§2 General information regarding data security and
citis2go has taken technical and organizational measures to ensure compliance with statutory data protection provisions including measures against unauthorized data access by unauthorized third parties. However, storage and transmission of data, particularly using email is subject to confidentiality and security risk and depends to a greater extent on the technology used by Customers, Suppliers and technology partners of citis2go. As such technology used is beyond full control of citis2go, it cannot guarantee 100% protection of data stored and / or transmitted.
§3 Collection and Use of Personal Information
Personal information according to §3 (1) of the German Data Protection Act (BDSG) refers to any information concerning the personal or material circumstances of an identified or identifiable natural person such as may be used to learn the identity of that person.
Customers using the citis2go Platform or contacting the citis2go customer support may be required to provide personal information. The personal information collected about Customers enables citis2go (Platform and customer support) to process Customer requests, personalize the booking experience and to further improve both. CITIS2O does not sell such personal information and saves such personal information as needed primarily for the purpose of processing Customer’s booking(s) and providing support during or after a booking has been made. citis2go will not forward personal information to 3rd parties without Customer’s explicit consent unless such forwarding of personal information is:
- Permitted by applicable law e.g. the German Federal Data Protection Act and at the same time required to deliver booked Products to the Customer, i.e. to enable a Supplier to provide or deliver a booked Product to the Customer with the disclosure of personal information being limited to the extent required to book and process the requested Product(s) or service(s).; or
- Required by applicable law (e.g. the German Telecommunications Act); or
- Ordered by a court of competent jurisdiction, e.g. in context of a criminal investigation.
Depending on whether the Customer wishes to obtain general information, book Products or make use of the Customer Support, the Customer may be required to provide one or more of the following personal information items:
- Name (first and family name)
- Postal address
- Date of birth / age
- User name
- Telephone number
- Booking details
- Payment detail
- IP address and timestamp
- Technological information (e.g. operating System, browser, hardware details)
When using the citis2go mobile apps, the functions of the app(s) allow the following personal information to be collected:
- Device brand and mode and its IMEI number
- Unique IMSI number
- Mobile phone number (MSISDN)
- MAC address
- Name and email address of the smartphone owner
Personal information may be stored on servers in Germany and also cloud-based outside Germany, and also outside the European Union and the European Economic Area. Such servers are specially protected against unauthorized access. All employees and/or other persons working for citis2go granted access to personal information will be separately bound to data confidentiality.
Personal information is usually deleted as space requires or in the normal course of business, but can be reviewed, amended or deleted upon Customer’s request at any time. To review, amend, or delete personal information to the extent that there is no legal obligation to retain personal information, or revoke consent to citis2go’s storing of and using Customer’s personal information, Customers may email contact⌭citis2go.com or send a letter to the corporate address of citis2go (Citis2Go c/o Travelcoup AG, Goldbacher Straße 1, DE-63739 Aschaffenburg) to place a respective request. For such requests, no reason needs to be provided and no special format needs to be adhered to.
Personal information of Customers, such as name, gender, postal address, telephone number, date of birth, email address, citizenship is required to process Customer bookings. Depending on the Product, the Platform may require additional personal information for billing purposes and / or personal information of Participants in a Product that may be different from the Customer using the Platform for Product booking purposes. To protect citis2go from misuse, citis2go reserves the right to save IP-addresses and timestamp of Customers during the use of the Platform and for 12 months thereafter, in particular in context of the booking of Products.
Customers that wish to make their first booking or use functions that require registration are offered to save selected personal information listed under section “2. Booking” in a Customer account to make repeat use of the Platform quicker and more convenient. To protect citis2go from misuse, citis2go reserves the right to save IP-addresses and timestamp of Customers during the use of the Platform and for 12 months thereafter in context with a user account registration.
