The protection of your personal data is very important to us, which is why it is also anchored in the corporate objectives of our business plan. We thank you for the trust you have placed in us with regard to your important data and we would like to be transparent about the use of this data.
This is an information page as part of our legal information. The confidentiality and integrity of your personal data is of particular concern to us. The legal basis of our data protection information is the EU GDPR and the BDSG-new.
Please note that, in addition to the customer service department, the Group companies, for example, are also part of the SOCCA GROUP's data controller. In principle, your personal or personal-related data can therefore be legitimately processed by both the customer service department and the Group companies.
If you have any questions regarding the processing of your personal data, please contact the customer service department or the SOCCA GROUP data protection officer directly:
SOCCA Holding GmbH & Co. KG
Mangfallstr. 37
83026 Rosenheim
Rosenheim, Germany
datenschutz@socca.de
+49 8031 23789-10 (Monday to Friday from 08:00 to 18:00)
We collect and process data about you in the following cases:
If you contact us directly, for example via our website or via our customer service, and you are interested in our products or services or have another request.
If you enter data yourself in our online forms.
When you purchase or book products directly from us.
When you purchase services directly from us.
When you respond to our direct marketing activities, for example when you fill out a response card or when you submit your data online on a landing page.
When your personal data is transmitted to us by travel agents or agencies on your behalf.
When other Group companies and individual business partners who offer products and services on our behalf provide us with data about you as permitted.
If third parties (e.g. certified address providers) permissibly provide us with personal data about you.
When you send us your application documents.
The following categories of personal data may be collected through the various services and contact channels described in this Privacy Notice:
Contact details
Name, address, telephone number, email address.
Contract data
Customer number, contract number, booked services, products and services, payment information (e.g. account and credit card number), the personal details of your fellow travelers, information about the travelers, passport data, other identification information.
Personal data and interests
Information provided by you about your date of birth, education, household size, professional situation, sporting activities, sporting career, support of professional clubs as a fan, club memberships, coaching activities.
Online account data
Your self-chosen password, information provided by you (e.g. information on assignment to a travel group in the context of training camps or tournaments), your feedback, experience reports and reviews, as well as your contributions to customer surveys.
Other sources of personal data
We may use personal data from other sources, such as companies that provide information and data, commercial partners and public registers. Your insurance company, its agents and medical staff may share relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or on behalf of other customers or in an emergency. When you log in with your social network credentials to connect to our platforms and online services such as Facebook, Google+ or Twitter, you consent to sharing your user data with us, for example your name, email address, date of birth, location and other information you choose to share with us. We may use surveillance camera footage, IP addresses and browser data collected in or in the immediate vicinity of our websites.
Use of websites and communications
Information about how you use the website (for example, travel preferences, which destinations you are most interested in) and whether you open or forward communications from us, including data collected via cookies and other tracking technologies. For more information, please see our Cookie Policy here.
Transaction and interaction data
Information about purchases of products and services, interactions with SOCCATOURS® Customer Care (your queries and complaints) and partners or subsidiaries, as well as participation in market research studies.
Creditworthiness and identity information
Data to establish your identity, for example passport numbers (e.g. for issuing airline tickets), nationality (e.g. for issuing visas required for entry into other countries), information on transactions, any payments not made to us, information on cases of fraud, criminal acts, suspicious transactions, politically exposed persons and sanctions lists in which your data is contained.
Personal data about other persons that you provide to us
We use personal data you provide about other people, for example other information on your booking. If you provide personal data about other people, you must ensure that they agree to this and that you are allowed to provide the data. You should also ensure that these people are aware of how their personal data could be used by us.
We need your personal data for the following purposes:
To provide you with products and services and information on request.
To be able to identify you when you contact us.
To help us improve the quality of our products and services.
To be able to offer you products and services.
To improve communication with you and to provide you with more personalized service.
To comply with legal requirements such as fraud and money laundering prevention.
For other purposes only insofar as this is necessary and legally permissible.
