Privacy Policy
For the use of the website travelgaid.de
gaid GmbH
For the use of the website travelgaid.de
I. General Information on the Collection of Personal Data, Contact Details of the Controller
(1) SCOPE OF THIS POLICY
We operate the website travelgaid.de. In the following, we inform you about the collection and processing of personal data when using our website. Personal data means any data that can be related to you personally, e.g. name, email address, usage behaviour.
(2) DATA CONTROLLER
The controller for data processing pursuant to Art. 4(7) of the EU General Data Protection Regulation (hereinafter "GDPR") is:
Drakestraße 22
40545 Düsseldorf
Germany
Commercial register: Local Court (Amtsgericht) Düsseldorf, HRB 112399
Authorised managing directors: Lea Charlotte Cirener, Eva Katharina Raum
Email: hello@travelgaid.de
Contact for data protection enquiries: hello@travelgaid.de
II. Contacting Us
(1) DATA COLLECTED AND PURPOSE OF DATA PROCESSING
When you contact us by email (hello@travelgaid.de) or via a contact form, your email address and the data you provide (e.g. name, message) will be processed by us in order to respond to your enquiry.
(2) LEGAL BASIS
We process your personal data on the basis of Art. 6(1)(1)(b) GDPR if your enquiry relates to the initiation or performance of a contract. Otherwise, we process your personal data on the basis of Art. 6(1)(f) GDPR to safeguard our legitimate interests in responding to your enquiry. Insofar as your personal data is processed on the basis of Art. 6(1)(f) GDPR, you may object to the data processing pursuant to Art. 21 GDPR.
(3) RETENTION PERIOD
The personal data collected in this context will be stored for the duration of the processing of your enquiry. Beyond that, we only store personal data to the extent that statutory retention obligations apply.
III. Collection of Personal Data When Using the Website
(1) DATA COLLECTED WHEN USING THE WEBSITE AND PURPOSE OF DATA PROCESSING
When using our website, we collect the technically required data described below in order to provide you with the functions of the website and to ensure its stability and security:
IP address of your device
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page of the website)
Access status / HTTP status code
Volume of data transferred in each case
Operating system and its version
Browser type and version
Website from which the request originates (referrer URL)
(2) LEGAL BASIS
The legal basis is Art. 6(1)(1)(f) GDPR. Our legitimate interest lies in making the content of the website accessible to users and enabling the use of our website, identifying potential technical problems and resolving them as quickly as possible, and preventing misuse of the website. Insofar as the data processing is carried out to safeguard these legitimate interests, you may object to the data processing pursuant to Art. 21 GDPR.
(3) RETENTION PERIOD
The data collected in the course of using the website (logs) is stored for 90 days and subsequently deleted automatically.
(4) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFER
The data collected in the course of using the website is stored on servers of Netlify, Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA. We have concluded a data processing agreement with Netlify pursuant to Art. 28 GDPR. In this context, personal data is transferred to the USA. Netlify, Inc. is certified under the EU-US Data Privacy Framework (adequacy decision of the EU Commission of 10 July 2023).
IV. Cookies and Similar Technologies
Our website uses cookies and similar technologies (hereinafter collectively referred to as "Cookies"). Cookies are small text files that allow information to be stored on or retrieved from users' devices via the web browser.
(1) TECHNICALLY NECESSARY COOKIES
The following technically necessary Cookies are used on the website. The data processing is carried out on the basis of Section 25(2) No. 2 TDDDG, Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically error-free provision and functionality of the website.
| Name | Provider | Purpose / Legal Basis | Retention Period |
|---|---|---|---|
| (none) | (none) | We currently do not use any technically necessary cookies of our own on travelgaid.de. The website is static (HTML/CSS); there are no sessions or logins. | – |
(2) OTHER COOKIES
In addition, further Cookies are used on the website. The following Cookies are used exclusively on the basis of prior consent by the user (Section 25(1) TDDDG, Art. 6(1)(a) GDPR). In some cases, personal data collected by means of a Cookie is also disclosed to recipients in countries outside the European Economic Area (EEA) without an adequacy decision or appropriate safeguards to ensure the level of data protection. Under these circumstances, there is a risk that third parties (e.g. government authorities) may gain access to personal data. In such cases, a cookie consent given also constitutes consent to the data transfer (Art. 49(1)(a) GDPR). Consent given regarding the use of the following Cookies may be revoked at any time with effect for the future.
