The Protection Of Your Personal
Data Is Important To Us. With This Privacy Policy, We Would Like To Explain To
You In More Detail What Personal Data We Collect And For What Purposes This
Data Is Processed.
Controller And Contact
The Controller For Purposes Of
Processing Your Personal Data Is:
Excursions Jordan For Tourism
Marketing
Aqaba
Jordan
If You Have Any Questions Or
Suggestions Regarding Data Protection Or Would Like To Exercise Your Rights,
Please Feel Free To Contact Us At The Following Link:
Subject Of Data Protection
The Subject Of Data Protection Is
Personal Data, I.E. All Information Relating To An Identified Or Identifiable
Natural Person. Personal Data Is Also Referred To Simply As Data In The
Following.
Automated Data Collection
When Accessing Our Website, Your
End Device Automatically Transmits Data For Technical Reasons. The Following
Data Is Stored Separately From Other Data That You May Transmit To Us:
·
URL Of The Page Accessed
·
Latency Of The Network
Connection
·
Date And Time
We Store This Data For The
Following Purposes:
·
For Load Balancing, I.E. To
Distribute Access To Our Website Across Several Devices And To Be Able To Offer
You The Fastest Possible Loading Times;
·
To Ensure The Security Of
Our IT Systems, E.G. To Defend Against Specific Attacks On Our Systems And To
Recognise Attack Patterns;
·
To Ensure The Proper
Operation Of Our IT Systems, E.G. If Errors Occur That We Can Only Rectify By
Storing The IP Address;
·
To Enable Criminal
Prosecution, Averting Of Danger Or Legal Prosecution In The Event Of Specific
Indications Of Criminal Offences.
Your IP Address Is Only Stored
For A Period Of 30 Days.
In This Case, The Processing Is
Carried Out To Ensure The Security Of The Processing In Accordance With Art. 32
GDPR, As Well As On The Basis Of Our Legitimate Interest In Protecting
Ourselves Against Misuse Of Our Service (Art. 6 Para. 1 Lit. F GDPR).
Excursions Jordan Account
Registration
You Have The Option To Create A
Excursions Jordan Customer Account, For Example To Manage Bookings, Save
Favourites Or View Past Bookings. To Do So, You Need To Provide The Following
Mandatory Information:
·
Surname/First Name
·
E-Mail Address
·
Passwords
Alternatively, You Can Log In
With Your Facebook, Google Or Apple Account. In This Case, We Receive The
Following Personal Data From Facebook Or Google Or Apple In Order To Create A
User Account For You:
·
Name
·
E-Mail Address
·
Photo (Facebook Only)
·
An Authentication Token
Your Registration Data Is
Required To Set Up And Manage A User Account For You. In This Case, You
Conclude A (Free) User Agreement With Us, On The Basis Of Which We Collect This
Data (Art. 6 Para. 1 Lit. B GDPR).
In Order To Conclude The
Agreement, You Must Provide Us With This Data. However, You Are Neither
Contractually Nor Legally Obliged To Conclude The Agreement And Thus To Provide
The Data.
Wish Lists
After You Have Created A Customer
Account, You Have The Option To Create Wish Lists With Activities And Tours And
To Share These Wish Lists With Other Users. Your Data Is Processed For These
Purposes In Order To Be Able To Provide You With The Corresponding Functions
(Art. 6 Para. 1 Lit. B GDPR).
Reviews And Ratings
Our Website Offers The
Possibility To Rate And Comment On Tours Or Activities. After You Have
Completed A Tour Booked Via Our Website, We May Ask You To Rate It Accordingly.
Submitting A Rating Is, Of Course, Voluntary. When You Submit A Rating, We
Collect The Data You Enter In Order To Process It According To The Function You
Use And Publish It On Our Website. You Can Have A Rating Deleted At Any Time By
Contacting Our Customer Service.
The Processing Of Your Data For
These Purposes Is Done To Protect Our Legitimate Interest In Providing Our Users
With As Much Information As Possible About The Tours We Offer. User Ratings Are
Also In The Interest Of All Users. Accordingly, The Processing Is Based On Art.
6 Para. 1 Lit. F GDPR.
Customer Support
Processing Of Enquiries
If You Send Us Enquiries By E-Mail,
By Telephone, Via Our Contact Form, By WhatsApp, Via Our Social Media Channels
Or By Any Other Means, We Will Process The Information You Provide In
Connection With This In Order To Process Your Enquiry (Art. 6 Para. 1 Lit. B
GDPR). Further Storage Of The Data Transmitted Within The Context Of Your
Enquiry Is Based On Our Legitimate Interest In The Proper Documentation Of Our
Business Operations And The Safeguarding Of Our Legal Positions (Art. 6 Para. 1
Lit. F GDPR) And, If Applicable, For The Fulfilment Of Legal Obligations (Art.
6 Para.1 Lit. C GDPR).
Your Request Will Be Processed By
Our Processor, Excursions Jordan Global Services.
For The Processing Of Enquiries,
We Or Excursions Jordan Global Services Use Systems Provided By Freshworks Inc.
Based In The USA ("Freshworks"). Accordingly, Your Enquiries Are
Stored On Freshworks's Servers. There Is No EU Commission Adequacy Decision For
The USA. We Have Therefore Concluded The Standard Contractual Clauses Approved
By The EU Commission With Freshworks In Accordance With Art. 46 Para. 2 Lit. C
GDPR. In Addition, The Data Is Stored In Frankfurt, Germany.
For The Processing Of Telephone
Enquiries, We Or Excursions Jordan Global Services GmbH Use Systems Provided By
Talkdesk Inc. Based In The USA ("Talkdesk"). There Is No EU
Commission Adequacy Decision For The USA. We Have Therefore Concluded The
Standard Contractual Clauses Approved By The EU Commission With Talkdesk In
Accordance With Art. 46 Para. 2 Lit. C GDPR. In Addition, The Data Is Stored In
Ireland.
For The Processing And
Administration Of Enquiries Via Our Social Media Channels, We Or Excursions
Jordan Global Services GmbH Also Use The Services Of NICE Ltd, Based In The UK.
Therefore, We Have Concluded The Standard Contractual Clauses Approved By The
EU Commission With NICE In Accordance With Art. 46 Para. 2 Lit. C GDPR.
