Protecting your personal data is of great importance to us. That is why it is an established part of our corporate objectives. We thank you for entrusting your important data to us and would like to be transparent about how these data are used.
This is an information page as part of our legal notice. The confidentiality and integrity of your personal data are of particular importance to us. The legal basis for our data protection notice is the EU GDPR and the German Federal Data Protection Act (BDSG-neu).
Who is responsible for data processing?
Please note that in addition to the customer service department the group companies are also responsible for data processing within the SOCCA Group. This means that your personal data can be processed legitimately by both the customer service department and the group companies.
If you have any questions regarding the processing of your personal data, please contact the customer service department or the Data Protection Officer at the SOCCA Group:
SOCCA Holding GmbH & Co. KG
Mangfallstr. 37
83026 Rosenheim
Germany
datenschutz[a]socca[dot]de
+49 8031 23789-10 (Monday to Friday from 08:00 until 18:00)
When does SOCCATOURS collect and process personal data?
We collect and process your personal data in the following cases:
What personal data can be collected by SOCCATOURS?
The following categories of personal data can be collected through the many services and contact channels described in this data protection notice:
Contact data
Name, address, telephone number, e-mail address.
Contractual data
Customer number, contract number, services booked, products and services, payment information (for example account and credit card number), the personal details of your fellow travellers, information about the travellers, passport data, other identification information.
Personal data and interests
Information that you provide yourself, for example your date of birth, education, household size, occupation, sports activities, sports career, support of professional clubs as a fan, club memberships, coaching activities.
Online account data
The password you have chosen yourself, information provided by you for SOCCAMATRIX® (for example information for assignment to a travel group for the purpose of training camps or tournaments) and SOCCASHAPE, your feedback, testimonials and reviews, and your contributions to customer surveys.
Other sources of personal data
We may use personal data from other sources, for example from companies that provide information and data, trading partners or from public registers. Your insurance company, its representatives and medical employees may share relevant personal information and special categories of personal information with us in circumstances where we/they need to act on your behalf, in the interest of other customers or in an emergency. If you log in using your access data for a social network in order to connect to our platforms and online services such as Facebook, Google+ or Twitter, you agree to share your user data with us, for example your name, your e-mail address, your date of birth, your location and other information that you would like to share with us. We may use surveillance camera recordings, IP addresses and browser data collected at or in the immediate vicinity of our business premises, shops, other buildings and sports facilities.
Use of websites and communication
Information about how you use the website (for example travel preferences, the destinations you are most interested in) and whether you open or forward communications from us, including data collected via cookies and other tracking technologies. Further information can be found in our cookie guidelines.
Transaction and interaction data
Information regarding products and services purchased, interactions with the SOCCATOURS® customer service department (your enquiries and complaints) and partners, subsidiaries or affiliates, and participation in market research studies.
Creditworthiness and identity information
Data to establish your identity such as passport numbers (for example for issuing airline tickets), nationality (for example for issuing visas to enter other countries), plus information about transactions, any outstanding payments owed to us, information about fraud, criminal activities, suspicious transactions, politically exposed persons and sanctions lists in which your data is included.
Personal data about other people which you pass on to us
We use the personal information you provide about other persons, for example other information on your booking. When passing on the personal data of other persons, you must be sure that they agree to this and that you are allowed to pass on the data. You should also ensure, where appropriate, that these persons are aware of how we might use their personal data.
For what purposes are your data processed?
We need your personal data for the following purposes:
In most of these cases, you can opt out of the use of your data, for example by revoking your data protection consent or no longer using a particular service. You can do this by contacting our customer service department for example.
However, there are also cases in which you cannot object to the use of your data, subject to legal provisions to the contrary:
We may pass on your data to the following companies outside the SOCCA Group for the aforementioned purposes. However, we will inform you about this where appropriate and, if necessary, obtain your consent:
We do not pass on your data to third parties, with the following exceptions:
In order for you to travel, it may be necessary (required by law by the authorities at the relevant point of origin and/or destination) to disclose and process your personal data for immigration, border control, security and counterterrorism purposes or other purposes deemed to be appropriate. Certain countries will only grant travel authorization if you provide your extended passenger data (for example Caricom API data and US Secure Flight data). These requirements may vary depending on your destination and we recommend that you check this on a case-by-case basis. We would be happy to assist you, even if we are not obliged to do so. We may share the minimum necessary personal data with other authorities if the law requires us to do so or we are legally permitted to do this.
Social media features
Our websites or mobile apps may include features of social media such as Facebook, Twitter, Google+ or Pinterest which have their own data protection policies.
We use the following plug-ins on our websites: Facebook, Twitter and GooglePlus. If you do not want social networks to collect data about you via active plug-ins, you can select the “Block third-party cookies” option in your browser settings. Your browser will then not send cookies to the server for embedded third-party content. With this setting, however, the plug-ins and other functions used across websites may no longer work.
