Privacy Policy

This privacy statement explains what personal data we or third parties may collect during your visit to our website, to what extent, and how this information is used. The same applies when we collect or use additional personal data in the context of providing our media services (websites) for the use of a telemedia service.

Definitions

The privacy policy of sailwithus is based on the terminology used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use the following terms, among others:

a) Personal data

Personal data refers to any information that relates to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e) Profiling

Profiling is any type of automated processing of personal data that involves using personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning their work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

The controller or controller responsible for the processing is the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.

If the purposes and means of processing are determined by Union law or the law of the Member States, the controller or the specific criteria for their designation may be provided for by Union law or the law of the Member States.

h) Processor

A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, authority, agency, or other body to whom personal data is disclosed, regardless of whether they are a third party or not. However, authorities that may receive personal data in the course of a specific investigation under Union law or the law of the Member States are not considered recipients.

j) Third party

A third party is a natural or legal person, authority, agency, or other body, other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes, in the form of a statement or other clear affirmative action, by which the data subject signifies their agreement to the processing of personal data relating to them.

Collection of general data and information

The website of sailwithus collects a range of general data and information with each visit to the website by a data subject or an automated system. This general data and information are stored in the server's log files. The data collected may include (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system arrives at our website (so-called referrer), (4) the sub-websites accessed through an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to protect against threats in the event of attacks on our information technology systems.

When using this general data and information, sailwithus does not draw any conclusions about the data subject. Instead, this information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and the advertising for it, (3) ensure the continuous functionality of our information technology systems and the technology of our website, and (4) provide law enforcement agencies with the necessary information for prosecution in the event of a cyberattack. Therefore, sailwithus analyzes these anonymously collected data and information statistically and with the aim of improving data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from any personal data provided by a data subject.

Collection and use of IP addresses

A computer that connects to the internet is assigned a unique number by an internet service provider. This number is the Internet Protocol (IP) address. Depending on the service, the provider may assign a different address each time the user connects to the internet. Since IP addresses are typically assigned in country-based blocks, an IP address can often be used to identify the country from which the connection is made. When you visit our websites, our web server temporarily records the following server log: the IP address, the name of the retrieved file, the date and time of the retrieval, the amount of data transferred, the message confirming successful retrieval, the browser type and version, the user's operating system, the referring URL (the previously visited page), and the requesting provider. The collection and use of these log data is carried out by us for the purpose of system security and ensuring the proper functioning of the website. If this is not the case, we will anonymize the IP addresses before further use so that personal identification is no longer possible. If you enter into a contractual relationship with us, the collection and use of the log data is for the purposes of contract documentation and to prevent misuse.

If third-party content, such as videos, maps, RSS feeds, graphics, or social plugins from other service providers (websites), is embedded into our websites, this always requires that these service providers ("third parties") process the users' IP addresses. Without the IP address, they would not be able to send their content to the user's browser. Therefore, the IP address is necessary for the display of these contents. We have no control over the third-party providers' use of the IP address, such as for statistical or other purposes. As far as we are aware, we will inform users about this below.

The privacy policy of Google can be viewed at this link.

We point out that internet-based data transmission has security gaps and that complete protection against access by third parties is therefore not possible.

2. Own Cookies

a) Description and scope of data processing

We use so-called cookies on our site to recognize multiple uses of our offer by the same user/internet connection owner. Cookies are small text files that your internet browser stores on your computer. They serve to optimize our online presence and our offers. These are usually so-called "session cookies," which are deleted after the end of your visit.

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR.

In the case of processing personal data using cookies for analytical purposes, the legal basis according to Article 6(1)(a) of the GDPR is the user's consent.

c) Purpose of data processing

The purpose of technically necessary cookies is to simplify the use of our website for users. Some features of our website cannot be offered without the use of cookies. Therefore, it is necessary for the browser to be recognized even after changing pages.

