Skip main navigation

Data Protection

1. Information on the Protection of Your Personal Data

The following information provides details on how ralfsfincas GmbH processes your personal data and your rights under data protection law.

2. Controller for Data Processing

ralfsfincas GmbH, Niedernstraße 3, 33602 Bielefeld

Managing Directors: Julian Grupp, Michael Keller
HRB 45937 – Amtsgericht Bielefeld
Phone: +49 521 98994253
Email: info@ralfsfincas.de

To exercise your rights, please contact our managing directors. You can reach them by post at the above address with the addition "Data Protection Officer" or by email at: julian.grupp@ralfsfincas.de or michael.keller@ralfsfincas.de.

3. Purposes and Legal Bases for Data Processing

We collect and process your personal data only with your consent or in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and all other applicable laws.

If you request information about our company, properties, or services, we use the data you provide to process your inquiry.

When you contact us via email or a contact form, the data you share (e.g., your email address, and if applicable, your name and phone number) is stored to respond to your questions. These data are deleted once storage is no longer necessary or processing is restricted if legal retention obligations apply.

If you make a binding booking, we require the information you provide for drafting the rental agreement and fulfilling local registration obligations with Spanish authorities (e.g., Modelo 179, Ecotasa), as well as for sharing the necessary details with the relevant contractual partners or landlords. If you submit a booking inquiry, we use the data you provide to process your request. If the rental agreement is concluded, we process this data to manage the contractual relationship.

Processing your inquiry or booking and concluding the rental agreement is not possible without processing your personal data.

Additionally, we require your personal data for the mediation of rental cars or travel insurance, for the development of new quality standards, or to meet legal requirements. We also use the data to evaluate the overall customer relationship, such as for advising on contract modifications, goodwill decisions, or providing comprehensive information.

The legal basis for processing personal data for pre-contractual and contractual purposes is Art. 6 Para. 1 lit. b GDPR. If processing involves special categories of personal data (e.g., health data), we obtain your consent in accordance with Art. 9 Para. 2 a) in conjunction with Art. 7 GDPR. If we create statistics using these data categories, this is based on Art. 9 Para. 2 j) GDPR in conjunction with § 27 BDSG.

We also process your data to safeguard legitimate interests of our own or third parties (Art. 6 Para. 1 lit. f GDPR). This may be necessary, in particular, for the following reasons:

  • To ensure IT security and operations
  • To advertise rental properties offered and mediated by us
  • To prevent and investigate criminal offenses

Additionally, we process your personal data to comply with legal obligations, such as regulatory and police requirements, as well as commercial and tax retention duties. In these cases, the legal basis for processing is the respective statutory provisions in conjunction with Art. 6 Para. 1 lit. c GDPR. If we intend to process your personal data for purposes not mentioned above, we will inform you within the framework of legal requirements.

4. Categories of Data We Collect

If you are interested in our services and submit an inquiry, you may provide us with:

  • Your personal details (e.g., address, email address, phone number, date of birth).

If you rent a finca, we collect data necessary to fulfill your contract with the landlord, including:

  • Your personal details, such as address, email address, phone number, date of birth, passport data, and other identification information.
  • The personal details of your fellow travelers.
  • Relevant medical data or other special categories of data.
  • Payment details (e.g., credit card information, bank account details, billing address).
  • Your arrival and departure times.
  • Your mobile phone number for contact by the landlord.
  • Your mobile phone number for notifications in case of crisis management or an emergency situation.

When you browse our websites or use our mobile apps, we may collect the following data:

  • Travel preferences.
  • Information about your browsing behavior on our websites and mobile apps.
  • Details about when you click on one of our advertisements, including those displayed on websites of other organizations.
  • Information about how you access our digital services, including operating system, IP address, online identifiers, and browser details.
  • Social preferences, interests, and activities.

When you contact us or we contact you, or if you participate in promotions, competitions, or surveys about our services, we may collect the following data:

  • Personal details you provide when communicating with us, including via email, post, phone, or social media, such as your name, username, and contact information.
  • Details about emails and other digital communications we send you and those you open, including links you click within them.
  • Your feedback and contributions to customer surveys or reviews.

Other Sources of Personal Data

  • We may use personal data from other sources, such as companies that provide information and data, business partners, and public registers.
  • Your insurance company, their representatives, and medical professionals may share relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf, in the interest of other customers, or in an emergency.
  • If you log in using social network credentials to connect with our platforms and online services, such as Facebook or Instagram, you consent to share your user data with us. This may include your name, email address, date of birth, location, and other information you choose to share with us.

