Supplements.org’s Privacy Notice
This Privacy Notice is valid for the all websites hosted by Supplements.org and its subsidiaries (such as the hotel search websites, the Supplements.org magazine, Supplements.org company pages, the Business Studio, Hotel Manager etc.) the Supplements.org App and the Supplements.org Newsletter (collectively “Services”).
In this Privacy Notice we provide information about the processing of personal data while using our Services. Personal data is any data that can be used to identify you. The protection of your personal data is very important to us. If you have any questions or would like more information about privacy at Supplements.org, please contact [email protected] with the subject ‘Privacy Query’.
Continuous technological development, changes to our services, changes to laws, or other reasons may require us to amend our Privacy Notice. We will make changes to this Privacy Notice regularly and we ask that you keep yourself informed of its contents.
1. Party responsible for data processing
The controller of the personal data we process is Supplements.org., E-mail: [email protected].
2. Data protection officer point of contact
You can reach our data protection officer at [email protected] with the subject ‘Privacy Query’.
3. Your rights
You have the following rights with respect to your personal data:
3.1 General rights
You have the right to information, access, correction, deletion, restriction of processing, objection to processing, and data portability. If processing is based on your consent, you have the right to revoke it at any time.
3.2 Rights to object to processing of data based on legitimate interests
Article 21(1) EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) gives you the right to object at any time for reasons arising out of your particular situation against the processing of personal data relating to you when your data is processed under Article 6(1)(e) or Article 6 (1)(f) GDPR. This also applies to profiling. If you object, we will no longer process your personal data unless we can establish compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing aids the enforcing, exercising or defending of legal claims.
3.3 Rights to object to direct marketing
If we process your personal data for the purpose of direct marketing Article 21(2) GDPR gives you the right to object at any time to the processing of your personal data for the purpose of direct marketing; this also applies to profiling, insofar as it is associated with direct marketing.
If you object to processing for the purpose of direct marketing, we will no longer process your personal data for this purpose.
3.4 Right to complain to a supervisory authority
You also have the right to complain to a relevant data protection supervisory authority about our processing of your personal data.
4. The processing of personal data when using the Services
We process your personal data using the legitimate interests legal basis, except in specific circumstances where you provide consent or where the processing is necessary for a contract that you have with us or where you have asked us to take specific steps prior to entering into a contract. We apply appropriate safeguards to protect your privacy and we process your personal data for the following purposes:
Helping you find your ideal hotel.
Providing you with customised and more relevant hotel search results.
Providing, securing, maintaining and improving our Services for our users.
Developing new products and features related to hotel search and travel.
Understanding how users use our Services so that we can improve the performance and provide better services to our users.
Direct marketing to users of our services about our Services or related services.
Advertising conducted by us and third parties on our Services and on the websites of third parties.
User research that improves users’ experience of our Services and improves our Services.
Assisting you with making hotel reservations.
Complying with legal obligations, preventing fraud and resolving disputes.
Assisting law enforcement authorities investigate and solve crimes.
When you use our Services, we process these types of personal data:
Personal Identifying information such as your name, addresses, telephone numbers or email addresses.
Personal details such as age, sex, date of birth.
Electronic identification data such as IP addresses, cookies, connection moments, device ID’s mobile advertising identifiers, date and time of the inquiry, time, request contents, (concrete page), access status/HTTP status code, amount of data transferred, website receiving the request, browser software and version, operating system and its interface, and language.
Data that your browser or device makes available.
Electronic localization data such as GPS data and locational data.
Financial identification data such as credit or debit card numbers.
Data about your interaction with our Services, including the details inputted by you when you conduct a search using our Services.
Data relating to the accommodation reservations that you make, such as hotel, dates, and price.
Security details such as passwords related to our Services.
When you use our Services and click a link to an accommodation offer that is listed on our Services, the online booking site making that offer may send us personal data relating to any subsequent booking or reservation that you make on the online booking site.
When you use our Services, we may share your personal data with the following categories of recipients:
Our wholly owned subsidiaries.