Customers paying for Products booked make use of third party payment processors, e.g. Paypal. citis2go does not save any payment information or personal information related to payments. The security of the payment transactions is guaranteed through SSL (Secure Socket Layer) standard encryption. Confirmations and reports from the payment processor sent to citis2go are also only sent encrypted. Your payment data will be stored in the payment processor’s systems protected with state-of-the-art security technology. Usage data for billing purposes may be transmitted to other providers or third parties if necessary for billing purposes.
Customer Support and Contact Form
Personal information of Customers, such as name, user name, gender, postal address, telephone number, age, email address, approximate dates a Customer visited or used the Platform or used or contacted the citis2go customer support directly or using the citis2go contact form including the subject and details on the query may be collected from Customers with questions, concerns, complaints, inquiries, requests for information or technical support. Such personal information is used to respond to the request for information and / or provide support to Customers as requested.
Marketing, Advertisement and Newsletters
Personal information of Customers such as name, user name, gender, postal address, telephone number, age, email address may be used for CITI2GO’s own marketing and advertising activates using email alerts and / or newsletters, etc. When signing up for an email newsletter or email alert or explicitly agreeing to the receipt of such marketing, advertisement material, citis2go will use the Customer’s email address and or postal address to deliver the email newsletter, alert, etc. that has been requested. To object to such advertising activities and subsequently opt-out of any newsletter, alert, etc. Customers may email contact#(ett)#citis2go.com or send a letter to the corporate address of citis2go (Citis2Go c/o Travelcoup AG, Goldbacher Straße 1, DE-63739 Aschaffenburg) and revoke consent to receiving newsletters, advertisements and promotions which will stop the sending of marketing, advertisement and / or newsletter material.
Customers wishing to download the mobile apps offered by citis2go as part of its Platform, should be aware that necessary personal information is transmitted to the AppStore the Customer is using, in particular:
- User name
- Email address
- Account ID
- Time of download
- Payment information (if applicable)
- Individual device code
citis2go has no influence on the collection of such personal information and is not responsible for it. citis2go processes this data to the extent necessary for Customer to download the app; it is not otherwise stored by citis2go.
§4 Collection and Use of Non-Personal Information
Customers can access and / or use the citis2go Platform anonymously without providing personal information. However, like many ecommerce platforms, citis2go collects the following information (“server log file(s)”) each time the Platform is accessed and / or used:
- Host name of the device accessing the Platform
- Operating system used
- Browser used including its version number,
- Date and time of access / server request(s)
- URL of the page previously visited (also referred to as the “Referrer URL”).
Such collected information will not be combined with other available data and cannot be associated with any individual or entity and is thus, non-personal information.
Collected information regarding a Customer´s the use of the CITIS2GO Platform is stored in non-personal (i.e. anonymous) usage profiles and is also not combined with Personal information.
Non-personal information and usage profiles are used for statistical purposes and to improve the CITIS2GO Platform, Travel Products, advertising, re-targeting, market research, and customer service.
Customers can object to the collection and storing of anonymous non-personal information. Customers can also revoke previously given consent to CITIS2GO’s collection and storage of non-personal information at any time without providing any reason for doing so by sending an email to contact⌭citis2go.com or by sending a letter to the corporate address of CITIS2GO (Citis2Go c/o Travelcoup AG, Goldbacher Straße 1, DE-63739 Aschaffenburg) to place the respective request.
Customers can also object to the building of non-personal usage profiles by configuring their browser in a way that it does not accept cookies and / or by using a browser plugin to protect a Customer’s privacy, e.g. AdBlock, Ghostery, NoScript, etc. CITIS2GO advised Customers to consult the applicable privacy policies before installing such plugins.
Certain providers of advertising and tracking technology have joined industry associations, allowing Customers to centrally opt-out of receiving targeted online ads by any of the members of the respective association. You can find such multi-provider opt-out solutions here:
European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/
Digital Advertising Alliance (DAA): www.aboutads.info/choices/
Network Advertising Initiative (NAI): http://www.networkadvertising.org/choices/
Advertisements on Mobile Devices / Apps
For advertising purposes on mobile devices including but not limited to the use of the citis2go mobile apps, citis2go uses the so-called “Advertising Identifier” (IDFA). This is a unique, non-personalized and non-permanent identification number for a certain device provided by iOS or Android. The data collected is not associated with other device-related information. This IDFA is used to provide personalized advertising and analyze how a Customer is using the mobile app.
