Privacy policy

Privacy Policy Regarding the Use of Data on nestpick.com

Data privacy is a matter of trust, and your trust matters to Nestpick. It is therefore important to us that your personal data is protected and that its collection, processing and use in relation to Nestpick's services in our app and on our website nestpick.com complies with the law. In this Policy, we want to tell you about how we collect and use data, in order to give you an overview of how your personal data will be used.

1. Overview

The following Privacy Policy contains information about the way and extent to which personal data is processed by Nestpick. Personal data is information that can be directly or indirectly attributed to or associated with you personally, such as your name or your email address.

2. Name and contact details of the controller responsible for processing and the company's Data Protection Officer

This Privacy Policy applies to the data processing performed by Nestpick Global Services GmbH, Charlottenstraße 4, 10969 Berlin (the "controller", hereinafter "Nestpick"), to be contacted at info@nestpick.com, and for the following website or application: www.nestpick.com. The Data Protection Officer of Nestpick can be reached at anil@nestpick.com (Anil Yeni).

3. The purposes for which data is processed, the legal basis and legitimate interests pursued by Nestpick or a third party, as well as categories of recipients

3.1. Accessing our website/application
When you access our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in what is known as a log file. We have no control over this. The following information will also be collected without any action on your part and be stored until it is automatically deleted: the IP address of the requesting internet-enabled device the date and time of access the name and URL of the retrieved file the website/application from which access took place (the Referrer URL) the browser you are using, and potentially the operating system of your internet-enabled computer, as well as the name of your access provider the device used (e.g., a desktop computer or a smartphone) the language of the browser you are using The legal basis for processing your IP address is Article 6 (1) (f) of the General Data Processing Regulation (GDPR). Our legitimate interest is based on the purposes of data collection listed below. We would like to point out that we are unable to draw any direct conclusions regarding your identity from the data that is collected, and that we refrain from doing so. We use the IP address of your device and the other data listed above for the following purposes: ensuring that a trouble-free connection is established ensuring the comfortable use of our website/application the evaluation of system security and stability We also use what are known as cookies for our website/application, as well as tracking tools, targeting methods and social media plug-ins. The exact procedures used and how your data are used for this purpose are explained in more detail below.
3.2. Booking inquiries
We do not offer accommodation services ourselves. Rather, we enable you to book accommodation services offered by our partners. When a booking inquiry is received, we collect the following data solely in order to forward it to our partners: the desired arrival and departure dates your first and last name the number of guests your email address your telephone number (optionally) your message to the landlord The collection of the aforementioned data and its transmission to our partners is a pre-contractual step that is required to enter into the contract with your respective partner (Article 6 (1) (b) GDPR).
3.3. Data processing for advertising purposes
3.3.1. Newsletter
On our website, we offer you the opportunity to sign up for our newsletter. You can revoke your consent at any time with effect for the future. To do so, you need only click the unsubscribe link.
3.3.2. Product recommendations
We send you emails which contain product recommendations. You will receive these product recommendations if you have subscribed to an alert. We do so in order to provide you with information about products from our offerings that may interest you based on your recent searches. If you do not want to receive product recommendations from us, you can let us know at any time. You can find our contact details under section 2. Naturally, you will also find an unsubscribe link in every email. The legal basis for the aforementioned processing is Article 6 (1) (f) GDPR. Processing existing customer data this way for advertising purposes is deemed to be a legitimate interest.
3.3.3. Right to object
You have the right, at any time and at no charge, to object to data processing for the aforementioned purposes, separately for each respective communication channel, and with effect for the future. To do so, you need only send an email to info@nestpick.com or send a letter to the Nestpick address mentioned in section 2 above. In the event that you object, the relevant contact address will be blocked for further promotional processing. We point out that, in exceptional cases, advertising material may temporarily continue to be sent to you even after your objection has been received. This is due to technical reasons related to the lead time required for advertisements and does not mean that your objection will not be observed by us. Thank you for your understanding.
3.4. Cookies – general information

We use cookies on our website on the basis of Article 6 (1) (f) GDPR. Our interest in optimizing our website is deemed to be legitimate within the meaning of the aforementioned provision.

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website or use our app. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. The information stored in the cookie is tied to the specific device used. However, this does not mean that we are immediately aware of your identity. In part, cookies are used to make the use of our service more pleasant for you. For example, we use what are known as session cookies to detect that you have already visited individual pages on our website. These are automatically deleted after you leave our website. In addition, to ensure user-friendliness we also use temporary cookies, which are stored on your device for a specific period of time. If you visit our website again to use our services, it is automatically detected that you have already visited us, as well as what information you entered and the settings you used, so that you do not have to reenter them.

On the other hand, we use cookies to statistically record the use of our website, to optimize our services, and to display information tailored to your specific needs. These cookies enable us to automatically detect that you have previously visited us when you return to our website. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or to make sure that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website. The storage period of cookies depends on their purpose and therefore varies.

