The responsible body within the meaning of the relevant data protection laws is:
Nestpick Global Services GmbH
Oranienburgerstr. 17 , 10178 Berlin
Local Court of Berlin-Charlottenburg, HRB 161705 B
Managing Director: Ömer Kücükdere
Working hours: Montag bis Freitag, 9.00 - 18.00 Uhr
The transmission of information to or from this Website is secured by encryption.
I. General Information
Type and scope of processing of personal data
The provision of the website and the mobile app requires processing of various information. The scope of data processing depends in particular on the type and scope of use of the functions of the website/app. You are not obliged to provide personal data when you visit the Website or use the mobile app. As far as such data provision is technically required when visiting the Website, a refusal leads to the fact that you cannot visit and use our Website. In the context of placing a booking, there may also be a contractual or statutory obligation to provide personal data to us. As far as the indication of your data is necessary for the fulfilment of our obligations, there exists a respective obligation on your part. A refusal may result in the loss of your entitlement to benefits. As a User of our Website/App, you are not subject to any automated decision-making within the meaning of Art. 22 of the General Data Protection Regulation (GDPR).
Legal bases for the processing of personal data
The legal bases for processing of personal data are described below.
|Reason for Processing||Legal Basis (GDPR)||Comment|
|Fulfilment of the contract or implementation of pre-contractual measures||Art. 6 para. 1 b)||Unless expressly stated otherwise, data will only be processed by us to the extent necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data will only be processed by us to this extent.|
|Consent||Art. 6 para. 1 a)||Data will be processed to the extent you have expressly agreed to the type and scope of data processing. You can revoke your consent at any time with effect for the future, but this does not affect the processing that has taken place up to this point in time.|
|Legal Obligation||Art. 6 para. 1 c)||Processing data takes place insofar as this is necessary to fulfil German or European statutory obligations|
Deletion of data and storage period
We will delete your personal data as soon as the legal basis for its processing ceases to exist. Multiple legal bases may exist or a new legal basis may be applicable if a legal basis ceases to exist.
II. Data processing for the provision of the website/mobile app and Communication
Visitors of the website can set up so-called alerts for a certain search. For this, the user must enter his or her e-mail address. By clicking on the "Send" button the visitor gives his consent to receive e-mail notifications from Nestpick regarding new results according to his search criteria . To activate the search, the user must click on an activation link that is sent to the specified e-mail address.
We do not offer accommodation ourselves, but respective services by our partners. For booking requests we collect the following data:
- request type;
- arrival and departure days;
- purpose of the stay;
- first and last name;
- number of guest;
- e-mail address;
- telephone number;
- (optional) message to the landlord.
The collection of the aforementioned data serves the purpose of forwarding the information to our partners. This constitutes a measure in the preparation of the conclusion of the contract which is necessary for entering into a contract with your respective partner and is permitted under Art. 6 (1) sentence 1 (b) GDPR. The user will be informed of the forwarding to the respective partner when making the booking request.
The website provides a contact form which you can use to ask us questions by entering your name and your email address. The use of the contact form is voluntary, and your data is processed in order to fulfill our contractual service obligations (Article 6 (1) (b) GDPR).
When you visit the website/application, your browser sends various information to our server to establish and maintain the connection. The following data is collected:
- IP address,
- date and time at the time of acces,
- name and URL of the retrieved file,
- data volume retrieved,
- retrieved successfully or not successfully,
- previous website,
- connection page,
- browser and browser version,
- the terminal device used (e.g. desktop computer or smartphone),
- operating system and version of the operating system.
These data including the anonymized IP address are stored in so-called log files. This data is not combined with any other data about you. The storage of log files serves the legitimate interest in the meaning of Article 6 (1) (f) GDPR of providing the website and preventing misuse. Stored log files will be deleted after three months at the latest, unless a longer storage period is required, for example to clarify an attack on the website.
III. Analysis and tracking tools
The services listed below are used and implemented on the basis of Article 6 (1) (f) GDPR. User analysis and tracking serve the purpose to perform targeted advertising to customize and continuously optimize our websites. Through the measures, we want to make sure that advertisements which are geared to your interests are displayed on your devices.
Bing Ads technology is used on the website to collect and store data from which pseudonymous user profiles are created. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). This service makes it possible to track user activities on the website if they have reached the website via ads from Bing Ads. If Users access our website in this way, a Cookie is placed on their computer which, in combination with markings on the website, makes some non-personal data about the use of the website accessible. This includes the time spent on the website, which areas of the Website were visited and via which display the users accessed the website. Information on the identity of users is not collected. The information collected is transmitted to Microsoft servers in the United States and stored there for a maximum of 180 days. You can prevent the collection of data generated by the Cookie and related to your use of the website and the processing of this data by deactivating the setting of Cookies. This may restrict the functionality of the website. Microsoft may be able to track your usage across multiple electronic devices through cross-device tracking, enabling you to display personalized advertising on or in Microsoft websites and apps. You can disable this function under http://choice.microsoft.com/en-us/opt-out Further information on Bing Ads and data processing can be found here: https://advertise.bingads.microsoft.com/en-us/resources/policies/user-safety-and-privacy-policies https://privacy.microsoft.com/en-us/privacystatement.