We require cookies, for example, for the following applications:

(1) Shopping cart

(2) Retention of language settings

(3) Remembering search terms

The user data collected through technically necessary cookies is not used by us to create user profiles. In some cases, cookies provide information to automatically recognize you. This recognition occurs based on the IP address stored in the cookies. The information obtained in this way is used to optimize our offerings and provide you with easier access to our site. Through analytical cookies, we learn how the website is used, allowing us to continuously improve our offerings.

These purposes also constitute our legitimate interest in processing personal data according to Article 6(1)(f) of the GDPR.

d) Duration of storage, right to object, and possibility of removal

Cookies are stored on your computer and then transmitted to our site. Therefore, you have full control over the cookies collected.

You can prevent the installation of cookies by adjusting the settings of your browser. You can find these settings for the respective browsers at the following links:

• Internet Explorer: https://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
• Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
• Firefox https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Opera : https://help.opera.com/Windows/10.20/de/cookies.html

However, we would like to inform you that in this case, you may not be able to fully utilize all the features of our website.

3. Third-Party Cookies & Tracking Technologies

To the extent that third-party content is embedded on our websites, these third-party providers may set cookies, which you can also prevent in your browser by making specific settings.

Our website also uses so-called tracking technologies. We use these technologies to make our online offerings more appealing to you. This technology allows us to target internet users who have already shown interest in our website with advertisements on our partner websites (e.g., Facebook, Google).

3.1 Google Analytics with anonymization feature

a) Description and scope of data processing

We use Google Analytics on our site, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google." Google Analytics uses so-called "cookies," text files that are stored on your computer and enable an analysis of your use of the website.

The information generated by these cookies, such as the time, location, and frequency of your website visits, including your IP address, is transmitted to Google in the USA and stored there.

We use Google Analytics on our website with an IP anonymization feature. In this case, your IP address is shortened and anonymized by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google will use this information to evaluate your use of our site, compile reports on website activities for us, and provide other services related to website usage and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

According to Google, they will not associate your IP address with other data from Google under any circumstances.

The following data may be stored, among others:

(1) The website visited

(2) The website from which the user arrived at the visited website (referrer)

(3) The duration of stay on the website

b) Legal basis for data processing

The legal basis for processing the personal data of users is Article 6(1)(f) of the GDPR.

c) Purpose of data processing

The processing of users' personal data allows us to analyze their browsing behavior. By evaluating the data obtained, we are able to compile information about the usage of individual components of our website. This helps us continuously improve our website and its user-friendliness. Our legitimate interest in processing the data under Article 6(1)(f) of the GDPR also lies in these purposes. The anonymization of the IP address sufficiently addresses the users' interest in the protection of their personal data.

d) Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes. In our case, the data is not automatically deleted because, under Article 6(1)(f) of the GDPR, there is a legitimate interest in data processing, and the data is required to use historical user data for creating target groups (e.g., for remarketing) for an unlimited period. Additionally, long-term analyses and well-founded optimizations can be carried out.

e) Right to object and possibility of removal

You can prevent the installation of cookies by adjusting the settings of your browser software. However, we would like to point out that in this case, you may not be able to fully utilize all the features of our website.

Furthermore, Google offers an opt-out option for the most common browsers, which gives you more control over which data is collected and processed by Google. If you enable this option, no information about your website visit will be transmitted to Google Analytics. However, enabling this option does not prevent information from being transmitted to us or other web analytics services we may use. For more information about the opt-out option provided by Google and how to enable it, please visit the following link: https://tools.google.com/dlpage/gaoptout?hl=en

3.2 Google AdWords Remarketing

a) Description and scope of data processing

We use the Google Remarketing service on our website, provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google." Google Remarketing allows ads to be displayed to users who have previously visited our website. As a result, personalized ads can be shown to you on our site within the Google ad network based on your interests. Google Remarketing uses cookies for this evaluation. Cookies are small text files stored on your computer that enable an analysis of the website's usage. This allows us to recognize our visitors when they visit websites within the Google ad network. In this way, ads related to content that the visitor previously viewed on websites within the Google ad network can be displayed, provided these websites also use the Google Remarketing feature. According to Google, no personal data is collected in this process. Once the purpose is fulfilled and we stop using Google AdWords Remarketing, the data collected in this context will be deleted.