Personal Data About Other People That You Provide to Us

  • We may use personal data about other individuals that you provide to us, such as additional details included in your booking.
  • By providing personal data about other individuals, you must ensure that they consent to you sharing their information and that you are authorized to do so. Additionally, you should, if necessary, ensure that these individuals are aware of how their personal data may be used by us.

5. Categories of Recipients of Personal Data

Fincas/Accommodations:

For vacation rentals, the respective finca owners or managers receive all necessary data. The same applies if you require on-site support, insofar as this information is needed for your assistance during your stay.

Car Rental Providers:

Car rental providers receive the application and contract data required to fulfill the contract.

Travel Insurance Providers:

Travel insurers receive the application and contract data necessary for the execution of the contract.

6. External Service Providers

We partially rely on external service providers to fulfill our contractual and legal obligations.

You can request a list of contractors and service providers with whom we maintain ongoing business relationships from our Data Protection Officer. A printed copy will be sent to you by post upon request.

Other Recipients

In addition, we may disclose your personal data to other recipients, such as authorities, to meet legal reporting obligations (e.g., tourism regulatory authorities, tax and social security authorities, law enforcement agencies, or courts).

7. Duration of Data Retention

We delete your personal data as soon as it is no longer required for the purposes mentioned above. However, personal data may be retained for periods during which claims can be made against our company or other contractual partners (statutory limitation periods of three to up to thirty years).

Additionally, we retain your personal data to the extent that we are legally obligated to do so. Relevant documentation and retention obligations arise, among others, from the German Commercial Code and the Fiscal Code, which stipulate retention periods of up to ten years.

8. Rights of Data Subjects

You have the right to request information about the personal data stored about you at the address provided above. Additionally, under certain circumstances, you can request the correction or deletion of your data. You may also have the right to request the restriction of processing your data or to receive the data you provided in a structured, commonly used, and machine-readable format.

Your rights under the GDPR include:

  • Right of access: Art. 15 GDPR
  • Right to rectification: Art. 16 GDPR
  • Right to erasure ("right to be forgotten"): Art. 17 GDPR
  • Right to restrict processing: Art. 18 GDPR
  • Right to data portability: Art. 20 GDPR
  • Right to object: Art. 21 GDPR

9. Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes.

If we process your data to safeguard legitimate interests, you can object to this processing if there are reasons arising from your particular situation that argue against the data processing.

To exercise your rights, please contact the managing directors listed above via email.

For identification purposes, please provide the following information:

  • Name
  • Postal address
  • Email address
  • Booking ID

We would like to point out that we process your personal data in accordance with Art. 6 Para. 1 lit. c GDPR to handle your request and to verify your identity.

You will receive a response to your request regarding your data subject rights within the statutory period of 4 weeks at the latest.

Before processing your personal data for any other purpose, we will inform you in advance.

10. Right to Lodge a Complaint

You have the option to file a complaint with the Data Protection Officer listed above or with a data protection supervisory authority. The supervisory authority responsible for our company is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2 - 4
40213 Düsseldorf

11. Data Transfers to a Third Country

If we transfer personal data to service providers outside the European Economic Area (EEA), such transfers will only occur if the European Commission has confirmed that the third country provides an adequate level of data protection, or if other appropriate data protection safeguards are in place (e.g., binding corporate rules or EU standard contractual clauses).

12. Data Protection on This Website

Protecting your privacy and ensuring the security of your personal data is a priority for us, even when you visit our website. Our applications comply with the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other sector-specific data protection regulations for the internet (e.g., the Telecommunications Act and the Telemedia Act). All our employees are obliged to comply with the EU General Data Protection Regulation and the German Federal Data Protection Act.

13. Anonymized Data / Logfiles / IP Address

You can visit our website without providing any personal information. We only store access data that does not relate to any individual. These data are analyzed exclusively to improve our offerings and do not allow any conclusions about your identity.

We collect, store, and process your data for handling reservations or bookings, as well as for advertising purposes. Personal data are collected only when you voluntarily provide them during inquiries, bookings, or newsletter registration.

You may revoke the use of your data for consulting, advertising, market research, quality assurance, and property evaluation at any time, including electronically.