Third party service providers who provide data processing services for us, such as: hosting and storage providers, customer service providers, communications providers, security and fraud prevention providers, credit card and payment providers, analytics, advertising, and marketing providers. These providers are under contractual obligations to not share your personal data with anyone else and to not use your data for any other purpose.
Third party service providers who provide services to us that are independent data controllers, such as security and fraud prevention services and advertising and marketing providers.
Business partners or affiliates that we may jointly offer products or services with. These will be services offered through our Services in conjunction with other third parties.
Third party travel suppliers such as hotels, airlines, car rental, insurance, property owners, travel guide or activity providers.
Law Enforcement Authorities. To prevent, detect and prosecute illegal activities, threats to state or public security and to prevent threats to people’s lives.
As part of a corporate transaction such as a merger, divesture, consolidation, or asset sale.
5. Contact by e-mail or contact form
When you contact us by e-mail or through a contact form, we will store the data you provide (your e-mail address, possibly your name and telephone number) so we can answer your questions. Insofar as we use our contact form to request entries that are not required for contacting you, we have always marked these as optional. This information serves to substantiate your inquiry and improve the handling of your request. Your message may be linked to various actions taken by you on the Supplements.org website. Information collected will be solely used to provide you with support relating to your booking and better understand your feedback. A statement of this information is expressly provided on a voluntary basis and with your consent, art. 6 par. 1a GDPR. As far as this concerns information about communication channels (such as your e-mail address or telephone number), you also agree that we may also, where appropriate, contact you via this communication channel to answer your request. You may of course revoke this consent for the future at any time.
We delete the data that arises in this context after saving is no longer required, or limit processing if there are statutory retention requirements.
6.1 General information
With your consent under Article 6(1)(a) GDPR, you can subscribe our newsletter which will inform you about offers on our Services and from third parties. To sign up for our newsletter, we use the “double opt-in” method. This means that after you have signed up, we will send you an e-mail to the e-mail address specified, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your sign-up within 24 hours, your information will be locked and automatically deleted after one month.
In addition, we save the IP addresses you used and the times of sign-up and confirmation. The purpose of the procedure is to verify your sign-up and, if necessary, to inform you about possible misuse of your personal data.
The only requirement for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6(1)(a) GDPR.
You may revoke your consent to receiving the newsletter at any time by clicking the link provided in each newsletter e-mail or by contacting our data protection officer.
6.2 Newsletter Tracking
We use web beacons, tracking pixels and other technologies to track and analyze your interactions with the newsletter. This data is allocated to your e-mail address and a pseudonymized ID. We use this data to generate a user profile to personalise the newsletter for you. Your user profile will be based on the interactions you have with the newsletter, our Services and third-party websites and apps.
You can object to this at any time by using the unsubscribe link provided in each e-mail or by contacting our data protection officer.
Newsletter tracking is not possible if you’ve deactivated image viewing by default in your e-mail application. In this case, the newsletter will not be displayed in full and you won’t be able to use all the features. If you display images manually, tracking will occur.
7. Specific functions of the Services
7.1 Supplements.org User Account
You can create a Supplements.org user account. If you create a Supplements.org user account you will receive personal, password-protected access and can view and manage the data you have stored in your account. Supplements.org user account creation is voluntary but may be required to fully use the functionality of some of our Services.
If you create a Supplements.org user account, we will send you our newsletter and other direct marketing. You can unsubscribe from the newsletter or delete your Supplements.org user account at any time.
You can manage, modify and delete all information in your Supplements.org user account. The legal basis for this processing is Article 6(1)(a), (b), and (f) GDPR.
7.2 Business Studio and Hotel Manager
If you use Business Studio or Hotel Manager you will receive a personal, password-protected account and you can view and manage the data that is stored in that account. Hoteliers who have a Supplements.org Business Studio/ Hotel Manager account may be contacted by telephone and be informed about new or additional features of the tool. The legal basis for this processing is Article 6(1)(b), and (f) GDPR.
