data as soon as the purpose of the processing has ceased to exist (e.g., the inquiry has been conclusively answered). If legal retention periods oppose the deletion, the data will be blocked for further use until the retention period expires.

 

Use of Facebook Messenger for Customer Communication

 

If you use Facebook Messenger to contact us, we process personal data that is necessary for contacting and communicating. Facebook grants us access to your "public information", which includes, for example, your name, gender, Facebook ID, and your profile and cover pictures. We use this information to answer your inquiry or, if you have expressly consented, to send you promotional messages. For sending and receiving messages via our various communication channels, including Facebook Messenger, we use the Superchat service provided by SuperX GmbH, Oranienburger Str. 91, 10178 Berlin ("Superchat"). The data is stored on Superchat servers in Germany on our behalf. Facebook is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), a company of the Meta group. Facebook processes the data in accordance with its data policy, which you can view here. Facebook offers the option of end-to-end encryption of communication, which can be activated in the Messenger settings. We point out that Facebook may collect so-called "metadata", which may contain information about the identity of the sender and recipient, as well as location, device information, and information about the use of Facebook Messenger (e.g., duration and frequency). Facebook also uses this data for its own purposes, such as improving Facebook Messenger. Further information can be found in the Facebook data protection notices. We have no knowledge of the details of this data processing and no influence on it. We cannot rule out disclosure to other recipients within the Meta group of companies in countries outside the EU that do not offer an adequate level of data protection (especially in the USA). The legal basis for the data processing by us is

  • Art. 6 Para 1 lit b) GDPR, if the communication serves to initiate or process a contractual relationship;
  • Your consent pursuant to Art. 6 Para 1 lit a) GDPR, if you have registered for the newsletter dispatch via Facebook Messenger
  • and in all other cases, our legitimate interest pursuant to Art. 6 Para 1 lit f) GDPR in processing your inquiry.

Insofar as the processing is based on your consent, the data will be deleted as soon as you withdraw your consent. You can withdraw your consent at any time by sending a message with the content "Stop" in the chat or an e-mail to datenschutz@columbus.at.

Otherwise, we delete your data as soon as the purpose of the processing has ceased to exist (e.g., the inquiry has been conclusively answered). If legal retention periods oppose the deletion, the data will be blocked for further use until the retention period expires.

 

Use of Instagram Direct Messenger for Customer Communication

 

If you use Instagram Direct Messenger to contact us, we process personal data that is necessary for contacting and communicating. Instagram grants us access to the username you have chosen. We use this information to answer your inquiry or, if you have expressly consented, to send you promotional messages. For sending and receiving messages via our various communication channels, including Instagram Direct Messenger, we use the Superchat service provided by SuperX GmbH, Oranienburger Str. 91, 10178 Berlin ("Superchat"). The data is stored on Superchat servers in Germany on our behalf. Instagram is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, a company of the Meta group. Instagram processes the data in accordance with its data policy, which you can view here. We point out that, according to the information in the Instagram data policy, Instagram collects the content provided by its users, including the communication content, as well as other information such as location, device information, and information about the use of Instagram (e.g., duration and frequency). Instagram also uses this data for its own purposes, such as improving the Instagram service. Further information can be found in the Instagram data protection notices. We have no knowledge of the details of this data processing and no influence on it. We cannot rule out disclosure to other recipients within the Meta group of companies (e.g., to Facebook) and external third parties (e.g., advertising partners and analysis services) in countries outside the EU that do not offer an adequate level of data protection (especially in the USA). The legal basis for the data processing by us is

  • Art. 6 Para 1 lit b) GDPR, if the communication serves to initiate or process a contractual relationship;
  • Your consent pursuant to Art. 6 Para 1 lit a) GDPR, if you have registered for the newsletter dispatch via Instagram Messenger
  • and in all other cases, our legitimate interest pursuant to Art. 6 Para 1 lit f) GDPR in processing your inquiry.

Insofar as the processing is based on your consent, the data will be deleted as soon as you withdraw your consent. You can withdraw your consent at any time by sending a message with the content "Stop" in the chat or an e-mail to datenschutz@columbus.at.

Otherwise, we delete your data as soon as the purpose of the processing has ceased to exist (e.g., the inquiry has been conclusively answered). If legal retention periods oppose the deletion, the data will be blocked for further use until the retention period expires.

 

Use of Google Business Messages for Customer Communication

 

If you contact us via our Google company profile or another Google service (e.g., Maps), we process personal data that is necessary for contacting and communicating. Google grants us access to the username you have chosen. We use this information to answer your inquiry or, if you have expressly consented, to send you promotional messages. For sending and receiving messages via our various communication channels, including Google Business Messages, we use the Superchat service provided by SuperX GmbH, Oranienburger Str. 91, 10178 Berlin ("Superchat"). The data is stored on Superchat servers in Germany on our behalf. Google Business Messages is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), a company of the Google group. Google processes the data in accordance with its data policy, which you can view here. We have no knowledge of the details of this data processing and no influence on it. We cannot rule out disclosure to other recipients within the Google group of companies in countries outside the EU that do not offer an adequate level of data protection (especially in the USA). The legal basis for the data processing by us is

  • Art. 6 Para 1 lit b) GDPR, if the communication serves to initiate or process a contractual relationship;
  • Your consent pursuant to Art. 6 Para 1 lit a) GDPR, if you have registered for the newsletter dispatch via Instagram Messenger
  • and in all other cases, our legitimate interest pursuant to Art. 6 Para 1 lit f) GDPR in processing your inquiry.

Insofar as the processing is based on your consent, the data will be deleted as soon as you withdraw your consent by sending an e-mail to datenschutz@columbus.at.

Otherwise, we delete your data as soon as the purpose of the processing has ceased to exist (e.g., the inquiry has been conclusively answered). If legal retention periods oppose the deletion, the data will be blocked for further use until the retention period expires.

Send E-Mail Call