In most of these cases, you have the option of opting out of the use of your data, for example by withdrawing your data protection consent or no longer using a particular service. You can do this, for example, by contacting our customer service department.
However, there are also cases in which, subject to legal provisions to the contrary, you cannot effectively object to the use of your data:
Where there is a contract between you and us.
In the case of existing overriding legal provisions.
We may transfer your data to the following companies outside the SOCCA Group for the above purposes, but we will inform you of this at the appropriate point and, if necessary, obtain your consent:
To travel agencies and agencies through which you have booked with us
To carefully selected and checked business partners with whom we work in order to be able to offer you products and services. We only do this for the SOCCA GROUP within the framework of the strict requirements of data processing on behalf of the SOCCA GROUP.
We do not pass on your data to third parties, with the following exceptions:
If we are obliged to provide information within the framework of legal requirements.
If one or more business areas of the SOCCA GROUP are sold to a company to which we transfer our rights, in compliance with any existing agreements with you.
To the extent permitted and required by law, for example to prevent fraud.
In order for you to travel, it is sometimes mandatory (required by law by authorities at the relevant origin and/or destination) to disclose and process your personal data for immigration, border control, security and counter-terrorism purposes or other purposes determined to be appropriate. Some countries will only grant permission to travel if you provide your enhanced passenger data (for example, Caricom API data and US Secure Flight data). These requirements may vary depending on your destination and we recommend that you check this on a case-by-case basis. Even if it is not mandatory, we are happy to assist you. We may share the minimum necessary personal data with other authorities if the law requires us to do so or if we are legally permitted to do so.
Social media features
Our websites or mobile apps may include social media features such as Facebook, Twitter, Google+ or Pinterest, which have their own privacy notices.
We use the following third-party plugins on our websites. If you do not want social networks or similar to collect data about you via active plugins, you can select the "Block third-party cookies" function in your browser settings. The browser will then not send cookies to the server for embedded content from other providers. However, with this setting, other cross-page functions may no longer work in addition to the plugins.
If these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you access a page on our website. The content of the plugin is transmitted directly to your browser by the social network and integrated into the website. By integrating the plugins, the social network receives the information that you have accessed the corresponding page on our website. If you are logged in to the social network, it can assign the visit to your account. If you interact with the plugins, for example by clicking the Facebook "Like" button or leaving a comment, the corresponding information is transmitted directly from your browser to the social network and stored there. Purpose and scope of data collection and the further processing and use of data by social networks as well as your rights in this regard and setting options to protect your privacy
Even if you are not logged in to the social networks, websites with active social plugins can send data to the networks. An active plugin sets a cookie with an identifier each time the website is accessed. Since your browser uses this cookie each time it connects to a network server, it can in principle create a profile of which websites the user belonging to the identifier has accessed. It would be possible to assign this identifier to a person again, for example when logging in to the social network later.
Integration of Facebook social plugins
Social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), are integrated into our website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information: facebook.com/policy.php. You can also block Facebook social plugins with add-ons for your browser, e.g. with the "Facebook Blocker".
Integration of Google Plus plugins
Social plugins ("plugins") of the Google Plus social network, which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"), are integrated into our website. For the purpose and scope of data collection and the further processing and use of data by Google Plus, as well as your rights in this regard and setting options to protect your privacy, please refer to Google's data protection information: google.com/intl/en/policies/privacy/.
Integration of Instagram plugins
Plugins from the social network Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram") are also integrated on this website. You can recognise the Instagram plugin by the "Instagram button" on our site. If you click on the "Instagram button" while you are logged into your Instagram account, you can link the content of our pages to your Instagram profile. This allows Instagram to assign the visit to our pages to your user account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram. Further information can be found in Instagram's privacy policy: instagram.com/about/legal/privacy/.
Integration of fonts
Fonts from Google Fonts (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google")) are integrated on this website. For the purpose and scope of data collection and the further processing and use of data by Google as well as your rights in this regard and setting options to protect your privacy, please refer to Google's data protection information: google.com/intl/en/policies/privacy/.
