cruisefire_logo_280

PRIVACY POLICY

In the following data protection declaration we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, such as name, address, e-mail addresses, user behavior.

Responsible
The person responsible within the meaning of Art. 4 Para. 7 of the General Data Protection Regulation (hereinafter GDPR) is:

Cruisefire GmbH
Toni-Berger-Strasse 25
81249 Munich
Germany

Managing Director: Marco Schenk

Tel: + 49 (0)163 3363 6907
Email: info@cruisefire.com
Website: www.cruisefire.com

Commercial register:
HRB 265409, District Court of Munich

If DSB exists:

[You can reach our data protection officer at [email address] or our postal address with the addition “the data protection officer”].

Information about the collection of personal data
The processing of personal data of the users of our website only takes place if this is necessary to provide a functional website and to provide our content and services.

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or restrict the processing if there is a legal obligation to retain it.

If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We also state the specified criteria for the storage period.

Legal basis for processing personal data
Insofar as we obtain the consent of the person concerned for the processing of personal data, Article 6 (1) lit. GDPR serves as the legal basis.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Letter d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.

provision of the website
Description and scope of data processing
If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server.

If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access Status / HTTP Status Code
amount of data transferred
Website from which the request comes
browsers
Operating system and its interface
Browser software language and version
Legal basis of processing
The legal basis for processing the above data is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in these purposes.

Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Possibility of objection and elimination
The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Use of cookies
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in association with the browser you are using and through which certain information flows to the entity that sets the cookie (in this case, through us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies (see a)
Persistent cookies (see b)
Transient cookies are automatically deleted when you close your browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you log out or close the browser. A session cookie is a small text file that is sent by the respective server when you visit a website and is temporarily stored on your hard drive. This file as such contains a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. These cookies are deleted after you close your browser.
Persistent cookies are also small text files that are stored on your end device. They remain on the end device and enable us to recognize your browser on your next visit. These cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.

Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6 Paragraph 1 Sentence 1 lit. f GDPR.

purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.

Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR also lies in this purpose.

Duration of storage, possibility of objection and removal
Cookies are stored on the user’s end device and transmitted to our site. The user has full control over the use of cookies. By changing the settings in the Internet browser, the transmission of cookies can be deactivated or restricted. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

hosting
Description and scope of data processing
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use to operate the website.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this website on the basis of our legitimate interests in making our website available efficiently and securely in accordance with Art. 6 Para. 1 sentence 1 f) GDPR in conjunction with Art. 28 GDPR.

Legal basis for processing
The legal basis for the processing by the hosting provider is our legitimate interest within the meaning of Article 6 Paragraph 1 Sentence 1 lit. f GDPR.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified. An exception to this is to be assumed in particular if it is a pre-contractual or existing contractual relationship between the user and us. Here the data can be further used for processing.

Possibility of objection and elimination
All non-technically necessary personal data can be deleted at any time upon request by the visitor. A right of objection exists for such data, the processing of which the person responsible has an influence on.

Google Analytics
Description and scope of data processing
We use Google Analytics on our website, a web analytics service provided by Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Cruisefire has agreed with Google the use of standard contractual clauses according to Art. 46 GDPR as a means of ensuring adequate protection when data is transferred outside the EEA.

Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google’s behalf. Under no circumstances will Google associate your IP address with other Google data. We also use cookies on various pages to make visiting our website attractive and to enable the use of certain functions.

Legal basis of data processing
The data is processed with the consent of the customer in accordance with Art. 6 (1) (a) GDPR. The consent is given when you visit our website for the first time via the cookie bar.

Most of the cookies we use are deleted from your hard drive after the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent cookies). Our partner companies are not permitted to use cookies to collect, process or use personal data via our website. You can prevent the installation of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you can if applicable not use all functions of this website in full.

In view of the discussion about the use of analysis tools with full IP addresses, we would like to point out that this website uses Google Analytics with the extension “_anonymizeIp()” and therefore IP addresses are only processed in abbreviated form in order to rule out direct personal reference.

You can also set your browser so that cookies are generally rejected or that you have to confirm the acceptance of cookies in each case. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by going to http://tools.google.com. Download and install the available browser plugin from com/dlpage/gaoptout?hl=de.

If you decide against cookies as a matter of principle, you may not be able to use certain functions on our website. The help function in the menu bar of most web browsers tells you how to stop your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie or how to switch off all cookies received.