If these plug-ins are activated, your browser will establish a direct connection with the servers of the relevant social network as soon as you access a page on our website. The content of the plug-in is transferred from the social network direct to your browser which in turn incorporates it into the website. When plug-ins are incorporated, the social network receives the information that you have accessed the corresponding page on our website. If you are logged in to the social network, it can link your visit to your account. If you interact with the plug-ins, for example by clicking on the “Like" button on Facebook or leaving a comment, the relevant information is transferred from your browser to the social network and saved there. Information regarding the purpose and scope of data collection, the further processing and use of data by social networks as well as your rights and the settings options available to protect your privacy can be found in the data protection policies of the relevant networks or websites. The links for this can be found below.
Even if you are not logged in to the social networks, data can be sent to the networks from websites with active social plug-ins. An active plug-in sets a cookie with an identifier each time the website is accessed. Because your browser sends this cookie without being asked every time that you connect to a network server, the network could in principle use it to create a profile of which web pages the user belonging to the identifier has accessed. It would be possible to link this identifier to a specific person again, for example when logging in to the social network later.
Incorporation of Facebook social plug-ins
Social plug-ins (“Plug-ins”) for the facebook.com social network operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Facebook as well as your rights and the settings options available to protect your privacy can be found in the Facebook data protection policy: facebook.com/policy.php. You can block Facebook social Plug-ins with add-ons for your browser, for example with the “Facebook Blocker”.
Incorporation of Google Plus Plug-ins
Social Plug-ins (“Plug-ins”) for the Google Plus social network operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Google Plus as well as your rights and the settings options available to protect your privacy can be found in Google’s data protection policy: google.com/intl/de/policies/privacy/.
Incorporation of Twitter Plug-ins
Social Plug-ins (“Plug-ins”) for the Twitter social network operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Twitter as well as your rights and the settings options available to protect your privacy can be found in the Twitter data protection policy: twitter.com/privacy.
Incorporation of Pinterest Plug-ins
Plug-ins for the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”) are incorporated into our website. You can recognize the Pinterest plug-in by the “Pin it button” on our website. If you click on the Pinterest “Pin it button” while you are logged in to your Pinterest account, you can link the contents of our pages to your Pinterest profile. This will allow Pinterest to link your visit to our pages to your user account. We wish to point out that we do not know what data are transferred to Pinterest or how Pinterest uses these data. Further information can be found in the Pinterest data protection policy: about.pinterest.com/de/privacy.
Incorporation of Instagram Plug-ins
Plug-ins for the Instagram social network operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”) are incorporated into our website. You can recognize the Instagram plug-in by the “Instagram button” on our website. If you click on the “Instagram button” while you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile. This will allow Instagram to link your visit to our pages to your user account. We wish to point out that we do not know what data are transferred to Instagram or how Instagram uses these data. Further information can be found in the Instagram data protection policy: instagram.com/about/legal/privacy/.
Incorporation of fonts
Fonts from Google Fonts (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Google as well as your rights and the settings options available to protect your privacy can be found in Google’s data protection policy: google.com/intl/de/policies/privacy/.
Fonts from Font Awesome (Fonticons Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, United States (“Font Awesome”)) are incorporated into our website. Information regarding the purpose and scope of data collection, the further processing and use of data by Font Awesome as well as your rights and the settings options available to protect your privacy can be found in Font Awesomes’s data protection policy: fontawesome.com/privacy.
Incorporation of analysis tools
Google Analytics
This website uses functions from Google Analytics, a web analysis service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We have concluded a contract for commissioned data processing with Google. Google Analytics uses so-called “Cookies”. These are text files which are stored on your computer and allow an analysis of your use of the website. Generally speaking, the information regarding your use of this website generated by the cookie is transferred to one of Google's servers in the USA and stored there. Google Analytics cookies are stored on the basis of Art. 6 (1) (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimize both its web offering and its advertising.
IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be abbreviated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the USA. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services for the website operator relating to website and Internet use. The IP address provided by your browser for the purpose of Google Analytics will not be linked to other data held by Google.
HotJar
Anonymized data are collected using “cookies” to gather information about users' behaviour on the website.
How does SOCCATOURS protect your personal data?
We use various security measures such as state-of-the-art encryption and authentication tools to protect and maintain the security, integrity and availability of your data. One hundred percent protection against unauthorized access cannot be guaranteed for data transmissions via the Internet or a website but we and our service providers and business partners do our utmost to protect your personal data in accordance with applicable data protection regulations using state-of-the-art physical, electronic and procedural security measures. We use the following measures among others:
If you receive a password from us or have chosen one yourself that gives you access to certain areas of our website or to other portals, apps or services operated by us, you are responsible for maintaining the confidentiality of that password and for complying with any other security procedures of which we notify you. In particular, we ask that you do not disclose your password to anyone.
