Privacy Policy

2.1 Visiting our website

In principle, you can visit our website without informing us who you are. In such cases, we will only learn

• your IP address,
• the name of the web page visited or the file retrieved and the time of the visit or retrieval,
• the volume of data transferred and
• whether the visit or retrieval was successful.

The data is used solely to manage and improve our internet services and offers. In such cases, we have a legitimate interest within the meaning of Art. 6(1) f) GDPR (General Data Protection Regulation) to design our website so that it is as visually appealing and user-friendly as possible.

An IP address may be deemed personal data, since under certain circumstances it is possible to use the IP address to obtain information from the respective internet service provider and to learn the identity of the owner of the internet connection used. However, we do not store your IP address beyond the time you spend visiting our website.

Further processing of data in the context of using our website, such as the use of cookies and analytics services, is explained in detail in Sections 7 to 11 of this Policy.

2.2 Use of our services

We process personal data we receive from you within the scope of our business relationship. We also process personal data that we have lawfully obtained from publicly accessible sources (such as debtor registers, land registers, company and association registers, press publications and other media) and which we are entitled to process.
We process your personal data solely for the purpose of carrying out the activities of bedfinder. To provide, operate and maintain bedfinder, as well as to manage and improve bedfinder over time, we will process the following information about you (“Personal Data”):

1. Your first name, middle name, last name; email address; country of residence, IP address; telephone number; credit or debit card number; payment information, and any other data you enter when using bedfinder;
2. Usage data, such as the date, time, duration and frequency of your use of BF International Travel AG, how you navigate through BF International Travel AG, the types of browsers and computer operating systems you use;

Furthermore, we process information from our subsidiaries and our advertising partners, customers and other third parties that participate in the placing of advertising and other services in bedfinder. However, this information does not contain Personal Data.

We process Personal Data in compliance with the provisions of the EU General Data Protection Regulation (GDPR):

3.1 For the performance of a contract concluded with you (Art. 6(1) b) GDPR), by:

• Providing, operating and managing bedfinder;
• Booking your accommodation and charging you for the booking; Where our services are provided to you on account, this may also include the processing of Personal Data in connection with your creditworthiness;
• Managing your contractual relationship with us;
• Managing your relationship with our accommodation suppliers;
• Validating your data;
• Answering your requests, questions, complaints and cancellations;
• Communicating with the accommodation suppliers in connection with your booking.

We process the types of data specified in Section 2.2.a for the purposes listed above.

3.2 To protect the legitimate interests of bedfinder or third parties, unless such interests are overridden by your interests or fundamental rights and freedoms with regard to the protection of your Personal Data (Art. 6(1) f) GDPR), by:

• improving bedfinder;
• holding competitions, sweepstakes and similar events;
• keeping bedfinder and our infrastructure secure;
• server maintenance, troubleshooting, data analysis, testing, research and service improvement;
• developing new features and functionalities, improving user experience and enhancing user friendliness;
• providing marketing or promotional information by email about products, initiatives and events of members of the Hotelplan group of companies, or selected business partners (one-to-one marketing), unless you have denied consent for your data to be used for such purposes;
• verifying compliance with applicable laws and regulations as well as our Terms and Conditions;
• using within our group of companies to improve internal processes;
• preventing misuse of bedfinder; and
• protecting and safeguarding our rights and our property.

3.3 To comply with a legal obligation (Art. 6(1) c) GDPR):

• for accounting and archiving purposes;
• to comply with applicable laws and regulations;
• in the case of court proceedings, to comply with a formal request by the competent courts and authorities

3.4 On the basis of your consent (Art. 6(1) a) GDPR)

Any further processing of your Personal Data is only permissible if you have given us your consent, and if we are entitled to process your Personal Data in accordance with Art. 6(1) a) GDPR. You have the option of giving your express consent in certain areas within our website. In such a case, we will inform you of the purpose for which the data will be processed in the event that you give your consent, and for how long we will store this Personal Data. After giving your consent, you may withdraw it at any time. Please be aware that withdrawal of consent applies only with effect for the future. Processing that has occurred before the withdrawal of consent is not affected.

If you give your consent, we will send you our newsletter and other interesting information about BF International Travel AG.

