MONDI-HOLIDAY > Credits > Privacy

Data Protection

ID: 4851
Seite: 5
Quelle: Typo3

Pursuant to the EU General Data Protection Regulation (GDPR) entering into force on 25 May 2018, we would like to inform you in this data privacy notice on the processing of your personal data by us, as well as on your rights in this respect. When required, this notice will be updated and published at

1. General information

MONDI-HOLIDAY GmbH & Co. KG with its registered office at Kaflerstraße 8, DE-81241 München (hereinafter as MONDI-HOLIDAY) is constantly committed to protecting the online privacy of users. This document has been edited in order to inform you about our privacy policy and how your personal information is handled when you use our website and, where applicable, to provide you an opportunity to give us your explicit and informed consent to the processing of your personal data (applies to persons of a minimum 16 years of age). The information and data made available to us by you or obtained by us in another way in connection with the use of our website services (hereinafter as “services”) are processed by us in compliance with the Regulation and with confidentiality obligations applicable to the data controller.

In accordance with the Regulation, the processing performed by MONDI-HOLIDAY is based on legitimate interests, is fair and transparent, and respects the principles of purpose limitation, storage limitation, data minimisation, accuracy, integrity and confidentiality.


2. Data controller and data protection officer

The data controller is:

Kaflerstraße 8
81241 München
Telephone: +49 (0)89 55 229 0
Telefax: +49 (0)89 55 229 191

The data protection officer is:
Projekt 29 GmbH & Co. KG
Christian Volkmer
Ostengasse 14
93047 Regensburg
Telephone: +49 (0)941 29 869 30


3. Personal data subject to processing

We hereby inform you that, based on your navigation on the website, the data controller processes your personal data that may consist of such identifiers as your name, your identification number, an online identifier, a postal address, an e-mail address, a telephone number (in fixed and/or mobile networks), or of one or more elements of your physical, physiological, mental, economic, cultural or social identity in order to identify the data subject or to make the data subject identifiable (hereinafter as “personal data”).

Data processed through the website include the following data:

a) Navigation data
The computer systems and software processes intended to operate the website capture, during their normal operation, certain personal data, the transmission of which is implicitly included in the internet communication protocols. Such information is not obtained for the purpose of establishing a connection with the data subject, however, it may allow, when processed and associated with third party data, the identification of the user. This data category includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method applied to submit the request to the server, the size of file provided in reply, the numerical code indicating the server response status (successful, error, etc.), as well as other parameters relating to the operating system and the computer environment. These data are used for the sole purpose of obtaining anonymous statistical information about the use of the website, to verify its appropriate function and to identify any anomalies and/or abuse, and they are deleted immediately after processing. These data can be used in order to ascertain responsibility in the event of hypothetical computer offences against the website or against a third party. Apart from this possibility, data obtained from the website are deleted after a short period of time.

b) Special categories of personal data
Insofar you use our website for application on your part (or when you send us such information by e-mail), your personal data may be transmitted, which fall within special categories of personal data as set forth in art. 9 of the Regulation, namely “[...] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as […] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.” Please do not disclose such data unless this is strictly necessary. We point out expressly that, in respect of transfer of special categories of personal data and in case of absence of an explicit consent for processing of such data (you may naturally send your CV at any time), the data controller cannot be held responsible or liable in any manner whatsoever in connection with the processing of such data, as in such case the processing is allowed, because it concerns the data, which have been made manifestly public by the data subject, pursuant to art. 9(1)e of the Regulation. Nevertheless, we point out that, as already mentioned above, it is important that you give your explicit consent to the processing of special categories of personal data, when you decide to provide such information. We also inform you that the data controller may analyse freely accessible social profiles for occupational purposes (e.g. LinkedIn) in order to select the applicants.

c) Cookies
General information about cookies Cookies are small text files which can be stored by a website, and with the help of the browser, on the hard drive of a client computer, to save smaller amounts of website information for a specific period of time. Generally, there are different types of cookies; these can be separated into technical cookies and profiling cookies (cookies used for marketing and advertising purposes). This website uses technical and profiling cookies. You will find the details below.

ID: 5152
Seite: 5
Quelle: Typo3

List of Cookies used:

ID: 4852
Seite: 5
Quelle: Typo3
ID: 4855
Seite: 5
Quelle: Typo3


Description of cookie types

Technical cookies are primarily relevant to the website’s functionality. There are navigational or session state cookies, which enable user-friendly navigation on our website. Furthermore, there are so-called analytics cookies, which collect information, for instance about the number of website visitors and the way they found the website. Also the preferences cookies are technical cookies; they allow the website to remember your selection (for instance your selected filter settings or the previously installed automatic language setting of a website).

