Data protection information for our customers

21.02.2025

Data protection information in accordance with Art. 13 and 14 of the EU General Data Protection Regulation (EU GDPR)

Tanzania Deluxe OHG
Taunusstraße 80
64521 Groß-Gerau
+49 (0) 1514 091733

With this data protection notice, we are informing you, our customers, in accordance with the EU General Data Protection Regulation (EU GDPR) applicable from 25 May 2018, about the processing of your personal data by us and the rights to which you are entitled. This information will be updated as necessary and published at www.tanzaniadeluxe.com. There you will also find further data protection information for visitors to our website.

1. Who is responsible for data processing and who can you contact?

We are responsible for data processing – your tour operator Tanzania Deluxe OHG, Taunusstraße 80 64521 Groß-Gerau, +49 (0) 1514 0911733, travel@tanzaniadeluxe.com

2. Which data and which sources do we use?

We process data that we receive in the course of our business relationship with you. We receive the data directly from you, e.g. when you book a holiday or place another order.

Specifically, we process data for the performance of our services:

  • Master data for the execution and fulfilment of the travel service. (e.g. name and address of the person registering the trip, e-mail address, telephone number, names of accompanying persons and the date of birth or age of all travellers)
  • Identification data for VISA applications, if applicable (e.g. data from identity card or passport)
  • Data in connection with payment processing and, if applicable, as security for the deposit of travel services (e.g. bank details, credit card details)
  • Correspondence (e.g. correspondence or e-mail correspondence with you)
  • Data of your past or previous bookings and stays if booked or arranged through us (e.g. previous trips, personal preferences, reviews)
  • Advertising and sales data (e.g. about new potentially interesting offers)
  • Health data for the prevention of accidents and for the protection of the traveller(s) (e.g. degree of physical disability, disability card, food intolerances, allergies, pregnancies)

3. On what legal basis is your data used (purpose of data processing)?

The following information explains why and for what purpose we process your data.

3.1 For the fulfilment of contractual obligations (Art. 6 para. 1 lit. b EU GDPR)

We process your data to fulfil our contracts with you, i.e. in particular to carry out and process the booked travel services. The purposes of data processing depend in detail on the specific travel service and the contractual documents (e.g. accommodation, transfers, car hire, flights).

3.2 In the context of balancing interests (Art. 6 para. 1 lit. f EU GDPR)

Your data may be processed by us or by third parties in order to safeguard legitimate interests. This is done for the following purposes:

  • Supporting our sales organisation with travel advice and support and sales as part of travel support
  • Further development of travel services and additional products, as well as customer satisfaction surveys
  • Advertising, market research and opinion polling
  • Assertion of legal claims and defence in legal disputes
  • Prevention and investigation of criminal offences
  • Ensuring IT security and availability of IT operations

Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient fulfilment of tasks, sales, avoidance of legal risks). Where permitted by the specific purpose, we process your data in pseudonymised or anonymised form.

3.3 On the basis of your consent (Art. 6 para. 1 lit. a EU GDPR in conjunction with Art. 9 para. 2 lit. a) EU GDPR)

If you have given us your consent to process your personal data, this consent is the legal basis for the processing mentioned there. In addition, you may have consented to being contacted by email, telephone or messenger service or newsletter. Your consent may also relate to the above-mentioned special categories of data such as health data in accordance with Art. 9 EU GDPR.

You can revoke your consent at any time with effect for the future. This also applies to declarations of consent that you gave us before the EU GDPR came into force, i.e. before 25 May 2018. The revocation only applies to future processing, not to processing that has already taken place. Please use our contact address for this purpose.

3.4 Due to legal requirements (Art. 6 para. 1 lit. c EU GDPR)

We are subject to various legal obligations and statutory requirements (e.g. German Civil Code (BGB), German Commercial Code (HGB), GoB, Passenger Name Record Act, EU Package Travel Directive, tax laws of the Federal Republic of Germany). The purposes of processing include identity and age verification, fraud prevention, the fulfilment of control and reporting obligations under tax law and the assessment and management of risks.

4 Who receives my data?

Your data will only be passed on in compliance with the EU GDPR and only insofar as a legal basis permits this. Within our sales organisation, only those departments that need your data to fulfil our contractual and legal obligations or to perform their respective tasks (e.g. sales, customer service, tour management, tour operators, hotels, car rental or transfer companies) will receive your data.

The following organisations may also receive your data:

  • Processors used by us (Art. 28 EU GDPR), in particular in the area of booking systems and IT services, logistics and printing services, who process your data for us in accordance with our instructions. A corresponding contract has been concluded with them in accordance with Art. 28 para. 3 EU GDPR, which regulates the respective data processing.
  • public bodies and institutions (tax authorities, embassies of the destination country) if there is a legal or official obligation (retention obligations, VISA procurement, obtaining entry requirements) and
  • other bodies for which you have given us your consent to transfer data.

5 How long will my personal data be stored?

Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and fulfilment of a contract for the provision of a travel service. In addition, we are subject to various retention and documentation obligations arising from the German Civil Code (BGB), the German Commercial Code (HGB), the German Fiscal Code (AO) and the EU Package Travel Directive, among others. The retention and documentation periods specified there are two to a maximum of ten years. Finally, the storage period is also determined by the statutory limitation periods, which are generally three years in accordance with Sections 195 et seq. of the German Civil Code (BGB), for example. Your personal data will be stored on the basis of your consent until revoked.

6. Will my data be transferred to a third country?

We only transfer your data to countries outside the European Union if this is necessary for the execution and processing of the travel services or is required by law or if you have given us your consent (e.g. long-distance travel). The transfer of data to third countries is therefore additionally measured in accordance with Art. 49 para. 1 lit a. and b. GDPR.

7. Do I have certain rights when handling my data?

You have the right to access (Art. 15 EU GDPR), rectification (Art. 16 EU GDPR), erasure (Art. 17 EU GDPR), restriction of processing (Art. 18 EU GDPR) and data portability (Art. 20 EU GDPR) under the respective legal requirements. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU GDPR). The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information.

8. Am I obliged to provide my data?

As part of our business relationship, you only need to provide the personal data that is required for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to fulfil an existing contract and may have to terminate it.

9. Is there automated decision-making in individual cases?

In principle, we do not use automated decision-making in accordance with Art. 22 EU GDPR to establish and conduct the business relationship. If we use these procedures in individual cases, you will be informed separately if this is required by law.

10. Will my data be used in any way for profiling?

We process your data partially automatically with the aim of evaluating your potential interest in certain products, offers and services. (so-called ‘profiling’ in accordance with Art. 4 No. 4 EU GDPR) The evaluation is carried out using statistical procedures, taking into account your previously booked trips and services with us. We use the results of these analyses for a targeted and needs-based customer approach.

11. Right to object (Art. 21 EU GDPR) and to withdraw your consent (Art. 7 (3) EU GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (data processing on the basis of a balancing of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 EU GDPR, which can be carried out, for example, for customer advice and support, see point 10. If you object, we will no longer process your personal data unless there are legal obligations for further processing or storage.

You also have the right under Art. 7 (3) GDPR to withdraw your consent given to us at any time without any formal requirements. We will then no longer process your data, unless there are statutory retention obligations. The legality of the data processing up to the time of revocation is not affected by this.
To assert your right of objection and cancellation, please use the contact details above.