Fonts from Font Awesome (Fonticons Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, United States ("Font Awesome")) are integrated on this website. For the purpose and scope of the data collection and the further processing and use of the data by Font Awesome as well as your rights in this regard and setting options for protecting your privacy, please refer to Font Awesome's data protection information: fontawesome.com/privacy.
Integration of analysis tools
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We have concluded a contract with Google for order data processing. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising.
Hotjar
Diese Website nutzt Hotjar, ein Web-Analyse-Tool der Hotjar Ltd. (Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta). Hotjar ermöglicht es uns, das Verhalten der Nutzer auf unseren Websites besser zu verstehen und unser Angebot entsprechend zu optimieren. Hotjar verwendet Cookies und andere Technologien, um Informationen über das Verhalten unserer Besucher und ihrer Endgeräte zu sammeln. Dazu gehören unter anderem die IP-Adresse des Geräts (in anonymisierter Form), Bildschirmgröße, Gerätetyp, Browserinformationen, geografischer Standort (nur Land) sowie bevorzugte Sprache. Hotjar speichert diese Daten in einem pseudonymisierten Nutzerprofil und gibt sie nicht an Dritte weiter. Du kannst die Erfassung deiner Daten durch Hotjar jederzeit durch ein Opt-Out deaktivieren. Weitere Informationen zur Datenverarbeitung durch Hotjar findest du in der Datenschutzerklärung von Hotjar: https://www.hotjar.com/legal/policies/privacy/
IP anonymization
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
HotJar
Anonymized data is collected using "cookies" to collect information about user behavior on the website.
We use various security measures such as state-of-the-art encryption and authentication tools to protect and maintain the security, integrity and availability of your data. One hundred percent protection against unauthorized access cannot be guaranteed for data transmissions over the Internet or a website, but we and our service providers and business partners use our best efforts to protect your personal data in accordance with applicable data protection regulations through state-of-the-art physical, electronic and procedural safeguards. Among others, we use the following measures:
Strict criteria for authorization to access your data according to the "need-to-know principle" (restriction to as few persons as possible) and exclusively for the stated purpose,
Forwarding of collected data exclusively in encrypted form,
Storage of confidential data, for example credit card data, exclusively in encrypted form,
Firewall protection of IT systems to protect against unauthorized access, for example by hackers, and
permanent monitoring of access to IT systems to detect and prevent misuse of personal data.
If you have received a password from us or have assigned one yourself that gives you access to certain areas of our website or to other portals, apps or services operated by us, you are responsible for keeping this password confidential and for complying with all other security procedures of which we inform you. In particular, we ask you not to disclose your password to anyone.
Security precautions for location data
Certain services can only be provided if you disclose your location or the location of your mobile device. We take the confidentiality of this location data very seriously. Therefore, your location data is protected with the following security measures:
It will only be stored in a form traceable to you or your mobile device for as long as necessary to fulfill the purpose for which you have consented. Data collection and access to it in this form will only occur when necessary to provide the requested service. Data collection and access to it in this form will also occur to the extent that we are required by law to store and/or hand over the data. Data to locate your mobile device is only linked to others when necessary to provide the requested service. We may have access to your mobile device location data through the services we provide.
Any other use of location data for analytical purposes is done on data sets that have been previously anonymized.
We will only retain your data for as long as is necessary for the relevant purposes for which we process your data. If we process data for multiple purposes, it will be automatically deleted or stored in a format that does not directly identify you once the last specific purpose has been fulfilled. To ensure that all your data is deleted in accordance with the principle of data minimization, SOCCATOURS has developed an internal deletion policy. The basic principles according to which this deletion policy provides for the deletion of your personal data are set out below.
Use for the fulfillment of a contract
In order to fulfill contractual obligations, data collected from you may be retained for as long as the contract is in force and, depending on the nature and scope of the contract, for 6 or 10 years beyond that in order to comply with legal retention obligations and to clarify any inquiries or claims after the contract has expired.
In addition, there are contracts for the supply of products and services that require longer retention periods, see also "Use for checking claims" below.