| Name | Provider | Purpose / Legal Basis | Retention Period |
|---|---|---|---|
| _px3 | PerimeterX / HUMAN Security (loaded via Beehiiv, Inc., USA) | Bot detection and fraud prevention to protect the newsletter sign-up form from abuse. Loaded exclusively after the user's express consent by actively clicking the activation button. Legal basis: Art. 6(1)(a) GDPR (consent). | approx. 24 hours |
| _pxvid | PerimeterX / HUMAN Security (loaded via Beehiiv, Inc., USA) | Bot detection and fraud prevention to protect the newsletter sign-up form from abuse. Loaded exclusively after the user's express consent by actively clicking the activation button. Legal basis: Art. 6(1)(a) GDPR (consent). | 1 year |
| cf_clearance | Cloudflare, Inc. (USA) (loaded via Beehiiv, Inc., USA) | DDoS protection and bot mitigation for the newsletter sign-up form. Loaded exclusively after the user's express consent by actively clicking the activation button. Legal basis: Art. 6(1)(a) GDPR (consent). | 1 year |
| pxcts | PerimeterX / HUMAN Security (loaded via Beehiiv, Inc., USA) | Bot detection and fraud prevention to protect the newsletter sign-up form from abuse. Loaded exclusively after the user's express consent by actively clicking the activation button. Legal basis: Art. 6(1)(a) GDPR (consent). | Session (deleted when the browser is closed) |
(3) NOTES ON TECHNICAL IMPLEMENTATION
Fonts: Our website exclusively uses self-hosted fonts. No third-party fonts (e.g. Google Fonts) are embedded; your IP address is therefore not transmitted to external font service providers when accessing the website.
Newsletter sign-up form (two-click method): The Beehiiv sign-up form embedded on our homepage is not loaded automatically when the website is accessed. Instead, you will initially see an informational text with the button "Activate newsletter form". The form is only loaded from the servers of Beehiiv, Inc. after you actively click this button. No connection to Beehiiv is established until this consent is given.
V. Newsletter (Beehiiv)
(1) SUBSCRIPTION
On our website and via external landing pages (e.g. Linktree), you have the option to subscribe to our newsletter. For the subscription, we use the so-called double opt-in procedure. This means that after you sign up, we will send you an email to the email address you provided, asking you to confirm your subscription. This confirmation is necessary to prevent anyone from signing up with someone else's email address.
The newsletter sign-up form on our website is only loaded after you actively click an activation button. No data is transmitted to the service provider Beehiiv prior to this point.
(2) DATA COLLECTED AND PURPOSE OF DATA PROCESSING
For the newsletter subscription, we process the following data:
Email address (mandatory)
First name (optional)
Time of sign-up and confirmation (double opt-in)
IP address at the time of sign-up (for the purpose of documenting consent)
(3) LEGAL BASIS AND REVOCATION
The legal basis is your consent pursuant to Art. 6(1)(1)(a) GDPR in conjunction with Section 7(2) No. 3 UWG (German Unfair Competition Act).
You may revoke your consent to receive the newsletter at any time. You can declare the revocation by clicking the "Unsubscribe" link provided in each email or by sending an email to hello@travelgaid.de. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent prior to its revocation.
(4) RETENTION PERIOD
The data collected about you will be stored for as long as a newsletter subscription exists.
(5) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFER
For the dispatch of the newsletter, we use the service Beehiiv, operated by Beehiiv, Inc., 228 Park Ave S, PMB 72810, New York, NY 10003-1502, USA. The data you enter for the purpose of receiving the newsletter is stored on Beehiiv's servers in the USA. The data transfer to Beehiiv Inc. in the USA is based on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
We have concluded a data processing agreement pursuant to Art. 28 GDPR with Beehiiv, in which we oblige Beehiiv to protect users' data, not to disclose it to third parties and not to use it for its own purposes.