Besides that, there are cookies storing the settings, preferences and actions of the user and, based on that, establishing a user profile; they are referred to as profiling cookies. The purpose of these cookies is to match marketing communication with user interests and thus enable a more efficient targeting of advertisements. As soon as you open a website, which uses these cookies, a banner is displayed, which tells you that the website operator uses cookies for marketing purposes. The banner also informs the user that the website allows cookies by third parties. This banner links to a page with more detailed information (like the one you are on now), where the user can deny the use of cookies.

The banner offers the user the possibility to explicitly agree and indicates that a further navigation on the site means to automatically accept the use of cookies. Just clicking the detailed information does not mean that the user agrees. The banner does not disappear after a certain time, but is displayed for as long as the user either agrees, declines or consciously navigates further. We are required by law to register and save the user’s decision, so the banner will not appear the next time the user visits the website.

You can deny the use of cookies either generally or selectively. If you do not wish to accept our cookies, then you can deny in your web browser or via the respectively shown links. The corresponding function depends on your browser. Please find the details below. Please note that functional limitations may occur, if you do not accept cookies.

In the following text we indicate which technologies are used on our website, for which purpose, to which extent and in which way. The use of so-called third party cookies (cookies by other advertisers) may occur. Further information is filed as link in the corresponding section. You can also block these third party cookies explicitly in the settings of your respective browser.

The website of the European Interactive Digital Advertising Alliance ( provides further information on cookies, a list of cookies installed in your computer, as well as the options for their deactivation. Please note that only the cookies of participating companies (most of them in the advertising sector) are listed and thus only these can be deactivated.

Profiling cookies – retargeting:

We indicate that no personal data will be saved by the profiling cookies and that no user profiles are matched with your personal data. Profiling cookies are not used to identify individuals, but the information is merely stored to provide anonymized information for a more selective interest-based marketing campaign.

If you would like to avoid profiling cookies, please follow the links above or block them directly in your browser settings (see descriptions below).

Webtracking – Google Analytics:

We use so-called tracking technologies to continuously improve and optimise our offer. This website uses Google Analytics, a web analytics service by Google Inc. (“Google”). Google Analytics uses cookies, which enable analysing your website usage, with the purpose of evaluating our website’s popularity and of improving the website’s productivity and content. The information about your website use (including your IP address), generated by the cookies, is transmitted to a Google server in the US and saved there. Google will use this information, on behalf of the website operator, to assess your website use, to create reports about the website activities and to provide the website operator other services related to the website and internet usage. Where applicable, Google transmits this information to third parties, if required by law and if third parties process the data on behalf of Google. Under no circumstances is your IP address matched with other data by Google and/or other web analytics service providers.

You can block cookies with a corresponding setting in your browser software; however, in this case and where applicable, you may not be able to use all website functions. Furthermore, you can prevent Google from capturing data related to your website usage (incl. your IP address) by means of cookies and from processing this data, if you download and install the available browser plugin on the link

You will find general information about Google Analytics and safeguarding your data at
By using this website you agree to the processing of the collected data by Google and/or other web analytics service providers in the above described way and mentioned purpose.

Webtracking – intelliAd:

This website uses the web analytics service of intelliAd Media GmbH, Sendlinger Str. 7, 80331 München. For the purpose of statistics, a user friendly design and website optimisation, anonymized user data are collected and recorded. Where applied, intelliAd Trackings saves cookies locally. You can block saving your (anonymously collected) visitor’s data for the future. Please use the intelliAd Opt-Out function for that purpose.

Using social plugins

Social plugins are integrated on this website via the so-called “2 click solution”. By default, these buttons do not transmit data to third parties. The user manually activates the transmission of data to the respective social network operator and the installation of third party cookies. However, this only applies to the particular site and to the selected service. Via the “cog wheel” icon, the user can save respective preferences and change them at any time.

Should you activate the social plugins, please read the following explanations about their function and about which data are transmitted.

Privacy notice for the use of Facebook plugins (Like button)

This website may have integrated plugins by the Facebook social network (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA). You can recognise the Facebook plugins by the Facebook logo or the Like button on our website. Please find here an overview of the Facebook plugins:

As already described above, the plugins are deactivated in a default state and no data are transmitted. Plugins are only activated when you activate them explicitly.