We share your personal data only as necessary for the execution and booking of the respective travel services, meaning with local service providers.

14. Use of Your Personal Data

We use your personal data (such as name, address, phone number, or email) exclusively to process your reservations and bookings and to communicate with you.

Your personal data will not be shared beyond the contractual purpose, including with third parties.

These data protection principles are continuously updated and further developed in line with advancements in data protection and security technology.

15. Use of Cookies

We use cookies on our website. Cookies are small files stored on your device that save certain settings and data for exchange with our system via your browser. This storage helps us tailor the website to your needs and makes it easier for you to use, for example, by saving certain inputs so you don’t have to re-enter them repeatedly. Your browser allows you to restrict the use of cookies, although this may result in limited functionality or inaccessibility of some features of our website. Cookies can also be deleted directly through your browser settings.

A cookie is a data element that a website can send to your browser to store on your system for later use.

Session cookies are temporary cookies that are deleted once you close your browser.

We also use long-term cookies, which remain stored on your hard drive. For your convenience, these cookies are set to expire at a future date. When you visit our website again, it will automatically recognize that you have been here before and remember your preferred inputs and settings.

We use the following cookies:

Our Own Cookies:

  • Session Cookie: Expires after 10 hours
  • Cookie for Travel Period: Expires at the end of the session
  • Cookie for Personal Preferences (e.g., newsletter): Expires at the end of the session
  • Cookie for Wishlist: Expires after 30 days
  • Cookie for Recently Viewed Objects: Expires at the end of the session

Third-Party Cookies:

  • We also use the following third-party cookies:
  • Web Tracking Cookies: e.g., Google Analytics
  • Web Analysis Cookies: e.g., Hotjar
  • Product Recommendation Cookies: e.g., Appnexus
  • SEM Optimization Cookies: e.g., Intelli-Ad and Microsoft Bing
  • Social Media Cookies: e.g., Facebook and YouTube

16. Web Analytics Tools

For marketing purposes and the statistical analysis of our website, we use technologies provided by the following provider:

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"), located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses "cookies," which are text files stored on your computer, to analyze your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA. If IP anonymization is activated on this website, Google will truncate your IP address within member states of the European Union or other contracting parties to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting the settings in your browser software. However, please note that if you do this, you may not be able to use all features of this website to their full extent. Additionally, you can prevent the collection of data generated by the cookie related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

Note: Our website uses Google Analytics with the new, privacy-compliant extension "_anonymizeIp()". This ensures that IP addresses are processed only in a truncated form, preventing direct identification of individuals.

Hotjar (Hotjar Ltd, St Julians Business Centre, 3 Elia Zammit Street, STJ 1000, Malta)

In addition to Google Analytics, the web analysis tool “Hotjar” is also used. Hotjar provides heatmaps, user recordings, and form monitoring. Hotjar uses cookies to collect non-personal data, including standard internet protocol data and information about your behavioral patterns when visiting pages on our website. We do this to provide you with a better user experience, identify preferences, diagnose technical issues, analyze developments, and improve our website. For more information about Hotjar, visit: https://www.hotjar.com/privacy.

Microsoft Bing Ads (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA)

If you access our website via a Microsoft Bing advertisement, a cookie is stored in your browser. These cookies are not used for personal identification. The information gathered by the cookie is used solely to generate statistics about the use of our website. This helps us evaluate and improve our marketing efforts. 

If you do not wish to participate in the aforementioned process, you can decline the use of cookies by adjusting your browser settings. One option is to configure your browser to automatically disable the setting of cookies. Alternatively, installing a relevant browser plugin can prevent the transmission of information via the cookie. You can also directly opt out of the use of such cookies by Microsoft on the following webpage: https://choice.microsoft.com/en-GB/opt-out.

For more information about data protection and the cookies used by Microsoft Bing, please visit Microsoft's privacy website: https://www.microsoft.com/en-GB/privacy/privacystatement/.

This is how the opt-out or deactivation via the link works: By clicking the links, a so-called opt-out cookie is placed on your device. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted. This means that if you wish to continue objecting to anonymized data collection, you must reset the opt-out cookies. Opt-out cookies are set individually for each browser and device. If you visit our website from home and work or use different browsers, you must activate the opt-out cookies in each browser and on each device.

