Our privacy policy according to the GDPR (General Data Protection Regulation)
I. Definitions
The privacy policy of Vladi Private Islands GmbH is based on the terminology used by the European directive and regulatory authority in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.
We use the following terms in this privacy policy and on our website, including but not limited to:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter the „data subject“). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
b) Affected person
Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any process or series of operations related to personal data, such as collecting, acquiring, organizing, sorting, storing, adapting or modifying, selecting, retrieving, using, with or without the aid of automated procedures; disclosure by submission, distribution or other form of provision, alignment or association, restriction, erasure or destruction.
d) Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
e) Profiling
Profiling is any kind of automated processing of personal data that uses personal information to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Controller or person in charge of processing
The controller or person in charge of processing is the natural or legal person, public authority, establishment or other body that, alone or together with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the person responsible or the specific criteria for his designation may be provided for under Union or national law.
h) Processor
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) Receiver
Recipient is a natural or legal person, agency, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.
j) Third party
Third party is a natural or legal person, public authority, establishment or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
II. Name and address of the person responsible
The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:
According to § 5 TMG:
Vladi Private Islands GmbH
Mailing address:
Ballindamm 26
20095 Hamburg
Contact:
Phone: +49 40338989
E-Mail: info@vladi.de
Represented by:
President: Farhad Vladi
Director Travel: Olaf Lock
Registered on:
District Court Hamburg: HRB 41232
Sales tax identification number: DE177993042
III. General information about data processing
1. Scope of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
2. Lawfulness of processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR serves as legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is no longer required. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
IV. Provision of the website and creation of logfiles
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
Access data includes:
Name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
The provider uses the log data only for statistical evaluations for the purpose of operation, security and optimization of the offer. However, the provider reserves the right to subsequently review the log data if, on the basis of concrete evidence, the legitimate suspicion of unlawful use exists.
The data is stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
2. Lawfulness of data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data is according to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Opposition and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
V. Use of Cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.
The following data is stored and transmitted in the cookies:
(1) Language Setting
(2) Entered search terms
(3) Filter characteristics
In addition, we use cookies on our website that allow an analysis of users‘ browsing behavior. In this way, the following data can be transmitted:
(1) Entered search terms
(2) Frequency of page views
(3) Use of Website Features
The data of the users collected in this way are pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the users.
b) Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is in accordance with Article 6 (1) lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user is in accordance with Art. 6 para. 1 lit. a GDPR.
c) Purpose of the data processing
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.
We require cookies for the following applications:
(1) Adoption of language settings
(2) Remembering keywords
The user data collected through technically necessary cookies will not be used to create user profiles.
The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.
For these purposes, our legitimate interest in the processing of personal data is in accordance with Art. 6 para. 1 lit. F GDPR.
e) Duration of storage, objection and disposal options
Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website entirely.
The transmission of Flash cookies cannot be prevented by the settings of the browser, but by changing the settings of the Flash Player.
VI. Contact form and e-mail contact
1. Description and scope of data processing
A contact form is available on our website and can be used for electronic contact. If a user realizes this option, the data entered in the input mask will be transmitted to us and saved. These data are:
Title, first name, last name, e-mail, telephone, street, zip code, city, country, feedback
At the time of sending the message, the following data is also stored:
(1) The IP address of the user
(2) Date and time of registration
For the processing of the data in the context of the sending process your consent is obtained and referenced to on this privacy statement.
Alternatively, contact via the e-mail address provided is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
2. Lawfulness of data processing
Lawfulness of the processing of the data is in the presence of the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is in accordance with Article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is in accordance with Art. 6 para. 1 lit. b GDPR.
3. Purpose of the data processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been conclusive and finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
5. Opposition and removal possibility
The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail (datenschutz@vladi.de), he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.
All personal data stored in the course of contacting will be deleted in this case.
VII. Web analysis by Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter: Google). Google Analytics uses so-called „cookies“, i.e. text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided from your browser by Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by activating a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all functions of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: Browser-Add-on to deactivate Google Analytics.