Use for the verification of claims
We may retain data that we believe will be necessary to investigate or defend claims against us or to initiate criminal prosecution or bring claims against you, us or third parties for as long as such proceedings may be brought.
Use for customer service and marketing purposes
For customer service and marketing purposes, the data collected from you may be retained for 3 to 10 years after collection, unless you request the deletion of this data and there are no contractual or statutory retention obligations that conflict with this request for deletion.
SOCCATOURS® is an internationally operating company. Personal data is processed by SOCCATOURS® employees, possibly national sales companies, international subsidiaries (Destination Management Companies), SOCCATOURS® partners and service providers commissioned by us in the context of the organization and execution of a package tour.
SOCCATOURS® relies on a number of service providers who are commissioned by SOCCA Holding GmbH & Co. KG in accordance with the strict requirements of data protection law to support the provision of the services and purposes listed.
If you have any questions about our use of your personal data, it is best to contact SOCCATOURS® customer service first - either by email at or by telephone on +49 8031 23789-10 (daily 08:00 - 18:00). You can also contact the responsible data protection officer.
As a person affected by the processing of your data, you can assert certain rights against us in accordance with the GDPR and other relevant data protection regulations. The following section contains explanations of your rights as a data subject under the GDPR. Depending on the nature and scope of your request, we will ask you to address it to us in writing.
Rights of data subjects
Under the GDPR, you have the following rights as a data subject vis-à-vis SOCCATOURS®:
Right of access (Art. 15 GDPR): you can request information from us at any time about the data we hold about you. This information concerns, among other things, the categories of data we process, the purposes for which we process it, the origin of the data if we have not collected it directly from you and, if applicable, the recipients to whom we have transmitted your data. You can receive a copy of your data from us free of charge. If you are interested in further copies, we reserve the right to charge you for the additional copies.
Right to rectification (Art. 16 GDPR): You can request that we rectify your data. We will take reasonable steps to keep the data we hold and process about you accurate, complete and up to date, based on the most recent information available to us.
Right to erasure (Art. 17 GDPR): You can request that we erase your data if the legal requirements for this are met. According to Art. 17 GDPR, this may be the case, for example, if
the data is no longer necessary for the purposes for which it was collected or otherwise processed;
You withdraw your consent, which is the basis for the data processing, and there is no other legal basis for the processing
You object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to data processing for direct marketing purposes;
the data has been processed unlawfully;
the processing is not necessary to ensure compliance with a legal obligation that requires us to process your data; in particular with regard to statutory retention periods;
to assert, exercise or defend legal claims.
Right to restriction of processing (Art. 18 GDPR): You can request that we restrict the processing of your data if
You contest the accuracy of the data, for the period necessary for us to verify the accuracy of the data
the processing is unlawful and you oppose the erasure of your data and request the restriction of their use instead
we no longer need your data, but you need it to assert, exercise or defend legal claims
You have objected to processing pending the verification whether our legitimate grounds override yours.
Right to data portability (Art. 20 GDPR): At your request, we will transfer your data to another controller - insofar as this is technically possible. However, you only have this right if the data processing is based on your consent or is necessary to perform a contract. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another controller specified by you.
Right to object (Art. 21 GDPR): You can object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can demonstrate compelling legitimate grounds for processing that outweigh your interests or if we need your data to assert, exercise or defend legal claims.
Deadlines for the fulfillment of data subject rights
We generally endeavor to comply with all requests within 30 days, but this period may be extended for reasons relating to the specific data subject right or the complexity of your request.
Restriction of information in the fulfillment of data subject rights
In certain situations, we may not be able to provide you with information about all of your data due to legal requirements. If we have to refuse your request for information in such a case, we will inform you of the reasons for the refusal at the same time.
Complaints to supervisory authorities
SOCCATOURS® takes your concerns and rights very seriously. We will deal with your concerns individually and personally as quickly as possible. However, if you believe that we have not adequately addressed your complaints or concerns, you have the right to lodge a complaint with a competent data protection authority.
You have questions?