Data protection | mainzplus

1. Data Controller

The data controller in accordance with the provisions of the General Data Protection Regulation (GDPR) is:

mainzplus GmbH
Rheinstr. 66
55116 Mainz

Tel.: 06131 242 0
Web: www.mainzplus.com
Email: datenschutz(at)mainzplus.com

2. Contact Details of Our Data Protection Officer

You can reach our Data Protection Officer at datenschutz(at)mainzplus.com.

3. General Information on Data Processing

In the course of our business and website operations, we process data. This also includes disclosure through transmission to third parties and, where applicable, to so-called “third countries” outside the European Union (“EU”) and the European Economic Area (“EEA”). Where we transmit data outside the EU or EEA, we have indicated this accordingly below.

4. Data Processing

The specific data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are set out in the following list:

a) Log Files During Website Visits

We log your website visit. In doing so, we process:

Name(s) of our accessed webpage(s)
Date and time of access
Amount of data transferred
Browser type and version
Operating system you are using
Referrer URL (previously visited webpage)
Your IP address
Requesting provider

The legal basis for data processing is our legitimate interest in the continuous provision and security of our website which is not overridden by your interests or fundamental rights, in accordance with Article 6(1)(f) GDPR.

The log file is deleted after seven days unless it is required to prove or investigate specific legal violations that became known within the retention period.

b) Hosting

To provide our app, we use services from web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this app on our behalf.

c) Contact

If you contact us, we process the following data from you for the purpose of handling and processing your enquiry: name, contact details (if provided by you) and your message.

The legal basis for data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Article 6(1)(b) GDPR and/or our overriding legitimate interest in processing your enquiry in accordance with Article 6(1)(f) GDPR.

d) Use of Cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your respective end device (PC, smartphone, tablet, etc.) and saved by your browser.

You can find information about the specific cookies we use, their providers and purposes in our consent banner. There you can give your consent to the respective services, revoke it or subsequently adjust your settings using the button at the bottom right of each page.

To document your selection for certain data processing operations and to fulfil our data protection obligations, we use a consent banner. When you access our website, your cookie preferences are requested via a banner. We then set a cookie in which data on granted or revoked consents is stored. The data processing is carried out to fulfil our legal obligations under Article 6(1)(c) GDPR.

e) Processing and Performance of Accommodation Contracts

As part of our accommodation services, we process your data for the initiation (reservation) and execution (booking) of the future or existing contractual relationship between you and us. We require the following data for your booking or reservation: first and last names of all travellers; address of the person making the booking or reservation; email address; credit card details and/or bank details. Reservation requests and bookings can be made via our website.

The legal basis for data processing is the fulfilment of our contractual obligations in accordance with Article 6(1)(b) GDPR and, in individual cases, the fulfilment of our legal obligations in accordance with Article 6(1)(c) GDPR.

We transmit your payment data (name, date of booking, payment method, amount and payee, bank details or credit card details where applicable) to the payment service provider commissioned to process the payment.

For online bookings via our website, you will be redirected to the booking page of our external booking platform operator Deskline. Deskline is a product of Feratel Schweiz AG, Riedstr. 1, 6346 Rotkreuz, Switzerland. An adequacy decision of the EU Commission exists for data transfers to Switzerland. Rheinland-Pfalz Touristik GmbH provides IT support for Deskline on our behalf.

As part of the acquisition, connection and data maintenance of hosts of private holiday flats, we process the data with OBS OnlineBuchungService GmbH as joint controllers in accordance with Article 26 GDPR.

f) Analysis / Marketing

aa) Google Services

We use various services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”) on our website. It is possible that data may also be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google is certified under the EU-US Data Privacy Framework and therefore falls under the EU adequacy decision for the USA.

Google Analytics

We use Google’s tracking tool Google Analytics on our website. We use Google Analytics to evaluate your use of the website, to compile reports on activities within this web offering and to provide other services related to website use, thereby improving user-friendliness.