If the Customer activates the “No ad tracking” feature in a Customer’s operating system’s settings (e.g. under Privacy > Advertising in iOS), citis2go is restricted to the following actions: measuring a Customer’s interaction with banner ads by counting the number of times a banner is displayed without receiving a click (“frequency capping”), CTR, counting unique users, as well as security measures to combat fraud and error recovery. You can delete the IDFA (e.g. “Reset Ad-ID” in iOS) in the Customer’s device settings at any time, then a new IDFA will be created that cannot be merged with the previous data. Please note, however, that in this case a Customer may not be able to use all features of citis2go’s Platform to its full extent.
In addition, citis2go may serve ads on its Platform. In doing so the citis2go ad server may place or read a unique ad-serving cookie on a Customer’s device. If a Customer has visited the Platform by clicking on a banner ad for citis2go’s Products, a temporary or “session” cookie may be set on the Customer’s device. This cookie will contain either an identification number for the ad that was clicked on, or will contain an identification number for the site that was visited when the Customer clicked on the banner ad. After the Customer has arrived at the citis2go Platform, and requests further information from citis2go about its Products, the personal information provided during that request will be linked to the information in the session cookie so that citis2go can measure the effectiveness of the advertising. This “linking” will not be used to target future advertisements to the Customer or to send the Customer electronic messages about its Products, unless consented to by the Customer. As this is a session cookie, it will disappear from the Customer’s device once e.g. the browser has been closed. If a Customer returns to the Platform later, such Customer will appear as a new visitor until they provide personal information.
The citis2go Platform uses Google Analytics, a web analysis service provided by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter referred to simply as “Google”). Google Analytics also uses “cookies”. These text files are stored on a Customer’s devices and enable an analysis of how the Platform is used. The information generated by the cookie about the usage by the Customer is generally transmitted to and stored in a Google server in the USA. If IP anonymization is activated, a Customer’s IP address will however first be truncated by Google within the member states of the European Union or in other signatory states party to the Agreement on the European Economic Area. Only in exceptional cases is a complete IP address transmitted to a Google server in the USA and abbreviated there. IP anonymization is active on citis2go’s Platform.
Customers can additionally prevent the collection of data produced by cookies and associated with their Platform use (including IP address), and its transmission and processing by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/... More information is available at: https://support.google.com/...
citis2go uses AdSense, an online advertising service. This is designed to present Customers with advertising that matches their interests. These plugins can be identified by the logo saying “Google Ad”. Google is informed when a Customer visits the citis2go Platform by storing a cookie on the Customer’s device which transmits the data. In addition, so-called web beacons are used. These are invisible images that can analyze Customer’s behavior on the citis2go Platform. Google will not link the IP address transferred by a Customer’s browser as part of Google AdSense with any other data held by Google. citis2go has no influence on the data that Google collects in this way nor does it know the scope of the data collected by Google. This data is transmitted to the United States where it is evaluated. This information can be passed on from Google to its contractors or government bodies.
This site might also enable third-party Google AdSense ads. The above data may be transmitted to these third parties (the list can be found at https://support.google.com/dfp_sb/answer/94149).
By changing the settings of the browser, in particular by refusing to allow third-party cookies from being set; this means that the Customer will no longer receive any third-party ads
By disabling the interest-based ads provided by Google copying the link https://support.google.com/ads/answer/2662922?hl=en in the address bar of the browser; this setting will be cancelled whenever a Customer deletes cookies on his or her device(s); By permanently deactivating ads provided by Google copying the link http://www.google.com/settings/ads/plugin in the address bar of the browser. However, that in this case Customers may not be able to use all features of the CITIS2GO Platform to its full extent. By disabling the interest-based ads of providers who participate in the self-regulatory “About Ads” campaign. Customers may click on the following link www.aboutads.info/choices to decide to opt out of provider advertisements. This setting will be cancelled whenever a Customer deletes cookies on his or her device(s).