b) Legal basis for data processing

The legal basis for processing personal data through the remarketing cookie is Article 6(1)(f) of the GDPR.

c) Purpose of data processing

If you are logged into Google during your visit to our website, Google uses your data to create and define audience lists for cross-device remarketing. Based on these audiences, advertisements for previously viewed products can then be displayed. This form of advertising is entirely pseudonymous. No user profiles are combined with your personal data. By using our site, you consent to the use of so-called cookies, which collect, store, and use your usage data.

d) Duration of storage

The personal data will be deleted as soon as the maximum storage period of 540 days has expired.

e) Right to object and possibility of removal

You can disable the features related to personalized advertising by making the appropriate settings at https://www.google.com/settings/ads.

3.3 Google AdWords Conversion Tracking

a) Description and scope of data processing

We also use the Google advertising tool "Google AdWords" to promote our website. As part of this, we use the analysis service "Conversion Tracking" from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google." If you have arrived at our website through a Google ad, a cookie is placed on your computer. Cookies are small text files that your internet browser stores on your computer. These so-called "conversion cookies" expire after a maximum of 540 days and do not serve to personally identify you. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognize that you, as a user, have clicked on one of our ads placed on Google and were redirected to our page.

b) Legal basis for data processing

The legal basis for processing personal data through the remarketing cookie is Article 6(1)(f) of the GDPR.

c) Purpose of data processing

The information collected through the "conversion cookies" is used by Google to generate visit statistics for our website. Through this statistic, we learn the total number of users who clicked on our ad and, additionally, which pages of our website were subsequently visited by the respective user. However, we or other advertisers using "Google AdWords" do not receive any information that could personally identify users.

d) Duration of storage

The personal data will be deleted as soon as the maximum storage period of 540 days has expired.

e) Right to object and possibility of removal

You can prevent the installation of "conversion cookies" by adjusting the settings of your browser, for example, by setting the browser to generally disable the automatic setting of cookies or by specifically blocking cookies from the domain "googleadservices.com."

The relevant privacy policy from Google can be found at the following link: https://services.google.com/sitestats/de.html

3.4 Facebook Pixel

a) Description and scope of data processing

This website uses the Facebook Pixel for statistical purposes. With the help of a cookie, it can be tracked how our marketing efforts on Facebook are received and can be improved. We would greatly appreciate your consent for this.

The data collected is anonymous to us, meaning it does not provide any conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile. Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/).

You can allow Facebook and its partners to display ads on and off Facebook. For these purposes, a cookie may also be stored on your computer. For more information, management, and settings regarding your data, please click here: https://www.facebook.com/privacy/explanation.

b) Legal basis for data processing

The legal basis for processing personal data through the remarketing cookie is Article 6(1)(f) of the GDPR.

c) Purpose of data processing

We use the "Visitor Action Pixel" from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on our website. This allows the behavior of users to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising campaigns.

d) Duration of storage

The personal data will be deleted once the maximum storage period of 180 days has expired.

e) Right to object and possibility of removal

To disable personalized advertising by Facebook, please click here: https://www.facebook.com/settings/?tab=ads

3.5 Google Tag Manager

a) Description and scope of data processing

This website also uses Google Tag Manager. This is a tool from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, that allows the management of tags through an interface. The Tag Manager itself does not collect personal data, as it is a cookie-free domain. The tool merely triggers other tags, which may collect personal data. However, the Google Tag Manager does not access these data. If deactivation has been initiated at the domain or cookie level, it will remain in place for all tracking tags implemented with the Tag Manager.

For more information about the terms of use of Google Tag Manager, please visit: https://www.google.com/analytics/terms/tag-manager/

b) Right to object and possibility of removal

You can object to the collection and storage of data for web analysis by the Tag Manager at any time by disabling the setting of cookies. The website will still remain fully usable. To make a permanent objection, your browser must accept permanent cookies.

Deactivate Google Tag Manager

3.6 Google Optimize

a) Description and scope of data processing

We use features of the web analytics service Google Optimize. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Optimize analyzes the use of different versions of the website, allowing us to adjust usability according to the behavior of website users. Google Optimize is a tool integrated into Google Analytics and uses cookies.