7.3 Supplements.org Express Booking or One Click Booking
When you use the Supplements.org Express Booking or one click booking functionality, you can choose to create a Supplements.org user account and store the personal data that you provide to us to allow you to use this personal data at a later stage when booking other hotels to make the booking process easier for you. When you decide to make a reservation with a hotel, we will send your personal data required for the reservation to the hotel so that the hotel can process your reservation. The legal basis for this processing is Article 6(1)(b) GDPR. The legal basis for the transfer of your personal data outside of the EU is Article 49(1)(b).
7.4 External Links
If our Services link you to other websites or Apps, those newly opened links do not operate under this Privacy Notice. You should examine the privacy policies posted on those other websites or Apps to understand their procedures for collecting, using, and disclosing personal information.
8. Use of social plug-ins
This website uses the provider’s social plug-ins.
These plug-ins collect data from you and transmit it to the respective vendor’s server. We have taken technical measures to ensure the protection of your privacy, which guarantee that your data cannot be collected by the vendors of the respective plug-ins without your consent. These will initially be deactivated when you visit a site connected to the plug-ins. The plug-ins will not be activated until you click on the respective symbol, and by doing so, you give your consent to have your data transmitted to the respective vendor. The legal basis for plug-in use is Article 6(1)(a) GDPR.
Once activated, the plug-ins also collect personally identifiable information, such as your IP address, and send it to the respective social plug-in’s network. Activated social plug-ins also set a cookie with a unique identifier when you visit the respective website. This allows the social plug-in’s network to generate profiles of your user behavior. This occurs even if you are not a member of the social plug-in’s network. If you are a member of the social plug-in’s network and you are logged into the website during your visit, your data and information about your visit to the website can be linked with your profile on the social plug-in’s network. We do not have any influence over the exact extent to which your data is processed by the social plug-in network. For more information about the extent, nature, and purpose of data processing and about the rights and setting options for protecting your privacy, please see the data protection notices for the respective social network vendor. These can be found at the following addresses:
– Facebook Inc., 1601 S California Ave., Palo Alto, CA 94304, USA.
– Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
– Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.
– Instagram, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
– XING SE, Dammtorstraße 30, 20354 Hamburg.
– YouTube LLC 901 Cherry Avenue, San Bruno, CA 94066, USA.
– LinkedIn Corporation 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
9. Facebook Connect
We offer you the option of enrolling and signing in through your Facebook account. If you enroll via Facebook, Facebook will ask you for your permission to release certain data in your Facebook account to us. This may include your first name, last name, and e-mail address so your identity and gender can be verified, as well as general location, a link to your Facebook profile, your time zone, your date of birth, your profile picture, your “Like” information, and your friends list.
This data will be collected by Facebook and transmitted to us. You can control the information that we receive from Facebook through the privacy settings in your Facebook account.
This data will be used to establish, provide, and personalize your account. The legal basis is article 6, par. 1 a, b, and f of the GDPR.
If you enroll with us through Facebook, your account will automatically be connected to your Facebook account and information about your activities on our website, if applicable, will be shared on Facebook and published on your timeline and news feed.
This website uses the following types of cookies, whose extent and function are explained in the following:
10.1 Transient cookies
These cookies are automatically deleted when you close your browser. This includes session cookies in particular. These save a “session ID” with which different requests from your browser can be assigned to the joint session. This allows your device to be recognized again when you return to our website. Session cookies are deleted when you log out or close your browser.
10.2 Persistent cookies
These cookies are automatically deleted after a set duration that can vary depending on the cookie. You can delete cookies in your browser security settings at any time.
10.3 Flash cookies
Flash cookies used are not collected through your browser, but through your Flash plug-in. In addition, we use HTML5 storage objects that are stored on your terminal. These objects save the necessary data independent of the browser you use and have no automatic expiration date. If you do not want Flash cookies processed, you must install a suitable add-on, such as “Privacy Badger” for Mozilla Firefox (https://www.eff.org/privacybadger) or Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you manually delete your cookies and browser history on a regular basis.
10.4 Preventing cookies
You can configure your browser and App settings as you wish and, for example, decline to accept third-party or all cookies. Please note that you may not be able to use all of the website’s functions in this case.
10.5 storage period
The storage periods for cookies vary and are can be accessed by via your browser.