We also use the service Doubleclick by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), which sets a Cookie and assigns a pseudonymous identification number (ID) to your browser. The Cookie determines whether and which advertisements were displayed and clicked in your browser. This enables us to tailor your advertising to your interests. Since we have activated Google's IP anonymization on this Website, your IP address is also shortened within the scope of Doubleclick before being transmitted by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases the full IP address is transmitted to Google in the USA and only shortened there. Google analyses the information collected and sends us reports on the usage activities on our Website and provides us with additional services for this purpose. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. In addition to the general options mentioned above for preventing Cookies, you can also specifically prevent Google from saving the double-click Cookie by downloading an appropriate browser plug-in.
Facebook Custom Audiences
In our mobile app, we use the analytics service of Firebase, Inc. (“Firebase), a Google company. The analytics service is implemented in our mobile app via a development environment (Software Developer Kit). The information generated by the development environment, are:
- hashed (anonymized) IP address,
- mobile identifiers such as the Advertising ID for iOS (IDFA) or the Google Advertising ID,
- installation and initial opening of an mobile app on your mobile device,
- your interaction within the mobile app (e.g., registration),
- viewed and clicked ads.
Our website uses the advertising tool Google AdWords by Google including its conversion tracking. Nestpick uses this tool to determine how successful advertising for our services on websites other than our own is. For this purpose, a conversion cookie is set when you click on one of our advertisements. This cookie enables us to recognize that you have accessed our website via this ad. With such usage data we create statistics to evaluate the conversion of our advertisements. We do not receive any personal information about you. The conversion cookie set in your browser is individual and cannot be used by other Google AdWords customers for their statistics.
You can prevent tracking by disabling the conversion tracking cookie in your browser settings.
Google (Universal) Analytics
This Website uses Google Analytics, a web analysis service from Google. Google collects information about your use of this Website (including your IP address) in the USA via a Cookie, and stores this information. However, we only use Google Analytics with an anonymization function by which the IP address is reduced before it is transmitted by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address will only be transmitted to Google in the USA and shortened there in exceptional cases. Google analyses the information collected and sends us reports on the usage activities on our Website and provides us with additional services for this purpose. The IP address transmitted by your browser in the context of Google Analytics is not combined with other Google data.
Google Dynamic Remarketing
We use services of hasoffers.com of TUNE, Inc., 2200 Western Ave., Suite 200, Seattle WA, 98121 ("TUNE") to measure the effectiveness of our advertising measures. We collect statistical data about visitors who use one of our links (such as ad banners) to access the registration page, including, for example, information about the countries from which these visitors are likely to come. A hasoffers.com cookie will be placed on your device if you access the registration page via such a link. The cookie stores and transmits the following information to TUNE, to which Nestpick has access, while it is stored:
- on which link you have clicked,
- when you clicked the link,
- (in some cases) on which website the link was located,
- IP address of your device (hashed),
- imprecise location information based on the IP address and, if applicable, WLAN information.
Nestpick uses Yandex Metrica, a website analysis tool from the company, Yandex LLC,16, Leo Tolstoy Street, Moscow, 119021, Russia (“Yandex”). When you visit our website, Yandex will collect data generated by your behavior. This includes (i. a.):
- anonymized IP address,
- browser data,
- click behavior.
IV. Rights of the parties concerned
If personal data are processed, you are a data subject within the meaning of Art. 4 Para. 1 GDPR and you have the following rights with regard to your personal data. To exercise these rights, please contact us under the contact details above.
Right to information according to Art. 15 GDPR
You have a right to information about your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.
Right to correction under Art. 16 GDPR
You have the right to request the immediate correction of incorrect personal data and the completion of incorrect personal data.
Right to cancellation in accordance with Art. 17 GDPR
You have the right to request the deletion of your personal data if one of the reasons mentioned in Art. 17 GDPR applies, in particular if there is no longer a legal basis for the processing.
Right to limitation of processing according to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if one of the reasons mentioned in Art. 18 GDPR applies, in particular, at your request, instead of deleting the data.
Right to data transferability according to Art. 20 GDPR
You have the right to request all personal data stored by us about you in a structured, current and machine-readable format and to transmit this data to another person in charge without obstruction by the person responsible to whom the personal data was provided.
Right of appeal to the competent supervisory authority, Art. 77 GDPR
According to Art. 77 GDPR, you have the right to file a complaint with the supervisory authority responsible for you.
Right to object
If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or to revoke your consent at any time. Your objection or revocation will only have an effect for the future If the analysis Cookies used offer their own technical solution for deactivation, this is explained respectively; you can contact firstname.lastname@example.org (or the contact details of the responsible body listed above) at any time to exercise your right of objection or revocation. If you object to data processing on the basis of our legitimate interest, we may nevertheless continue processing if we can prove compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms.
Last update: 20 August 2018