The received IP address is immediately anonymized after processing. In exceptional cases, the full IP address is transmitted to a Google server in the USA and encrypted there. The transmitted IP address is not combined with other data from Google.

b) Legal basis for data processing

The storage of Google Optimize cookies is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both their online offerings and advertising.

c) Right to object and possibility of removal

You can prevent the storage of cookies by adjusting the settings of your browser.

However, we would like to point out that in this case, you may not be able to fully utilize all the features of our website. Additionally, you can prevent the collection of data generated by the cookies and related to your use of the website by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

4. Data processing outside the EEA

Your data is typically not processed in countries outside the scope of Directive 95/46/EC of the European Parliament and Council of October 24, 1995, on the protection of natural persons regarding the processing of personal data and the free movement of data (OJ EC No. L 281 p. 31), unless the third-party providers mentioned in this privacy policy, who are based outside the European Economic Area (EEA), are involved. This particularly concerns social plugins from Facebook and Google+ as well as the measurement and evaluation procedures from Google (Google Analytics). Furthermore, data transmission occurs if it is necessary for the fulfillment and execution of contracts (e.g., to airlines, hotels, etc.).

5. Inventory data and usage data

We use your data for the following purposes:

• For the processing of your purchases, bookings, or other orders.

As well as for the following purposes:

• To offer you the possibilities of individualized services as well as the optimal use of our website based on the information stored in your user profile.
• To also provide you with offers and information that are tailored specifically to your personal interests.

In the event that personal data is collected and used through our website beyond what is necessary for the establishment, content design, or modification of a contract for the use of a telemedia service (inventory data) or to enable or bill the telemedia service itself (usage data), we will explain the nature, scope, and purpose in the respective data collection form.

6. Disclosure to third parties

Your data will generally not be disclosed to third parties unless we are legally obligated to do so, or the data transfer is necessary for the performance of the contractual relationship (under Article 6(1)(b) of the GDPR), or you have explicitly consented to the transfer of your data (under Article 6(1)(a) of the GDPR). We will only disclose data to the relevant authorities if this is required by law.

External service providers and partner companies, such as online payment providers or the yacht rental company responsible for the booking, will only receive your data to the extent necessary for processing your order. In these cases, the scope of the data transmitted will be limited to the necessary minimum.

In our case, various third parties are involved in different ways and for different reasons. The primary purpose is to transmit your booking data for the trip you have booked and to complete your booking. Therefore, we primarily use your personal data for managing and completing your online booking – this is essential for fulfilling our core business purpose.

7. Data confidentiality

The individuals involved in data processing are obligated to maintain confidentiality and are bound by data secrecy.

8. Rights of the data subject

The following list includes all the rights of the data subject under the GDPR. Rights that are not relevant to the website in question do not need to be mentioned. Therefore, the list can be shortened.

If personal data is processed by us, you are a data subject under the GDPR and have the following rights against the controller:

8.1 Right of access

You have the right to request from the controller a confirmation as to whether personal data concerning you is being processed by us.

If such processing is occurring, you have the right to request the following information from the controller:

(1) The purposes for which the personal data is being processed;

(2) The categories of personal data being processed;

(3) The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

(4) The planned duration of storage of the personal data concerning you or, if specific details cannot be provided, the criteria used to determine the storage duration;

(5) The existence of the right to rectification or deletion of personal data concerning you, the right to restriction of processing by the controller, or the right to object to such processing;

(6) The existence of the right to lodge a complaint with a supervisory authority;

(7) All available information about the source of the data, if the personal data was not obtained from the data subject;

(8) The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and – at least in these cases – meaningful information about the logic involved, as well as the scope and intended effects of such processing on the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR related to the transfer.

8.2 Right to rectification

You have the right to rectification and/or completion with respect to the controller if the personal data concerning you is inaccurate or incomplete. The controller must make the rectification without delay.