3.5. Analytical tools
In order to customize and continuously optimize our websites in line with users’ needs, we deploy tools on the basis of Article 6 (1) (f) GDPR which permit us to analyze the use of our website.
3.5.1. Google Analytics
We use Google Analytics, a web analytics service provided by Google. In doing so, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, e.g.
  • browser type/version
  • operating system used
  • Referrer URL (the previously visited page)
  • hostname of the accessing computer (IP address)
  • time of server request

is transmitted to a Google server in the US and stored there. Google complies with the Privacy Policy of the US Privacy Shield and is registered with the U.S. Department of Commerce's US Privacy Shield Program. In addition, we have entered into a data processing agreement for the use of Google Analytics. Under this agreement, Google assures that Google processes data in accordance with the General Data Protection Regulation and ensures the protection of the data subject's rights. The information is used to evaluate the use of the website, to compile reports on the activity on the website, and to provide other services related to the use of the website and internet usage for the purposes of market research and to customize the design of these websites in line with the needs of users. This information may also be transferred to third parties if required by law or if third parties are contracted to process this data. Under no circumstances will your IP address be combined with any other data from Google. The IP addresses are anonymized, which means that it is not possible to identify specific individuals (“IP masking”). You can prevent the installation of cookies by setting your browser software accordingly. However, disabling cookies completely may mean that you will not be able to use all the features of our website. You may also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information regarding data privacy related to Google Analytics, visit the Google Analytics website: https://support.google.com/analytics/answer/6004245?hl=en.

3.5.2. New Relic
To perform accessibility and performance monitoring for our servers, we use the "New Relic" web analytics service provided by New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA. Using pseudonymized usage data, technical performance data (e.g., response and load times) is measured and analyzed to improve our server performance. Further details and information can be found in the New Relic Privacy Policy at https://newrelic.com/privacy/.
3.5.3. Firebase
In our app, we use the analytics service of Firebase, Inc., a mobile analytics service provided by Google Inc. The analytics service is implemented in our app via a development environment (SDK - Software Developer Kit). The information generated by the development environment, e.g.
  • hashed (anonymized) IP address
  • mobile identifiers such as the Advertising ID for iOS (IDFA) or the Google Advertising ID
  • installation and initial opening of an app on your mobile device
  • your interaction within an app (e.g., in-app purchases, registration)
  • viewed and clicked ads

is collected and used by Firebase Inc. to evaluate the use of the app, to compile performance reports on app activity, and to provide other services related to the use of the app for purposes of market research and customization of the app. Under no circumstances will the collected data be combined with other data that Firebase obtains via other apps.

You can find more information about Firebase's privacy policy here: https://www.firebase.com/terms/privacy-policy.html. You can object to tracking by Firebase at any time within the "Opt-out" section of Firebase's Privacy Policy. To do this, you must select the device for which you do not want Firebase to perform tracking and specify your Device Identifier. Behavior tracking from apps that use Firebase will then be immediately removed on your device.

3.5.4. HasOffers
We use HasOffers, a data processing service provided by Tune, Inc., Attn: Legal Department, 2200 Western Avenue, Suite 200, Seattle, WA 98121, that collects and analyzes end user data for advertisers. HasOffers collects the following types of information from Users to help clients optimize and measure their advertising network, affiliate and publisher relationships:
Ad Identifiers
IP address
Cookies
Pixel Tags
Imprecise Geographic Location Data derived from IP address and/or wifi networks.

Clients use HasOffers for pixel or server postback tracking to collect information about Users. Pixel tracking (also called “cookie-based tracking” and “client-side tracking”) methods store a HasOffers session identifier in a user’s browser cookie on click. In postback tracking (also called “server-side tracking”), HasOffers directly sends a session identifier to the advertiser on click. On conversion, the advertiser then communicates that identifier to HasOffers for validation. HasOffers also supports server-to-server measurement for some clients. With any of the mentioned methods, when an end user clicks on an advertisement, goes to a specific web page or mobile app action that a Client chooses to monitor, HasOffers collects information from the User’s computer or device, including but not limited to IP and Ad Identifiers. You can find more information about HasOffers's privacy policy here: https://www.hasoffers.com/privacy-policy.

You can disable cookies in most internet browsers. You can also disable collection of Ad Identifiers for targeted advertising by enabling the Limit Ad Tracking setting on their smartphone. You can also reset the Ad Identifier altogether using their smartphone’s privacy settings.