We use various services to analyse user interactions with our Services such as how many users visit our Services, which information is requested the most, and how users interact with our Services. The data that we collect includes referrer websites, which subpages on the our Services are accessed and how often, and the length of time for which a page is viewed. This helps us to improves users’ experience of our Services and improve our Services. Pseudonymized data is used. The legal basis for this is Article 6(1)(f) GDPR.
11.1 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. This use covers the Universal Analytics operating mode. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.
You can prevent cookies from being stored through the relevant setting in your browser software; however, please note that if you do so, not all functions of the website may be able to be used to their full extent. You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing this software. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics collection across various devices, you must perform the opt-out on all systems in use. Set the opt-out cookie by clicking here: Deactivate Google Analytics.
Data is collected and stored for optimization purposes on this service using technologies from Hotjar Ltd. This data can be used to generate usage profiles under a pseudonym. Cookies may be used for this purpose. The data collected with Hotjar technologies is not used for the purpose of personally identifying visitors to this website and will not be conflated with personally identifiable information about the bearer of the pseudonym without the explicit consent of the individual in question. You may opt-out from having Hotjar here.
Some of our advertising partners provide opt-out options (detailed below) where you can opt out of having them use your data for advertising. You can also opt out of some advertising by using these links:
Alternatively, you can prevent cookies from being set in your browser and App settings, or by not consenting to the use of marketing and advertising cookies.
We work with the following advertising partners (the links will take you to further information about them, their privacy policies and opt out solutions): Adara, AppNexus, Criteo, Google Ad Manager , Google DoubleClick, Intent Media, OpenX, RTB House, Sojern, TradeTracker.
12.1 Google AdWords and Conversion Tracking
We place Google AdWords display advertisements and use Google conversion tracking for the purposes of personalized online ads based on interests and location.
Advertisements are displayed based on search requests on websites in the Google ad network.
With the use of this technology, Google, and we as their customer, receive the information that a user has clicked on an ad and was redirected to our websites. The information acquired this way is solely used for statistical analysis related to ad optimization. We do not receive any information that would allow us to personally identify a visitor. The statistics provided to us by Google include the total number of users who have clicked on one of our ads and, where applicable, whether they were redirected to a page on our website that has a conversation tag. These statistics allow us to track which search terms most often lead to our ads receiving clicks, and which ads lead to the user contacting us via the contact form.
If you do not want this, you can prevent the storage of the cookies required for this technology by, for example, using the settings in your browser or your App. Should you do so, your visit will not be incorporated into user statistics.
12.2 Google Dynamic Remarketing
We use the dynamic remarketing function of Google AdWords on our website. This technology allows us to place automatically generated ads oriented towards target groups after you visit our website. Ads are oriented towards products and services that you clicked on during your last visit to our website.
If you do not want to receive user-based advertising from Google, you can disable the placement of ads by using Google’s ad settings.
For more information about how Google cookies are used, please refer to Google’s privacy statement.
12.3 Facebook family Custom Audiences
The product Facebook Custom Audiences (Facebook Inc. 1601 S. California Avenue, Palo Alto, CA, 94304) for Facebook and Instagramm is also used as part of usage-based online advertising. An irreversible and non-personally identifiable checksum (hash total) is essentially generated by your usage data, which can be transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in this process. In doing so, information about your activities on the website (such as surfing behavior, subpages visited, etc.) is collected. Your IP address is stored and used for geographical modulation.
13. Data transmission
When we use service providers who process data outside the EU/EEA, we use appropriate safeguards such as standard data protection clauses adopted by the EU, or an EU adequacy decision to transfer and process your personal data outside of the EU.
14. Data security
We have taken extensive technical and operational security precautions to protect your data from being accidentally or intentionally manipulated, lost, destroyed, or accessed by unauthorized persons. Our security measures are reviewed regularly and updated in keeping with technological advances.
15. Data Storage
We retain your personal data for as long as it is required for you to use our Services, to provide our Services to you, to comply with laws. We will anonymise and/or aggregate your data if we intend to use it for analytical statistical purposes over longer periods.
16. Do-Not-Track Signals and Similar Mechanisms
We do not act in response to these signals because there is no standard in place.