Improvement Of Customer
Service
In Order To Continuously Improve
Our Customer Service, We Analyse Enquiries Sent To Us On The Basis Of Certain
Parameters And Keywords. Although, As A Matter Of Principle, No Analysis Is
Carried Out On The Basis Of Personal Data, It Cannot Be Ruled Out That, In
Individual Cases, Personal Data May Also Be Processed Within This Context. The
Processing Required Within This Context Serves Our Legitimate Interest As Well
As That Of Our Customers In The Continuous Improvement Of Our Customer Service
(Art. 6 Para. 1 Lit. F GDPR).
For The Evaluation Of Enquiries,
We Use The Systems Of The Providers Chattermill Analytics Limited (Great
Britain), Miuros S.A.S. (France) And Looker Data Sciences, Inc. (USA). There Is
No EU Commission Adequacy Decision For The USA. We Have Therefore Concluded The
Standard Contractual Clauses Approved By The EU Commission With Looker Data
Sciences, Inc. Pursuant To Art. 46 Para. 2 Lit. C GDPR.
Translations
In Certain Cases, It Is Necessary
For Us To Translate Incoming Requests Into A Specific Language. This May
Require The Processing Of Personal Data Necessary To Protect Our Legitimate
Interest In Providing International Customer Service, Art. 6 Para. 1 Lit. F
GDPR. For This Purpose, We Use The Service Of Unbabel Inc. Based In The USA
("Unbabel"). There Is No EU Commission Adequacy Decision For The USA.
We Have Therefore Concluded The Standard Contractual Clauses Approved By The EU
Commission With Unbabel In Accordance With Art. 46 Para. 2 Lit. C GDPR.
Storage And Evaluation Of
Telephone Calls
Telephone Calls Are Only Stored
And Analysed If You Have Given Us Your Prior Consent. We Will Only Use This
Data For The Purpose Of Improving Our Customer Service. The Recordings Will Be
Deleted After Three Months. The Legal Basis Is Art. 6 Para. 1 Lit. A GDPR. You
Have The Option To Revoke Your Consent At Any Time By Contacting One Of The
Contact Channels Mentioned In This Privacy Policy. This Will Not Affect The
Lawfulness Of The Processing Carried Out By Us Until Your Revocation.
Technical Service Providers
We Use Technical Service
Providers For Hosting And Some Of The Services Required For The Website.
Accordingly, The Processing Of Data Takes Place On The Servers Of These Service
Providers. These Service Providers Only Process The Data According To Our
Explicit Instructions And Are Obliged To Guarantee Sufficient Technical And
Organisational Measures For Data Protection. Consequently, Our Service
Providers Act For Us As So-Called Processors Within The Meaning Of Art. 28
GDPR.
Hosting Of The Website
For The Hosting Of Our Website,
We Use The Services Of Amazon Web Services EMEA S.A.R.L. ("AWS")
Based In Luxembourg. Accordingly, When You Interact With Our Website Or Provide
Personal Data, It Is Processed On AWS Servers. We Only Use Servers Located In
The European Union. To Cover Remote Maintenance And Similar Constellations, We
Have Concluded The Standard Contractual Clauses Approved By The EU Commission
With AWS In Accordance With Art. 46 Para. 2 Lit. C GDPR.
E-Mail System
For Sending Emails, We Use The
Sendgrid Service Of Twilio Inc Based In The USA ("Twilio"). There Is
No Adequacy Decision For The USA. We Have Therefore Concluded The Standard
Contractual Clauses Approved By The EU Commission Pursuant To Art. 46 Para. 2
Lit. C GDPR With Twilio.
Newsletter
You Have The Option On Our
Website To Register For Our Newsletter. With Our Newsletter, We Would Like To
Send You Information On Offers, Tours, Activities Or Special Promotions That Is
As Personalised As Possible. By Registering For Our Newsletter, You Therefore
Consent To Us Processing Your Email Address For The Purpose Of Sending The
Newsletter. The Legal Basis For This Processing Is Art. 6 Para. 1 Lit A GDPR.
You Can Revoke Your Consent At Any Time By Unsubscribing From Our Newsletter.
To Do This, You Can Use The Unsubscribe Link Contained In Every Email Or Send
Us A Message Using The Link [email protected] To Verify Your E-Mail
Address, You Will First Receive A Registration E-Mail, Which You Must Confirm
Via A Link (Double Opt-In). When You Register For The Newsletter, We Store The
IP Address And The Date And Time Of Registration. The Processing Of This Data
Is Necessary In Order To Be Able To Prove That Consent Has Been Given. The
Legal Basis Results From Our Legal Obligation To Prove Your Consent (Art. 6
Para. 1 Lit. C In Conjunction With Art. 7 Para. 1 GDPR).
If You Have Booked A Tour Via Our
Website Or Created An Excursions Jordan
Account, We Will Send You Our Newsletter Based On Our Legitimate Interest In
Promoting Similar Services To Your Bookings Or Account (Art. 6 Para. 1 Lit. F
GDPR, § 7 Para. 3 UWG), Unless You Have Objected To This Use. If Cookies Are
Used For Personalisation, We Will Obtain Your Separate Consent.
You Can Object To This At Any
Time – Even During Registration – By Deselecting The Corresponding Checkbox Or
Clicking The Unsubscribe Link In The Respective E-Mails.
For The Dispatch Of Our
Newsletter And The Personalisation Of Content, We Use The Services Of The
Provider Braze Inc. Based In The USA ("Braze"). There Is No EU
Commission Adequacy Decision For The USA. We Have Therefore Concluded The
Standard Contractual Clauses Approved By The EU Commission With Braze In Accordance
With Art. 46 Para. 2 Lit. C GDPR.
Bookings & Payments
Bookings
When You Book A Tour, Activity Or
Similar On Our Site, We Collect The Data Required To Carry Out The Tour. This
Usually Includes The Following Information: First And Last Name, Billing
Address, Email Address, Telephone Number, Number Of Participants, Date And
Time. Depending On The Activity Booked, It May Also Be Necessary For Us To
Collect Further Information, Such As Your Flight Number Or The Age Of The
Participants. The Processing That Takes Place In Connection With This Is Based
On Art. 6 Para. 1 Lit. B GDPR. To The Extent Necessary, We Will Transfer Your
Data To The Body Responsible For The Tour Or Activity. If A Transfer To A Third
Country Outside The European Economic Area Is Necessary, This Is Based On Art.
