Thank you for using EnterAnGo!

Privacy Policy – EnterAnGo GmbH

 

The protection of your personal data is very important to us. This privacy policy describes how we use, process and share your data in connection with the services we offer on our websites and apps (“EnterAnGo Platform”).

 

1. General Provisions

The EnterAnGo Platform (“EnterAnGo”, “we”, “us”, “our”, “travel agent”, “tour operator”) is a generally accessible internet-based platform that is operated in various languages on www.enterango.com, www.beta.enterango.com, plan.enterango.com as well as via mobile apps (Android, iOS, etc.). The operator is EnterAnGo GmbH with operational headquarters in Vienna:

EnterAnGo GmbH
Biberstraße 22,
1010 Wien,
Österreich
[email protected]

Personal data is any information relating to an identified or identifiable natural person (Art. 4 Nr 1 GDPR). This includes information such as your name, email address, postal address, telephone number or IP address. Information that is not directly associated with your identity, such as the number of users of a website is not considered as personal data.

 

In the following, we inform you about the various purposes for which we process personal data, the legal basis for such processing in each case and how long we store the data in the process.

 

By using our websites or our app or by creating a user account, you acknowledge these provisions.

 

If you have any questions about this privacy policy, wish to exercise your right to information or request the deletion of your data, please contact us at [email protected]

 

1.1. Definitions

The data protection declaration of EnterAnGo is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:

    • Personal data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    • Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
      Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    • Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
      Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
    • Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
    • Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
    • Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
      Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
    • Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
    • Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. What data is collected and why?

When you use the EnterAnGo platform, we collect personal data from you. We need this data to adequately perform the contract between you and us and to comply with our legal obligations. Without this data we may not be able to provide you with all the services you require.
In the following we inform you about the different purposes for which we process personal data, on which legal basis such processing is carried out in each case and how long we store the data in the process.
Insofar as we obtain your (the data subject’s) consent for processing operations of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of EnterAnGo or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Your personal data will be stored for the period of time for which the respective purpose lasts. 

 

2.1. Automatically collected data

When you visit our platform, our web server stores information such as your IP address, the URLs of the websites from which you have accessed our platform (so-called referrers), the browser type and version used, the operating system used, the access device with which the services are used, the date and time of access, the pages of our websites accessed, the time you spend on our websites and other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
We use this information to

    • transmit content from our platform to your browser,,
    • to continuously improve the EnterAnGo platform technically and to further adapt it to the needs of our users,
    • to detect, correct and prevent errors, malfunctions and possible misuse,
    • in the event of attacks on our platform, to be able to trace the attack and in order to
    • compile aggregate statistics on access channels, use of the websites and the transition to websites of our partners.

We do not use this information to identify users. If you only visit our platform or make a travel plan without having created a profile with us, we do not know who you are.

We store this information for a period of 30 days and then anonymise or delete this information again.
The legal basis for the processing and subsequent storage of this information is a legitimate interest pursuant to Art. 6 (1) f GDPR. The legitimate interest with regard to the transmission of the above-mentioned information lies in the fact that this is necessary to display the contents of the platform; without transmission of the IP address, it is not possible to display the website. The legitimate interest in the limited storage is our security interests and the ongoing improvement of the EnterAnGo platform.

 

2.2. Data provided by you

In addition, we also store and use information that you provide to us about yourself, your travel plans, travel bookings or your user account (“Account”). 

 

2.2.1 General data

If you make travel arrangements on EnterAnGo without having logged in to the EnterAnGo platform, the start and destination address and the start and end dates are collected in order to search for possible travel connections and accommodation. The information from the search query and the resulting results are evaluated anonymously and statistically without reference to the enquirer for analysis purposes.
If you book a trip planned on EnterAnGo with us without having registered on the EnterAnGo platform, all data required for the travel contract and payment will be collected. Without claiming to be complete, this includes your name, address, telephone number, email address, passport data, as well as your credit card data, etc. This data is required in order to be able to make the bookings with the individual service providers (e.g. hotel, airline, train, etc.), as well as to be able to fulfil our obligations within the framework of a travel contract (e.g. package travel contract, contract for linked travel services, etc.) and the associated rights and obligations in accordance with the Package Travel Act. (For details see the Terms of Service)
You can send us information on various pages (e.g. contact page, feedback page, etc.). By clicking the “Send” button, you consent to the transmission of the data entered in the input mask to us. In addition, we save the date and time of your contact. If you provide your e-mail address, we can contact you if we have any questions about your enquiry. We can sincerely thank you for your support in the form of an e-mail and/or thank you card in any case. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail and our reply will be stored.
We also offer surveys at irregular intervals, with the help of which we collect your personal opinion in order to continuously improve the services of our platform. Your information will only be evaluated and processed for the purpose of the survey. In the event that third parties are commissioned to evaluate the data, we will indicate this fact separately in the corresponding questionnaire. Personal data is only collected if you provide it to us yourself.
The personal data voluntarily transmitted to us in this context is used to process your enquiry and to contact you. The legal basis for the transmission of the data is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. 

 

2.2.2 User account (“My account”)

In addition, we offer you the possibility of creating an EnterAnGo user account. In your account you can use various functions and decide for yourself on the scope of possible use. 

Mandatory data

When you create a user account on our platform, i.e. create an account, we collect personal data such as your name, your e-mail address, your password and your consent to the Terms of Service and privacy policy, a confirmation that you have reached the age of sixteen in accordance with Art. 8 (1) f GDPR and your consent to receive newsletters for marketing purposes.

We use and store this information to,

    • confirm your email address and send you a link to activate your user account,
    • to check whether the password you have created meets the minimum technical requirements in order to provide state-of-the-art security for your user account,
    • to determine the legal age limit required for use in accordance with Art. 8 Para. 1 f GDPR,
    • to recognise you as a user in the event of a renewed visit and, for example, to save you having to re-enter your data,
    • send you service or support messages such as updates, security alerts and account notifications,
    • reset your password if necessary,
    • personalise and customise your travel plans (such as by ranking search results). This is done through profiling based on your interactions with the EnterAnGo
    • platform, your search and travel history, your profile data and settings, and other content you submit to EnterAnGo.
    • To offer you, as a “Non-Paying Customer”, products or services that may be of interest to you through profiling; and to
    • Provide you with information through EnterAnGo marketing activities (e.g. newsletters, tips & tricks, special offers, etc.). 

You can add, correct the personal data provided by you at any time in your user account settings.
Your user account will be stored until revoked. You can request the deletion of your entire user account at any time in your settings under: “Delete account”. You will receive a confirmation of the deletion of the user account by e-mail with a link where you can undo an accidental deletion, or a deletion not initiated by you for 14 days. After this period, we will initiate the deletion of all your personal data from us and our processors. Your personal data will be irrevocably deleted no later than 30 days after your request for deletion. We will keep a confirmation of the erasure for 1 year from the date of erasure.

The legal basis for the processing and subsequent storage of this information is consent to the processing of personal data (pursuant to Art. 6(1)(a) GDPR), the fulfilment of a legal obligation (Art. 6(1)(c) GDPR) and a legitimate interest pursuant to Art. 6(1)(f) GDPR.
The legal obligation is to obtain confirmation of the legal age limit pursuant to Art. 8 (1) f GDPR in order to enable valid contractual terms.
The legitimate interest in the limited storage is our security interests, the ongoing improvement of the EnterAnGo platform, as well as the legitimate interest to conduct marketing activities.

 

Optional data

All remaining information that you can store in the user profile is optional and can be added voluntarily. This information allows for improved travel planning, documentation, and accounting. The additional information allows us to tailor travel arrangements and accommodation to your personal needs. It also allows us to better tailor our service to your company’s processes.
You can enter the following personal data in your user account: 


General information

    • Your travel plans (save and change)
    • Additional travel information (hotel bookings, tickets, booking confirmations and invoices of various means of transport, other travel times, other and additional travel costs, visa information, etc.) 


Account settings – user profile

    • Private address and contact details
    • Date of birth
    • Information on personal company-specific data
    • Information on travel documents (e.g. passport, etc.)
    • Information on driving licence and various vehicles
    • Payment information (bank details, credit card information, etc.)
    • preferred language selection
    • personal travel preferences
    • information on ownership of annual passes, memberships and bonus programmes (frequent flyer, hotels, etc.) from various service providers
    • selection of user role (administrator, traveller, etc.)


Account preferences – Company profile

    • Company address and contact details
    • Payment information (bank details, credit card information, etc.)
    • Information on the company’s organisational structure (data on business units and departments)
    • Project information
    • User roles
    • Employee list
    • Company contacts
    • Travel management policies

When you provide us with this information, we use and store this information in order to

    • View all added details and required documents of a trip,
    • allow you to print out additional information about your trip,
    • allow you to share content with other EnterAnGo members,
    • bill you for services that require payment,
    • enable and facilitate various administrative processes, such as the travel approval process or the creation, management, and settlement of a trip by a desired third party,
    • to take into account travel management policies from your organisation when planning travel,
    • to provide you with customer service
    • provide you with statistical analysis of your travel patterns or the travel patterns of, for example, departments or the like,
    • personalise and customise your travel plans (such as by ranking search results or taking into account personal preferences). This is done through profiling based on your interactions with the EnterAnGo platform, your search and travel history, your profile data and settings, and other content you submit to EnterAnGo,
    • to offer you products or services that may be of interest to you as a “Non-Paying Customer” through profiling, and to
    • continually improve and optimise the EnterAnGo Platform, such as by conducting analysis and research.

You can add, correct, and delete the personal data you have added at any time in your user account settings.
Your purchase or order data in connection with services of the EnterAnGo platform will be deleted after a period of 7 years due to legal retention obligations. This period begins at the end of the calendar year in which the purchase was made.
The legal basis for the processing and subsequent storage of this information is consent to the processing of personal data (pursuant to Art. 6 para. 1 a GDPR), the fulfilment of a legal obligation (Art. 6 para. 1 c GDPR) and a legitimate interest pursuant to Art. 6 para. 1 f GDPR.
The legal obligation is the retention period of purchase and order data.
The legitimate interest in the limited storage is our security interests, the ongoing improvement of the EnterAnGo platform, as well as the legitimate interest to conduct marketing activities. 

 

2.3. EnterAnGo App

The EnterAnGo app is another access channel to the services of the EnterAnGo platform. Within the scope of the EnterAnGo app, therefore, the same data collection, processing and use take place as when using the EnterAnGo platform. The statements in this privacy policy apply accordingly.
When using the app, EnterAnGo may additionally access further data related to the app or your end device, such as the device name, device manufacturer, model, operating system, app or SDK version. The app can also detect which Google services you are using when using an Android device and prevents your device from going into “sleep mode” when using the app.
We collect the current location of your device in order to use it to process your request (pre-entry of the location in the search form). The transmission of your location data takes place via an encrypted connection. If you use GPS, the app recognises your exact location. With the iOS operating system, this only happens with your prior permission.
If you have configured your mobile device accordingly, the EnterAnGo app can send you push messages, e.g. to inform you about EnterAnGo, status messages about your trips, information about updates, promotions, news or new functionalities.
By using the App, you agree that when you activate push messages, you may receive notifications from us. For Non-Paying Customers these messages may include advertisements from EnterAnGo or from third parties, in addition to information about EnterAnGo. You can configure or opt out of receiving push notifications at any time in the App or your operating system settings.
You can add, correct or delete the personal data you have added at any time in your user account settings.
We use and store this information for the same purposes and based on the same legal bases as in section 2.1 – Automatically collected data and section 2.2 – Data provided by you.
The legal basis for the processing and subsequent storage of your location data is your consent to the processing of personal data (pursuant to Art. 6 para. 1 a GDPR).

 

2.4. Data from third parties

2.4.1. Registration via social networks

If you access your EnterAnGo user account via third party services (e.g. Google, LinkedIn, Facebook, Twitter, WeChat), establish a connection to your EnterAnGo user account or log in to your EnterAnGo user account via them, these services may transmit information to us, such as your registration and profile data of the relevant service. The nature and extent of this information varies and is controlled by the relevant third party service or depends on your privacy settings with the relevant service.
We use and store this information for the same purposes and based on the same legal bases as set out in Section 2.2 – Mandatory Data.

 

2.4.2. Information from other sources

We also process data that we have not collected directly from you. This is the case when a user provides us with the information, or we collect the information from other sources. In these cases, we process the data in each case as part of our performance of the contract with the respective user and/or to protect our legitimate interests, taking your interests into account.
This includes the name and email address, company and assigned role for user management.
EnterAnGo enables the user (e.g. administrators or employees in the administration) to invite other users of a company to use the EnterAnGo platform. This may be necessary for various functions such as the travel approval process, travel planning – and third-party billing. Third parties in this case may be colleagues or supervisors, as well as external processors of your company.
We store this data until the respective user deletes it himself/herself or until his/her user account is deleted. The invited non-users can object to the sending of further invitations or invitation reminders to the respective e-mail address via an opt-out link in the invitation e-mail.
We use and store this information for the same purposes and based on the same legal bases as in section 2.1 – Automatically collected data and section 2.2 – Data provided by you. 

 

2.5. Cookies and similar technologies

We use cookies and similar technologies such as web beacons, tracking pixels and mobile identifiers to provide a more user-friendly, performant, and secure service.
A cookie is a small file that is placed and stored on a computer system via an internet browser. We use such cookies both as a technical means of providing services on our platform, e.g. enabling certain functionalities, and to analyse the website behaviour of our visitors and, based on this, to design our offers in a more user-friendly way.
Web beacons are small graphic files (“pixels”) which may be embedded in our platform and which may be used to record user behaviour. Similar procedures are, for example, Flash cookies, HTML5 cookies or other local (browser or device) storage procedures in which – comparable to cookies – data can be stored in your browser or terminal device.
We use cookies for the following purposes:

    • to store your user settings, such as language and currency, during your visit to our platform and between visits.
    • to store your login status as a registered user (optional), so that you do not have to log in again when you return to the same website later.
    • to technically associate your visit with specific servers to ensure a safe transition between individual pages and searches.
    • to monitor the performance of our systems (no user-related evaluation).
    • for web analysis with Google Analytics and similar web analysis services (see section 3.3 ) and the creation of usage statistics (no user-related evaluation).
    • for non-paying customers for so-called retargeting, i.e. the subsequent display of ads matching your search queries on EnterAnGo, outside our platform and mobile apps.

Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser on your next visit (persistent cookies). We may also allow our business partners to use tracking technologies on the EnterAnGo platform or engage others to track your behaviour for us. Details of this can be found in section 3.3 – Analysis of our platform / tracking.
If you do not wish this to happen, you can set your browser to notify you when cookies are set and only allow this on a case-by-case basis. You can also generally exclude the acceptance of cookies. If you do not accept cookies, the functionality of our platform may be limited, and the scope of services may be reduced.
The EnterAnGo platform does not currently respond to a “Do Not Track” signal in the HTTP header of your browser or mobile application, as there is no standardisation regarding the interpretation of this signal.
You can find out the exact storage period of a cookie, if not yet specifically stated below, from the respective cookie by displaying the cookie in your browser.
The legal basis for the use of cookies and similar technologies is a legitimate interest according to Art. 6 para. 1 p. 1 f GDPR, namely the pursuit of our business purposes.
If you access websites of other providers by clicking on our platform (e.g. to make a reservation with an organiser or to buy a ticket), it is possible that these other websites also place cookies on your computer. We have no control over these cookies and the data they collect and cannot assume any responsibility for them.

 

3. Transfer of personal data to third parties and disclosure

In order to provide our services, we use contract processors, which are listed below. The legal basis for the use of these processors is a legitimate interest according to Art. 6 para. 1 lit. f GDPR. The legitimate interest is the pursuit of our business purposes, in particular to provide the services otherwise described in this privacy policy. A conflicting interest is not apparent because we have concluded a contract with the respective contractors in accordance with Art. 28 GDPR.
EnterAnGo treats all user data confidentially and does not publish such data without informing and without consent of the user.

 

3.1. Hosting

For the purposes of hosting our platform and back-up services, we use processors so that personal data stored on our platform is transferred to these processors. The processors are World4You Internet Services GmbH, Hafenstraße 47-50, 4020 Linz, Austria; Hidora SA, Rue Adrien Lachenal 20, 1207 Geneve, Switzerland; Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany and 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. These processors will store personal data for as long as the data is stored on our platforms based on the purposes defined in this privacy policy.

 

3.2. Booking partners and transport companies

In order to book the tickets of your choice, we need to send your personal data to the selected booking partners or directly to the transport companies.
The booking partner or transport company are entities, whose ticket you wish to purchase. When booking a ticket, you will see which transport company you will be travelling with.

 

3.3. Travel management service

If you are using the Travel Management Service and you have linked your account to a company, we may share information related to your travel with your company. That is necessary to provide the service. This includes data such as your name, travel dates including travel times and expenses, accommodation name and address, payment information and other related information.
At your request or that of the Company, we may also disclose this data to third parties engaged by the Company to provide travel management, accounting, human resource management, crisis management and other services.

 

3.4. Analysis of our platform / tracking

3.4.1. Google Analytics

We use the web analysis tool Google Analytics of Google Inc. (“Google”). Google Analytics uses cookies that are stored on your computer and enable an analysis of your use of the platform. The information generated by the cookie about your use of our platform (including your IP address) is transmitted to a Google server in the USA and stored there. We use the so-called “_anonymizeIp()” script, which ensures that your IP address is immediately anonymised by Google (after geo-localisation has been carried out). In addition, we have concluded an order data processing contract with Google. Google will use this information for the purpose of evaluating your use of the platform, compiling reports on website activity for website operators and providing other services relating to platform activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of the EnterAnGo platform. Google also offers so-called deactivation tools for some Internet browsers, with which you can prevent the recording and analysis of your user behaviour. You can find more information and download options for these tools here: https://tools.google.com/dlpage/gaoptout?hl=de

 

3.4.2. Hotjar

EnterAnGo uses Hotjar Heatmaps, Recordings and Polls, each offering provided by Hotjar Ltd. (“Hotjar”), St. Julian’s Business Centre, Elia Zammit Street, St. Julians 1000, Malta. Hotjar provides an all-in-one analytics and feedback tool that captures the online behaviour and feedback of a website’s visitors. It helps to improve the user experience and performance of websites. The analytics tools allow EnterAnGo to measure and monitor user behaviour on our website, while the feedback tool allows EnterAnGo to receive feedback. A unique user identifier is assigned to the website visitor so that Hotjar can track returning users. No data is collected in this way that could directly identify an individual person. Where data is collected using the Recordings feature, Hotjar also provides an automated suppression function whereby the data is suppressed in the visitor’s browser on the client side, meaning that relevant personally identifiable information is not transmitted to the Hotjar servers. The data collected through Hotjar is stored in Ireland using Amazon Web Services infrastructure. The relevant storage period is a maximum of 365 days. We use Hotjar’s functions because they serve our legitimate business interest in providing and improving our website; in this respect, the relevant legal basis for the processing is Art. 6 (1) lit. f) GDPR. To prevent us and Hotjar from collecting and processing your personal data, you can stop this (“opt-out”) by following the instructions on Hotjar’s website: https://www.hotjar.com/legal/compliance/opt-out

 

3.5. Service providers

We use various external service providers to provide services in connection with the EnterAnGo Platform. These service providers may be located within or outside the European Union.
Service providers may assist us with the following activities:
product development, maintenance, bug fixes and protection against cyber-attacks (e.g. bot protection, etc.).
providing EnterAnGo services using third-party platforms and software tools (for example, by integrating with our APIs); or
to provide customer services, marketing activities, advertising services or payment services. These service providers are given limited access to your data to perform these tasks on our behalf and are contractually bound to protect it and use it only for the purposes for which it was disclosed and in accordance with this Privacy Policy.

 

3.5.1. MailChimp

For sending newsletters, we use “MailChimp” of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients as well as their other data described in the notes are stored on MailChimp servers in the USA. MailChimp does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties. The data is used in pseudonymised form (without assignment to a user) to optimise Mailchimp’s services. MailChimp is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with the European level of data protection. In addition, we have concluded a “Data Processing Agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with their privacy policy provisions and, in particular, not to pass it on to third parties. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/
The legal basis for this is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

 

3.5.2. HubSpot

We use HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing.
These include:
Content management (website and blog)
Email marketing (newsletters and automated mailings, e.g. to provide downloads)
Social media publishing & reporting
Reporting (e.g. traffic sources, hits, etc. …)
Contact management (e.g. user segmentation & CRM)
Landing pages and contact forms

This information as well as the content of our website is stored on servers of our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which services or offers are of interest to them.
All information we collect is subject to this privacy policy. We use all information collected solely to optimise our marketing.
HubSpot is a software company based in the USA (25 First Street, Cambridge, MA 02141 USA) with a branch in Ireland (2nd Floor 30 North Wall Quay, Dublin 1, Ireland) and Germany (Koppenstraße 93, 10234 Berlin). Within the scope of processing via HubSpot, data may be transferred to the USA. In addition to the order processing agreement, standard contractual clauses as well as other suitable guarantees have been agreed to ensure the security of a data transfer.
For more information about HubSpot’s data protection, please see the Terms of Use and Privacy Policy at
https://legal.hubspot.com/de/privacy-policy or
https://legal.hubspot.com/de/legal-stuff
The legal basis for this is your consent pursuant to Art. 6 (1) lit. a GDPR either via the contact form, the cookie banner or other opt-in options. 

 

3.5.3. Cloudflare

To secure the EnterAnGo platform, we use “Cloudflare”, of the US provider Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. We use Cloudflare CDN to make our website faster and more secure. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that offers a content delivery network and various security services (e.g. DDoS protection or the web application firewall). These services are located between the user and our hosting provider.
Cloudflare provides various security services, such as the one we use to keep the EnterAnGo platform running as securely as possible. Cloudflare stores your information primarily in the United States and the European Economic Area. Cloudflare may transfer and access the information described above from around the world. Cloudflare keeps data logs only as long as necessary, and this data is also deleted within 24 hours in most cases. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can find out exactly which permanent logs are stored at https://www.cloudflare.com/application/privacypolicy/.
We use the functions of Cloudflare because they serve our legitimate business interest in providing and improving our website; in this respect, the relevant legal basis for the processing is Art. 6 (1) lit. f) GDPR. 

 

3.5.4. Sentry

Sentry.io is a software solution from the US provider Functional Software, Inc., 132 Hawthorne Street San Francisco, CA 94107 United States, and provides real-time error tracking of web apps, mobile apps and games, which gives developers the insight needed to reproduce and fix crashes. Sentry automatically sends error messages including your IP address to our server and gives us the possibility to quickly fix possible software errors.
We use the functions of Sentry because they serve our legitimate business interest in providing and improving our website; in this respect, the relevant legal basis for the processing is Art. 6 (1) lit. f) GDPR.

 

3.5.5. Stripe

We use a payment service of the American online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. With Stripe it is possible to accept credit and debit card payments in our webshop. Stripe handles the entire payment process.
In the process, personal data that is necessary for the payment process is forwarded to Stripe and stored. This data includes the payment method (i.e. credit card, debit card or account number), bank code, currency, amount and date of payment. In the case of a transaction, your name, email address, billing, or shipping address and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Stripe may also collect your name, address, phone number and country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and to fully provide its services.
Stripe does not sell any of your data to unrelated third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. Stripe also uses cookies to collect data.
For more information, please see Stripe’s privacy policy at https://stripe.com/at/privacy.
We use the features of Stripe because they serve our legitimate business interest in providing and improving our website; in this respect, the relevant legal basis for the processing is Art. 6 (1) lit. f) GDPR.

 

3.6. Compliance with the law

EnterAnGo may disclose your data, including personal data, to courts, law enforcement agencies and other governmental bodies or to authorised third parties if and to the extent required or permitted by law or if disclosure is objectively necessary for the following purposes:
to comply with our legal obligations,
to respond to claims brought against EnterAnGo in accordance with the requirements of any legal process,
in response to verified requests in connection with a criminal investigation or an alleged or suspected illegal act or other action that may expose us, you or other users to legal liability,
to enforce and apply our terms of use, payment terms or other agreements with members,
for fraud detection and prevention purposes; or
to protect the rights, property or personal safety of EnterAnGo, our employees, other members or the public.
Where appropriate, we will inform members of legal requests unless (i) disclosure is prohibited by the legal process itself, by a court order served on us, or by applicable law, or (ii) we believe that disclosure would be futile or ineffective, would create a risk of bodily harm or injury to a person or group of persons, or would create a risk of fraud against the EnterAnGo platform or other members. In cases where we comply with legal requests for these reasons without notification, we will attempt to subsequently notify the member concerned of the request, if appropriate, if we believe in good faith that we are no longer prevented from doing so.

 

3.7. Merger

If EnterAnGo engages in or is involved in a merger, acquisition, reorganization, asset sale, bankruptcy or insolvency proceeding, we may sell, transfer or disclose our assets, including your information, in connection with or in contemplation of such a transaction (e.g., due diligence). In this case, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.

 

4. Other important notes

4.1. Data sharing between EnterAnGo members

EnterAnGo offers you some features where you can exchange personal data with other EnterAnGo members.
To enable these features, we need to share some of your data, including personal data, with other members as necessary for the reasonable performance of the contract between you and us as follows:
If you wish to use the travel approval process to have your travel approved by a supervisor or other third party, it is necessary to share your travel plans, including name and email address, with that person. If your company requires it for administrative purposes, information such as your department, business unit, projects and other related information will also be shared with this person.
It is possible to have your company wants that the entire travel planning and the entire travel management process is done by third parties. To do so, you may share with these third parties any data related to your travel activity that is necessary to provide the service. This includes data such as your name, your travel dates including travel times and expenses, name and address of accommodation, payment information and other related information.

 

4.2. Google Maps and Places

The EnterAnGo Platform uses the Google Maps services including the Google Maps API(s). The Google Places API is a part of the Google Maps API(s). The use of Google Maps is subject to the Google Maps/Earth Additional Terms of Service and the Google Privacy Policy .

 

4.3. Google reCaptcha

To protect your orders via internet forms, we use the reCAPTCHA service of the Google company. The query serves to distinguish whether the input is made by a human being or improperly by automated, machine processing. The query includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. The deviating privacy policy of the Google company apply to this data. Further information on Google’s privacy policy guidelines can be found at: https://www.google.com/intl/de/policies/privacy/.

 

4.4. Social media plugins and widgets

The EnterAnGo platform uses so-called social plugins and widgets of social networks such as Google+, LinkedIn, Xing, Facebook, Twitter, Research Gate, Viber and Whatsapp.

    • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
    • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
    • Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany
    • Facebook, HQ 1 Hacker Way, Menlo Park, California 94025
    • Twitter, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
    • ResearchGate GmbH, Invalidenstrasse 115, 10115 Berlin, Germany
    • Viber Media, S.à r.l., 2, rue des Fossé, L-1536 Luxembourg
    • Whatsapp Inc, 650 Castro Street, Suite 120-219, Mountain View, CA 94041, USA

When you visit our websites and apps, they are deactivated by default, which means they do not send any data to the respective social networks without your intervention. Before you can use social plugins and widgets, you must activate them with one click. This solution gives you the opportunity to consent to the use of the respective social plugin before any data is transmitted to the social media provider. Social media plugins remain active until you deactivate them again or delete your cookies. You can find more information on cookies in section 2.5.
After activating a social plugin or widget, a direct connection is established with the server of the respective social network. The contents of the plugins and widgets are then transmitted directly to your browser by the social networks and integrated into the website by the browser.
After activating a social plugin or widget, the respective social network may already collect data, regardless of whether you interact with the button. If you are logged in to a social network, it can assign your visit to this website to your user account. If you are a member of a social network and do not want it to link the data collected when you visit our website with your stored membership data, you must log out of the respective social network before activating the plugins. We have no influence on the scope of the data collected by the social networks with their plugins. For the purpose and scope of the data collection and the further processing and use of the data by the respective social networks, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policy of the respective social networks.
All information on the privacy policy of the social networks can be found at:

You can find more information on the respective social plugins and widgets of the social networks at:

4.5. External partners

The EnterAnGo platform provides you with additional information from external partners and contains links to other websites. EnterAnGo neither owns nor is able to control these external partners. Please note that these external partners have their own rules about data collection, use and disclosure and we are not responsible for the privacy practices of external partners. We encourage you to carefully read the privacy statements of each and every website that collects personal information. This privacy statement applies solely to information collected on our website.
When booking services with an external partner, the administration and billing is done directly with/with the external partner. In this context, the privacy policy of the respective cooperation partner applies. 

 

4.6. Aggregated data

We may also share aggregated data (information about our users that we combine so that it no longer identifies or refers to an individual user) and other anonymised data for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising and other business purposes.

 

5. Your rights

If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the data controller:

 

5.1. Right of access

You may request confirmation from us as to whether personal data concerning you is being processed by us.
Please address your request to: [email protected]

If such processing is taking place, you may request information from us about the following:

    • the purposes for which the personal data are processed;
    • the categories of personal data which are processed;
    • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
    • the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
    • the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
    • the existence of a right of appeal to a supervisory authority;
    • any available information on the origin of the data if the personal data is not collected from the data subject;
    • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
In order to be able to ensure that the person making the request is also the person they claim to be, we require proof of identity. This can be a copy of an official identification document. Please black out or make unrecognisable any serial numbers, passport numbers or similar. We will only use this copy for identification purposes and to process the request.

 

5.2. Right to rectification

You have a right to rectification and/or completion with respect to the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the rectification without undue delay.

 

5.3. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

    • if you dispute the accuracy, of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data;
    • if the processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead;
    • if we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims; or
    • if you have objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds.

If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

 

5.4. Right to erasure

5.4.1. Obligation to delete

You may request us to erase the personal data relating to you without delay and we are obliged to erase such data without delay if one of the following reasons applies:

    • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
    • You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
    • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
    • The personal data concerning you have been processed unlawfully.
    • The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
    • The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

We generally store your personal data for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your information to provide you with the EnterAnGo platform, you can request in your settings that we delete your personal data and your EnterAnGo user account.

 

5.4.2. Information to third parties

If we have made the personal data concerning you public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.

 

5.4.3 Exceptions

The right to erasure does not apply to the extent that the processing is necessary

    • for the exercise of the right to freedom of expression and information;
    • for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
    • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
    • for the assertion, exercise or defence of legal claims.

 

5.5. Right to data portability

You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that

    • the processing is based on consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and
    • the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. 

 

5.6. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
We will then no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for statistical purposes pursuant to Article 89(1) of the GDPR. 

 

5.6.1. Right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

5.6.2. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

    • is necessary for the conclusion or performance of a contract between you and the controller,
    • is permitted by legislation of the European Union or the Member States to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
    • is done with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests. 

 

5.7. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. 

 

6. Changes and updates to our privacy policy

EnterAnGo may update and adapt this privacy policy as necessary in compliance with data protection law. If these changes relate to points that affect the consent of our users, we will inform our registered users of changes by e-mail and ask you for renewed consent. You will find the current version at this point or at another corresponding, easy-to-find point on our website. 

 

7. Terms of Service

Users are also encouraged to visit the Terms of Service regarding the use of the EnterAnGo platform, disclaimers, limitations of liability, etc. at the following address: Terms of Service

 

Vienna: 30. April 2021

Ich bin immer auf dem Neuesten Stand!

Ich bin immer auf dem Neuesten Stand!

Neue Features, Mehr Verbindungen, Neuigkeiten im Reisemanagement. Alle paar Wochen.

Newsletter_Reisen

Vielen Dank für die Anmeldung!