If you access one of our websites with Facebook plugins, the plugin creates a direct connection from your browser to the Facebook server. In this way, Facebook receives a notification that you have visited our site with your IP address. When using the plugin functions while being logged in to your Facebook account (e.g. by clicking the “Like” button or creating a comment), you can link the content of our site to your Facebook profile. In this way, Facebook can allocate your visit of our site to your user account. If you are not a Facebook member, there is, however, still a possibility that Facebook learns your IP address and saves it. Please note that we as the providers of the website have no knowledge about the data transmitted and its use by Facebook. The Facebook privacy notice provides further information concerning this issue at

Conversion measurement and Custom Audience with Facebook Pixel:

The Facebook Pixel is a JavaScript code intended for tracking and optimising conversions as well as for the definition of remarketing target groups (Custom Audience).
Conversion tracking allows following a user’s path on the website by means of a specific tracking code which is personalised on the basis of target indicators.

The Custom Audience is a targeting option by which the users who visited a website can be reached on Facebook. It is possible to automatically group these users through the specific actions on the website. Such information is forwarded to Facebook via tracking code.

During this process the Facebook ID is also detected. We point out that the personal data of each individual user are encrypted locally in the system and remain anonymous to us. The data are thus forwarded securely to Facebook, where they are stored and processed. However, Facebook may link them to your Facebook account and utilise them for its own promotional purposes, in compliance with Facebook’s privacy policy. For further information on Facebook’s data use policy, please visit::

The encrypted data are used for matching purposes only, they are not shared with third parties or other advertisers and are deleted immediately upon completion of the matching process. If you wish to deny your consent to the use of Facebook Pixel, please visit:

Facebook Custom Audience with e-mail addresses

Facebook Custom Audiences are intended for remarketing campaigns, in which the advertiser encodes, using a particular algorithm, the e-mail addresses of its customers obtained and collected for this purpose and uploads that checksum (hash values) to the Facebook server. Facebook is able to match such uploaded data with their own list of hashed user IDs and remember the matching items in the advertiser’s customer account as “customer audiences” (= user-defined target group) and thus target the advertising activities. Once the matching process has been finished, all the uploaded hash values are deleted.

Please find further information on the scope of data collection and subsequent processing and use of the data by Facebook Custom Audiences in Facebook data privacy guidelines, e.g. at and at Please find the terms for Custom Audiences at On the following link, you will be able to deny the collection and use of information for online advertising oriented to particular target groups:

Google Custom Match with e-mail addresses

With Google Customer Match, the advertisers import their own lists of customer e-mail addresses into their own Google AdWords account; they are encoded based on a particular algorithm.

Customer Match then matches the anonymized e-mail lists in AdWords with their own database of registered users, and in that way Google is able to display targeted advertisements within Google search, YouTube and Gmail, and optimize advertising campaigns. Additionally, Google can also identify similar customers with similar interests based on the uploaded user lists.
With its Customer Match function, Google creates a central source of information for retargeting of customers (i.e. visitors are captured on a website and subsequently they are addressed with targeted advertising when visiting another website). The following guidelines apply for the data made available by the advertiser for the Customer Match function:

Please see the Google data privacy statement for additional information: You can edit the settings for personal data and privacy within Google “My Account”:

Using the Google “+1” button

Our website uses the “+1” button of the Google Plus social network operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). You can recognize the button by the “+1” symbol on white or coloured background. As already described above, the plugins are deactivated in a default state and no data are transmitted. Plugins are only activated when you activate them explicitly.

Every time you visit one of our websites containing the “+1” button, your browser loads and displays the “+1” button graphics from the Google server. At the same time, the Google server learns which one of our websites you are visiting. When a “+1” button is displayed, Google protocols your browser history, for the duration of up to two weeks, for the purpose of system maintenance and error management. There is no further assessment of your visit on our website with a “+1” button. If you press the “+1” button when logged in on Google+ (Google Plus), Google captures your Google profile information via your recommended URL, your IP address and other browser-related information, in order to save your “+1” recommendation and make it publicly available. Your “+1” recommendations can be displayed as tips together with your profile name and your photo in Google services, such as in search results or in your Google profile (as “+1” tab in your Google profile), or in other places on websites and web advertisements. For more information about purpose and dimension of data collection, further processing and data use by Google as well as your respective rights and setting options to protect your privacy, please visit the Google data protection information about the “+1” button:
Data usage by Google when visiting our partner websites or using partner apps:

Data protection when using the +1 button and about the +1 button

How to block cookies in your browser settings


  1. Click Menu and then Options.
  2. Go to the Privacy panel.
  3. In section “History” choose “Use custom settings for history“.
  4. Now remove the check mark from “Accept cookies” from displayed options.
  5. Click the “OK” button.