49 Para. 2 Lit. B, C GDPR. If You Make Bookings Via Partner Sites, We Receive
The Data Required To Make The Booking From The Partner.
Payments
You Have Various Options For
Paying For Your Booking. In Doing So, We Will Process The Data Required In Each
Case Depending On The Selected Payment Method. Within This Context, Your
Personal Data Will Be Processed As Described Below, Which Is Based On Art. 6
Para. 1 Lit. B GDPR And Is Necessary To Carry Out The Payment Method You Have
Chosen.
Credit Card Payments
For The Processing Of Payments By
Credit Card, We Use The Service Provider VISA MEPS JORDAN Which Is Based In
JORDAN. The Data Provided During Your Payment Will Be Forwarded By Adyen To The
Respective Banks Or Financial Institutions For The Purpose Of Processing The
Payment. In The Case Of Payments By Credit Card, We Only Receive The
Information That A Payment Has Or Has Not Been Made. We Therefore Have No
Knowledge Of Your Credit Card Number.
Payment Via PayPal
If You Have A PayPal Account, You
Can Also Process Your Payment Via PayPal. In This Case, We Receive From PayPal
Not Only The Information That A Payment Has Been Made, But Also The E-Mail
Address And Address You Have Registered With PayPal.
Fraud Prevention
In Order To Protect Ourselves And
The Activity Providers From Fraudulent Bookings, We Evaluate The Information
Provided By Our Customers During The Booking Process, Including The Data
Technically Transmitted By Their Device, Insofar As This Is Necessary To Protect
Our Legitimate Interest And That Of The Activity Providers In Reliable Bookings
(Art. 6 Para. 1 Lit. F GDPR).
For This Purpose, We Use Services
Of The Providers Sift Science, Inc. (USA), Adyen N.V. (Netherlands) And Ethoca
Inc. (Canada). There Is No EU Commission Adequacy Decision For The USA. We Have
Therefore Concluded The Standard Contractual Clauses Approved By The EU
Commission With Sift Science, Inc. Pursuant To Art. 46 Para. 2 Lit. C GDPR. For
Canada, There Is An Adequacy Decision By The EU Commission In Accordance With
Art. 45 Of The GDPR For Processing By Private-Sector Organisations.
Protection Against Bots
To Protect Us From Bots And
Similar Technologies, We Use The Cheq Service Provided By CHEQ AI Technologies
Ltd. Based In Israel ("Cheq"). Cheq Will Use The Data Automatically
Transmitted By Your Device To Determine Whether The Request Most Likely
Originates From A Human. No Further Storage Of The Data Will Take Place. The
Processing Is Carried Out In Order To Ensure The Security Of The Processing In
Accordance With Art. 32 GDPR And On The Basis Of Our Legitimate Interest In
Protecting Ourselves Against Misuse Of Our Service (Art. 6 Para. 1 Lit. F
GDPR). For Israel, There Is An Adequacy Decision Of The EU Commission According
To Art. 45 GDPR.
Cookies
We Use So-Called
"Cookies" To Offer Certain Functions Of Our Website And To Optimise
The Use Of Our Website. "Cookies" Are Small Files That Are Stored On
Your Device With The Help Of Your Internet Browser.
Specifically, We Use (Unless
Other Cookies Are Specified Elsewhere In This Privacy Policy Or Our Cookie
Consent) The Following Cookies:
·
Session Cookies: These
Cookies Are Needed To Store Certain Technical Data During Your Visit To Our
Website, E.G. To Determine Whether You Have Logged In.
·
Persistent Cookies: These
Cookies Are Needed To Store Data Beyond A Browser Session If You Wish To Do So.
The Legal Basis For The Use Of
These Cookies Is § 15 Para. 1 Of The German Telemedia Act (TMG) Or Art. 6 Para.
1 B GDPR, Insofar As They Are Necessary For The Use Of Our Website And The
Functions You Have Accessed. Otherwise.
Marketing And Remarketing
Services
Use Cookies – As Described Below
– On The Basis Of Your Consent. Evaluation Of Advertising On The Web And On
Social Media Platforms
We Place Advertisements, Widgets,
Paid Links, Etc. On Third-Party Sites On The Web And On Social Media Platforms.
In Order To Measure The Success Of Our Advertisements, Cookies Are Set –
Insofar As You Have Consented – When You Are Redirected From The Relevant Third-Party
Site To Our Website In Order To Use Them To Analyse Click Behaviour For Billing
Purposes. The Use Of The Cookies And The Analysis Of Your Click Behaviour Is
Based On Your Consent, Which We Obtain Before The Respective Cookie Is Set
(Art. 6 Para. 1 Lit. A GDPR). You Can Revoke Your Consent At Any Time Via Our
Cookie Consent Manager. This Does Not Affect The Lawfulness Of The Processing
Carried Out Until Your Revocation.
With Regard To Our Social Media
Advertising, We Use A Service Provided By Smartly.Io Solutions Oy, Based In
Finland, To Analyse The Success Of Our Advertisements.
Google Services
We Use The Services Of Google
LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA
("Google") Described Below. There Is No EU Commission Adequacy
Decision For The USA. We Have Therefore Concluded The Standard Contractual
Clauses Approved By The EU Commission With Google In Accordance With Art. 46
Para. 2 Lit. C GDPR.
Basic Information On The
Processing Of Your Personal Data By Google Can Be Found Here:
Https://Policies.Google.Com/Privacy?Hl=En.
You Also Have The Following
Setting Options With Google:
· You Can Deactivate Personalised Advertising From Google: Google
You Can Disable Personalised Advertising By Browser
Google Analytics 360
If You Have Consented, We Use
Google Analytics 360, A Web Analytics Service. Google Analytics 360 Collects
Pseudonymous Data From You About The Use Of Our Website, Including Your Shortened
IP Address, And Uses Cookies. This Data Is Transmitted To A Google Server In
The USA And Stored There. Google Will Use This Information For The Purpose Of
Evaluating Your Use Of The Website, Compiling Reports On Website Activity, And
Providing Other Services Relating To Website Activity And Internet Usage.