Duration of storage
The duration of storage of the data processed by Google depends on the type of data processed. As far as possible, Google anonymizes the data that is processed.

You can find more information about the storage period for the data processed by Google at: https://policies.google.com/technologies/retention?hl=de

You can find out how to change the cookie settings in your browser and further information on how Google Analytics handles user data at:

https://www.google.com/intl/de/policies/privacy/partners
http://www.google.com/policies/technologies/ads
http://www.google.de/settings/ads
http://www.google.com/analytics/terms/de.html
http://www.google.com/intl/de/analytics/learn/privacy.html

Possibility of objection and elimination
You can object to the collection and storage of data at any time with effect for the future.

Google allows the data to be deleted on request. The data processed by us can also be deleted on request. Furthermore, you can object to data processing on our site, when selecting cookies and afterwards at any time.

social media
Cruisefire operates the following social media sites:

Facebook (https://www.facebook.com/cruisefirehp)
Instagram (https://www.instagram.com/cruisefire/)
YouTube (https://www.youtube.com/channel/UCyV1oRwmDQj4mt06CWIWtJA/videos)
In addition to Cruisefire, the operators of the respective social media platforms carry out their own data processing, which Cruisefire cannot influence. This results in a separate responsibility of the respective operator. Cruisefire works to ensure compliance with all data protection obligations at all points where it can be influenced. With most data processing, however, the operators are responsible for the processing of personal data and do not provide any information about the scope, type, etc. of the processing.

Scope of data processing
Pages entered on social media sites (e.g. comments, images, likes, etc.) are published by the platform for operators of company sites and are not processed or used by Cruisefire. If necessary, the content will be shared by Cruisefire if this is possible.

purpose of data processing
The purpose of the data processing is the public relations work and presentation of Cruisefire.

Legal basis of data processing
The legal basis for the processing of personal data by us is our legitimate interest pursuant to Article 6(1)(f) GDPR and, in certain cases, the customer’s consent pursuant to Article 6(1)(a) GDPR.

Responsibility of the operator of the social media platform:
Facebook
We have a profile on Facebook. The provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Details on the scope of data processing can be found in Facebook’s data protection declaration:

https://de-de.facebook.com/privacy/explanation

Instagram
We have a profile on Facebook. The provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Details on the scope of data processing can be found in Instagram’s data protection declaration:

https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram Help Center&bc[1]=Privacy%C3%A4re%20and%20Security

YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Details on the scope of data processing can be found in YouTube’s data protection declaration:

https://policies.google.com/privacy?hl=de&gl=de

Driver’s Lounge
Description and scope of data processing
We collect and process the personal data that you provide to us in the registration form when creating a user account for the Drivers Lounge.

The following data is mandatory:

First name
last name
Postal address (street, house number, city, zip code, country)
vehicle model
Photo of the vehicle
E-mail address

You can also optionally enter your telephone number and your Instagram account.

Legal basis of data processing
The legal basis for data processing in the context of the user account is Art. 6 Paragraph 1 lit. a GDPR and for the execution of the contract Art. 6 Paragraph 1 lit. b GDPR.

purpose of data processing
Basis of the community idea

Duration of storage, possibility of objection and removal
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. After the contract has been completed or your customer account has been deleted, we will store your data based on the retention periods under tax and commercial law (e.g. § 14 (5) UStG, § 147 Para. 3 AO – 10 years each) initially for further use and delete after expiry of the applicable periods. You also have the right to have your customer account deleted at any time. The request for deletion should be addressed to the person responsible mentioned above.

Contact form and email contact
Description and scope of data processing
If you contact us (e.g. via contact form or e-mail), we process your details to process the request and in the event that follow-up questions arise.

There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These dates are:

Surname
Company name: (optional)
E-mail address
Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

Legal basis for processing
The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

If the data processing is carried out to carry out pre-contractual measures, which take place at your request or, if you are already our customer, to carry out the contract, the legal basis for this data processing is Article 6 Paragraph 1 Sentence 1 lit. b GDPR.

We only process other personal data if you give your consent (Art. 6 Para. 1 S. 1 lit. a GDPR) or we have a legitimate interest in the processing of your data (Art. 6 Para. 1 S. 1 lit. f GDPR). A legitimate interest lies e.g. B. replying to your email.

purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified. An exception to this is to be assumed in particular if it is a pre-contractual or existing contractual relationship between the user and us. Here the data can be further used for processing.