Within the scope of the purposes stated in Section 3 above, we may transfer your Personal Data to the following categories of recipients:

1. Service providers (airline partners, hotel partners, intermediaries)
2. Transportation companies, car and motor home rental companies
3. B2B service providers for hotel accommodation (in particular bed banks)
4. Technology partners (Zendesk, Peakwork, GDS, etc.)
5. Travel agents and other sales partners (Trivago, Google, Kayak, Tripadvisor, etc.)
6. Payment processing partners (Computop, Concardis, American Express)
7. Market research providers for customer opinion surveys (Trustpilot)
8. Online marketing (social media, e.g. Facebook, search engines, e.g. Google)
9. Analytics (Google Analytics)
10. Legal and tax advisors

Within the scope of these data transfers, data may also be transferred to countries outside the European Economic Area, where a comparable level of data protection may not be available. In the cases listed under a) to f) above, such transfers are absolutely essential for delivery of the service you have ordered. In such cases, an exemption may apply within the meaning of Art. 49(1) b) GDPR.In all other cases we ensure that any data transfer to such third countries only takes place in compliance with the provisions of Art. 44 ff. GDPR, for example by transferring the data to countries which are covered by an adequacy decision of the European Commission (as is the case with Switzerland), or if suitable guarantees can be provided.

Within our company, your Personal Data will only be transferred to recipients who require this data to fulfil our contractual and legal obligations. Processors (see Art. 28 GDPR) working on our behalf may also receive data for the purposes stated above. These are companies in the sectors of credit services, IT services, logistics, telecommunications, debt collection, advisory and consulting services and also sales and marketing.

In the event that we are involved in a bankruptcy, merger, acquisition, re-organisation or sale of assets, your Personal Data may be sold or otherwise transferred to affiliated companies or third parties as part of such transaction. This Policy will apply to any Personal Data sold or otherwise transferred to the acquirer.

We may also share your Personal Data with partner companies and third parties for them to help us provide, analyse and improve bedfinder and our partner companies’ services, which may include the delivery of ads and other promotional materials.

We may in particular share or disclose your aggregated, anonymised or otherwise non-personal information and use it at our own discretion.

We implement technical and organisational security procedures to maintain the security of your Personal Data, as well as to safeguard your Personal Data against unauthorised or unlawful processing and/or against accidental loss, inadvertent alteration, inadvertent disclosure or access by an unauthorised third party. Our security procedures include contractual terms agreed with any service providers, to ensure that they protect the security and confidentiality of your Personal Data in accordance with our standards. However, please bear in mind that while we strive to protect your Personal Data against potential risks and exposures, there is no absolute security in the online sphere. For this reason, we ask you to support our IT security efforts by not disclosing any data on bedfinder that is particularly sensitive or valuable.

BF International Travel AG uses cookies. A cookie is a small computer file that our server sends to your computer or mobile device and which your computer or mobile device sends back to us each time you visit bedfinder. Our server is able to retrieve or read the contents of the cookie, and this allows it – among other things – to remember your preferences. Cookies typically contain the name of the website from which you access bedfinder, as well as some additional information, such as a unique identifier and some digits and numbers (IP address, browsing patterns and elapsed time, etc.).

Cookies help us to recognise your preferences when you visit BF International Travel AG. We use cookies to personalise and improve your individual viewing experiences. We use session cookies and permanent cookies. They are all absolutely necessary for us to deliver our services and to continue developing and improving our website. Session cookies are deleted when your browser session ends and you close your browser. Permanent cookies will remain stored on your computer or mobile device for a fixed period of time and will be activated each time you visit bedfinder.

The following is a list of the individual cookies we use:

7.1 Own BF International Travel AG system-required cookies
This cookie enables BF International Travel AG to collect data which is relevant for the booking, so that during the next process step (check-out), important browser data which is required for booking the desired service can be transmitted. The data collected is not shared with third parties and is deleted after a maximum of 12 months.

7.2 Google Analytics_GA & dc_gtm_UA cookies
This cookie enables Google Analytics to collect client ID and time stamp data for the purpose of distinguishing individual users. This data is transmitted to Google Analytics with an anonymised IP and deleted after a maximum of 24 months.

7.3 Google Analytics_GID cookie
This cookie enables Google Analytics to collect client ID and time stamp data for the purpose of distinguishing individual users. This data is transmitted to Google Analytics with an anonymised IP and deleted after a maximum of 12 months.

