Each time the website and its associated pages is accessed, usage data is transmitted by the respective internet browser and stored in log files (server log files).
The data sets stored in this case contain the following data:

• Date and time of access
• Name of the pages accessed
• IP address
• Referrer URL (origin URL from where you arrived to the website), transferred data amount
• Product and version information of the browser used

The log files are evaluated in an anonymised manner by the provider in order to further improve the website and make it user-friendly, to find and to correct errors more quickly and to control server capacities. It can therefore, for example, be understood at what time the usage of the website is particularly popular and the provider can provide corresponding data volumes. The data collected by the provider is required in order to enable access to and use of the website. This is data that has to be collected and processed when using a telecommunications system. This processing is permitted in accordance with Art. 6 (1) (f) GDPR. The provider's legitimate interest is to provide a website with information, offer services to its customers and optimise the operation of the website. The data provision is necessary in order to access the website of the provider. Non-provision will result in the website not being accessible. Your IP address will be deleted or anonymised after usage has ended. In the case of anonymisation, the IP addresses are changed such that they can no longer be assigned or can only be assigned with disproportionately great expense of time, costs and labour to a determined or determinable or identified or identifiable natural person.

If you would like to contact the provider, please use the contact form provided. You must provide the following information in this form:

• Email address
• Message

You can also optionally provide the following information:

• First name
• Last name
• Street, house number
• Post code, city
• Telephone number

The provider uses your data to respond to your contact enquiry and to transmit any requested information to you. The permissibility of this processing is based on Art. 6 (1) (b) GDPR, according to which the processing is legal when it is required to fulfil a contract, whose contracting party is the person affected, or to perform precontractual activities, which are carried out at the request of the person affected. The provider cannot respond to your contact request and cannot get in contact with you without the data collected by the provider. The personal data processed in the context of communication is deleted following expiry of the legal retention duties, insofar as the controller does not have a legitimate interest in further retention. In this case, only the data actually necessarily required for achieving the corresponding purpose continues to be stored. The personal data is anonymised as far as possible.

In order to obtain additional information from the provider, you can subscribe to an email newsletter. Only your email address is required for this purpose. Further information to personalise the newsletter is optional. The double opt-in process is used to send the newsletter, i.e. you only receive a newsletter by email when you have explicitly confirmed in advance that the newsletter service should be activated. Once you have activated the newsletter, you will receive a notification email with an activation link. You will only receive the newsletter after clicking on the link. You can deactivate the newsletter at any time. To do so, please contact the provider or use the unsubscribe link indicated in each newsletter. The permissibility of the data processing is based on Art. 6 (1) (a) GDPR, according to which the processing is legal when the person affected has given consent to the processing of the personal data affecting the person for one or more determined purposes. If you do not grant any consent to the processing of your data, the provider cannot send you a newsletter. The personal data processed for the purposes of sending the newsletter is deleted, insofar as the controller does not have a legitimate interest in further retention. In this case, only the data actually necessarily required for achieving the corresponding purpose continues to be stored.

You can book different types of accommodation on the website. You must provide the following data for such purpose:

• First name
• Last name
• Street, house number
• Post code, city
• Telephone number
• Email address

Your data will be used for processing your booking and provided to the accommodation accordingly. The permissibility of this processing is based on Art. 6 (1) (b) GDPR, according to which the processing is legal when it is required to fulfil a contract, whose contracting party is the person affected, or to perform precontractual activities, which are carried out at the request of the person affected. The provision of your personal data is contractually prescribed. The provider cannot conclude a contract with you and cannot process your booking without the data. The personal data processed for the purposes of handling bookings and concluding contracts is deleted following expiry of the legal retention duties, insofar as the controller does not have a legitimate interest in further retention. In this case, only the data actually necessarily required for achieving the corresponding purpose continues to be stored.
You have the opportunity to rate our company, your hosts and the trip as part of your booking. For this purpose, you will receive an email from us a few days after booking, for which we will use the email address you provided and your name. By sending the evaluation of our company you agree that we may publish your evaluation on trustyou.com and on our websites. These ratings are on a voluntary basis. If you make a rating, we would like to thank you already now, every feedback helps us to improve our service for you even more.

