Privacy Policy of PiNCAMP GmbH, Munich
- Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection regulations, is:
PiNCAMP GmbH
Managing Director: Uwe Frers
Hansastraße 19
80686 Munich
Germany
Office & Postal Address: Torstraße 131, 10119 Berlin
E-Mail: service@pincamp.de
Website: https://business.pincamp.com/
- Name and Address of the External Data Protection Officer
The data protection officer of the controller is:
ePrivacy GmbH
Represented by Prof. Dr. Christoph Bauer
Burchardstraße 14
20095 Hamburg
Germany
- General Information on Data Processing
We collect and use personal data of our users to the extent necessary to provide a functioning and user-oriented website as well as our content and services, and to advertise them specifically. In addition to purely informational use of our website, we offer various services that you can use if interested. For this purpose, you generally have to provide additional personal data, which we use to provide the respective service.
In part, we use external service providers to process your data. These have been carefully selected by us and contractually bound to the applicable data protection laws.
If our service providers or partners are located in a country outside the European Economic Area (EEA), either an adequacy decision exists, or we have secured appropriate guarantees that data processing complies with the principles of the GDPR. We provide information on the respective guarantees in the description of the offer.
- Provision of the Website and Creation of Log Files
4.1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer.
The following data is collected:
- Information about the browser type and version used
- The operating system of the user
- The Internet service provider of the user
- The anonymized IP address of the user
- Date and time of access
- The requested document on our system
- Websites from which the user’s system accessed our website (user agent string)
- Device type (mobile variant)
The data is stored in the log files of our system. The IP addresses of users are anonymized so that assignment to a specific user is no longer possible. Other data that allows assignment to a user is not affected. Storage of this data together with other personal data of the user does not occur.
4.2. Recipients of Data
This website is externally hosted. Personal data collected on this website (e.g., IP addresses, customer data, etc.) is stored on the servers of the hosting provider (Amazon Web Services EMEA SARL).
Personal data may be transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework of the European Commission pursuant to Art. 45 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). Amazon Web Services Inc. is certified under the adequacy decision to the EU-US Data Privacy Framework of the European Commission, so the usual level of protection under the GDPR applies for the transfer.
4.3. Legal Basis for Data Processing
The legal basis for processing personal data is Art. 6 para. 1 lit. f GDPR.
The processing of your data serves to safeguard the following legitimate interests:
- Improvement of our offerings
- Protection of our systems against misuse
- Prevention of attacks
- Creation of statistics
- Retention of our correspondence with you
4.4. Purpose of Data Processing
Processing the anonymized IP address by the system is necessary to deliver the website to the user’s computer. The anonymized IP address of the user must therefore be stored for the duration of the session.
4.5. Storage Duration
Any personal data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection to provide the website, this is when the respective session ends.
- Listing of Campsites
5.1. Description and Scope of Data Processing
We process data from campsite operators to list them on our B2C website pincamp.de and make them available for booking to users. For this purpose, questionnaires are sent to campsites requesting contact information.
The following data is collected:
- Your contact information (such as first and last name, campsite address, e-mail address, telephone number)
5.2. Recipients of Data
In processing your data, we work with the following service providers who have access to your data:
- Providers of ticket and customer support software
- CRM system providers
5.3. Legal Basis for Data Processing
The legal basis for processing personal data is performance of a contract and pre-contractual measures under Art. 6 para. 1 lit. b GDPR, compliance with legal obligations under Art. 6 para. 1 lit. c GDPR, or our legitimate interest under Art. 6 para. 1 lit. f GDPR.
Our legitimate interest is to provide and maintain a current and reliable campsite directory, make campsites searchable, and enable contact and booking preparation and execution via our platform.
5.4. Purpose of Data Processing
Processing personal data is necessary to provide contractual services and fulfill contractual obligations with our contracting partners, as well as to list additional campsites with whom we do not have a contractual relationship.
5.5. Storage Duration
Any personal data is deleted once there is no longer a contractual relationship, legal retention periods have expired, or an objection to the listing of the campsite is made.