When Google Analytics is used, interactions of website visitors are primarily recorded and systematically evaluated using cookies.

We use Google Analytics with the “anonymiseIp()” extension. As a result, IP addresses are shortened within the member states of the EU or EEA. If transmission to Google’s servers in the USA takes place, only in exceptional cases will the full IP address be transmitted and shortened there. Direct personal reference is therefore generally excluded. In particular, it is no longer possible to associate the data with the accessed computer or end device of the website visitor.

Through the use of Google Analytics, the following data is processed:

3 bytes of the IP address of the accessed system of the website visitor (anonymised IP address)
The accessed website
The website from which the user reached our website (referrer)
The sub-pages accessed from the website
The length of time spent on the website
The frequency of website access

Google Tag Manager

To manage and bundle our Google services and third-party providers on our online presence, we use Google Tag Manager. Tags are small code elements on an online presence that serve, amongst other things, to measure visitor numbers and behaviour, to record the impact of online advertising and social channels, to use remarketing and targeting towards audiences, and to test and optimise online presences.

Legal Basis and Revocation

The use of cookies set by Google or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TTDSG. The legal basis for data processing within the framework of the aforementioned Google services is your prior consent in accordance with Article 6(1)(a) GDPR.

You can revoke your consent at any time with effect for the future by adjusting your preferences in our consent banner.

bb) Meta Custom Audiences (Pixel/Cookies)

We use a so-called tracking pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc. 1601, Willow Road Menlo Park, CA 94025, USA on our website. We use Meta Pixel to track the success of our own advertising campaigns on Meta platforms and to optimise the delivery of Meta advertising campaigns to interested target groups.

After clicking on a Meta advertisement or when visiting our website, a cookie is stored on your end device using the pixel on our website. The cookie processes data on whether you reached our website via a Meta advertisement and makes it possible to analyse user behaviour up to the point of purchase. This allows us to track the success rate of our Meta advertising campaigns. In addition, the pixel processes data that you have visited our website and makes it possible to adapt the advertising played on Meta platforms to your interests.

Via the Meta pixel integrated on our website, a direct connection to Meta’s servers is established when you visit our website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to Meta in the USA.

The data collected is anonymous to us and does not allow us to draw any conclusions about the user. If you are registered with a Meta platform, Meta can associate the recorded information with your account. Even if you do not have an account or are not logged in when visiting our website, Meta may still process and store your IP address and other identifying data.

The use of the cookies set or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TTDSG. The legal basis for data processing is your consent in accordance with Article 6(1)(a) GDPR.

You can revoke your consent for data processing by Meta Pixel for our web domain at any time with effect for the future by adjusting your preferences in our consent banner.

Meta is certified under the EU-US Data Privacy Framework and therefore falls under the EU adequacy decision for the USA.

cc) Meta Conversion API

We use the tracking tool Meta Conversion API from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc. 1601, Willow Road Menlo Park, CA 94025, USA.

This is a data interface via which we transmit data about your behaviour on our website to Meta for evaluation. This allows us to display advertisements to you that match your user behaviour on our website.

In connection with the Conversion API, we use the following data:

Email address
Telephone number
Gender
Date of birth
First and last name
City, state and country
Postcode
User IDs
IP address
Client User Agent (the browser you are using and your operating system)
Click IDs
Browser ID
Product IDs
Advertising ID
Facebook login ID

We transmit the data to Meta. The data is also transmitted to Meta in the USA.

Meta is certified under the EU-US Data Privacy Framework and therefore falls under the EU adequacy decision for the USA.

The use of cookies set by Meta or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TTDSG. The legal basis for data processing is your consent in accordance with Article 6(1)(a) GDPR.

You can revoke your consent for data processing by Meta Pixel for our web domain at any time with effect for the future by adjusting your preferences in our consent banner.

dd) Matomo Without Consent

For statistical analysis of visitor access to our website, we use the statistics programme Matomo.