Google May Also Transfer This Information To Third Parties Where Required To Do
So By Law, Or Where Such Third Parties Process The Information On Google's
Behalf.
Your Data Will Be Stored By
Google Analytics For A Period Of 14 Months. After This Period, The Data Is
Deleted And Only Aggregated Statistics Are Kept.
The Use Of Google Analytics Is
Based On Your Consent (Art. 6 Para. 1 Lit. A GDPR).
You Can Revoke Your Consent At
Any Time And Deactivate Google Analytics Using A Browser Add-On. You Can
Download This Here: Http://Tools.Google.Com/Dlpage/Gaoptout. Alternatively, You
Can Revoke Your Consent As Described Here:
Https://Developers.Google.Com/Analytics/Devguides/Collection/Analyticsjs/User-Opt-Out.
You Can Also Revoke Your Consent Via Our Cookie Consent Manager. This Does Not
Affect The Lawfulness Of The Processing Carried Out Until Your Revocation.
Google Remarketing &
Advertising Personalisation On The Google Network
If You Have Consented, We Use
Remarketing Services From Google. Google Uses Cookies To Record Your Usage
Behaviour On Our Website In Order To Display Interest-Based Advertising For Our
Products On Other Pages Within The Google Advertising Network Across Devices.
This Includes Google Search And Other Sites Operated By Google And Its
Subsidiaries, As Well As Sites Operated By Google's Advertising Partners. The
Information Is Transmitted Accordingly To Google And Google's Partners.
Additional Data Processing Will Only Take Place If You Have Consented To Google
Linking Your Browsing History To Your Google Account And Using Information From
Your Google Account To Personalise The Ads You See On The Web. In This Case,
Google Will Use Your Data Together With Google Analytics Data To Create And
Define Target Group Lists For Remarketing. To Do This, Your Personal Data Will
Be Temporarily Linked By Google With Google Analytics Data To Form Target
Groups.
The Use Of These Services Is
Based On Your Consent (Art. 6 Para. 1 Lit. A GDPR).
YouTube Pixel
If You Have Consented, We Use The
YouTube Pixel. This Is A Tracking Code That Is Loaded When Our Website And
Certain Subpages Are Accessed And When Certain Actions Are Performed, And Thus
Tracks Your Behaviour On Our Website. The Pixel Also Collects Usage Data (Such
As URL, Referrer URL, IP Address, Device And Browser Properties And Timestamp).
We Send This Information To Google So That Google Can Display Advertisements On
YouTube According To Your Behaviour On Our Website.
We Use The YouTube Pixel On The
Basis Of Your Consent (Art. 6 Para. 1 Lit. A GDPR). You Can Revoke Your Consent
At Any Time Via Our Cookie Consent Manager. This Does Not Affect The Lawfulness
Of The Processing Carried Out Until Your Revocation.
Google Enhanced Conversions
This Technology Is Based Neither
On Cookies Nor On Pixels. When You Use Our Website And Are Redirected By A
Google Ad, We Send A Hashed Identifier And Information About Possible Purchases
To Google. Google Will Use This Information Only To Understand Which Ad You
Clicked, To Measure The Success Of Certain Ads And To Provide Us With This
Information In Aggregate Form. In Particular, Google Will Not Use The Data To
Serve Targeted Ads To You Or To Other Users, Or Store Or Use The Data For Any
Other Purpose. We Transmit This Data On The Basis Of Our Legitimate Interest In
Controlling Our Marketing Activities (Art. 6 Para. 1 Lit. F GDPR).
Facebook Services
We Use The Services Of Facebook
Ireland Limited ("Facebook") Described Below. Please Note That This
May Also Involve Processing By Facebook Inc. Based In The USA. There Is No EU
Commission Adequacy Decision For The USA. In This Case, Facebook Will Use The
Standard Contractual Clauses Approved By The EU Commission, Which Constitute A
Suitable Guarantee Within The Meaning Of Art. 46 Para. 2 Lit. C GDPR For The
Transfer To Third Countries.
Basic Information On The Further
Processing And Use Of Your Data By Facebook As Well As Your Setting Options For
Protecting Your Privacy With Facebook Can Be Found In Facebook's Privacy Policy
At Https://Www.Facebook.Com/Privacy/Explanation.
Facebook Pixel
If You Have Consented, The
Facebook Pixel Is Used On Our Website. This Is A Javascript Code. The Facebook
Pixel Records When You Perform Certain Actions On Our Website Or Visit Certain
Areas On Our Website. The Facebook Pixel Also Collects Usage Data (Such As URL,
Referrer URL, IP Address, Device And Browser Characteristics And Timestamp).
The Facebook Pixel Generates A Checksum (Hash Value) From This Information And
Transmits This Hash Value To Facebook. If Available, The Facebook Cookie Is
Also Addressed And Your Facebook ID Is Transmitted. If You Have A Facebook
Profile And Log In There, You Can Be Presented With Targeted Personalised
Advertising On Facebook Based On The Data Transmitted By The Pixel. Data From
Users Who Do Not Have A Facebook Profile Is Discarded By Facebook Without Being
Used.
We Use The Facebook Pixel On The
Basis Of Your Consent (Art. 6 Para. 1 Lit. A GDPR). You Can Revoke Your Consent
At Any Time Via Our Cookie Consent Manager. This Does Not Affect The Lawfulness
Of The Processing Carried Out Until Your Revocation.
Facebook Server-To-Server
This Technology Is Based Neither
On Cookies Nor On Pixels. When You Use Our Website And Are Redirected By Facebook,
We Send Your Facebook Click-ID And Information About Possible Purchases And
Other Actions On Our Website To Facebook. Facebook Will Use This Information To
Understand Which Ad You Clicked, To Measure The Success Of Certain Ads And To
Provide Us With This Information In Aggregate Form. Facebook Will Not Use The
Data To Serve Targeted Ads To You Or Other Users. We Transmit This Data On The
Basis Of Our Legitimate Interest In Controlling Our Marketing Activities (Art.