Please find detailed information at:

Google Chrome

  1. Click Menu and then Options.
  2. Click “Show advanced settings” at the bottom.
  3. In the “Privacy” section, click the “Content settings” button.
  4. In the “Cookies” section, select “Block sites from setting any data”.
  5. Click the “OK” button.

Please find detailed information at:

Internet Explorer

  1. Open “Internet options” under the “Extras” menu item or, when the menu bar is not displayed, click the menu symbol and then “Internet options”.
  2. Click the “Privacy” panel.
  3. Move the slider to choose, from several levels, the way cookies are handled. When the slider is all the way up, all cookies are blocked, when it is all the way down, all cookies are allowed.
  4. Click the “OK” button.

Please find detailed information at:


  1. Click “Privacy“ within the settings.
  2. In the “Block cookies” section, specify whether and when Safari should accept cookies from websites. Please click the Help button (visualized by question mark) for additional information.

Please find detailed information at:

Google Webfonts and Google Maps

In order to render our content correctly and graphically appealing across browsers, we use script libraries and font libraries on this website, such as Google Webfonts ( Google web fonts are transferred to the cache of your browser to prevent multiple loading. in case the browser does not support Google Webfonts or prohibits access, content will be displayed in a standard font. A call of script libraries or font libraries automatically triggers a connection to the operator of the library. It might be possible that operators of such libraries collect data.
Please find the privacy policy of the library operator Google here:

This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map features by visitors. Please refer to the Google Privacy Notice for more information about data processing by Google. There you can also change your personal privacy settings in the privacy centre. Please find detailed instructions on how to manage your own data related to Google products here:


4. Purpose of processing and legal basis

4.1 To perform on a contract and take steps prior to entering into a contract (art. 6 para 1 b of GDPR)

We process your data in order to perform on our contracts with you. In particular, the data processing is intended for delivery of services associated with holiday accommodation requested and, if applicable, booked by you, as well as for any related measures and activities, such as contractual communication, reservations, cancellations, billing and payment transactions.

4.2 For the purposes of legitimate interests pursued by us or a third party (art. 6 para 1 f of GDPR)

Your data can be used, based on a consideration of our legitimate interests and of legitimate interests of third parties, for example for the following purposes:

  • General business management and development of services, systems and products
  • IT security and IT operations
  • Enforcement of legal claims and defence of legal disputes
  • Statistical evaluations
  • Customer history
  • Collecting of information and data interchange with credit agencies
  • Restricted storage of data, where a deletion is not possible or would involve a disproportionate effort due to a particular kind of storage
  • Completion of data using publicly available data sources
  • Building security and general security (e.g. access control, video surveillance)
  • Exercise of householder's rights by appropriate measures such as video surveillance for protection of customers and employees, as well as for obtaining evidence in case of disputes and their prevention
  • Advertising or market and opinion research, insofar you have not raised objection to the use of data for such purpose

4.3 Based on your consent (art. 6 para 1 a of GDPR)

Where you have given your consent with processing of your personal data, such consent is the legal basis for the processing as indicated therein.
In that way, you may have given your consent to promotional approach by e-mail or telephone.
You can withdraw your consent at any time, and such withdrawal will apply from that time on.

4.4 For compliance with a legal obligation (art. 6 para 1 c of GDPR)

We are subject to a number of legal obligations (e.g. commercial and tax legislation and regulatory provisions). The purposes of processing therefore also include compliance with tax control and reporting duties, data archiving for the purpose of data protection and data security, as well as inspection by fiscal and other authorities. Besides this, disclosure of personal data may be required by actions of public and legal authorities.


5. Processing of data categories not obtained from you and their origin

We may also process personal data that we have permissibly obtained from publicly accessible sources (e.g. telephone directories, public registers, debtor registers, press and internet). Moreover, we may process personal data that we have permissibly obtained from another enterprise or other third parties (e.g. credit agencies). Such processing is performed insofar it is required for the provision of our services.