Possibility of objection and elimination
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

WooCommerce
We use the WordPress plugin WooCommerce on our website.

Description and scope of data processing
WooCommerce is provided by WooCommerce Ireland Ltd., 25 Herbert Place, Dublin 2, Dublin, Ireland.

Legal basis for processing
The legal basis for data processing in the context of using WooCommerce is Article 6 Paragraph 1 Letter a GDPR if you have given your consent to the use of WooCommerce and Article 6 Paragraph 1 Letter b GDPR for the execution of the contract.

purpose of data processing

Duration of storage

Possibility of objection and elimination

Payment service provider stripe
We offer payment by direct transfer. As part of the ordering process, you will be automatically forwarded to stripe’s secure payment form. Immediately afterwards you will receive the confirmation of the transaction. We will then receive the transfer credit directly.

Description and scope of data processing
As part of the payment via stripe, data is collected that is required for full payment. These are:

Contact and identification information:
Surname
Billing and shipping address
E-mail address
phone number
Payment Information:
Debit and credit card details
(Card number, expiry date and the CVV check digit)
Information about goods/services purchased by you
The provider of the stripe payment service is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.

Legal basis of data processing
The legal basis for processing when paying with stripe is necessary to fulfill the contract within the meaning of Article 6 (1) (b) GDPR or our legitimate interest in accordance with Article 6 (1) (f) GDPR.

purpose of data processing
The purpose of data processing is to provide an uncomplicated payment method.

Duration of storage
stripe stores personal data for as long as is necessary to comply with legal obligations.

Possibility of objection and elimination
Revocation of the use of personal data to stripe

You can revoke your consent to stripe using your personal data at any time. However, stripe may still be entitled to process, use and transmit the personal data if this is necessary for contractual payment processing by stripe services, is required by law, or is required by a court or an authority.
Of course, you can obtain information about the personal data stored by stripe at any time. This right is guaranteed by the Federal Data Protection Act. If you as a buyer wish this or if you want to inform stripe about changes to the stored data, you can contact privacy@stripe.com.

Newsletter (MailChimp)
You can subscribe to a free newsletter on our website. In order to be able to provide you with this newsletter efficiently and easily, we use the MailChimp newsletter tool.

Description and scope of data processing
MailChimp is provided by Rocket Science Group, LLC, 675 Ponce de Leon Ace NE, Suite 5000, Atlanta, GA 30308 USA.

The mandatory data required for subscribing to the newsletter are:

First name
last name
E-mail address.
Optionally, you can also specify your vehicle model.

When registering for the newsletter, the data from the input mask is transmitted to us.

In addition, the following data is collected during registration:

IP address of the calling computer
Date and time of registration
Your consent will be obtained for the processing of the data as part of the registration process and reference will be made to this data protection declaration.

After your registration, we will send you a confirmation email with a link that you must click to confirm your registration. This so-called “double opt-in” procedure serves to prevent abusive registrations.

There is no transfer of data to third parties in connection with data processing for sending newsletters. The data will only be used to send the newsletter.

Legal basis for data processing
The legal basis for the processing of the data after the user has registered for the newsletter is Article 6(1)(a) GDPR if the user has given their consent.

For purposes of proof, your e-mail address, IP address and the time of registration will be stored on the basis of Article 6 Paragraph 1 Letter f GDPR when registering.

purpose of data processing
The collection of the user’s e-mail address serves to deliver the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

Possibility of objection and elimination
The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose there is a corresponding button on the website under newsletter.

You can unsubscribe from the newsletter at any time via the unsubscribe link at the end of each newsletter or by e-mail.

storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Your rights
You have the following rights towards us with regard to your personal data:

Right to information (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art.

We also do not guarantee that our offer will be available at certain times; Malfunctions, interruptions or failures cannot be ruled out. The servers we use are regularly and carefully backed up.

Transfer of data to third parties, no data transferability to non-EU countries
In principle, we only use your personal data within our company.

If and to the extent that we engage third parties to fulfill contracts (e.g. logistics service providers), they only receive personal data to the extent that the transmission is necessary for the corresponding service.

In the event that we outsource certain parts of the data processing (“order processing”), we contractually oblige processors to only use personal data in accordance with the requirements of data protection laws and to ensure the protection of the rights of the person concerned.

A data transfer to places or persons outside the EU does not take place and is not planned.