7.4 OWA Tag Manager (hurra.com)
This cookie enables hurra.com to collect non-personally identifiable information from the webpage visited at bedfinder.com (such as the hotel name, price and the language) for the purpose of optimising our AdWords campaigns. The data collected is transmitted to hurra.com. Data is not transferred to non-EU countries. The data collected is deleted after a maximum of 24 months.

We use these cookies on the basis of our legitimate interest in implementing ongoing upgrades to the functionality and user-friendliness of our website, in accordance with Art. 6(1) f) GDPR.

You can edit the settings of your browser and instruct it to no longer accept cookies, or to prompt you before accepting a cookie from the websites you visit. You may also delete cookies from your computer or mobile device by choosing the corresponding option in your browser settings. If you decide not to accept our cookies, you will not be able to view certain information in bedfinder, or use some of the features which are designed to enhance your user experience. By declining to accept cookies, the use of bedfinder will be limited.

To change your cookie settings, follow the instructions provided by your browser (these are usually located under the “Help”, “Tools” or “Edit” function). If you want to learn more about how to change your cookie settings, you can visit www.aboutcookies.org, where you will find comprehensive information on the options provided by all of the major internet browsers.

BF International Travel AG uses “Google Analytics”, a software programme provided by Google LLC (“Google”). Google is certified under the EU-US Privacy Shield, which guarantees compliance with European data protection laws.
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google Analytics is a web analytics tool that uses cookies and text files that are stored on your computer or mobile device to track your bedfinder use, and this helps us get a better understanding of how you interact with bedfinder. These cookies and text files are used to collect information, such as the time your current visit occurred, whether you have already visited bedfinder before, and the website from which you were referred to bedfinder. The information generated by the cookie or text file includes information about your computer, IP address, operating system and browser type and it is sent to a Google server in the USA and stored there. Google will use this information to evaluate your use of bedfinder, to compile reports on website activity for website operators, and to offer other services in connection with this website activity and internet use. In addition, Google may also transfer this information to third parties if required by law, or if such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. We have also activated IP anonymising, so that as a general rule, your IP address will only be transmitted to Google in an abbreviated form. In exceptional cases, the complete IP address may be transmitted to Google and will be abbreviated there. You may decline the storage of cookies and text files by changing your browser settings. However, in this case, you may possibly be unable to use all of the features of bedfinder. Furthermore, you can prevent the sending and use of the information collected by cookies to Google (including your IP address) by downloading and installing the plugin available at the following address: http://tools.google.com/dlpage/gaoptout?hl=en.

The legal basis for the use of Google Analytics is Art. 6(1) f) GDPR, since we have a legitimate interest in implementing ongoing upgrades to improve our website and make it more user-friendly.

Your Personal Data will be deleted after a storage period of 26 months.

In addition, bedfinder will also use DoubleClick cookies. Double Click is an additional service of Google LLC. These cookies enable Google and its partners to serve ads to our users based on their visit to bedfinder or other sites on the internet. To do this, a cookie is stored on your end-user device, containing information about the websites you have visited and the content that interests you. If you later visit third-party websites, it is possible that personalised advertising may be displayed to you which is based on your possible interests.

Your data will only be processed within the Google advertising network in a pseudonymous form, unless you give your express consent to Google to process your data without such pseudonymisation. All information collected in this way will be transmitted to Google servers in the USA and stored there. This also applies to your IP address, which is generally anonymised in the member states of the European Economic Area, and only transmitted to the USA in non-truncated form in exceptional cases and then truncated there.

We use Double Click on the basis of our legitimate interest, within the meaning of Art. 6(1) f) GDPR, in analysing the use of our website, so we can improve the website and place ads in the Google advertising network.

For further information, we refer to the details provided by Google at
https://policies.google.com/technologies/ads?hl=en.

bedfinder further uses the Google AdWords remarketing service to display advertising on third-party websites (including Google) to previous visitors of bedfinder. That could mean that we advertise to previous visitors who did not complete a task on bedfinder. This advertising could be in the form of an ad on the Google search results page, or on a page in the Google Display Network. Third-party vendors, including Google, use cookies to display ads based on a person’s past visits to the website.

The data will only be processed within the Google advertising network in a pseudonymised form, unless you have given your express consent to use a different form of processing.

The information collected in this way will be transmitted to Google and stored on Google servers in the USA.
We have a legitimate interest in using this service on the basis of Art. 6(1) f) GDPR, since the use of Google AdWords enables us to analyse the usage of our website and implement upgrades, thereby ensuring its continued commercial operation.

