Data Protection Policy

Policy on the protection of your personal data

We inform you about the processing of your personal data by SeyVillas GmbH and your rights under data protection law in the policy below.

Controller for data processing

SeyVillas GmbH
Niedernstraße 3, 33602 Bielefeld
Managing Directors: Julian Grupp, Francesca Ruggero, Walter Cuccarano
HRB 94243 – Bielefeld District Court
Telephone: +49 521 92279789
E-mail address: contact@seyvillas.com

You can contact our data protection officer by post using the above-mentioned address, FAO “Data Protection Officer”, or by e-mail at datenschutz@seyvillas.com

Purposes and legal bases of data processing

We only collect and process your personal data with your consent or in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and all other relevant laws.

If you request information (e.g. about our company, properties, or services), we require the information you provide in order to process your request.

When you contact us by e-mail or via a contact form, we store the data you provide us with (your e-mail address, name, and telephone number, if applicable) in order to answer your questions. We delete this data once storage is no longer necessary or restrict processing if statutory retention obligations apply.

If you make a binding booking, we require the data you provide in order to draw up the travel contract, for the associated travel services, and to pass it on to the respective contractual partners. If you submit a booking enquiry, we require the data you provide to process the enquiry. If the travel contract becomes effective, we process this data to execute the contractual relationship.

Processing your enquiry or booking and concluding the travel contract is not possible without processing your personal data.

We also require your personal data for the mediation of rental cars or travel insurance, for the development of new quality standards, or to comply with legal requirements. We use the data to consider the entire customer relationship, for example to advise you on contract changes or adjustments, to make goodwill decisions, or to provide comprehensive information.

The legal basis for processing personal data for pre-contractual and contractual purposes is Article 6 (1) (b) GDPR. If special categories of personal data (e.g. health data) are required, we obtain your consent in accordance with Article 9 (2) (a) in conjunction with Article 7 GDPR. If we compile statistics with such data, this is based on Article 9 (2) (j) GDPR in conjunction with Section 27 BDSG.

We also process your data to protect our legitimate interests or those of third parties (Article 6 [1] [f] GDPR), in particular to:

• ensure IT security and operations,
• advertise the properties we offer, and
• prevent and investigate criminal offences.

We also process your personal data to comply with legal obligations, such as supervisory or police requirements, and commercial and tax retention obligations. The legal basis in this case is the relevant statutory provisions in conjunction with Article 6 (1) (c) GDPR. Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance in accordance with legal requirements.

Categories of data we collect

If you are interested in our services and make an enquiry, you may transmit to us:

• Your personal data (e.g. address, e-mail address, telephone number, date of birth)

If you book a trip, individual travel services or associated travel services, we collect data to fulfil your contract with us:

• Your personal information, e.g. your address, e-mail address, telephone number and date of birth, passport details, other identification information
• The personal details of the people travelling with you
• Relevant medical data and any specific data
• Payment details (e.g. credit card details, account information, billing address)
• The products or services you have booked
• Your mobile phone number for changes to flight times and transfer pick-up where you are holidaying
• Your mobile phone number for crisis management notifications in the event of a crisis or incident

If you browse our websites or use our mobile apps, we may collect information:

• Travel preferences
• Information concerning your surfing behaviour on our websites and mobile apps
• Information detailing when you click on one of our advertisements, including those shown on other organisations’ websites
• Information concerning the way you access our digital services, including the operating system, IP address, online identifiers and browser details
• Social preferences, interests and activities

If you contact us or we contact you, or if you take part in promotions, competitions, surveys about our services, we may collect:

• Personal data that you provide when you contact us, including by e-mail, post and telephone or through social media, e.g. your name, user name and contact details
• Details concerning e-mails and other digital communications that we send to you and you open, including links in such communications that you click on
• Your feedback and contributions to customer surveys and evaluations

Other sources of personal data

• We may use personal information from other sources, e.g. companies that provide information and data, trading partners and public registers.
• Your insurance company, its representatives and medical employees may share relevant personal data and special categories of personal data with us in circumstances where we need to act on your behalf or on the behalf of other customers or in an emergency.
• When you use your login details to sign into a social network to connect to our platforms and online services, e.g. Facebook or Instagram, you agree to sharing your user information with us. As an example, this could include your name, e-mail address, date of birth, location, and other information you choose to share with us.
• Personal data that you transmit to us that relates to other people
• We use personal data you provide about other people, e.g. additional information on your booking.
• By transmitting personal data concerning other people, you must ensure that they agree to this and that you are allowed to transmit the data. You should also ensure that these people know how their personal data could be used by us.