6 Para. 1 Lit. F GDPR).
Other Remarketing Services
If You Have Consented, We Also
Use The Remarketing Services Described Below On Our Website. In Each Case, Your
Usage Behaviour On Our Website Is Analysed Using Cookies. The Providers Will
Use This Information To Play Personalised Advertising On Third-Party Sites.
·
Remarketing Service Of
Criteo S.A. Based In France ("Criteo"). Criteo Will Serve
Personalised Advertising On Sites Connected To The Criteo Network.
·
Remarketing Services
Provided By Microsoft Ireland Operations Limited, Based In Ireland
("Microsoft"). Microsoft Will Use The Cookie Information To Serve
Personalised Advertisements Through The Bing Search Engine And To Display
Advertisements To You On Third-Party Sites.
·
Remarketing Service
Provided By Outbrain Inc Based In The USA ("Outbrain"). Outbrain Will
Use The Cookie Information To Show You Personalised Advertising On Third-Party
Sites.
·
Remarketing Service
Provided By Snap Group Limited Based In The UK ("Snapchat"). Snapchat
Will Use The Cookie Information To Show You Personalised Advertising.
We Use These Services On The
Basis Of Your Consent (Art. 6 Para. 1 Lit. A GDPR). You Can Revoke Your Consent
At Any Time Via Our Cookie Consent Manager. This Does Not Affect The Lawfulness
Of The Processing Carried Out Until Your Revocation.
Integrated Third-Party Content
We Have Also Integrated
Third-Party Content On Our Website. This Content Is Loaded From The Servers Of
The Respective Providers, So That Your End Device Transmits Certain Technically
Necessary Data To The Third-Party Provider. In Particular, It Cannot Be Ruled
Out That These Providers May Take Note Of The IP Address Assigned To You.
Insofar As Personal Data Is Processed, This Is Done On The Basis Of The Privacy
Policies Of The Respective Third-Party Providers. The Integration By Us Is
Based On Our Legitimate Interests In Being Able To Provide Our Users With The
Corresponding Content And Functionalities And To Be Able To Operate Our Website
Economically, Art. 6 Para. 1 Lit. F GDPR. In Detail, We Integrate The Following
Third-Party Content:
·
Contentstack: We Have
Integrated Content From The Content Delivery Network Contentstack Of
Contentstack LLC, Which Is Based In The USA. Please Note That There Is No EU
Commission Adequacy Decision For The USA. We Have Therefore Concluded The
Standard Contractual Clauses Approved By The EU Commission With Contentstack
LLC In Accordance With Art. 46 Para. 2 Lit. C GDPR. For More Information On
Data Protection At Contentstack LLC, Please Visit:
Https://Www.Contentstack.Com/Privacy.
Social Media
We Operate Pages Or Profiles On
Various Social Media Platforms. Within This Context, Personal Data Is Processed
As Described Below.
If You Interact With Us Via Our
Social Media Sites Or Our Posts, We Will Collect And Process The Information
You Provide In Connection With This, Including Your User Name And Any Profile
Photo, If Applicable, For Example If You Mark A Post With "Like",
Share Or "Retweet", Comment Or Provide Other Content. The Data
Processing In This Regard Is Regularly Carried Out On The Basis Of Our
Legitimate Interest In Providing The Corresponding Functions On Our Social
Media Pages (Art. 6 Para. 1 Lit. F GDPR) And, If Applicable, On The Basis Of
Your Consent Vis-À-Vis The Operator Of The Respective Network (Art. 6 Para. 1
Lit. A GDPR) Or Your Contractual Relationship With The Operator (Art. 6 Para. 1
Lit. B GDPR). Please Also Note That This Content Is Published On Our Relevant
Social Media Sites According To Your Account Settings And Can Be Accessed By
Anyone Worldwide.
Further Data Processing By Us May
Take Place In Order To Be Able To Accept And Process Enquiries Or Messages Via
Our Social Media Sites (Art. 6 Para. 1 Lit. B GDPR).
In Addition, The Respective
Operators Collect And Process Personal Data From You In Their Own Data Protection
Responsibility When You Visit Our Social Media Sites And/Or Interact With Them
Or Our Posts. This Applies In Particular If You Are Registered Or Logged In To
The Relevant Network. Even If You Are Not Logged In To A Network, The Operators
Collect Certain Personal Data When You Access The Page, Such As Unique
Identifiers That Are Linked To Your Browser Or Device. Please Note That This
Data May Be Aggregated Across Different Platforms And Services If They Are
Operated By The Same Operator. For Example, Both Facebook And Instagram Are
Operated By Facebook Ireland Limited. Further Information Can Be Found In The
Data Protection Notices Of The Respective Operators, To Which We Refer Below.
Specifically, We Operate The
Following Social Media Presences:
Facebook
You Can Find Our Facebook Fan
Page At:
Https://Www.Facebook.Com/Profile.Php?Id=100085240023228
Facebook Is Operated By Facebook
Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
("Facebook"). If You Visit Or Like Our Facebook Page As A Registered
Facebook User, Facebook Collects Personal Data From You. Even If You Are Not
Registered With Facebook And Visit Our Facebook Page, Facebook May Collect
Pseudonymous Usage Data From You. For More Information, Please See Facebook's
Data Policy At Https://Www.Facebook.Com/About/Privacy/ And At
Https://Www.Facebook.Com/Legal/Terms/Information_about_page_insights_data. In
The Data Policy, You Will Also Find Information On The Settings Options For
Your Facebook Account.
Your Personal Data May Also Be
Provided To Other Facebook Companies. This May Involve The Transfer Of Personal
Data To The USA And Other Third Countries For Which There Is No EU Commission
Adequacy Decision. In This Case, Facebook Will Use The Standard Contractual
Clauses Approved By The EU Commission. Further Information Can Also Be Found In
Facebook's Data Policy.
In Addition, As Part Of The
Operation Of Our Facebook Page, We Are Jointly Responsible With Facebook For
The Processing Of So-Called Page Insights. With The Help Of These Page
Insights, Facebook Analyses The Behaviour On Our Facebook Page And Provides Us
With This Information In Non-Personal Form. For This Purpose, We Have Concluded
A Joint Data Protection Responsibility Agreement With Facebook Ireland, Which
You Can View At The Following Link:
Https://Www.Facebook.Com/Legal/Terms/Page_controller_addendum. In This
Agreement, Facebook Undertakes, Among Other Things, To Assume Primary
Responsibility Under The GDPR For The Processing Of Page Insights And To Comply
With All Obligations Under The GDPR With Regard To The Processing Of Page
Insights.
