§ 1 – Subject Matter of this Privacy Policy

We appreciate your interest in our website and our services. The protection of your personal data (hereinafter referred to as “data”) is of great importance to us. Personal data means any information that allows conclusions to be drawn about your identity as a user of our services (e.g. name, email address, postal address).

Below, we inform you in detail about which data is collected when you visit our website and use our services, how it is processed or used by us, and what accompanying protective measures we have taken from both a technical and organisational perspective.

Name and Address of the Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection provisions, is:

📧 Submit Privacy Enquiry

§ 2 – Principles of Data Processing

2.1. Processing of Personal Data

We collect and use personal data of our users only insofar as this is necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2.2. Legal Bases for Processing

The processing of personal data takes place, depending on the individual case, on one of the following legal bases:

• Art. 6(1)(a) GDPR – Consent of the data subject
• Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
• Art. 6(1)(c) GDPR – Compliance with a legal obligation
• Art. 6(1)(d) GDPR – Protection of vital interests
• Art. 6(1)(f) GDPR – Legitimate interest of the controller (e.g. operation and optimisation of the website, fraud prevention), provided that the interests or fundamental rights of the data subject do not prevail

2.3. Deletion of Data / Retention Period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also continue where this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data shall also be blocked or deleted when a retention period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

§ 3 – Provision of the Website (Server Log Files)

Description and Scope of Data Processing

The scope and type of collection and use of your data differs depending on whether you visit our website merely to retrieve information or contact us directly. For the purely informational use of our website, it is generally not necessary for you to provide personal data.

In this case, we only collect and use the data that your internet browser automatically transmits to us:

• Date and time of the request for one of our web pages
• Your browser type and browser settings
• The operating system used
• The page you last visited (referrer URL)
• The volume of data transferred and the access status (file transferred, file not found, etc.)
• Your IP address

When you visit our website for purely informational purposes, we collect and use this data exclusively in non-personal form. This is done to enable the use of the web pages you have accessed, for statistical purposes and to improve our website. We store the IP address only for the duration of your visit; no personal analysis takes place.

Legal Basis

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR (legitimate interest in the trouble-free operation of the website).

Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Duration of Storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended. Server log files are automatically deleted after 7 days at the latest.

Right to Object and Removal

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no right to object.

§ 4 – SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, our website uses SSL/TLS encryption. This encryption is activated when transmitting contact enquiries, bookings and payment data. You can recognise an encrypted connection by the browser address bar changing from “http://” to “https://” and a padlock icon appearing in your browser bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

§ 5 – Contacting Us via Our Website

Description and Scope of Data Processing

When you contact us via the contact form, by email, telephone or WhatsApp, the data you provide (e.g. name, email address, telephone number, message content) is stored for the purpose of processing your enquiry and in case of follow-up questions. You provide this information voluntarily. This data will not be passed on to third parties without your express consent.

Legal Basis

The legal basis for processing this data is Art. 6(1)(b) GDPR (pre-contractual measures or contract performance). Where the contact does not aim at concluding a contract, the legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

Duration of Storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from contact enquiries, this is generally the case when the respective conversation with the user has ended and no statutory retention obligations (e.g. tax law retention periods of 6 or 10 years) apply.

Right to Object and Removal

You may object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Please contact info@tourguideme-berlin.com.

§ 6 – Cookies and Consent

Description and Scope of Data Processing

Our website uses cookies. Cookies are small text files that are sent from our web server to your browser during your visit to our website and stored on your device for later retrieval.

We distinguish between:

• Technically necessary cookies – these are required for the operation of the website and are set without consent.
• Analytics and marketing cookies – these are only set after your express consent via our cookie consent banner.

Legal Basis

Technically necessary cookies are set on the basis of Art. 6(1)(f) GDPR in conjunction with § 25(2) TDDDG (Telecommunications Digital Services Data Protection Act, formerly TTDSG). For all other cookies (analytics, marketing), the legal basis is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.

Right to Object and Removal

You may revoke your consent at any time via the cookie consent banner. In addition, you can disable, restrict or delete cookies already stored in your browser settings. Please note that disabling cookies may mean that not all features of the website are fully available.

§ 7 – Google Analytics 4 (GA4)

We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”). Google Analytics 4 uses cookies and similar technologies that enable an analysis of your usage behaviour.