You can send a non-binding booking enquiry to the provider using a special contact form. You must provide the following data for such purpose:

• Number of adults
• First name
• Last name
• Post code, city
• Email address

Your data will be used to process the booking enquiry and to create an offer. The permissibility of this processing is based on Art. 6 (1) (b) GDPR, according to which the processing is legal when it is required to fulfil a contract, whose contracting party is the person affected, or to perform precontractual activities, which are carried out at the request of the person affected. The provider cannot respond to your request and cannot provide you with the information you want without the data. The personal data processed for the purposes of handling a non-binding booking enquiry is deleted, insofar as the controller does not have a legitimate interest in further retention. In this case, only the data actually necessarily required for achieving the corresponding purpose continues to be stored.

You can order various prospectuses on the website. You must provide the following data for such purpose:

• Title
• First name
• Last name
• Street, house number
• Post code, city
• Country
• Email address

Your data will be used to send the prospectus that you ordered. The permissibility of this processing is based on Art. 6 (1) (b) GDPR, according to which the processing is legal when it is required to fulfil a contract, whose contracting party is the person affected, or to perform precontractual activities, which are carried out at the request of the person affected. The provision of your personal data is contractually prescribed. The provider cannot send you a prospectus without the data. The personal data processed for the purposes of sending a prospectus is deleted, insofar as the controller does not have a legitimate interest in further retention. In this case, only the data actually necessarily required for achieving the corresponding purpose continues to be stored.

The provider uses cookies. These are small data packets which usually consist of letters and numbers and are stored on a browser when you visit certain websites. Cookies allow the website to recognise your browser, to follow you when you surf through different sections of a website and to identify you when you return to the website. Cookies do not contain data that identifies you personally, but the information stored by the provider about you can be assigned to the data obtained by the cookies and stored in them. Information obtained by the provider from you through the usage of cookies can be used for the following purposes:

• Recognise the user’s computer upon visiting the website
• Follow the surfing activities of the user on the website
• Improve the website’s user-friendliness
• Evaluate the use of the provider’s website
• Operation of the website
• Prevent fraud and improve the safety of the website
• Customised design of the website taking into account the needs of the users

Cookies do not cause damage to a browser. They do not contain viruses and also do not allow the provider to spy on you. Two types of cookies are used:

• Temporary cookies are deleted automatically when your browser is closed (session cookies).
• Permanent cookies, in contrast, have a maximum service life of up to 20 days. These types of cookies allow you to be recognised when you access the website again after leaving.

Using cookies, the provider can understand your usage behaviour for the purposes mentioned above and in the corresponding scope. They are also supposed to enable optimal surfing for you on the provider’s website. This data is also collected by the provider only in anonymised form.

This processing is permitted in accordance with Art. 6 (1) (f) GDPR. The legitimate interest of the provider is the optimised presentation of the website. You can of course also view the website without cookies. If you do not want the provider to recognise your computer, you can prevent the storage of cookies on your hard disk by selecting “do not accept cookies” in your browser settings. Please refer to the instructions of your browser’s provider to get the details on how this works. In order to also delete cookies already set by your browser, please read your browser’s instructions. The data provision is necessary in order to access the website of the provider without any faults. By not accepting cookies or deleting cookies already stored on your device, the functionality of the website may be affected. Temporary cookies are deleted automatically when your browser is closed (session cookies). Permanent cookies, in contrast, have a maximum service life of up to 20 days. These types of cookies allow you to be recognised when you access the website again after leaving.

The provider uses the web analysis service, Google Analytics. This is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US. Google Analytics uses the abovementioned cookies to identify information on your operating system, your browser, your IP address, the previously accessed website and the date and time of your visit to the provider’s website. The information created by the cookies about the website's use is sent to a Google server in the US and stored there. Google will use this information to evaluate the website's use in order to compile reports on the website activities for the provider and to render additional services connected to the website and internet usage. Provided this is legally prescribed or insofar as third parties process this data on behalf of Google, Google will also provide this information to these third parties. This use is carried out in an anonymised or pseudonymised manner. You can find more information about this at Google under www.google.com/intl/de/privacypolicy.html Google is party to the Privacy Shield agreement and affords sufficient guarantees of compliance with an appropriate level of data protection. The provisions are available under www.privacyshield.gov/participant The provider only makes use of Google Analytics with activated IP anonymisation. This means that your IP address will be abbreviated by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address to be transferred to a Google server in the US and abbreviated there. Your IP address will not be aggregated with any other data held by Google. This processing is permitted in accordance with Art. 6 (1) (a) GDPR. The provision of your data is not obligatory and is also not required for obtaining the services of the provider. The personal data collected in the context of using tracking tools is deleted, insofar as the controller does not have a legitimate interest in further retention. In this case, only the data actually necessarily required for achieving the corresponding purpose continues to be stored. The personal data is anonymised as far as possible. If you wish to withdraw your consent, install the browser plug-in offered by Google. tools.google.com/dlpage/gaoptout Google Analytics uses the Double Click DART cookie. You can deactivate the use of the DART cookie by downloading and installing the plugin available via the external link www.google.com/settings/ads/plugin.