Instagram
Our Instagram Page Can Be Found
At:
Https://Www.Instagram.Com/Excursions.Jordan/
Instagram Is Operated By Facebook
Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook
Ireland"). The Instagram Privacy Policy Can Be Found At:
Https://Help.Instagram.Com/519522125107875. In It You Will Also Find
Information On The Settings Options For Your Account.
Your Personal Data May Also Be
Made Available To Other Facebook Or Instagram Companies. This May Involve The
Transfer Of Personal Data To The USA And Other Third Countries For Which There
Is No EU Commission Adequacy Decision. In This Case, Facebook Will Use The
Standard Contractual Clauses Approved By The EU Commission. Further Information
Can Also Be Found In The Instagram Privacy Policy.
In Addition, As Part Of The
Operation Of Our Instagram Page, We Are Jointly Responsible With Facebook For
The Processing Of So-Called Instagram Insights. With The Help Of These
Instagram Insights, Facebook Analyses The Behaviour On Our Instagram Page And
Provides Us With This Information In Non-Personal Form. For This Purpose, We
Have Concluded A Joint Data Protection Responsibility Agreement With Facebook,
Which You Can View At The Following Link:
Https://Facebook.Com/Legal/Terms/Page_controller_addendum. In It, Facebook
Undertakes, Among Other Things, To Assume Primary Responsibility Under The GDPR
For The Processing Of Instagram Insights And To Fulfil All Obligations Under
The GDPR With Regard To The Processing Of Page Insights.
LinkedIn
You Can Find Our LinkedIn Account
At
For Users Located In The European
Economic Area And Switzerland, LinkedIn Is Operated By LinkedIn Ireland
Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
("LinkedIn Ireland"). You Can Find LinkedIn's Data Protection
Guidelines Here:
Https://Www.Linkedin.Com/Legal/Privacy-Policy?Trk=Organization-Guest_footer-Privacy-Policy.
In It You Will Also Find Information On The Settings Options For Your LinkedIn
Profile.
Please Note That LinkedIn Also
Transfers Personal Data To Third Countries Outside The European Economic Area
For Which There Is No EU Commission Adequacy Decision. Insofar As Such A
Transfer Occurs, LinkedIn Will Use The Standard Contractual Clauses Approved By
The EU Commission. Corresponding Information Can Be Found At
Https://Www.Linkedin.Com/Help/Linkedin/Answer/62533.
Finally, We Receive Non-Personal
Information And Analytics From LinkedIn About The Use Of Our Account Or
Interactions With Our Posts. This Information Allows Us To Analyse And Optimise
The Effectiveness Of Our LinkedIn Activities. The Processing That Takes Place
Within This Context Is Based On Our Legitimate Interest In Optimising Our
LinkedIn Activities (Art. 6 Para. 1 Lit. F GDPR).
WhatsApp
You Can Also Contact Us With
Enquiries Via WhatsApp. WhatsApp Is Operated By Facebook Ireland Limited, 4
Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The
Privacy Policy For WhatsApp Can Be Found At:
Https://Www.Whatsapp.Com/Legal/Privacy-Policy-Eea?Lang=En. In It You Will Also
Find Information On The Settings Options For Your Account.
Your Personal Data May Also Be
Provided To Other Facebook Companies. This May Involve The Transfer Of Personal
Data To The USA And Other Third Countries For Which There Is No EU Commission
Adequacy Decision. In This Case, Facebook Will Use The Standard Contractual
Clauses Approved By The EU Commission. Further Information Can Also Be Found In
Facebook's Data Policy.
The Processing Takes Place In
Order To Be Able To Deal With The Enquiries You Send To Us (Art. 6 Para. 1 Lit.
B GDPR). Further Storage Of The Data Transmitted Within The Context Of Your
Enquiry Is Based On Our Legitimate Interest In The Proper Documentation Of Our
Business Operations And The Safeguarding Of Our Legal Positions (Art. 6 Para. 1
Lit. F GDPR) And, If Applicable, For The Fulfilment Of Legal Obligations (Art.
6 Para.1 Lit. C GDPR).
Competitions
Occasionally, We Also Run
Competitions Via Our Social Media Site. To Participate, You Must, For Example,
Comment On Certain Content, "Like" Us Or Tag Us. We Process The Data
You Provide Within This Context In Order To Run The Competition And Notify The
Winner(S) (Art. 6 Para. 1 Lit. B GDPR).
Social Media Management
In Order To Measure The Success
Of Our Social Media Activities, We Also Record When We Are Tagged On Social
Media Networks. Within This Context, We Also Process Information About The
People Who Tag Us. The Processing That Takes Place Within This Context Is Based
On Our Legitimate Interest In Optimising Our Social Media Activities (Art. 6
Para. 1 Lit. F GDPR).
For This Purpose, We Use The
Curalate Tool Provided By Curalate, Inc. Based In The USA. Please Note That
There Is No EU Commission Adequacy Decision For The USA. We Have Therefore
Concluded The Standard Contractual Clauses Approved By The EU Commission With
Curalate Inc. In Accordance With Art. 46 Para. 2 Lit. C GDPR.
Analysis Of Our Social Media
Activities
We Also Evaluate The Success Of
Our Social Media Postings. We Analyse How Often Individual Postings Are
Clicked. For This Purpose, We Use The Services Of Looker Data Sciences, Inc.
Based In The USA. The Data Processing Is Based On Our Legitimate Interest In
Analysing Our Reach And The Success Of Our Social Media Activities. There Is No
EU Commission Adequacy Decision For The USA. We Have Therefore Concluded The
Standard Contractual Clauses Approved By The EU Commission With Looker Data
Sciences, Inc. Pursuant To Art. 46 Para. 2 Lit. C GDPR. On The Other Hand, We
Use Google Analytics For These Purposes (See The Separate Section On Google
Analytics).