CITIS2GO's Platform uses Hotjar tracking technology. This tracking technology enables Hotjar to collect and store usage data in pseudonymous profiles for the purposes of web analysis and interest-based advertising. The tracking technology and analysis functions are offered by Hotjar, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe.
Hotjar inserts a tracking code onto Hotjar-enabled websites or devices which is transmitted to Hotjar servers based in Ireland (EU). This tracking code contacts Hotjar's servers and provides a script to a Customer’s computer or device accessing the Hotjar-enabled website or device. The script will capture specific data related to the viewer's interaction with that particular website or device. This information is then sent to Hotjar's servers for processing. A detailed description of the functionality can be reviewed at https://docs.hotjar.com/v1.0/docs/data-safety-and-security.
Customers can opt-out of Hotjar’s data collection and storage at any time with effect for the future by setting an opt-out-cookie on a Customer’s device via the website of the EDAA at https://www.youronlinechoices.com/.
§5 Social Media Plugins
citis2go’s Platform uses social plugins (“Plugins”) provided by the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identifiable by a Facebook logo (e.g. white “f” on a blue tile, the terms “Like”, “Share”, or a “thumbs up” sign) or with the phrase “Facebook social plugin”. The list and the look of Facebook social plugins can be viewed at https://developers.facebook.com/docs/plugins.
When a Customer uses the citis2go Platform and it contains such a plugin, the browser is directly connected to the Facebook servers. The content of the plugin is transferred from Facebook directly to a Customer’s browser, which then embeds it into the webpage. citis2go therefore has no influence on the amount of data that Facebook collects with the help of this.
By integrating the plugin, Facebook receives the information that a Customer has accessed the corresponding page. If the Customer is logged into Facebook, Facebook can assign the visit to their Facebook account. If the Customer interacts with the plugins, for example, clicks the Like button or writes a comment, the corresponding information is transmitted from their browser directly to Facebook and stored there. If the Customer is not a member of Facebook, there is still the possibility that Facebook will receive their IP address and store it. According to Facebook, in Germany only an anonymous IP address will be stored.
If a Customer is a Facebook member and does not want Facebook to collect data about them from citis2go’s Platform and link such collected data to member data stored on Facebook, a Customer must log out of Facebook before visiting the citis2go Platform.
citis2go’s Platform uses Twitter plugins. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. They can be identified by terminology such as “Twitter” associated with a stylized blue or white bird. Using the plugin, it is possible to share a post or page on this platform on Twitter or to follow citis2go on Twitter.
When a Customer visits a page on the citis2go Platform and it contains such a plugin, the browser is directly connected to the Twitter servers. The content of the plugin is transferred from Twitter directly to the Customer’s browser, which then embeds itself into the page. citis2go therefore has no influence on the amount of data that Twitter collects with the help of this plugin.
citis2go’s Platform uses plug-ins and APIs of the social network Instagram, operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The Instagram plugin is recognizable with the “Follow Button” and in the form of a “Gallery Preview” on the platform.
When a Customer visits a page on the citis2go Platform and it contains such a plugin, a direct connection between the browser and the Instagram server is established by means of the plugin. This enables Instagram to receive the information that the Customer has visited citis2go’s Platform from a certain IP address. If the Customer clicks on the Instagram button or window when he or she is logged into the personal Instagram account, the Customer can link certain content of citis2go’s Platform to the his or her Instagram profile. This means that Instagram can associate visits to the citis2go Platform with a Customer’s Instagram account.
§6 Closing Provisions
Version: January 1st, 2018