The statistical analysis is based on already anonymised log files. Personal identification is not possible. No cookies are used.

For the analysis, we process the following data: accessed webpage, number of visits, location data via our own geoIP database, time spent on the website, browser type and version, operating system you are using, referrer URL (previously visited webpage), your anonymised IP address, as well as statistics on user actions (click, selection).

The programme works exclusively via our own web server; no data is transferred to third parties.

Data processing is based on our overriding interest in measuring our website success for optimal marketing of our online offering in accordance with Article 6(1)(f) GDPR.

You can prevent data collection by activating the Do-Not-Track option in your browser or by objecting below by clicking with your mouse. If you remove the following tick, an opt-out cookie will be set on your device that prevents data collection. Please note that you will need to set the cookie again if you delete cookies in your browser.

Your visit to this website is currently being recorded by Matomo web analysis. Uncheck this checkbox to opt out.

g) External Content

We use dynamic content from third parties to optimise the presentation and offering of our website. When you visit the website, a request is automatically made to the server of the respective content provider via an interface, whereby certain log data (e.g. the IP address of users) is transmitted. The dynamic content is then transmitted to our website and displayed there.

We use external content in connection with the following functionalities:

aa) Integration of YouTube Videos

We have embedded videos from the YouTube portal of YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”) on our website. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”) is responsible for data processing at YouTube. However, when playing the videos, log data is transferred to YouTube’s servers in the USA.

The legal basis for processing is your prior consent in accordance with Article 6(1)(a) GDPR.

Google is certified under the EU-US Data Privacy Framework and therefore falls under the EU adequacy decision for the USA.

bb) Google Maps

We use the “Google Maps” map service from Google on our website to provide you with an interactive map. When displaying the map, data, including your IP address and your location, is transmitted to Google’s servers and stored there. The legal basis for processing is your prior consent in accordance with Article 6(1)(a) GDPR.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”) is responsible for data processing at Maps. It cannot be ruled out that data may be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google is certified under the EU-US Data Privacy Framework and therefore falls under the EU adequacy decision for the USA.

h) Security

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made to our website and block them if necessary.

The use of Wordfence is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of their website against cyberattacks. If appropriate consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The data transfer to the USA is based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Source: www.e-recht24.de

5. Duration of Data Storage

We only store personal data for as long as is necessary for the purposes for which it is processed or until consent granted by you has been revoked by you. If statutory retention obligations are to be observed, the storage period for certain data may be up to 10 years, regardless of the processing purposes

6. Your Data Subject Rights

a) Information

Upon request, you can receive information about all personal data we have stored about you free of charge at any time.

b) Rectification, Erasure, Restriction of Processing, Objection

Should you no longer consent to the storage of your personal data or should it have become inaccurate, we will arrange for the erasure or restriction of processing of your data or make the necessary corrections upon appropriate instruction (insofar as this is possible under applicable law). The same applies if we are only to process data in a restricted manner in future. You have a right to object in particular in cases where your data is required for the performance of a task that is in the public interest or where data processing is based on our legitimate interest, as well as profiling based on this. You also have such a right to object in the case of data processing for the purpose of direct marketing.

c) Right of Revocation of Consent With Effect for the Future

You can revoke consent granted at any time with effect for the future. Your revocation does not affect the lawfulness of processing up to the time of revocation.

d) Data Portability

If data processing takes place on the basis of a contract, pre-contractual negotiations, consent or by means of automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transmit the data to another controller if you wish.

e) Restriction of Processing

Data where we are unable to identify the data subject, for example if it has been anonymised for analytical purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible in relation to this data if you provide us with additional information that enables us to identify you.

f) Exercise of Your Data Subject Rights and Right to Lodge a Complaint

If you have any questions about the processing of your personal data, or for information, rectification, blocking, objection or deletion of data, or if you wish to have the data transferred to another company, please contact .

You also have the option to lodge a complaint with a supervisory authority regarding your data subject rights.