CRM System
To Manage Our Customer
Relationships, We Store Your Personal Data In Our CRM System. This Enables Us
To Answer Any Enquiries In A Targeted Manner And To Send You Contextual
Advertising Within The Permissible Framework. The Processing That Takes Place
Within This Context Is Based On Our Legitimate Interest In Managing Our
Customer Relationships, Art. 6 Para. 1 Lit. F GDPR. For This Purpose, We Use
The Services Of The Provider Braze, Inc. Based In The USA ("Braze").
There Is No EU Commission Adequacy Decision For The USA. We Have Therefore
Concluded The Standard Contractual Clauses Approved By The EU Commission With
Braze In Accordance With Art. 46 Para. 2 Lit. C GDPR.
Product Development
We Also Process Our Customer Data
In Order To Continuously Develop Our Products. In Doing So, We Use Pseudonymous
Profiles To Analyse How Our Products And Our Advertising Are Received By
Certain Target Groups. Your Data Is Processed On The Basis Of Our Legitimate
Interest In Improving Our Products And Measuring The Success Of Our Business
Operations (Art. 6 Para. 1 Lit. F GDPR). Where Necessary, We Will Also Ask You
For Your Consent (Art. 6 Para. 1 Lit. A GDPR). You Can Revoke Any Consent You
May Have Given For This Purpose At Any Time With Effect For The Future. For
This Purpose, You Can, For Example, Contact Us Using The Contact Details Above.
A Revocation Does Not Affect The Processing That Took Place Until Your
Revocation.
Personalisation Of Website
Content
We Also Process Your Data In
Order To Display Personalised Content On Our Website. The Legal Basis For This
Is Our Legitimate Interest In Showing You Tours And Activities That Are
Relevant To You, Art. 6 Para. 1 Lit. F GDPR.
Applications For Employment
If You Apply Directly To Us Or,
If Applicable, Via A Headhunter, We Process Your Application Documents And The
Information Contained Therein For The Purpose Of Processing Your Application Or
Deciding On The Establishment Of An Employment Relationship. We Process Further
Data Within The Context Of Any Job Interviews. The Data Processing Is Carried
Out On The Legal Basis Of § 26 Para. 1, 3 BDSG.
If We Are Unfortunately Unable To
Offer You A Position, Your Application Documents Will Generally Be Retained For
As Long As Necessary After The Conclusion Of The Respective Application Process
In Order To Be Able To Answer Queries In Connection With Your Application.
Further Storage May Take Place If This Is Necessary For The Provision Of
Evidence, In Particular For The Defence, Assertion Or Enforcement Of Claims
(Art. 6 Para. 1 Lit. F GDPR).
Otherwise, We Will Only Store
Your Applicant Data If You Have Expressly Consented To This (Art. 6 Para. 1
Lit. A GDPR). We Will Then Also Regularly Inform You About Interesting
Positions With Us. You Can Revoke Your Consent At Any Time With Effect For The
Future. For This Purpose, You Can, For Example, Contact Us Using The Contact
Details Above. A Revocation Does Not Affect The Processing That Took Place
Until Your Revocation.
For Our Application Management,
We Use A Service Provided By Greenhouse Software, Inc, Based In The USA. Please
Note That There Is No EU Commission Adequacy Decision For The USA. We Have
Therefore Concluded The Standard Contractual Clauses Approved By The EU
Commission With Greenhouse Software, Inc. Pursuant To Art. 46 Para. 2 Lit. C
GDPR.
Booking Your Journey
To Book Any Travel To The Job
Interview, We Use The Services Of Pana Industries, Inc, Based In The USA.
Please Note That There Is No EU Commission Adequacy Decision For The USA. We
Have Therefore Concluded The Standard Contractual Clauses Approved By The EU
Commission With Pana Industries, Inc. Pursuant To Art. 46 Para. 2 Lit. C GDPR.
Approaching Via Professional
Social Networks
We Also Reserve The Right To
Contact You Via Professional Social Networks With Regard To Vacancies With Us
If You Have Indicated Via Your Profile Settings That You Are Open To Being
Contacted In This Regard. Within This Context, We Also Process Your Data
Deposited With This Network. The Processing Is Based On Our Legitimate Interest
In Approaching Suitable Candidates (Art. 6 Para. 1 Lit. F GDPR).
Surveys
If Applicable, We Will Invite You
To Participate In A Survey After The Application Process Has Been Completed. We
Process The Data You Provide Within This Context On The Basis Of Our Legitimate
Interest In Improving Our Application Processes (Art. 6 Para. 1 Lit. F GDPR).
For This Purpose, We Use A Service Provided By Trustcruit, A Company Based In
Sweden.
Coding Tests
In Order To Determine The
Suitability Of An Applicant For Certain Positions In The Coding Field, We Use
Tests Provided By Codility Limited, Based In The UK, Together With Their
Infrastructure. The Processing Is Necessary For The Decision On The
Establishment Of An Employment Relationship (§ 26 Para. 1 BDSG).
Passing On Of Data
Beyond The Cases Described, Your
Personal Data Will Only Be Passed On Without Your Express Prior Consent In The
Following Cases:
·
If It Is Necessary For The
Clarification Of An Illegal Use Of Our Services Or For Legal Prosecution,
Personal Data Will Be Forwarded To The Law Enforcement Authorities And, If
Necessary, To Injured Third Parties. However, This Only Happens If There Are
Specific Indications Of Unlawful Or Abusive Behaviour. A Transfer May Also Take
Place If This Serves To Enforce Terms Of Use Or Other Agreements. We Are Also
Legally Obliged To Provide Information To Certain Public Authorities Upon
Request. These Are Law Enforcement Agencies, Authorities That Prosecute
Administrative Offences Subject To Fines And The Tax Authorities.
This Data Is Disclosed On The
Basis Of Our Legitimate Interest In Combating Abuse, Prosecuting Criminal
Offences And Securing, Asserting And Enforcing Claims And Provided That Your
Rights And Interests In The Protection Of Your Personal Data Are Not
Overridden, Art. 6 Para. 1 Lit. F GDPR Or On The Basis Of A Legal Obligation
Pursuant To Art. 6 Para. 1 Lit. C GDPR.