Categories of recipients of personal data

Hotels and accommodation:

During the trip, hotels and accommodation in which you are staying receive all necessary data. The same applies if you are looked after locally and this information is needed for your on-site support.

Airlines:

The selected airline also receives all data required to properly book the outbound and return flight.

Credit card acquirer (card-accepting bank):

The card-accepting bank, currently Revolut Bank UAB, enables SeyVillas GmbH to accept Visa or Mastercard payments under an acceptance agreement. Revolut connects SeyVillas GmbH, the card network (Visa or Mastercard), and the customer’s bank. Through the online payment system, payment data is securely transmitted with the payment request, and Revolut ensures compliance with security standards such as PCI-DSS. After confirmation by the customer’s bank, Revolut authorises the payment and transfers the amount to the SeyVillas merchant account. Revolut handles risk management, fraud detection, chargebacks, and refunds. As Revolut bears the financial risk, certain personal data is transmitted to Revolut when paying for flights by credit card. Revolut processes this data not “out of interest” but to meet legal obligations, ensure payment security, prevent fraud and misuse, and properly handle refunds or disputes.

Types of data processed:

• Name of the cardholder
• Billing address and country of residence
• Card number (masked), expiry date, transaction ID
• E-mail address and/or phone number
• IP address or device information for risk analysis
• Booking and transaction details (amount, airline, flight, date)

Legal bases under GDPR:

• Article 6 (1) (b) – contract performance (payment processing)
• Article 6 (1) (c) – legal obligations (e.g. anti-money laundering)
• Article 6 (1) (f) – legitimate interest of the acquirer in fraud prevention and protection against payment defaults

Revolut’s privacy policy is available at: https://www.revolut.com/en/privacy-policy/

Rental car provider:

The rental car provider receives the application and contract data required to execute the agreement.

Travel insurance provider:

The travel insurance provider receives the application and contract data required to execute the agreement.

External service providers:

We sometimes use external service providers to fulfil our contractual and legal obligations.

You may request a list of contractors and service providers with whom we have ongoing business relationships from our Data Protection Officer. We will send you a printed copy by post.

Other recipients:

We may also transfer your personal data to other recipients, such as authorities, to comply with legal reporting obligations (e.g. tourist authorities, tax and social authorities, law enforcement agencies, courts).

Data storage period

We erase your personal data as soon as it is no longer required for the purposes described above. In some cases, data may be retained for the period during which claims may be made against our company or other contractual partners (statutory limitation periods of three to thirty years). We also store personal data where we are legally required to do so. Data processed solely for fraud prevention will be deleted once it is no longer necessary for that purpose.

Obligations to provide evidence and retain records arise in particular from the German Commercial Code (§ 257 HGB) and the Fiscal Code (§ 147 AO). Storage periods can be up to ten years.

Data subject rights

You can request details concerning the personal data stored about you by using the above-mentioned address. Under certain circumstances, you may also request that your data is rectified or erased. You may also have a right to restrict the processing of your data and a right to receive the data you provided in a structured, commonly used and machine-readable format:

• Right of access, Article 15 of the GDPR
• Right to rectification, Article 16 of the GDPR
• Right to erasure (‘right to be forgotten’), Article 17 of the GDPR
• Right to restriction of processing, Article 18 of the GDPR
• Right to data portability, Article 20 of the GDPR
• Right to object, Article 21 of the GDPR

Right to object

You have the right to object to the processing of your personal data for the purposes of direct marketing.

If we process your data to protect legitimate interests, you may object to such processing if there are reasons arising from your particular situation that speak against the processing of your data.

To exercise your rights, you can contact us by e-mail at datenschutz@seyvillas.com.

For identification purposes, please provide the following information:

• Name
• Postal address
• E-mail address
• booking ID

Please note that we will process your personal data in accordance with Article 6 (1) (c) of the GDPR in order to handle your request and identify you.