Security measures for location data
Certain services can only be used if you reveal your location or the location of your mobile device. We take the confidentiality of these location data very seriously. Your location data are therefore protected through the following security measures:
They will only be stored in a form which can be traced back to you or your mobile device for as long as is necessary to fulfil the purpose for which you gave your consent. Data are collected and accessed in this form only if this is necessary to provide the requested service. Data are collected and accessed in this form if we are legally obliged to store and/or hand over the data. Data used to locate your mobile device are linked to other data only when necessary to provide the requested service. We may have access to the data for locating your mobile device through the services we provide.
If location data are used in any other way for analysis purposes, data sets that were anonymized beforehand are used.
How long does SOCCATOURS keep your data?
We will keep your data only for as long as is necessary to fulfil the purposes for which we process your data. If we process data for multiple purposes, they are automatically deleted or stored in a format that does not allow direct conclusions to be drawn about you as soon as the last specific purpose has been fulfilled. To ensure that all your data are deleted again in accordance with the principle of data minimization, SOCCATOURS has come up with an internal deletion concept. The basic principles according to which this deletion concept ensures deletion of your personal data are described below.
Use of data for fulfilment of a contract
To fulfil contractual obligations, data collected from you may be kept for as long as the contract is in force and, depending on the nature and scope of the contract, for 6 or 10 years beyond that to comply with legal retention requirements and to address any enquiries or claims after the contract expires.
There are also contracts for the supply of products and services that make longer retention periods necessary, see also “Use to verify claims” below.
Use to verify claims
Data that, in our opinion, will be necessary to investigate, defend against or bring a criminal prosecution or claim against you, us or a third party may be retained by us for as long as any such proceedings might be brought.
Use for customer service and marketing purposes
For customer service and marketing purposes, the data collected from you may be kept for 3 to 10 years after collection, unless you request deletion of such data and there are no contractual or legal retention obligations that conflict with your deletion request.
Who is granted access to your data internationally and why?
As a company, SOCCATOURS® operates internationally. Personal data are processed for the purpose of organizing and providing package tours by SOCCATOURS® employees, possibly national sales companies, international subsidiaries (Destination Management Companies), SOCCATOURS® partners and service providers commissioned by us.
To support the provision of the listed services, SOCCATOURS® uses a number of service providers who are commissioned by SOCCA Holding GmbH & Co. KG in accordance with the strict data protection requirements during data processing.
Your data protection rights and your right to complain to the data protection authority
If you have any questions regarding our use of your personal data, you should first contact the SOCCATOURS®customer service department – either by e-mail or by calling +49 8031 23789-10 (08:00 - 18:00 daily). You can also contact the Data Protection Officer responsible.
As the person affected by the processing of your data, you can assert certain rights under the GDPR as well as other relevant data protection provisions. The following section gives details of your data subject rights under the GDPR. Depending on the nature and scope of your enquiry, we ask that you send it to us in writing.
Data subject rights
In accordance with the GDPR, you enjoy the following rights as the data subject whose data are processed by SOCCATOURS®:
Right of access by the data subject (Art. 15 GDPR): You can request information about the data we keep on you at any time. This information concerns, among other things, the categories of data we process, the purposes for which we process them, the origin of the data if we have not collected them directly from you, and, if applicable, the recipients to whom we have passed on your data. We can provide you with a copy of your data free of charge. If you require additional copies, we reserve the right to charge you for them.
Right to rectification (Art. 16 GDPR): You can request that we rectify your data. We will take reasonable steps to ensure that the data we hold on you and process on an ongoing basis is correct, complete and up to date based on the most up-to-date information available to us.
Right to erasure (Art. 17 GDPR): You can request that we delete your data, provided that the legal requirements for this are met. In accordance with Art. 17 GDPR, this can be the case if:
Right to restriction of processing (Art. 18 GDPR): You can request that we restrict the processing of your data if:
Right to data portability (Art. 20 GDPR): At your request, we will transfer your data – if this is technically possible – to another controller. However, you only have this right if the data processing is based on your consent or is necessary to fulfil a contract. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another party responsible specified by you.
Right to object (Art. 21 GDPR): You can object to the processing of your data at any time on grounds relating to your particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter shall not apply if we can demonstrate compelling legitimate grounds for the processing which outweigh your interests or if we need your data to assert, exercise or defend legal claims.
Deadlines for the fulfilment of data subject rights
We shall endeavour to deal with all enquiries within 30 days. However, this deadline may be extended, if necessary, for reasons relating to the specific data subject right or the complexity of your request.
Restriction of information when fulfilling data subject rights
In certain situations, we may not be able to provide you with information about all of your data owing to legal requirements. If we do have to reject your request for information in such a case, we will at the same time inform you of the reasons for the rejection.
Complaints to the supervisory authorities
SOCCATOURS® takes your concerns and rights very seriously. We will deal with your enquiry individually, personally and as quickly as possible. If however you feel that we have not adequately addressed your complaints or concerns, you have the right to submit a complaint to the data protection authorities responsible.