This can include the following categories of personal data:

  • Personal information (name, date of birth, place of birth, nationality, family status, profession, etc.)
  • Address information (registration data, etc.)
  • Contact information (address, telephone and fax number, e-mail address, etc.)
  • Payment/coverage confirmation for bank and credit cards
  • Information on your financial situation
  • Data on the use of telemedia offered by us
  • Video data


6. Recipients of personal data

Our employees store your data, insofar this is required in order to exercise our contractual and legal obligations or within the scope of our legitimate interest, for example for the purposes of accounting, marketing, IT and legal departments, reception desk personnel, etc.

Disclosure of your data to external entities takes place exclusively

  • In connection with performance on a contract
  • For the purpose of compliance with legal obligations (see item 4.4)
  • Based on our legitimate interest or a legitimate interest pursued by a third party for the purposes indicated under item 4.2 (e.g. authorities, collection of payments, lawyers, auditors, tax advisers, appraisers, courts of law, etc.)
  • Insofar external entities process your data based on our instructions as processors (art. 28 of GDPR, e.g. IT service providers, printing services, logistics, data purging providers, credit institutions, archiving, telephony, website management, etc.)
  • Use of the DIRS21 online booking tool from TourOnline AG: Our websites use the DIRS21 online booking tool (hereinafter as “OBT”) from TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (, hereinafter as “TOAG”) to facilitate online bookings of accommodation services and other travel services, as well as to process inquiries. As part of OBT, TOAG processes the data as the responsible entity. Please find the data privacy notices and provisions in the TOAG privacy policy for OBT, which you can call up from OBT at any time, or at


7. Are data transferred to a third county or an international organisation?

Your data are only transferred to countries outside the European Economic Area – EEA (third countries), insofar this is required in order to perform on the contract or to pursue a legal obligation.


8. Storage period

We store and process your data during our business relationship. This also includes preparation and establishment of a contract. Apart from this, we are subject to various storage and documentation duties, in particular from the Commercial Code and the Fiscal Code. The periods stipulated there are up to ten years. Finally, the storage period is also determined based on the legally imposed limitation periods, which are, for instance, pursuant to the Civil Code, usually three years, however, they can extend up to thirty years in certain cases.


9. Your data privacy rights

Based on the relevant legal conditions, you have:

  • Right to be provided information to art. 15 of GDPR and section 34 of BDSG (Federal Data Protection Act)
  • Right to rectification to art. 16 of GDPR
  • Right to erasure to art. 17 of GDPR
  • Right to restriction of processing to art. 18 of GDPR
  • Right to data portability to art. 20 of GDPR
  • Right to object to art. 21 of GDPR
  • Right to withdraw consent (see item 4.3) The lawfulness of processing performed based on a consent during the time before withdrawal remains unaffected.
  • Right to lodge a complaint with a supervisory authority to art. 77 of GDPR

When you wish to exercise your rights, please use, if possible in writing, our address indicated in item 2 or directly contact the data protection officer. Please attach the data required for your identification (e.g. a copy of your identification document).

We commit ourselves to responding within one month. If, for any reason, we are unable to satisfy your request, we will inform you accordingly.


10. Do you have an obligation to make your data available?

During our contractual relationship or during the pre-contractual period with us, you only need to provide such personal data, which are required to establish, pursue and terminate the relationship, or which we are legally obliged to collect. Without such data, we are generally not able to conclude and pursue the contract.


11. Does automated individual decision making, including profiling, take place?

In general, we use no automated decision making pursuant to art. 22 of GDPR.

In some cases, we may process your data with the aim of evaluating certain personal aspects (profiling) in order to determine your potential interest in particular products and services (e.g. special offers). Such evaluation is based on statistical procedures using current customer data, as well as those from the past. We use the results to be able to better address your needs and preferences.


12. Changes

This privacy notice is effective from 25 May 2018. The data controller reserves the right to amend or update its content, in part or in full, especially in the case of changes in the applicable law. For this reason, the data controller recommends you to visit this section regularly in order to be informed on the latest and up to date version of this privacy notice.

ID: 5156
Seite: 5
Quelle: Typo3

Information on your right to object to art. 21 of GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data that may concern you, which is based on point (e) or (f) of article 6 para 1 of GDPR. This also applies to profiling based on those provisions.

When you object, your personal data will no longer be processed, unless compelling legitimate grounds are demonstrated for the processing, which override your interests, and unless the processing is intended for establishment, exercise or defence of legal claims. Within the framework of statutory provisions, we may also process your data for direct marketing purposes. You have the right to object at any time to processing of personal data that may concern you for the purpose of such marketing. This also applies to profiling to the extent that it is related to such direct marketing.

ID: 7617
Seite: 5
Quelle: Typo3