Unlike its predecessor Universal Analytics (discontinued on 01 July 2023), GA4 operates by default without the full collection of IP addresses. IP anonymisation occurs automatically. The information generated is generally transferred to and stored on a Google server in the EU/EEA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

For the transfer of data to the USA, Google relies on its EU-U.S. Data Privacy Framework certification (adequacy decision of the EU Commission dated 10 July 2023). Further information can be found at https://policies.google.com/privacy.

Legal Basis

The use of Google Analytics is based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Consent is obtained via our cookie consent banner.

Right to Object and Removal

You may revoke your consent at any time via the cookie consent banner. In addition, you can prevent data collection by Google Analytics by installing the browser add-on for disabling Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en.

§ 8 – Google Ads and Conversion Tracking

We use Google Ads on our website, an online advertising programme provided by Google Ireland Limited. Conversion tracking is also used. When you arrive at our website via a Google advertisement, Google Ads sets a cookie on your device. This cookie expires after 30 days and does not serve personal identification.

If you visit certain pages of our website while the cookie is still active, both we and Google can recognise that you clicked on the relevant advertisement and were redirected to our site. Each Google Ads account receives a different cookie, so cookies cannot be tracked across the websites of different Google Ads customers.

In this process, we do not receive any information that could personally identify you. We only learn the total number of users who responded to our advertisement.

Legal Basis

The use of Google Ads Conversion Tracking is based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.

Right to Object and Removal

You may revoke your consent at any time via the cookie consent banner. Alternatively, you can disable the Google conversion tracking cookie via your browser settings. Further information on Google’s privacy policy can be found at https://policies.google.com/privacy.

§ 9 – Google Maps

We use Google Maps on our website, a mapping service provided by Google Ireland Limited. When Google Maps is used on our website, information about the use of this website, including your IP address, is transmitted to and stored on a Google server.

For the transfer of data to the USA, Google relies on its EU-U.S. Data Privacy Framework certification. Further information about data processing by Google can be found in Google’s privacy policy: https://policies.google.com/privacy. The terms of use for Google Maps can be found at https://www.google.com/intl/en/help/terms_maps.html.

Legal Basis

The use of Google Maps is based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.

Right to Object and Removal

You may revoke your consent at any time via the cookie consent banner. Without consent, Google Maps will not be loaded.

§ 10 – Booking Platforms and Third-Party Providers

For the booking of our guided tours, we use the booking platform BookingKit (bookingkit GmbH, Berlin). When you book a tour via BookingKit, your data (e.g. name, email address, booking details, payment data) is processed by BookingKit on behalf of TourguideMe. The legal basis is Art. 6(1)(b) GDPR (contract performance). Further information can be found in the privacy policy of BookingKit.

In addition, our tours are bookable on third-party platforms such as GetYourGuide and Tripadvisor. When booking via these platforms, their respective privacy policies apply. TourguideMe only receives the data necessary for the delivery of the tour.

§ 11 – Rights of Data Subjects

You have the following rights under the GDPR with regard to personal data concerning you:

11.1. Right of Access (Art. 15 GDPR)

You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing takes place, you may request information about the purposes of processing, the categories of data, recipients, the planned retention period, and your further rights.

11.2. Right to Rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate personal data or the completion of incomplete personal data.

11.3. Right to Erasure (Art. 17 GDPR)

You may request the immediate erasure of personal data concerning you, provided that one of the legally prescribed grounds applies – for example, if the data is no longer necessary for the purpose for which it was collected, you revoke your consent, or you have objected to the processing and no overriding legitimate grounds for processing exist.

11.4. Right to Restriction of Processing (Art. 18 GDPR)

Under the conditions of Art. 18 GDPR, you may request the restriction of processing of personal data concerning you. In this case, the data may – apart from storage – only be processed with your consent or for the establishment, exercise or defence of legal claims.

11.5. Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit this data to another controller, provided that the processing is based on consent or a contract and is carried out by automated means.

11.6. Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. The controller shall then no longer process the data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

11.7. Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

11.8. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement. The supervisory authority responsible for TourguideMe is:

📧 Submit Privacy Enquiry

§ 12 – Objection to Promotional Emails

The use of contact data published as part of the statutory imprint obligation by third parties for the purpose of sending unsolicited advertising and information materials is hereby expressly prohibited. We expressly reserve the right to take legal action in the event of the unsolicited sending of promotional information, such as spam emails.