You will receive a response to your request concerning your data subject rights within the statutory period of no later than four weeks. Before we process your personal data for any other purpose, we will inform you of this in advance.

Right to lodge a complaint

You have the right to lodge a complaint with the above-mentioned Data Protection Officer or with a data protection supervisory authority.

The supervisory authority responsible for our company is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
(Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Kavalleriestr. 2–4
40213 Düsseldorf, Germany

Transfer of data to a third country

If we transfer personal data to service providers outside the European Economic Area (EEA), such transfer will only take place if the third country has been confirmed by the EU Commission as providing an adequate level of data protection, or if other appropriate data protection safeguards are in place (e.g. binding corporate rules or EU standard contractual clauses).

Data protection on this website

The protection of your privacy and the security of your personal data are also important to us when you visit our website.

Our applications comply with the provisions of the European General Data Protection Regulation, the Federal Data Protection Act, and other industry-specific data protection regulations applicable online (e.g. the Telecommunications Act and the Telemedia Act).

All our employees are obliged to comply with the EU General Data Protection Regulation and the Federal Data Protection Act.

Anonymized data / log files / IP address

You can visit our website without providing any personal information. We only store access data without personal references. This data is evaluated solely to improve our offer and does not allow any conclusions to be drawn about you personally.

We collect, store, and process your data to handle your reservation or booking as well as for advertising purposes. Personal data is collected when you voluntarily provide it to us as part of an enquiry, booking, or newsletter registration.

You may revoke your consent to the use of your data for consultancy, advertising, market research, quality assurance, and property evaluation at any time, including electronically.

Your personal data is only shared with third parties insofar as this is necessary for the execution and reservation of the respective travel services, i.e. with local service providers.

We use your personal data (such as name, address, telephone number, or e-mail) solely to process your reservations and bookings and to communicate with you.

Your personal data will not be passed on beyond the contractual purpose or shared with third parties.

These data protection principles are continuously updated and adapted in line with developments in data protection and security technology.

Use of cookies

We use ‘cookies’ on our website. Cookies are small files that are saved on your computer and save certain settings and data to exchange with our system via your browser. This helps us to design the website accordingly for you and makes it easier for you to use it, for example by saving certain entries meaning you do not have to constantly repeat these entries. Your browser allows you to restrict cookie settings. This may result in you being unable to use our website or it may result in limited functionality. Cookies can also be deleted in settings.

A cookie is a data element that a website can send to your browser to save on your system for later use.

Session cookies are deleted after you close your browser.

We use long-term cookies that stay on your hard drive. The expiration time is set to a date in the future for your convenience. When you visit us again, it will automatically recognise that you have already been on our website and which entries and settings you prefer.

We use the following cookies:

Own cookies:

• Session cookie: expires after 10 hours
• Cookie for travel period: expires at the end of the session
• Cookie for personal settings (e.g. newsletter): expires at the end of the session
• Cookie for notepad: expires after 30 days
• Cookie for properties last accessed/already viewed: expires at the end of the session

Third-party cookies:

• Various cookies for web tracking, e.g. *Google-Analytics
• Various cookies for web analysis, e.g. Hotjar
• Various cookies for product recommendations, e.g. Appnexus
• Various cookies for SEM optimisation, e.g. Intelli-Ad and Microsoft Bing
• Various cookies from social networks, e.g. Facebook, YouTube

Cookie Consent Management Platform:

SeyVillas uses the CookieFirst platform (Digital Data Solutions B.V. – CookieFirst, Plantage Middenlaan 42a, 1018DH Amsterdam, The Netherlands) to manage third-party scripts and visitor consent on the SeyVillas portal. More information can be found here: https://cookiefirst.com/legal/privacy-policy/

Details

Web analytics tools

We use technology from the following providers for marketing and for the statistical evaluation of our web pages:

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

This website uses Google Analytics, a web analytics service from Google Inc. (‘Google’). Google Analytics uses ‘cookies’, text files that are saved on your computer and allow an analysis of how you use the website. Information generated by the cookie about your use of this website is generally sent to a Google server in the USA and stored there.

If IP anonymisation is activated on this website, however, your IP address will first be truncated by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities, and to provide other services to the website operator related to website and internet use.