The controller responsible for processing has integrated components of the service Instagram on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos, and also to disseminate such data on other social networks.
The company that operates the Instagram services is Instagram LLC, 1 Hacker Way, Building 14, First Floor, Menlo Park, CA 94025, USA.
Each time one of the individual pages of this website is accessed that is operated by the controller responsible for processing and on which an Instagram component (Insta button) has been integrated, the Instagram component in question automatically causes the web browser on the data subject’s IT system to download a representation of the corresponding component from Instagram. As part of this technical process, Instagram receives information about which specific sub-page of our website the data subject is visiting.
If the data subject is logged into Instagram at the same time, Instagram recognises which specific sub-page the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Instagram component and assigned by Instagram to the data subject’s Instagram account in question. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted in this way will be assigned to the data subject’s personal Instagram user account and stored and processed by Instagram.
Instagram always receives information through the Instagram component that the data subject has visited our website if the data subject is logged into Instagram while accessing our website; this happens regardless of whether the data subject clicks on the Instagram component. If the data subject does not want this information to be sent to Instagram, they can prevent such transfer by logging out of their Instagram account before accessing our website.
You will find further information and Instagram’s applicable privacy policy at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

The controller responsible for processing has integrated components of YouTube on this website. YouTube is an online video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all kinds of videos, which is why complete films and television programmes, not to mention music videos, trailers or videos made by users themselves, can be accessed using the internet portal.
The service on de.youtube.com is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Each time one of the individual pages of this website is accessed that is operated by the controller responsible for processing and on which a YouTube component (YouTube video) has been integrated, the YouTube component in question automatically causes the web browser on the data subject’s IT system to download a representation of the corresponding YouTube component from YouTube.  You will find further information about YouTube at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google receive information about which specific sub-page of our website the data subject is visiting.
If the data subject is logged into YouTube at the same time, YouTube recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses a sub-page containing a YouTube video. This information is collected by YouTube and Google and assigned to the data subject’s YouTube account in question.
YouTube and Google always receive information through the YouTube component that the data subject has visited our website if the data subject is logged into YouTube while accessing our website; this happens regardless of whether the data subject clicks on the YouTube video. If the data subject does not want this information to be sent to YouTube and Google, they can prevent such transfer by logging out of their YouTube account before accessing our website.
The privacy policy published by YouTube, available at https://policies.google.com/privacy?hl=en, provides information about YouTube’s and Google’s collection, processing and use of personal data.

The controller responsible for processing has integrated components provided by the company Facebook on this website. Facebook is a social network.
A social network is a social meeting place operated on the internet – an online community that usually allows users to communicate and interact with one another in the virtual space. A social network can serve as a platform for exchanging opinions and experiences, or enables the online community to provide personal or company-related information. Among other things, Facebook allows users of the social network to create private profiles, upload photos and network through friend requests.
The company that operates Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller responsible for personal data processing where a data subject lives outside the US or Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website is accessed that is operated by the controller responsible for processing and on which a Facebook component (Facebook plugin) has been integrated, the Facebook component in question automatically causes the web browser on the data subject’s IT system to download a representation of the corresponding Facebook component from Facebook. You will find a complete overview of all the Facebook plugins at https://developers.facebook.com/docs/plugins/?locale=en_GB. As part of this technical process, Facebook receives information about which specific sub-page of our website the data subject is visiting.
If the data subject is logged into Facebook at the same time, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned by Facebook to the data subject’s Facebook account in question. If the data subject clicks on one of the Facebook buttons integrated on our website, such as the ‘Like’ button, or if the data subject makes a comment, Facebook assigns this information to the data subject’s personal Facebook user account and stores this personal data.
Facebook always receives information through the Facebook component that the data subject has visited our website if the data subject is logged into Facebook while accessing our website; this happens regardless of whether the data subject clicks on the Facebook component. If the data subject does not want this information to be sent to Facebook, they can prevent such transfer by logging out of their Facebook account before accessing our website.
The data policy published by Facebook, available at https:/en-gb.facebook.com/about/privacy/, provides information about Facebook’s collection, processing and use of personal data. It also explains the potential settings Facebook offers to protect the data subject’s privacy. In addition, various apps are available that enable suppression of data transfer to Facebook. The data subject can use such applications to suppress data transfer to Facebook.