8.3 Right to restriction of processing

Under the following conditions, you can request the restriction of processing your personal data:

(1) if you contest the accuracy of your personal data for a period that allows the controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of its use;

(3) if the controller no longer needs the personal data for processing purposes, but you need them to establish, exercise, or defend legal claims, or

(4) if you have objected to the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, such data – apart from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been applied under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

8.4 Right to Deletion

a) Obligation to Delete

You can request the controller to delete your personal data without delay, and the controller is obligated to delete such data without delay, if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you was collected in relation to offered information society services pursuant to Article 8(1) GDPR.

b) Information to Third Parties

If the controller has made the personal data concerning you public and is required to delete it pursuant to Article 17(1) GDPR, he shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who are processing the personal data that you, as the data subject, have requested the deletion of all links to these personal data or copies or replications of these personal data from them.

c) Exceptions

The right to deletion does not apply insofar as the processing is necessary:

(1) for the exercise of the right to freedom of expression and information;

(2) for the fulfillment of a legal obligation that requires processing under Union law or the law of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right mentioned in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise, or defense of legal claims.

8.5 Right to Information

If you have exercised your right to rectification, deletion, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom your personal data has been disclosed about the rectification or deletion of the data or the restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the controller about these recipients.

8.6 Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data concerning you be directly transmitted from one controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

8.7 Right to Object

You have the right to object at any time to the processing of your personal data, which is carried out based on Article 6(1)(e) or (f) GDPR, for reasons relating to your particular situation; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for the purposes of direct marketing, your personal data will no longer be processed for those purposes.

You have the option to exercise your right to object in the context of the use of information society services – notwithstanding Directive 2002/58/EC – through automated procedures that use technical specifications.

8.8 Right to Withdraw the Data Protection Consent Statement

You have the right to withdraw your data protection consent statement at any time. The withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal.

8.9 Automated Decision-Making in Individual Cases, Including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for the entering into or performance of a contract between you and the controller,

(2) is authorized based on Union or Member State law to which the controller is subject, and such laws include appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or

(3) is based on your explicit consent.

However, such decisions may not be based on special categories of personal data under Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases mentioned in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, which shall at least include the right to obtain human intervention from the controller, the right to express your point of view, and the right to contest the decision.

8.10 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Contact via WhatsApp
In order to improve communication with you and provide you with quicker information regarding your inquiry or booking if needed, we may contact you via the messaging service WhatsApp. This applies both to prospects who reach out to us through our contact form and to customers after their booking.

For Prospects:
If you send us your inquiry through our contact form or contact us by phone, you have the option to provide your phone number for WhatsApp communication to quickly resolve urgent questions or discuss further details.
The processing of your phone number is based on your explicit consent pursuant to Article 6(1)(a) GDPR. You can withdraw this consent at any time by sending us a message at info@sailwithus.de or unsubscribing from the WhatsApp communication.

For Customers After Booking:
After completing a booking, we may also contact you via WhatsApp to provide important information regarding your booking or additional services. This also includes the creation of a WhatsApp group before the start of the sailing trip. Here, too, the processing of your phone number is based on the performance of the contract pursuant to Article 6(1)(b) GDPR. as it is necessary for the proper handling of your booking.

Withdrawal of Consent:
You can withdraw your consent at any time without giving reasons. To stop WhatsApp communication, you can contact us either directly via WhatsApp or by email.

Data Transfer to Third-Party Providers:
Please note that WhatsApp is used as an external service provider for communication. WhatsApp is a product of Meta Platforms Inc., and the processing of your data is carried out in accordance with WhatsApp's privacy policies, which can be viewed at https://www.whatsapp.com/legal. WhatsApp stores and processes your data in compliance with applicable data protection laws and policies.

Safety:
Communication via WhatsApp is encrypted. However, please note that WhatsApp is a service provider based outside the European Union, and data may be transferred to third countries, which may involve potential data protection risks.

Name and Address of the Controller Responsible for Processing

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

sailwithus GmbH
Gagernstrasse 8
D-60385 Frankfurt
CEO: Carl Grubert

Commercial Register Entry: Frankfurt District Court

As of 04/2025