Personalized Product Recommendations

We use the retargeting features of Google AdWords (Google Remarketing) (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), Bing (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), and Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). You also have the option to opt out and exclude yourself from data collection.

Google: https://www.google.com/policies/privacy/ads.
Bing: https://www.microsoft.com/en-us/privacy/privacystatement.
Facebook: https://www.facebook.com/policy.php.

Use of Visual Website Optimizer

Our website uses the Visual Website Optimizer tool (https://visualwebsiteoptimizer.com) to gather statistical metrics about the use of our services. Anonymous data is collected during this process. This test uses cookies to recognize computer systems, with the cookie's lifespan limited to the duration of the test. IP addresses are not stored as part of this process. You can opt out of the storage of your anonymously collected visitor data at any time for the future by visiting: https://visualwebsiteoptimizer.com/opt-out.php.

17. Use of Social Plugins

Facebook

This website uses social plugins ("Plugins") from the social network Facebook, operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA ("Facebook"). The plugins are marked with a Facebook logo or the label "Social Plugin from Facebook" or "Facebook Social Plugin." You can find an overview of Facebook plugins and their appearance here: https://developers.facebook.com/docs/plugins/

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to your browser and embedded into the website. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, such as by clicking the "Like" button or leaving a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook may use this information for advertising purposes, market research, and the customized design of Facebook pages. Facebook creates user, interest, and relationship profiles for this purpose, e.g., to evaluate your use of our website in relation to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide additional services related to the use of Facebook. If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website. For details on the purpose and scope of the data collection, further processing, and use of the data by Facebook, as well as your rights and options to protect your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

18. Terms of Use for Live Chat

Live Chat

ralfsfincas GmbH provides a free live chat feature on its websites. This allows customers and prospective renters of holiday houses or fincas to communicate directly and in real-time with our staff, receive advice, and ask questions. The chat is always private and one-on-one, meaning other users cannot view the conversation. Apart from the cost of an internet connection, no additional charges apply.

General Usage Information

The live chat is conducted as a text-based communication via the computer keyboard. Before providing any contractual information, the user must verify their identity by answering specific questions.

To ensure a secure, fair, and trustworthy exchange of information, we expect users of the live chat to adhere to appropriate etiquette, including openness, politeness, and respect. Chats that violate these principles will be terminated; in cases of serious violations, users may be blocked. The chat feature is available during the times listed on the website. ralfsfincas reserves the right to change the live chat hours without prior notice or to discontinue the service entirely.

Legal Information

The live chat is intended for general information exchange and the information provided is not legally binding. Legal declarations, such as binding contract offers, termination or cancellation notices, or the assertion of goodwill claims, are neither made nor accepted via the live chat. If the issue communicated by the user is unsuitable for handling via live chat, for example, because it is too complex, it will be forwarded to the appropriate team for further assistance.

Liability

Distortion of the original content during electronic data transmission cannot be ruled out. Therefore, ralfsfincas GmbH assumes no liability in cases where live chat messages from employees are not displayed to the user or are only partially displayed due to technical defects. No liability is assumed for inadvertently sent information. Additionally, ralfsfincas is not responsible for statements made by chat participants.

The live chat must not be used by users for advertising or other irrelevant content. ralfsfincas GmbH does not respond to live chat messages that violate criminal or press law regulations of the Federal Republic of Germany, public decency, good manners, or polite conduct. ralfsfincas GmbH reserves the right to temporarily or permanently ban users from participating in the live chat.

ralfsfincas GmbH assumes no liability for damages resulting from the use of the live chat unless caused by the fault of ralfsfincas GmbH.

Data Protection

For the operation of the live chat, only data necessary for providing the advisory service or addressing the participant’s inquiry are used. Detailed information about data protection can be found here. After using the ralfsfincas live chat, the following data are stored for statistical purposes and to improve the service:

  • IP address
  • Time and duration
  • Operating system
  • Browser
  • Website from which the user accesses the chat
  • Page view
  • Rating

The chat history is stored in a log file for a maximum of six months and then deleted. For specific reasons, such as suspected criminal activity or threats, ralfsfincas GmbH may retain the chat history for a longer period to preserve evidence. At the end of the chat, the user has the option to save and print the chat history as a file.

Security Information

The live chat service is conducted over an encrypted SSL connection, ensuring protection against unauthorized access. Live chat staff work in a private area with no public access, guaranteeing discretion and data protection.