3.6. Targeting
The targeting measures listed below and used by us are implemented on the basis of Article 6 (1) (f) GDPR. Targeting is used to perform targeted advertising. Through the targeting measures we use, we want to make sure that advertisements which are geared to your interests are displayed on your devices.
3.6.1. Google AdWords
Nestpick uses Google's AdWords service, which uses conversion tracking to measure the effectiveness of individual ads, offers and features. For this, a cookie is set as soon as you click on a Google ad. This cookie does not personally identify you, but rather makes it possible to determine whether you return to the page with the specific offer during the 30-day period in which the cookie is valid. Each AdWords advertiser receives a different cookie. As a result, cookies cannot be tracked via the website of AdWords advertisers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. We track the total number of users who have clicked on an ad and were redirected to the website with a conversion-tracking tag. You can permanently prevent the storage of the Google conversion cookie by setting your browser software accordingly. Google's privacy policy on conversion tracking can be found here: https://services.google.com/sitestats/en.html.
3.6.2. Google Dynamic Remarketing
We use the features of Google Dynamic Remarketing with the cross-device features of Google AdWords and Google DoubleClick. This feature allows us to link the advertising audiences created with Google Dynamic Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized for you based on your past usage and browsing behavior on a device (e.g., smartphone) may also be displayed on another device you use (e.g., tablet or PC). If you have given the appropriate consent to Google, Google will link your web and app browsing history with your Google Account for this purpose. That way, the same personalized advertising messages can appear on any device you use to sign in to your Google Account. To support this feature, Google Analytics collects Google-authenticated IDs of users who are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account. To do so, follow this link: https://adssettings.google.com/authenticated?hl. For more information, as well as the provisions regarding data privacy, please see the Google Privacy Policy at https://policies.google.com/technologies/ads?hl.
3.6.3. Bing Ads
We use Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA ("Microsoft"). This allows us to track user activity on our website when users reach our website through advertisements from Bing Ads. If you reach our website via a Bing Ads advertisement, a cookie will be placed on your computer (see section 3.6.). A Bing UET tag is integrated into our website. This is a code that is used to store data about the use of the website in connection with the cookie. Among others, this includes the time spent on the website, which areas of the website were accessed, and what ads brought users to the website. Information about your identity is not collected. This information is transmitted to Microsoft servers in the US and stored there for a maximum of 180 days. More information on Bing Ads’ analytical services can be found on Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2). For more information about Microsoft’s privacy practice, please see Microsoft’s Privacy Policy (https://privacy.microsoft.com/en-us/privacystatement).
3.6.4. Taboola
Our website uses technologies from Taboola Inc., 28 West 23rd St., New York, NY 10010, USA ("Taboola"). Taboola uses cookies (see section 3.6.) that determine which content you use and which of our pages you visit (conversion tracking). The cookie enables us to create pseudonymous usage profiles by collecting device-related data as well as log data, and enables us to recommend content that matches your personal interests. This permits us to individually customize our offerings for you. These usage profiles cannot be used to establish your identity. You can find more information about Taboola and the ability to disable the Taboola cookie here: https://www.taboola.com/privacy-policy.
3.6.5. Facebook Custom Audiences
In addition, we also use Facebook Custom Audiences. Facebook Custom Audiences is a Facebook marketing service. It allows us to display personalized and interest-based advertising on Facebook to certain groups of pseudonymized visitors to our website who also use Facebook. A Facebook Custom Audience pixel is integrated into our website. This is a Java Script code used to store non-personal information about your use of the site. This includes your IP address, the browser you are using, and the source and destination pages. This information is transmitted to Facebook servers in the United States. There, an automatic check is performed to see if you have saved a Facebook cookie. The Facebook cookie automatically determines whether you belong to the relevant target group for us. If you belong to the target group, we will show you relevant ads on Facebook. You will not be personally identified by us or by Facebook as part of this process. You may object to the use of the Custom Audiences service on the Facebook website (https://www.facebook.com/ads/website_custom_audiences). After logging in to your Facebook account, you will be taken to the settings for Facebook ads. For more information on privacy on Facebook, see Facebook’s Privacy Policy (https://www.facebook.com/privacy/explanation).
3.6.6. Option to object/opt-out
You can prevent the targeting technologies we described by activating the appropriate cookie setting in your browser (see also section 3.6.). In addition, you have the option of deactivating preference-based advertising with the help of the preference manager available here: http://www.youronlinechoices.com/uk/your-ad-choices.

4. Contact form

We provide you with a contact form which you can use to ask us questions by entering your name and your email address. The use of the contact form is voluntary, and your data is processed in order to fulfill our contractual service obligations (Article 6 (1) (b) GDPR).

5. Your rights

5.1. Overview
In addition to the right to revoke the consent you have granted to us, you are entitled to the following further rights if the relevant legal requirements apply:
Right of access to information about your personal data stored with us pursuant to Article 15 GDPR
Right of rectification of inaccurate personal data and right to have incomplete personal data completed pursuant to Article 16 GDPR
Right to erasure of your personal data stored by us pursuant to Article 17 GDPR
Right to restriction of processing of your data pursuant to Article 18 GDPR
Right to data portability pursuant to Article 20 GDPR
5.2. Right to object
Under the conditions of Article 21 (1) GDPR, data processing can be objected to on grounds relating to the particular situation of the data subject. The above general right of objection applies to all processing purposes described in this Privacy Policy which are based on Article 6 (1) (f) GDPR. Unlike the special right of objection to data processing for advertising purposes, under the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance for this (for example, possible danger to life or health). In addition, you may also contact the supervisory authority responsible for Nestpick, the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany, Phone: +49 (0) 30 13889-0, Fax: +49 (0) 30 2155050, Email: mailbox@datenschutz-berlin.de.

Version 1.1 – As of 25 May 2018