Further information can be found in Beehiiv's privacy policy at: https://www.beehiiv.com/privacy
VI. Online Presence on Instagram
(1) DATA COLLECTED AND PURPOSE OF DATA PROCESSING
We maintain an online presence on Instagram (@travel.gaid) in order to communicate with customers, prospective customers and users active on the platform and to inform them about our services.
In our app and on our website, we only use simple links to our social media profiles. When loading our app or website, no automatic connection to the respective networks is established. Only by independently selecting the network you wish to visit will you be redirected to the respective platform.
Please note that when using our Instagram page, the platform provider Meta (Meta Platforms Ireland Ltd.) processes personal data about you. Meta provides us with aggregated, anonymised statistics on the use of our page ("Page Insights"). These include, in particular, usage data such as page views and interactions as well as – to the extent provided by Meta – demographic data. We ourselves do not have access to the underlying personal data. Meta and we are jointly responsible for the collection and transmission of your data to Meta in connection with Page Insights (Art. 26 GDPR). The essential content of the agreement on joint controllership concluded between us and Meta (the so-called "Page Insights Controller Addendum") can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum. Meta alone, as the platform provider, is responsible for any further data processing by Meta. Information on data processing by Meta can be found at: https://privacycenter.instagram.com/policy
(2) LEGAL BASIS
The processing of personal data in connection with Page Insights is based on Art. 6(1)(1)(f) GDPR. Our legitimate interest lies in the external presentation of our offering and communication with our target audience.
In connection with message enquiries via our Instagram page, we process your personal data on the basis of Art. 6(1)(1)(b) GDPR if your enquiry relates to the initiation or performance of a contract. Otherwise, we process your personal data on the basis of Art. 6(1)(f) GDPR to safeguard our legitimate interests in responding to your enquiry. Insofar as your personal data is processed on the basis of Art. 6(1)(f) GDPR, you may object to the data processing pursuant to Art. 21 GDPR.
(3) RETENTION PERIOD
In connection with message enquiries via our Instagram page, we store personal data for the duration of the processing of your enquiry. Beyond that, we only store personal data to the extent that statutory retention obligations apply.
Regarding the retention period at Meta, we refer to Meta's privacy policy: https://privacycenter.instagram.com/policy.
(4) DATA RECIPIENTS AND THIRD-COUNTRY TRANSFER
The controller for data processing within the scope of Instagram is Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, Ireland. Meta may transfer data to Meta Platforms Inc., USA. Meta Platforms Inc. is certified under the EU-US Data Privacy Framework (adequacy decision of the EU Commission of 10 July 2023). Further information can be found in Meta's privacy policy: https://privacycenter.instagram.com/policy.
VII. Your Rights as a Data Subject
If we process personal data about you, you are a data subject within the meaning of the GDPR and, subject to the statutory requirements, you are entitled to the following rights:
(1) Right of Access (Art. 15 GDPR)
You have the right to obtain information at any time about your personal data that we process.
(2) Right to Rectification and Completion (Art. 16 GDPR)
If your personal data is inaccurate or incomplete, you have the right to rectification and completion.
(3) Right to Restriction of Processing (Art. 18 GDPR)
Where the statutory requirements are met, you may request the restriction of the processing of your personal data.
(4) Right to Erasure (Art. 17 GDPR)
You may request the erasure of your personal data at any time, provided that we are not legally obliged or entitled to continue processing it.
(5) Right to Data Portability (Art. 20 GDPR)
Where processing is based on your consent and carried out by automated means, you have the right to receive the data you have provided in a structured, commonly used and machine-readable format.
(6) Right to Object (Art. 21 GDPR)
You have the right to object to processing insofar as the data processing is carried out for the purpose of direct marketing or profiling. You may object to processing based on a balancing of interests by stating grounds relating to your particular situation.
(7) Right to Withdraw Consent
You have the right to withdraw your consent to data processing at any time. The withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
(8) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.
Competent supervisory authority for gaid GmbH:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Kavalleriestraße 2-4, 40213 Düsseldorf
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de
No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.
VIII. Currency of this Privacy Policy
Version of this privacy policy: May 2026
Due to the further development of our website and our offerings, or as a result of changes in statutory or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed at any time on our website at travelgaid.de.