- Business Services
6.1. Description and Scope of Data Processing
We process data of our contractual and business partners, e.g., customers and prospects within the scope of our contractual relationship and related measures, including business communication with partners (or pre-contractually), e.g., to answer inquiries.
The following data is collected:
- Your contact information (such as first and last name, address, e-mail, phone number)
- Your correspondence with us
- Payment data (such as account number, credit card number, bank)
- Customer data (such as invoice data, user profiles, address, payment data)
6.2. Recipients of Data
In processing your data, we work with the following service providers who have access to your data:
- Sales service providers
- Payment service providers
- Email providers
- CRM system providers
- Chat software providers
- Accounting and invoicing providers
6.3. Legal Basis for Data Processing
The legal basis for processing personal data is performance of a contract and pre-contractual measures under Art. 6 para. 1 lit. b GDPR and compliance with legal obligations under Art. 6 para. 1 lit. c GDPR.
6.4. Purpose of Data Processing
Processing personal data is necessary for the provision of contractual services and fulfillment of contractual obligations, as well as for communication, organization, and execution of business processes.
6.5. Storage Duration
Any personal data is deleted once there is no longer a contractual relationship or the legal retention obligations have been fulfilled.
- Emails
7.1. Description and Scope of Data Processing
From time to time, we inform our contracting partners about important news such as contract-related changes, current offers, or events.
7.2. Recipients of Data
For sending newsletters, we use the Europe-based processor salesforce.com Germany GmbH, effectively bound by an agreement under Art. 28 GDPR.
Personal data may be transferred to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework of the European Commission pursuant to Art. 45 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). Salesforce, Inc. is certified under the adequacy decision to the EU-US Data Privacy Framework of the European Commission, so the usual level of protection under the GDPR applies for the transfer.
7.3. Purpose and Legal Basis for Data Processing
The legal basis for processing depends on the case, either Art. 6 para. 1 lit. b GDPR (contractual relationship), your consent under Art. 6 para. 1 lit. a GDPR, or for existing customers Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to maintain existing contractual relationships and inform our existing customers about contract-related information as well as similar products/services and events (direct marketing).
The purpose of processing your personal data (email address) is to enable sending and delivery of our mailings.
7.4. Storage Duration
Your contact data is stored until your unsubscription, objection, or revocation of consent, or until the end of the contractual relationship.
7.5. Objection and Removal Option
You can unsubscribe from the newsletter at any time and revoke your consent. Revocation or objection can be made via the link provided in each newsletter email, by email to datenschutz@pincamp.de, or by contacting the details provided in the imprint.
- Your Contact with Us
8.1. Description and Scope of Data Processing
When you contact us by email or via a contact form, the data you provide (your email address, if applicable your name and phone number, your country, your inquiry, etc.) is stored by us to answer your questions.
8.2. Recipients of Data
For our Customer Relationship Management (CRM), we use the Europe-based processor salesforce.com Germany GmbH, effectively bound by an agreement under Art. 28 GDPR.
Personal data may be transferred to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework of the European Commission pursuant to Art. 45 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). Salesforce, Inc. is certified under the adequacy decision to the EU-US Data Privacy Framework of the European Commission, so the usual level of protection under the GDPR applies for the transfer.
For contact forms on our online offering, we use the plug-in “Gravity Forms” by Rocketgenius, Inc. Rocketgenius does not process any data entered in Gravity Forms or have any access to it; Gravity Forms and the entered data are stored in our own WordPress database with our own hosting provider (see https://www.gravityforms.com/gravity-forms-data-access/).
8.3. Purpose and Legal Basis for Data Processing
The legal basis for processing personal data transmitted in the context of contact via email or contact form is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to efficiently process inquiries, communicate with inquirers, ensure the proper operation and security of our communication channels, and internally document inquiries to ensure traceable processing.
If the contact is aimed at concluding a contract or occurs for pre-contractual measures, the legal basis is additionally or primarily Art. 6 para. 1 lit. b GDPR.