The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by changing your browser settings; however, please note that in this case you may not be able to use all functions of this website in full.

You can also prevent Google from collecting and processing the data generated by the cookie relating to your use of the website (including your IP address) by downloading and installing the browser plugin available via the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

Note: Our website uses Google Analytics with the new, data protection compliant extension ‘_anonymizeIp()’. Therefore, IP addresses are only processed in a shortened form in order to exclude direct personal references.

Conversion Tracking

In addition to Google Analytics, conversion tracking is also used. Conversion Tracking is a tool in Google Ads that enables SeyVillas to learn more about the actions a customer performs after interacting with SeyVillas ads. This allows SeyVillas to determine which ads generate the most value and how they can be optimised.

Further information can be found here: https://business.google.com/ad-tools/conversion-tracking/

Vimeo

We also use the web analysis tool ‘Vimeo’ with the provider Cloudflare

Vimeo (Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA) enables ad-free video hosting, allowing videos to be uploaded, stored, and shared via a customisable player that SeyVillas uses on its website for advertising or presentations. It also offers video marketing and analytics for evaluating viewer numbers, interactions, engagement, and geodata.

Vimeo uses cookies to collect non-personal data, including standard internet protocol data and information about your behaviour when visiting our website. We do this to provide a better user experience, identify preferences, diagnose technical problems, analyse developments, and improve our website.

You can find further information about Vimeo here: https://vimeo.com/legal/privacy

Microsoft Bing Ads

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

If you reach our website via a Microsoft Bing advertisement, a cookie is stored in your browser. These cookies are not used for personal identification. The information obtained through the cookie is only used to create statistics on the use of the website. This helps us evaluate and improve our marketing measures.

You can refuse the setting of cookies through your browser settings if you do not wish to participate in this process. One way to do this is to adjust your browser settings so that cookies are automatically deactivated. You may also install a corresponding browser plugin to prevent the cookie from sending information. You can opt out directly from Microsoft here: https://choice.microsoft.com/opt-out

Further information on data protection and cookies used by Microsoft Bing can be found here: https://privacy.microsoft.com/privacystatement

How to opt out:

By confirming the links, an ‘opt-out cookie’ is placed on your device. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted. If you still wish to object to anonymised data collection, you must set the opt-out cookies again. These are set per browser and per device. If you visit our website from different devices or browsers, you must activate the opt-out cookies in each of them.

Personalised product recommendations

We use retargeting functions from Google Ads (Google Remarketing) (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), Bing (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), and Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). You can also find options to opt out of data collection here:

Google: https://www.google.com/policies/privacy/ads

Bing: https://privacy.microsoft.com/privacystatement

Facebook: https://www.facebook.com/policy.php

Use of Visual Website Optimizer

Our website uses a process from Visual Website Optimizer (http://visualwebsiteoptimizer.com) to determine statistical key figures regarding the use of our services. Anonymous data is collected. This test uses cookies to recognise computer systems, which expire at the end of the test. IP addresses are not stored.

You can object to the storage of your anonymously collected visitor data at any time here: https://visualwebsiteoptimizer.com/opt-out.php

Use of social plugins – Facebook

This website uses ‘social plugins’ (‘plugins’) from the social network Facebook, operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (‘Facebook’). Plugins are identified by a Facebook logo or the wording ‘Facebook Social Plugin’.

An overview of Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/

When you access a page on our website containing such a plugin, your browser establishes a direct connection with Facebook’s servers. The plugin content is transmitted directly from Facebook to your browser and integrated into the website. Through this process, Facebook receives information that your browser has accessed the corresponding page, even if you do not have a Facebook account or are not logged in.
This information (including your IP address) is transmitted from your browser directly to Facebook’s server in the USA and stored there.

If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook account. When you interact with the plugin, for example by clicking the ‘Like’ button or posting a comment, this information is also transmitted directly to Facebook and stored there. The information may also be published on Facebook and shown to your friends.

Facebook may use this information for advertising, market research, and the design of Facebook pages according to user needs. For this purpose, Facebook creates usage, interest, and relationship profiles.

If you do not want Facebook to assign the data collected on our website to your Facebook account, log out of Facebook before visiting our website.