Users must take appropriate precautions to ensure that their personal data, such as identification numbers or birth dates, cannot be viewed by unauthorized third parties. This is particularly important when using the service in public spaces or on devices shared by multiple users.

Miscellaneous

If any security concerns are identified, such as virus infections, third-party manipulation, or hardware and/or software errors, we reserve the right to temporarily suspend the live chat.

The terms of use for the "Live Chat Service" on this website may be changed or updated by ralfsfincas GmbH at any time without prior notice. Updates will be announced on the website.

Link to the Chatlio Privacy Policy: https://chatlio.com/legal/privacy-policy/

19. Newsletter

Our website offers the option to subscribe to a free newsletter. When registering for the newsletter, the data entered in the form will be transmitted to us. This includes the name or a name synonym and the provided email address.

Additionally, the IP address of the accessing device and the date and time of registration are recorded at the time of subscription.

During the registration process, your consent for data processing is obtained, and you are referred to this privacy policy.

Ralfsfincas GmbH also sends newsletters to individuals who have submitted booking inquiries and provided their email addresses, as well as to individuals with whom a booking has been successfully concluded (existing customers). In such cases, the newsletter contains only direct advertising for our own products or services.

The legal basis for processing data following a user's subscription to the newsletter is Art. 6 Para. 1 lit. a GDPR, provided the user's consent has been obtained.

The legal basis for sending newsletters to existing customers after a prior booking is § 7 Para. 3 UWG (German Unfair Competition Act).

The collection of the user's email address is necessary to deliver the newsletter as part of the data processing purpose. Other personal data collected during the registration process serves to prevent misuse of the services or the email address used.

Data is deleted as soon as it is no longer required for the purpose for which it was collected. The user's email address is therefore stored as long as the subscription remains active. Other personal data collected during the registration process is typically deleted after seven days.

The newsletter subscription can be canceled by the user at any time. Each newsletter contains a corresponding link for this purpose.

Ralfsfincas GmbH uses the list provider MailChimp to send newsletters. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Ste 404, Atlanta, GA 30318.

When you register for our newsletter, the data you provide during registration is transmitted to MailChimp and stored there. After registering, you will receive an email from MailChimp to confirm your subscription ("double opt-in").

MailChimp offers extensive analytics on how newsletters are opened and used. These analyses are group-based and are not used by us for individual evaluation. Additionally, MailChimp uses the Google Analytics tool and may integrate it into the newsletters. For more details on Google Analytics, refer to the section "Web Analytics Using Google Analytics".

For more information about MailChimp and its privacy policy, please visit: https://mailchimp.com/legal/privacy/

In addition to the newsletter, individuals who have successfully completed a travel booking will receive a request to review our services and the mediated property after their trip. TrustPilot (Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark) serves as the review platform.

For more information about TrustPilot and its privacy policy, please visit: https://legal.trustpilot.com/for-reviewers/end-user-privacy-terms

20. Data Security

Our security measures comply with the latest technological standards:

Transmission of Sensitive Data

When you access pages within our website that allow data input and are prompted to enter and submit personal data, we use SSL (Secure Socket Layer) encryption technology with a key length of at least 128-bit to transmit your data over the internet securely. To date, no methods for analytically decrypting such 128-bit encryption are known.

You can recognize the use of SSL encryption by the website address (which begins with HTTPS) or by the padlock symbol in the status bar of your web browser.

Emails

We do not send messages containing personal data unencrypted via email. If you choose to send unencrypted emails to us, please be aware that these messages are not protected against unauthorized access or manipulation by third parties during internet transmission.

Before sending us an email, consider that its contents are not protected against unauthorized access, alteration, or other risks on the internet. Therefore, we recommend using a contact form to send us messages securely.

Phishing

Phishing scammers forge emails and websites to steal your sensitive information, such as passwords or other confidential data. Please note that we will never send emails or SMS messages asking for highly confidential personal data, such as your bank account details, credit card number, or password, under dubious or unusual justifications (e.g., "end of insurance coverage").

For more information on phishing emails and how to protect yourself, visit resources such as the website of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).

Access Protection Measures

Our data processing systems are safeguarded against external access by firewall systems. Login procedures and authorization systems ensure that internal applications are accessible only to authorized personnel.

Additional Information

For more information on internet security, please visit: https://www.bsi-fuer-buerger.de

Bielefeld, December 19, 2024 – V.1.0