You may opt out of the use of DoubleClick Cookie and Adwords remarketing for interest-based advertising, by visiting the Google Ads Preferences page.

For further information about Google:
 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 904043, USA.
 https://policies.google.com/

bedfinder uses retargeting technology. The technology allows us to use targeted advertising to address users on our partners’ websites who have previously shown an interest in our products and services. We use this technology to provide you with personalised, interest-related advertising rather than advertising without personal relevance. Retargeting technology inserts advertising media on the basis of cookie-based analyses of previous user behaviour. However, retargeting technology operates anonymously and does not process any Personal Data. There is a possibility that we may not recognise or take action in response to Do Not Track (DNT) signals from web browsers. At this point in time, there is not any universally accepted standard for the introduction of procedures for companies in the event that a DNT signal is detected. In the event that a final standard is established, we will determine how to appropriately respond to these signals.

bedfinder uses social media plugins (“Plugins”) provided by social networks (e.g. Facebook, Instagram, Snapchat, Google+ and Twitter). The Plugins are identifiable by the logo of the respective social network. The Plugins enable you to set bookmarks on these pages and share the bookmarks with other users of social networks.

When you visit a page of bedfinder that contains Plugins, your browser establishes a direct connection to the social network servers. The embedded Plugins provide the social network with the information that you have accessed the corresponding page of bedfinder. If you are logged into the social network, your visit can be assigned to your social network account. If you interact with the Plugins, for example by clicking on a social network logo, the corresponding information is transmitted from your browser directly to the social network and stored by it. Even if you are not logged into the social network, there is a possibility that the Plugins will transmit your IP address to the social network.

For information on the purpose and scope of data processing by the social network, as well as your rights in this regard and the available options for adjusting your settings to protect your privacy, please visit the social network website privacy policy. We have no influence on the data gathered by the Plugins.

In addition, bedfinder provides links to other websites. When you click on one of these links, you are leaving bedfinder and visiting another website that we do not control and for which we cannot be held responsible.

We recommend that you carefully review the privacy policies or data protection regulations on any other internet site or social network website that you visit, because those privacy policies or data protection regulations will apply and may be very different from our Policy. For further information on Plugins and the privacy policies of the social network providers, please click on the following links:

This website uses Google Maps to display maps and to create route maps. Google Maps is an additional service provided by Google. For further information about Google, see Section 8. Every time you use the components of Google Maps, Google places a cookie on your computer or mobile device. You can use your browser settings to prevent this, or to delete any cookies already placed on your device. You can also deactivate the Google Maps service. In this case the service may not be used, or may only be partially used.

The legal basis for the use of Google Maps is Art. 6(1) f) GDPR, since we have a legitimate interest in improving our website on a regular basis to make it more user-friendly.

The use of Google Maps is subject to specific Terms and Conditions of Use which you can review by clicking on the following links:

We store your Personal Data in an identifiable form for as long as is necessary for the specific purpose for which it was collected; in the case of contracts this is typically at least for the duration of the contractual relationship.
Furthermore, we store Personal Data where we have a legitimate interest in such storage. This could be the case in particular circumstances, such as if we require Personal Data to establish or defend legal claims, for archiving purposes, to maintain IT system security, or during limitation periods for contractual or non-contractual claims. For example, limitation periods of ten years apply in many cases; in other cases it may be five years or one year. In addition, we store your Personal Data for as long as it is subject to statutory retention periods. For certain types of data, for example, the retention period is ten years. For other data, shorter retention periods may apply, for example for records of certain internet processes (log data). On expiry of the mandated retention periods we will delete or anonymise your Personal Data.

If you want us to delete some or all of your Personal Data, you may contact us using the information provided below. Please be aware, however, that we may possibly be entitled or obliged to retain some of your Personal Data in accordance with applicable laws and regulations.

You are not under any obligation to provide Personal Data. Within the scope of our business relationship, we request that you provide such Personal Data as is necessary to enter into and conduct the business relationship, or any data which we are legally bound to collect. As a rule, if you fail to provide this data, we will be unable to enter into a contract with you, or to execute your order, or we will be unable to fulfil an existing contract and may be forced to terminate it.