8.4. Storage Duration
Data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected, but no later than 2 years. For personal data sent by email, this is the case when the respective conversation with the user has ended. A conversation is considered ended when circumstances indicate that the matter has been conclusively resolved.
8.5. Objection and Removal Option
If you contact us via email, you can object to the storage of your personal data at any time by sending an email to datenschutz@pincamp.de. In such a case, the conversation cannot be continued. All personal data stored in connection with the contact will be deleted.
8.6. User Surveys
For conducting surveys, we use the Google Forms service of Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland (“Google”), effectively bound by an agreement under Art. 28 GDPR. Data collected with a Google Form is stored by Google for us in a virtual storage (Google Drive).
We generally do not collect any personal data in our surveys. However, Google may transfer personal data to Google LLC in the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework of the European Commission pursuant to Art. 45 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). Google LLC is certified under the adequacy decision to the EU-US Data Privacy Framework of the European Commission, so the usual level of protection under the GDPR applies for the transfer.
Further information on data processing in connection with Google Forms and Google Drive can be found in Google’s privacy policy: https://www.google.com/intl/de/policies/privacy/.
The legal basis for data processing is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR.
- Social Media Presence
9.1. Description and Scope of Data Processing
As part of our online presence, we also maintain company profiles on the following social media platforms:
- X
- Youtube
The social media platforms store the data collected about you as usage profiles and use it for advertising, market research, and/or needs-based design of their website. Such analysis occurs particularly (also for non-logged-in users) to display targeted advertising and inform other social network users about your activities on our website.
More information about data processing on the platforms can be found in the respective privacy policies:
–Facebook Fanpage–
We operate a Facebook page (“Fanpage”) on Facebook, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook collects and uses data to provide analytical services (“Page Insights”) for page operators so they can gain insights on how people interact with their pages and associated content.
This includes information about content viewed, interactions, actions taken by users, and device information (e.g., IP addresses, operating system, browser type, language settings, cookie data).
We are jointly responsible with Meta Platforms Ireland Ltd. for the collection and processing of data of visitors to our Fanpage. The legal basis is our legitimate interest in this information for advertising purposes, Art. 6 para. 1 sentence 1 lit. f GDPR.
We have therefore concluded a joint responsibility agreement with Facebook under Art. 26 GDPR. The agreement regulates, in particular, which security measures Facebook must observe and that Facebook must uphold the data subject rights.
Further information about Page Insights and exercising your data subject rights can be found here: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.
The agreement with Facebook can be viewed here: https://de-de.facebook.com/legal/controller_addendum.
- Use of Cookies and Similar Technologies
On our website, we use cookies and similar technologies. These serve to enable use of the website, provide essential functions, and, if you have consented, personalize and further develop our website.
General Information on Cookies
Cookies are small text files stored by your browser on your device. They contain information that can be read again on a later visit (e.g., settings or technical identifiers). Similar technologies serve comparable purposes by storing or reading information on your device.
- Session cookies are only stored for the duration of your website visit and are usually automatically deleted when you close your browser. They are required, for example, to provide basic functions or enable input during the visit.
- Persistent cookies remain stored on your device beyond the session and are automatically deleted after a defined period. They can store your settings or, if you have consented, evaluate website usage to optimize content and functions.
Cookie Banner and Consent Management
When you first visit our website, a cookie banner is displayed. There, depending on the service or category, you can grant or refuse consent. We use a consent management tool by Usercentrics GmbH to document and store your decision.
Cookies and similar technologies that are not strictly necessary are generally only used after your consent. Detailed information about the respective cookies/technologies (e.g., provider, purpose, storage duration) can be found in the cookie banner under “Information & Settings.”
Withdrawal and Change of Your Settings
You can withdraw your consent at any time with effect for the future or change your selection. To do this, open the cookie banner by clicking the fingerprint icon at the bottom left of the browser window and adjust your settings accordingly.
Individual Cookies: