Privacy Policy

Last updated: May 19, 2026

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our Privacy Policy listed below.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information on the Controller” in this Privacy Policy.

How do we collect your data?

Some data is collected when you provide it to us directly. This may include, for example, data you send to us via email or telephone. Other data is collected automatically or after your consent when you visit the website through our IT systems. This mainly includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. We also use your data to contact you in response to inquiries you make.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia). You may contact us at any time regarding this or any other questions on the subject of data protection.

Analysis tools and tools from third-party providers

When visiting this website, your browsing behavior may be statistically analyzed. This is primarily done using analytics programs. Detailed information on these analytics programs can be found in the following Privacy Policy.

2. Hosting

This website is hosted externally. Personal data collected on this website is stored on the servers of the hosting provider. This may include IP addresses, contact inquiries, metadata and communication data, contract data, contact information, names, website access data, and other data generated through a website.

External hosting is carried out in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Our hosting provider will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

We have concluded a Data Processing Agreement (DPA) with our hosting provider in accordance with Art. 28 GDPR to ensure GDPR-compliant processing of your data.

We use the following hosting provider:

Contabo GmbH
Aschauer Straße 32a
81549 Munich
Germany

3. General notes and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy. When you use this website, various personal data are collected. Personal data is any data with which you can be personally identified. This Privacy Policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmission over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the controller

The controller responsible for data processing on this website is:

Chiara Gayk
Roeberstr. 5
42117 Wuppertal
Germany
Phone: +49 1573 758 75 78
E-Mail: contact@deartraveldiary.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage period

Unless a more specific storage period is stated within this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law). In the latter case, deletion will take place after these reasons cease to apply. Specific retention periods or criteria for determining the storage period can be found in the respective processing activities described in this Privacy Policy.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data pursuant to Art. 9 para. 1 GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally carried out on the basis of Section 25 para. 1 TDDDG. Consent may be revoked at any time. If your data is necessary for contract fulfillment or for carrying out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The relevant legal bases applicable in each individual case are explained in the following sections of this Privacy Policy.

Information on data transfers to non-secure third countries and transfers to U.S. companies not certified under the DPF

Among other things, we use tools from companies based in third countries that are not considered secure under data protection law. When these tools are active, your personal data may be transferred to and processed in these countries. Please note that in third countries that are not considered secure under data protection law, a level of data protection comparable to that of the European Union cannot be guaranteed.

Please note that the European Commission has adopted an adequacy decision for the United States under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing activities in the United States. However, this adequacy decision applies exclusively to U.S. companies that are certified under the DPF. Only transfers of data to such certified companies may be assumed to provide a level of data protection comparable to that of the European Union.

For transfers to non-certified U.S. companies or to other third countries without an adequacy decision, appropriate safeguards (e.g., EU Standard Contractual Clauses) are required. Information on transfers to third countries, including the respective data recipients, can be found in this Privacy Policy.

Recipients of personal data

As part of our business activities, we work with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the fulfillment of a contract, if we are legally required to do so (e.g., disclosure to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 para. 1 lit. f GDPR, or if another legal basis permits the disclosure. When using processors, we only transfer personal data of our customers on the basis of a valid DPA. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Privacy Policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21 para. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

The controller responsible for data processing on this website is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2–4
40213 Düsseldorf
Germany
Email: poststelle@ldi.nrw.de

Alternatively, you may also contact another data protection authority within the European Union. However, we would appreciate the opportunity to address your concerns directly first in order to find a solution.

The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be carried out insofar as it is technically feasible.

Access, rectification, and erasure

Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, where applicable, a right to rectification or erasure of this data. You may contact us at any time regarding this or any other questions relating to personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time regarding this matter. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data stored by us, we generally require time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you may request restriction of processing instead of erasure.
If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request restriction of processing instead of erasure.
If you have objected to processing pursuant to Art. 21 para. 1 GDPR, a balancing of interests between your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may — apart from being stored — only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

Obligation to provide personal data

The provision of personal data on this website is generally neither legally nor contractually required. However, where the provision of certain data is necessary for the conclusion of a contract (e.g., via Ablefy), we will inform you accordingly during the respective ordering process. Failure to provide such data will result in the inability to conclude the respective contract.

In all other cases, the provision of personal data is voluntary; however, failure to provide such data may result in certain functions of the website (e.g., contacting us) not being available.

Automated decision-making including profiling

We do not use automated decision-making processes, including profiling within the meaning of Art. 22 GDPR, that produce legal effects concerning you or similarly significantly affect you.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock icon in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us is protected against unauthorized access in accordance with the current state of the art.

4. Data collection on this website

Cookies

Our website use so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services provided by third-party companies within websites (e.g., cookies used for payment processing services).

Cookies serve various functions. Many cookies are technically necessary because certain website functions would not operate without them. Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you (e.g., cookie settings), or to optimize the website (e.g., cookies for measuring web audiences) (“necessary cookies”) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. Where consent for the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG); consent may be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or generally, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find information about which cookies and services are used on this website in this Privacy Policy.

Consent management (cookie consent)

We use a consent management tool (“cookie consent tool”) that enables you to grant, manage, and revoke consent for non-essential cookies and similar technologies at any time with effect for the future. The legal basis for reading/storing information on your device is your consent pursuant to Section 25 para. 1 TDDDG; the subsequent processing of personal data is based on Art. 6 para. 1 lit. a GDPR. We use necessary cookies without consent on the basis of our legitimate interest in the technically error-free and optimized provision of our services pursuant to Art. 6 para. 1 lit. f GDPR. Your consent decisions are logged (time, scope, device/browser context) and stored locally.

You may change your selection at any time via the “Cookie Settings” on this website.

Server log files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website — for this purpose, server log files must be recorded. The server log files are automatically deleted after 14 days.

Inquiries by email or telephone

If you contact us by email or telephone, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass this data on without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this was requested; consent may be revoked at any time.

The data you send to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions — especially statutory retention periods — remain unaffected.

5. Social media

Facebook

This website includes links to our presence on the social network Facebook (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland). If you click on these links while logged into your Facebook account, Meta may associate your visit to our pages with your user account. Please note that, as the provider of this website, we have no knowledge of the content of the transmitted data or how Meta uses it. Further information can be found in Meta’s Privacy Policy at: https://de-de.facebook.com/policy.php. If you do not want Meta to associate your visit to our pages with your Facebook user account, please log out of your Facebook account.

The use of Facebook links is based on our legitimate interest in an appealing presentation of our online services (Art. 6 para. 1 lit. f GDPR). For users in Europe, Meta is based in Ireland. Insofar as personal data is transferred to the United States, Meta relies on EU Standard Contractual Clauses and is certified under the EU-U.S. DPF. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram

This website includes links to our presence on the social network Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland). If you click on these links while logged into your Instagram account, Meta may associate your visit to our pages with your user account. Please note that, as the provider of this website, we have no knowledge of the content of the transmitted data or how Meta uses it. Further information can be found in Meta’s Privacy Policy at: https://privacycenter.instagram.com/policy. If you do not want Meta to associate your visit to our pages with your Instagram user account, please log out of your Instagram account.

The use of Instagram links is based on our legitimate interest in an appealing presentation of our online services (Art. 6 para. 1 lit. f GDPR). For users in Europe, Meta is based in Ireland. Insofar as personal data is transferred to the United States, Meta relies on EU Standard Contractual Clauses and is certified under the EU-U.S. DPF. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active

Pinterest

This website includes links to our presence on the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). If you click on these links while logged into your Pinterest account, Pinterest may associate your visit to our pages with your user account. Please note that, as the provider of this website, we have no knowledge of the content of the transmitted data or how Pinterest uses it. Further information can be found in Pinterest’s Privacy Policy at: https://policy.pinterest.com/de/privacy-policy.

If you do not want Pinterest to associate your visit to our pages with your Pinterest user account, please log out of your Pinterest account. The use of Pinterest links is based on our legitimate interest in an appealing presentation of our online services (Art. 6 para. 1 lit. f GDPR). For users in Europe, Pinterest is based in Ireland. Insofar as personal data is transferred to the United States, Pinterest relies on EU Standard Contractual Clauses and is certified under the EU-U.S. DPF. Further information can be found in Pinterest’s Privacy Policy: https://policy.pinterest.com/de/privacy-policy

TikTok

This website includes links to our presence on the social network TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland). If you click on these links while logged into your TikTok account, TikTok may associate your visit to our pages with your user account. Please note that, as the provider of this website, we have no knowledge of the content of the transmitted data or how TikTok uses it. Further information can be found in TikTok’s Privacy Policy at: https://www.tiktok.com/safety/de-de/privacy-and-security-on-tiktok/

If you do not want TikTok to associate your visit to our pages with your TikTok user account, please log out of your TikTok account. The use of TikTok links is based on our legitimate interest in an appealing presentation of our online services (Art. 6 para. 1 lit. f GDPR). For users in Europe, TikTok is based in Ireland. Insofar as personal data is transferred to third countries, such transfers are carried out according to TikTok on the basis of EU Standard Contractual Clauses or other appropriate safeguards. Further information can be found in TikTok’s Privacy Policy: https://www.tiktok.com/safety/de-de/privacy-and-security-on-tiktok/.

6. Plugins and tools

Google Fonts

This website uses Google Fonts for the uniform display of fonts and symbols. The provider is Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

When you access a page, your browser loads the required fonts into its browser cache in order to correctly display texts, fonts, and symbols. For this purpose, the browser you use must establish a connection to Google’s servers. As a result, Google becomes aware that this website was accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in a uniform and efficient presentation of our website). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes access to information on the user’s device. Consent may be revoked at any time. If your browser does not support Google Fonts, a standard font from your computer will be used. Alternatively, we may host Google Fonts locally; in this case, no connection to Google’s servers is established. Google may also process your data in the United States. Google is certified under the EU-U.S. DPF.

Further information about Google Fonts can be found at: https://developers.google.com/fonts/faq. Google’s Privacy Policy can be found at: https://policies.google.com/privacy?hl=de

Font Awesome

This website uses Font Awesome for the uniform display of fonts and symbols. The provider is Fonticons (Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA).

When you access a page, your browser loads the required fonts into its browser cache in order to correctly display texts, fonts, and symbols. For this purpose, the browser you use must establish a connection to Fonticons’ servers. As a result, Fonticons becomes aware that this website was accessed via your IP address. The use of Font Awesome is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in a uniform and efficient presentation of our website). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes access to information on the user’s device. Consent may be revoked at any time. If your browser does not support Font Awesome, a standard font from your computer will be used. Alternatively, we may host Font Awesome locally; in this case, no connection to Fonticons’ servers is established. As Fonticons is based in the United States, your data may be transferred to the United States. Fonticons is certified under the EU-U.S. DPF.

Information regarding appropriate safeguards for data transfers can be found in Font Awesome’s Privacy Policy at: https://fontawesome.com/privacy

7. Analysis tools and tools from third-party providers

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies and similar technologies that are stored on your device and enable an analysis of your use of the website.

The information generated by these technologies about your use of this website (including the shortened IP address) is generally transmitted to and stored on a Google server in the United States. With the currently used version Google Analytics 4 (GA4), IP addresses are not stored in full by default, but are shortened before processing. Therefore, a complete collection of IP addresses generally does not take place.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data. You may revoke your consent at any time via the “Cookie Settings.” An additional opt-out is possible via the browser add-on available at: http://tools.google.com/dlpage/gaoptout?hl=de

The use of Google Analytics is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be revoked at any time. We have concluded a DPA with Google. Within the property settings, we use the available privacy features of GA4 (e.g., IP anonymization, no merging with other Google data); additional features (e.g., Google Signals, User ID) are only used if you have consented to them. Cookies and similar technologies set by Google Analytics are deleted depending on the type of cookie used: short-lived cookies are automatically deleted after one day up to a maximum of two months. Standard cookies generally remain on your device for 24 months in order to recognize returning visitors.

Google may also process your data in the United States. For transfers to Google, we rely — where applicable — on Google’s certification under the EU-U.S. DPF. Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de

8. E-Commerce

Data transmission upon conclusion of a contract for the purchase and shipment of goods

Personal data is only transferred to third parties if this is necessary within the scope of contract processing. Third parties may include, for example, payment service providers or logistics companies. Any further transfer of data will not take place unless you have expressly consented to it.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or for the implementation of pre-contractual measures.

Ablefy (formerly elopage)

We process data of users, prospective customers, and customers within the scope of e-commerce activities. For this purpose, registration and ordering for the purchase of products and services, as well as the provision of additional personal data for the payment provider (e.g., name, address, contact details, where applicable bank account details, price, purchased item), are generally required. We require this data to provide the respective service or deliver the goods. For this purpose, we use the services of Ablefy (Ablefy GmbH (formerly elopage GmbH), Kurfürstendamm 182, 10707 Berlin, Germany).

As soon as you click on a product button on this website, you leave this website and are redirected to our webpages hosted on Ablefy. All functions on the sales page, as well as the entire downstream sales processing, are carried out via Ablefy.

We collect, process, and use personal data only insofar as this is necessary for establishing, structuring the content of, or modifying the legal relationship (inventory data). This is carried out on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or for the implementation of pre-contractual measures. We collect, process, and use personal data concerning the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or for billing purposes. To ensure GDPR-compliant processing, we have concluded a DPA with Ablefy. Ablefy receives the data as our processor. Further information on data protection can be found in Ablefy’s Privacy Policy at: https://myablefy.com/privacy?locale=de

The collected customer data will be deleted after completion of the order or termination of the business relationship, unless statutory retention periods prevent deletion (e.g., retention obligations under commercial and tax law of up to 10 years).

9. Affiliate links

On the basis of our legitimate interests (i.e., interest in the economic operation of our online services within the meaning of Art. 6 para. 1 lit. f GDPR), we participate in the affiliate program of Travelpayouts (Go Travel Un Limited, 4007 Central Plaza, 18 Harbour Road, Wanchai, Hong Kong). The affiliate program is designed to provide a means for websites to earn advertising reimbursements by placing advertisements and links as part of an affiliate system. Travelpayouts uses cookies and similar technologies in order to trace the origin of transactions (“affiliate tracking”). The setting and reading of these cookies is carried out exclusively on the basis of your consent pursuant to Section 25 para. 1 TDDDG. You may revoke your consent at any time via the cookie settings. Cookies set by Travelpayouts are stored for up to 30 days.

In principle, personal data is stored by Travelpayouts within the European Economic Area (EEA), specifically in the Netherlands. However, as Travelpayouts is headquartered in Hong Kong, it cannot be ruled out that personal data may be transferred to a third country without an adequacy decision by the European Commission. For such transfers, Travelpayouts uses appropriate safeguards to ensure an adequate level of data protection. Further information on the use of data by Travelpayouts and options to object can be found in the company’s Privacy Policy: https://support.travelpayouts.com/hc/en-us/articles/360004121052-Privacy-Policy. Detailed information on cookies and data collection can also be found in the Travelpayouts Cookie Policy: https://support.travelpayouts.com/hc/en-us/articles/360004121072-Cookie-Policy.