You also can opt-out from Google Analytics tracking by clicking on this link: Deactivate the collection of data by Google Analytics
VIII. Using Script Libraries (Google Web Fonts)
In order to present our content correctly and graphically appealing across browsers, we use script libraries and font libraries on this website, such as: Google Web Fonts (https://www.google.com/webfonts/). Google web fonts are transferred to the cache of your browser to prevent multiple loading. If the browser does not support Google Web Fonts or prohibits access, content will be displayed in a standard font.
The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – but currently also unclear whether and if so for what purposes – that operators of such libraries collect data.
The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/
IX. Use of Google Maps
This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map features by visitors. For more information about Google’s data processing, please refer to the Google Privacy Notice. There you can also change your personal privacy settings in the privacy center.
For detailed instructions on how to manage your own data related to Google products, click here.
X. Embedded YouTube videos
On some of our websites we embed Youtube videos. The corresponding plug-ins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, it will connect to Youtube’s servers. Youtube will be informed which pages you visit. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. This can be prevented by logging out of your Youtube account beforehand.
If a Youtube video is started, the provider uses cookies that collect information about user behavior.
Anyone who has disabled the storage of cookies for the Google Ad program will not have to expect such cookies when watching YouTube videos. Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.
Further information on data protection at „Youtube“ can be found in the privacy policy of the provider under: https://www.google.de/intl/en/policies/privacy/
XI. Rights of the person concerned
If your personal data is processed, the GDPR apply to you and you have the following rights vis-à-vis the responsible person:
1. Right of information
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the person responsible about the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to the rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
2. Right of rectification
You have a right of rectification and / or completion vis-à-vis the controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.
3. Right of restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse the erasure of the personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you object to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the limitation of the processing are restricted in accordance with the aforementioned conditions, you will be informed by the person in charge before the restriction is lifted.
4. Right to erasure
a) Deletion obligation
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately should one of the following reasons apply:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, to which the processing is in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing.
(3) According to. Art. 21 para. 1 GDPR, you file an objection to the processing and there are no prior justifiable reasons for the processing, or you file objection to the processing in accordance with Art. 21 para. 2 GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the person in charge has made the personal data concerning you public and, in accordance with Article 17 para. 1 of the GDPR, is required to delete said data, so will the person responsible take into consideration the technology available and the costs of implementation, including appropriate technical measures to inform data controllers who process the personal data that you, as a person affected, request deletion of all links to such personal data or of copies or replications of such personal data.
c) Exceptions
The right to erasure does not exist if the processing of the data is necessary
(1) to exercise the right of freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority vested in them;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
5. Right of information
If you have the right of rectification, deletion or restriction of processing vis-à-vis the controller, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.
You have a right vis-à-vis the person responsible to be informed about these recipients.
6. Right of Data Portability
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
(1) the processing with consent granted in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract on which Art. 6 para. 1 lit. b GDPR is based and
(2) the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right of data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right of objection
You have the right at any time, for reasons that arise from your particular situation, to file an objection against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he/she can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 /EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your expressed consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and the right to contest the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedies, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority, to which the complaint has been lodged, shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Disclaimer
1. Content
The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.
Parts of the pages or the complete publication including all offers and information might be extended, changed or partly or completely deleted by the author without separate announcement.
2. Referrals and links
The author is not responsible for any contents linked or referred to from his pages – unless he has full knowlegde of illegal contents and would be able to prevent the visitors of his site from viewing those pages. If any damage occurs by the use of information presented there, only the author of the respective pages might be liable, not the person who has linked to these pages. Furthermore the author is not liable for any postings or messages published by users of discussion boards, guestbooks or mailinglists provided on his page.
3. Copyright
The author intends not to use any copyrighted material for the publication or, if not possible, to indicate the copyright of the respective object.
The copyright for any material created by the author is reserved. Any duplication or use of objects such as diagrams, sounds or texts in other electronic or printed publications is not permitted without the author’s agreement.
4. Legal validity of this disclaimer
This disclaimer is to be regarded as part of the internet publication which you were referred from. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remains uninfluenced by this fact.