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: https://policies.google.com/privacy?hl=de.

The controller has integrated components of the service Riddle on this website. Riddle is a software for designing online surveys or online quizzes.

The operating company of the riddle.com services is Riddle Technologies AG, Lenaustr. 1, 66125 Saarbrücken, Germany.

Riddle is integrated into our website as a so-called iFrame. We have no influence on the data processing processes that take place via the iFrame and during participation in the quiz. When using the Riddle components (e.g. quizzes, surveys), Riddle only processes aggregated data. In the event that data is requested from you in our quizzes or competitions via e.g. forms, this data is processed in our web space at Riddle. Riddle itself has no access to this. Riddle uses cookies to collect information about the use of the quiz and surveys.

Further information and Riddle's applicable privacy policy can be found at https://www.riddle.com/legal/privacy.

The provider will grant access to you upon requesting whether they process data affecting you. The provider will endeavour to process your enquiries for access quickly.

You have the right to demand that the controller immediately corrects any inaccurate personal data concerning yourself.

You have the right to request the provider to immediately delete personal data affecting you and the provider is obliged to immediately delete personal data, insofar as one of the following reasons mentioned in Art. 17 (1) (a) - (f) GDPR applies:

You have the right to require the operator to restrict the processing, if one of the following conditions under Art. 18 (1) (a) - (d) GDPR is fulfilled.

You have the right to, at any time, lodge an objection to the processing of personal data affecting you which is carried out based on Art. 6 (1) (e) or (f) GDPR for reasons arising from your particular situation; this also applies to profiling supported by these provisions. The provider will not process your personal data any more, unless the provider can prove compelling legitimate reasons for the processing, which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If your personal data is processed to carry out direct advertising, you thus have the right to, at any time, lodge an objection to the processing of personal data affecting you for the purposes of such advertising; this also applies to profiling, insofar as it is connected to such direct advertising. You have the right to lodge an objection to the processing affecting you of personal data affecting you, which is carried out for scientific or historical research purposes or for statistical purposes according to Art. 89 (1) GDPR for reasons arising from your particular situation, unless the processing is required to fulfil an objective in the public interest. Please use the contact address indicated in the Imprint for your message.

You have the right to obtain the personal data affecting you, which you have provided to the provider, in a structured, conventional and machine-readable format and you have the right to transmit this data to another controller without the provider, to whom the personal data was provided, impeding this, insofar as the processing is based on consent according to Art. 6 (1) (a) GDPR, Art. 9 (2) (a) GDPR or on a contract according to Art. 6 (1) (b) GDPR and the processing is carried out with the aid of automated processes.

Insofar as you have granted consent to the processing of your personal data and revoke said consent, the processing carried out up to the time of this revocation remains unaffected thereby.

You can complain to the relevant supervisory authority at any time (The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz).

The data collected when accessing and using the website and the information provided by you when getting in contact is transmitted to the servers of the provider and stored there. Otherwise, your data may be provided to the following categories of recipients:

• Internal departments who deal with the processing of your personal data (e.g. Marketing department, Bookkeeping)
• Processors (e.g. computer centre, IT service providers, advertising agencies, prospectus sending, providers of tracking tools, software providers, newsletter sending)
• Companies who render the booked services (e.g. hotels, organisers)

Upon visiting the website, content may be displayed which is linked to the websites of third parties. The provider does not have access to the cookies or other functions used by third party sites, nor can the provider control such. Such third party sites are not subject to the provider’s data protection provisions.