You have the following rights with regard to the processing of your Personal Data by us:

1. Information
   You have the right to request information from us with regard to your Personal Data which is processed, as well as the following additional information:
   • the purposes of processing;
   • the categories of Personal Data that are processed;
   • the recipients or categories of recipients to whom the Personal Data has been or will be disclosed;
   • the intended period for which the Personal Data will be stored, or the criteria used to determine that period;
   • the existence of a right to rectification or erasure of Personal Data concerning you, or a right to restriction of processing by us, or a right to object to such processing;
   • the existence of a right to file a complaint with a supervisory authority.
2. Rectification
   If we should store Personal Data concerning you that is inaccurate, we will rectify the data without delay after you provide us with information regarding the correct data. If your Personal Data that we have processed is incomplete, you have the right to request that this data is completed, if this is necessary with regard to the purposes for which the data is processed.
3. Erasure
   You have the right to request that we erase your Personal Data, if one of the following conditions applies:
   • The Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
   • The Personal Data was unlawfully processed.
   • Erasure of the Personal Data is required so that we can comply with a legal obligation we are subject to.
   
   Please be aware, however, that even if one of the above conditions is met, the right to erasure does not apply if processing is necessary
   • for exercising the right of freedom of expression and information;
   • for compliance with a legal obligation which requires processing in accordance with EU law or German law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
   • for reasons of public interest in the area of public health, in accordance with Article 9(2) h) and i), as well as Article 9(3) GDPR;
   • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, to the extent that the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
   • for the establishment, exercise or defence of legal claims.
4. Restriction of processing
   You have the right to request that we restrict processing of your Personal Data if one of the following conditions applies:
   • you have contested the accuracy of the Personal Data (restriction is effective for a period which enables us to verify the accuracy).
   • processing is unlawful and instead of the erasure of the Personal Data concerned, you request the restriction of its use.
   • we no longer need the Personal Data for the purposes for which it was collected, but you require this data for the establishment, exercise or defence of legal claims.
   As a consequence of the restriction of processing, such Personal Data will — with the exception of storage — only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
5. Data portability
   Furthermore, you have the right to receive the Personal Data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format, or to have that data transmitted to another controller. The right to data portability only applies to Personal Data where the processing is based on consent (explicit or implied) in accordance with Article 6(1) a) GDPR, or on a contract as defined in Article 6(1) b) GDPR, and where the processing is carried out by automated means. The right to data transmission to another controller is excluded if such transmission adversely affects the rights and freedoms of others (e.g. Personal Data concerning third parties, our confidential commercial or operational information, or intellectual property rights).
6. Right to object
   You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you which is based on Article 6(1) f) GDPR (processing for the purposes of our legitimate interests, or such interests of a third party); this also applies to profiling based on this provision pursuant to Art. 4(4) GDPR. If you file an objection, we will no longer process your Personal Data, unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defence of legal claims.
   
   In the event that we process your Personal Data for direct marketing purposes, you have the right to object at any time to this processing of your Personal Data for the purposes of such marketing; this also applies to profiling, to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, we will no longer process your Personal Data for such purposes.
7. The exercise of any of the rights specified here in Section 15 is in principle free of charge for you.
   However, where such requests are manifestly unfounded or excessive – in particular if they are repetitive – we are entitled under the provisions of Art. 12(5) GDPR to either
   1. charge a reasonable fee which takes into account the administrative costs of providing the information or notification, or taking the action requested, or
   2. refuse to act on the request.
8. To exercise your rights in this regard, kindly contact our data protection officer using the information provided above.
   The officer will be pleased to give you further information regarding data protection.

If you have any questions or concerns about: (a) access to Personal Data; (b) the processing of Personal Data; or (c) this policy or our information-handling practices; (d) whom we share your Personal Data with, or if you need further assistance with respect to the policy, you may contact us as follows:

 BF International Travel AG, Sägereistrasse 20, 8152 Glattbrugg, Switzerland, or at
 support@bedfinder.com

We will make every effort to respond to your questions or concerns promptly after receiving them.

If you believe that we are not duly complying with our data protection obligations towards you, you are entitled to have recourse at any time to the data protection supervisory authorities.

It may become necessary to update this Policy from time to time, for example to take new laws or administrative regulations into account, or new offers on our website. Any information in this regard will be posted here. As a general rule, we recommend that you regularly access and review our Privacy Policy for any such updates. To determine whether the Policy has been updated, you can check the latest version date at the bottom of this document.

You can print and save this Policy directly, for example by using the print or save function in your browser.

Last updated on August 14, 2018