Data protection declaration of NTI Nordic Travel Incoming GmbH

We are pleased with your interest in our web presence. The protection of your personal data is very important for us. The use of our website is generally possible without specification of any personal data.

By means of the following data protection declaration, we would like to inform you about type, scope and purpose of the personal data collected by us. With this data protection declaration, we will apart from that inform you about the rights you have.
Our Data Protection Declaration is based on the terms that have been used by the European body issuing directives and regulations when passing the General Data Protection Regulation (DSGVO) as of 25.05.2018.

1. Name and address of the data controller

The controller within the meaning of the General Data Protection Regulation is:
Nordic Travel Incoming GmbH
Mr Ondrej Karpisek (CEO)
Friedrich-Wilhelm-Platz 7
12161 Berlin
Phone: +49 (0)30 587 646 719
Email: ondrej@nti-berlin.de

2. Name and Address of the Data Protection Officer

The data protection officer of NTI Nordic Travel Incoming is:
Ms Judit Karall (Head office manager)
Phone: +49 (0)30 587 646 719
Email: judit@nti-berlin.de

3. Processing of Personal Data

Personal data are individual details that can be used to directly or indirectly identify a person, such as a name or address. Personal data may be processed during visits to our website in the following cases:

a) Access data / server log files

NTI Nordic Travel Incoming GmbH processes a limited amount of data (so-called “connection data”) for technical reasons every time its website is accessed. This data is technically required to establish and maintain a connection between your device and our servers. Data is processed on the basis of Section 13 Paragraph 1 and Section 15 Paragraph 3 of the German Telemedia act (Telemediengesetz; TMG). The following data and data categories may be collected:
•    Name of the accessed website
•    Date and time of access
•    Browser type and version
•    User’s operating system
•    Referrer URL (previously accessed page)
•    IP address

b) YouTube
The data controller has integrated YouTube features on its website. YouTube is a free Internet portal that lets video publishers post video clips and allows other users to watch, rate and comment on them. As YouTube allows the publication of all kinds of videos, the Internet portal can be used to access full-length films and television programmes, music videos, trailers and self-made videos uploaded by users.
The operating company behind YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time a user accesses one of the pages on this website operated by the data controller with an integrated YouTube feature (YouTube video), the Internet browser on the IT system run by the data subject is automatically directed to download and stream the respective feature from YouTube. You can find more information about YouTube at https://www.youtube.com/yt/about/de/. This technical process allows YouTube and Google to discover which specific sub-page on our website has been visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube will identify the specific sub-page containing a YouTube video on our website that has been visited by the data subject. This information is collected by YouTube and Google and matched to the YouTube account of the data subject.

If the data subject is logged in to YouTube when accessing our website, YouTube and Google will always receive a notification via the YouTube component that the data subject has visited our website; this happens regardless of whether the data subject clicks on a YouTube video. If the data subject does not want this information to be transferred to YouTube and Google, they may stop this transfer by logging out of their YouTube account before accessing our website.
The data protection regulations published by YouTube can be accessed at https://www.google.de/intl/de/policies/privacy/; they provide more information on the collection, processing and use of personal data by YouTube, as well as the legal foundation of this processing.

4. Data erasure and storage duration

The user’s personal data will be erased or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

5. Rights of the data subject (withdrawal, access, rectification, erasure)

Every person affected by the processing of personal data is – according to the legal regulations – entitled to request from the data controller free access to or confirmation regarding the personal data stored about them. Apart from that, there is a right to the immediate rectification of incorrect personal data referring to them or erasure or to restriction of the processing or a right to object to the processing.
Any consent under the data protection law to the processing of personal data can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
There is the right to receive the personal data which have been provided by the data subject in a structured, commonly used and machine-readable format and to transmit those data to another controller.
Apart from that and irrespective of any other administrative or legal appeal, a complaint can be lodged with a supervisory authority of the Member States if there are doubts regarding the lawfulness of the processing of the personal data about them.

6. Data transfer to third parties

In order to provide our services based on a clients’ request, we need to share personal data with providers of the clients travel packages, including transportation companies, hotels or similar accommodation providers, restaurants and activity providers. We will only transfer personal data for the purpose of contract fulfilment in accordance with Art. 28 DSGVO. You can rest assured that we will always check the possible transfer of personal data to third parties in accordance with data protection law.