·
We Disclose Personal Data
To Auditors, Accounting Service Providers, Lawyers, Banks, Tax Consultants And
Similar Bodies Insofar As This Is Necessary For The Provision Of Our Services
(Art. 6 Para. 1 Lit. B GDPR) Or The Proper Operation Of Our Business (Art. 6
Para. 1 Lit. F GDPR) Or We Are Obliged To Do So (Art. 6 Para. 1 Lit. C GDPR).
·
We Rely On Contractually
Affiliated Third-Party Companies And External Service Providers
("Processors") To Provide The Services. In Such Cases, Personal Data
Is Passed On To These Processors To Enable Them To Continue Processing. These
Processors Are Carefully Selected And Regularly Reviewed By Us To Ensure That
Your Rights And Freedoms Are Protected. The Processors May Only Use The Data
For The Purposes Specified By Us And Are Also Contractually Obliged By Us To
Treat Your Data Exclusively In Accordance With This Privacy Policy And The
German Data Protection Laws.
The Transfer Of Data To
Processors Takes Place On The Basis Of Art. 28 Para. 1 GDPR.
·
As Part Of The Further
Development Of Our Business, It May Happen That The Structure Of Excursions
Jordan Deutschland GmbH Changes By Changing The Legal Form, Founding, Buying Or
Selling Subsidiaries, Parts Of The Company Or Components. In Such Transactions,
Customer Information Is Passed On Together With The Part Of The Company To Be
Transferred. Whenever Personal Information Is Disclosed To Third Parties To The
Extent Described Above, We Will Ensure That This Is Done In Accordance With
This Privacy Policy And The Relevant Data Protection Laws.
Any Disclosure Of Personal Data
Is Justified By The Fact That We Have A Legitimate Interest In Adapting Our
Corporate Form To The Economic And Legal Circumstances As Necessary (Art. 6
Para. 1 Lit. F GDPR).
Automated Individual Decisions
Or Profiling Measures
We Do Not Use Any Automated
Processing Processes To Bring About A Decision Or Profiling.
Erasure Of Your Data
We Delete Or Anonymise Your
Personal Data As Soon As It Is No Longer Necessary For The Purposes For Which
We Collected Or Used It In Accordance With The Above Paragraphs. We Also
Continue To Retain Your Data If We Are Obliged To Do So For Legal Reasons Or If
The Data Is Needed For A Longer Period Of Time For Criminal Prosecution Or To
Secure, Assert Or Enforce Legal Claims.
If You Delete Your User Account,
Your Profile Will Be Deleted Completely And Permanently. However, We Will
Retain Backup Copies Of Your Data To The Extent And For As Long As This Data Is
Required For Legal Reasons Or For Criminal Prosecution Or To Secure, Assert Or
Enforce Legal Claims.
If Data Must Be Retained For
Legal Reasons, Processing Will Be Restricted. The Data Is Then No Longer
Available For Further Use.
Storage Beyond The Contractual
Relationship Is Based On Our Aforementioned Legitimate Interests According To
Art. 6 Para. 1 Lit. F GDPR.
Your Rights As A Data Subject
You Have The Rights Described
Below With Regard To The Processing Of Your Personal Data. To Exercise Your
Rights, You Can Make A Request Here, By Post Or By Email To The Address Above.
Right Of Access To Information
You Have The Right To Receive
Information From Us At Any Time, Upon Request, About The Personal Data We
Process That Concerns You, To The Extent And Subject To The Conditions Of Art.
15 GDPR And § 34 BDSG.
Right To Correct Incorrect
Data
You Have The Right To Request
That We Correct Personal Data Relating To You Without Delay If It Is
Inaccurate.
Right To Erasure
You Have The Right To Demand That
We Delete The Personal Data Concerning You Under The Conditions Described In
Art. 17 GDPR And § 35 BDSG. These Conditions Provide In Particular For A Right
To Erasure If The Personal Data Is No Longer Necessary For The Purposes For
Which It Was Collected Or Otherwise Processed, As Well As In Cases Of Unlawful
Processing, The Existence Of An Objection Or The Existence Of An Obligation To
Erasure Under Union Law Or The Law Of The Member State To Which We Are Subject.
Right To Restriction Of
Processing
You Have The Right To Demand That
We Restrict Processing In Accordance With Art. 18 GDPR. This Right Exists In
Particular If The Accuracy Of The Personal Data Is Disputed Between The User
And Us, For The Duration That The Verification Of The Accuracy Requires, As
Well As In The Event That The Data Subject Requests Restricted Processing
Instead Of Erasure In The Case Of An Existing Right To Erasure; Furthermore, In
The Event That The Data Is No Longer Required For The Purposes Pursued By Us,
But The User Requires It For The Assertion, Exercise Or Defence Of Legal
Claims, As Well As If The Successful Exercise Of An Objection Is Still Disputed
Between Us And The User.
Right To Data Portability
You Have The Right To Receive
From Us The Personal Data Relating To You That You Have Provided To Us In A Structured,
Commonly Used, Machine-Readable Format In Accordance With Art. 20 GDPR.
Right To Object
You Have The Right To Object At
Any Time, On Grounds Relating To Your Particular Situation, To The Processing
Of Personal Data Concerning You Which Is Carried Out, Inter Alia, On The Basis
Of Art. 6 Para. 1 Lit. E Or F GDPR, In Accordance With Art. 21 GDPR. We Will
Then Stop Processing Your Personal Data Unless We Can Demonstrate Compelling
Legitimate Grounds For The Processing That Override Your Interests, Rights And
Freedoms, Or The Processing Serves To Assert, Exercise Or Defend Legal Claims.
Right Of Appeal
You Have The Right To Contact A
Supervisory Authority Of Your Choice In Case Of Complaints.
Data Processing When
Exercising Your Rights
Finally, We Would Like To Point
Out That We Process The Personal Data Provided By You When Exercising Your
Rights Pursuant To Art. 15 To 22 Of The GDPR For The Purpose Of Implementing
These Rights And To Be Able To Provide Evidence Thereof. This Processing Is Based
On The Legal Basis Of Art. 6 Para. 1 Lit. C GDPR In Conjunction With Art. 15 To
22 GDPR And § 34 Para. 2 BDSG.
Changes To This Privacy Policy
The Current Version Of This
Privacy Policy Is Always Updated Tt.