For more information, see Facebook’s privacy policy: https://www.facebook.com/about/privacy/

Live chat terms of use

SeyVillas GmbH offers a free live chat on its websites. Customers and prospective customers for SeyVillas travel services can communicate directly and in real time with our employees, receive advice, and ask questions. The chat is strictly two-sided; no other users can read the conversation. Apart from your internet connection, no costs are incurred.

General use

The live chat is a text chat via the computer keyboard. Before receiving information related to contract data, users must verify their identity by answering specific questions. To ensure a secure, fair, and respectful exchange, SeyVillas expects politeness, openness, and respect from users. Chats violating these principles will be terminated; serious cases may result in a user block. Chat availability times are listed on the website. SeyVillas reserves the right to modify chat hours or discontinue the service without notice.

Legal notice

The live chat serves for general information exchange only. Information provided is not legally binding. Legal declarations such as binding offers, cancellations, or goodwill claims are not accepted through live chat. Complex matters will be referred to the relevant department.

Liability

SeyVillas accepts no liability for technical transmission errors, incomplete displays, or content alterations. Responsibility for participant statements is excluded. Misuse or advertising within the chat is prohibited. Violations of law, decency, or etiquette may lead to blocking from the service. SeyVillas assumes no liability for damages unless caused by fault of SeyVillas.

Data protection

Only data necessary to handle the chat are used. After using the live chat, the following data may be stored for statistical and quality purposes:

• IP address
• Time and duration
• Operating system and browser
• Referring website
• Page visited
• Feedback

Chat records are stored for up to six months and then deleted unless retained longer for legal reasons (e.g. evidence). Users can save or print their chat transcripts.

Security

The chat runs over an SSL-encrypted connection. Staff operate in secure, private areas to ensure confidentiality. Users must ensure that their personal information cannot be seen by third parties, particularly when using public or shared devices.

Other

SeyVillas reserves the right to suspend the chat service in case of security issues such as viruses or manipulation.

Terms of use may be updated without prior notice. Updates will be announced on the website. Chatlio privacy policy: https://chatlio.com/legal/privacy-policy/

Newsletter

You can subscribe to a free newsletter on our website. When registering, we collect your name (or a pseudonym) and email address, as well as your IP address, date, and time of registration. Your consent is obtained during the registration process, referencing this privacy notice.

SeyVillas also sends newsletters to users who have made a booking request or a confirmed booking (existing customers). In such cases, newsletters are limited to direct marketing for SeyVillas products and services.

The legal basis for newsletter data processing with consent is Art. 6 (1) (a) GDPR. For existing customers, the legal basis is Section 7 (3) UWG.

You can cancel your subscription at any time using the unsubscribe link in each newsletter.

SeyVillas uses MailChimp (The Rocket Science Group, LLC, 512 Means Street, Ste 404, Atlanta, GA 30318, USA) as a mailing provider. Data entered during registration are transmitted to and stored by MailChimp. After signing up, you’ll receive a confirmation email (“double opt-in”).

MailChimp provides analytics on how newsletters are opened and used. These analyses are aggregated, not individual. MailChimp also uses Google Analytics within newsletters (see “Web analytics using Google Analytics”).

More information: https://mailchimp.com/legal/privacy/

Customers who completed a booking may also receive a review request via TrustPilot (Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark). More information: https://legal.trustpilot.com/end-user-privacy-terms

Data security

Our security measures comply with current technical standards.

Transmission of sensitive data

When you access pages where data can be entered, we use SSL encryption (at least 128-bit). You can identify SSL encryption by the HTTPS prefix or padlock symbol in your browser.

E-mails

We do not send emails containing personal data unencrypted. Please note that unencrypted emails are not secure against unauthorised access or manipulation. We recommend using the contact form for secure communication.

Phishing

Phishing fraudsters fake emails or websites to obtain sensitive information. SeyVillas will never ask for confidential data (e.g. bank or credit card details) via email or SMS. More information can be found on the website of the German Federal Office for Information Security (BSI).

Access protection

Our systems are secured by firewalls, login procedures, and authorisation systems ensuring that internal applications are accessible only to authorised personnel.

Further information on internet security can be found here: https://www.bsi-fuer-buerger.de

 

Bielefeld, 30/10/2025 – V.1.3