VakantiePiraten Reizen op piraten prijzen!


Data Protection Declaration

Last modified: September 18th, 2018

Changes: 5.2 Affected rights, 7. Law and Protection, Whatsbroadcast - Messaging Services, 2.1 Information you provide, Name changes from Whatsbroadcast to MessengerPeople GmbH.

On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

Data protection is a matter of trust and your trust is important to us. We respect your personal space and your privacy. Therefore, protecting personal data and collecting, processing and using them in conformity with the law is an important concern to us. So that you feel safe while visiting one of our web pages, we strictly adhere to legal provisions when we process you data and would like to inform you here about our data collection and use of data.

We take appropriate technical and organizational measures which are intended to prevent unauthorized or unlawful processing of personal data and accidental loss or destruction of, or damage to, personal data.

1. Responsible body

The body responsible for collecting, processing and using your personal data in terms of the Federal Data Protection Laws is HolidayPirates GmbH, Wallstraße 59, 10179 Berlin, Germany.

Should you not agree with collecting, processing and using your personal data in accordance with these data protection provisions in total or only to individual measures, you can send your objection by email, fax or letter to the following contacts:

HolidayPirates GmbH,

Wallstr. 59, 10179 Berlin

Phone: +49 30 34 655 0074

Email: [email protected]


2. Information we collect

HolidayPirates must receive or collect some information to operate, provide, improve, understand, customize, support, and market our Services, including when you install, access, or use our Services. The types of information we receive and collect depend on how you use our Services.

2.1 Information you provide

User account:

  • E-Mail address
  • Username
  • Password

Provided by you (voluntary):

  • Profile picture
  • Name
  • Date of birth
  • Preferences for travel destinations such as departure time, destinations, travel months, travel budgets or travel categories.


  • Name (voluntary)
  • E-Mail
  • Date of registration
  • Registered market
  • User behavior tracking in website


  • Phone number
  • Profile picture
  • Messages send to us

Contact via contactform or email:

  • Name
  • E-Mail address
  • Messages send to us

Customer support:

  • Name
  • Messages send to us

2.3 Automatically Collected Information

  • Cookies. We use cookies to operate and provide our Services, including to provide our Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services. For example, we use cookies to provide HolidayPirates for web and desktop and other web-based services. We may also use cookies to understand which of our FAQs are most popular and to show you relevant content related to our Services. Additionally, we may use cookies to remember your choices, like your language preferences, to provide a safer experience, and otherwise to customize our Services for you.Learn moreabout how we use cookies to provide you our Services.
  • Usage And Log Information.We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services, and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.


Google LLC

  • Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • GDPR Compliance:
  • Purpose: Analysis of user behavior on the website
    • to develop new products and services
    • optimize existing products or services
    • Find and fix error messages on the blog
    • Measure and plan marketing campaigns
  • All anonymized data:
    • Anonymous ID generated by first party cookies

Firebase (Apps)

  • Address: 188 King StSan Francisco, CA 94107, USA
  • GDPR Compliance:
  • Purpose:
    • Analysis of user behavior on the website
    • to develop new products and services
    • optimize existing products or services
    • Find and fix error messages on the blog
    • Measure and plan marketing campaigns
  • All anonymized data:
    • Anonymous ID generated by first party cookies

HolidayPirates Website Tracking

  • Address: HolidayPirates GmbH, Wallstr. 59, 10179 Berlin, Germany
  • Purpose:
    • Personilize inventory for users.
    • Enhance user experience.
    • Improve our service.
  • All anonymized data:
    • Anonymous ID and userID from website if they are logged in.
    • Actions and website.
    • Usage of website.


  • Address: Facebook Inc.,1 Hacker Way, Menlo Park, California, US
  • GDPR Compliance:
  • Purpose:
    • Measurement and analytics to better understand our users and provide better content.
    • Custom Audiences are used for advertising campaigns, which allows us to serve more relevant advertising.
  • All anonymized data:
    • Http headers - Anything present in HTTP headers
    • Pixel-specific data - This includes the pixel ID and Facebook cookie.
    • Button click data - This includes any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks.
    • Other values - Additional information about the visit through custom data events, for example the destination or hotel-name someone checked.


  • Address: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
  • GDPR Compliance:
  • Purpose:
    • Providing the "note" buttons on the website and on images to ensure the use of Pinterest for users and to make the saving of images possible.
    • Analysis of the user behavior of Pinterest users on our website in order to understand interests, to improve and expand our products.
    • By using Pinterest features on our website, data is automatically forwarded to Pinterest so that they have a better understanding of your interests in order to ensure better advertising
  • All anonymized data:
    • "Note "-Button collects data on how often the button was clicked by users on our website or the landing page itself.
    • Log data, such as IP address, landing page URL with Pinterest functions, and the activities performed on it (such as the "Note" button), search history, browser type and settings, the date and time of your request, how you use it Pinterest and cookie and device data automatically shared with Pinterest.
    • Cookie data
    • Device information

Outbrain Pixel

  • All anonymized data:
    • Outbrain UUID (unique user ID).
    • Time stamp, pages visited, referring source, conversion events.
    • Browser, device, and operating system information. An estimate of geographic location associated with IP address, and other information normally transmitted in HTTP requests.
    • Internet protocol (“IP“) address or other unique identifier (“Device Identifier“) for each computer, mobile device, technology or other device (collectively, “Device“) used to access the site. A Device Identifier is a number that is automatically assigned to a Device and is completely anonymous.


  • Address:Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta
  • GDPR Compliance:
  • Purpose:
    • Measurement and analytics to better understand our users and provide better content. Heatmaps, click maps, screen recordings help us to better organise and structure the content of our website to provide a seamless and easy user experience.

  • All anonymized data:
    • The following are all collected and completely anonymised: Browser type, Operating system, device Type, page URL(s) visited, and duration of visit


  • Data:
    • Capturing surfing behaviour of our users through an anonymous Cookie ID, to track behaviour on each blogpost and sending this data to our newsletter database.
    • Tracking the behaviour in our newsletters newsletters including tracking of opens of emails and clicks on links.


  • Address: MessengerPeople GmbH, Herzog-Heinrich-Straße 9, 80336 München
  • GDPR Compliance:
  • Purpose:
    • For direct communication and sending out offers from our website
  • All anonymized data:
    • Phone number, Profile Picture, Messages or Questions send to us.

Messaging Services

By sending a start message to Vakantiepiraten (hereinafter referred to as – Sender) I agree with respect to Art. 6 Abs.1 lit. a GDPR that Sender has my permission to use my personal data (e.g. first and last name, phone number, messenger ID, profile image, messages) for direct communication and the required data processing, based on the respective messenger. To use this service, an existing messenger account with the respective provider is required.

The possible messenger service providers are:

Whatsapp: WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA with its privacy policy described at

Facebook Messenger: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA with its privacy policy described at f

Telegram: Telegram Messenger LLP 71-75 Shelton Street, Covent Garden, London, United Kingdom with its privacy policy described at

Insta News: Pylba Inc., 314 27th Avenue, San Mateo, CA, 94403, USA with its privacy policy described at

I acknowledge that the respective provider might receive personal data (including communication meta data) that might be processed at servers located in countries outside of the EU (e.g. USA) that do not guarantee the same level of data protection as that practiced in the EU. Whatsapp Inc and Facebook Inc are certified under the Privacy Shield Agreement and thus guarantee compliance with European data protection regulations. Additional information is described in the above privacy policies of the respective messengers. Sender has no detailed knowledge about or influence on the respective providers.

Your agreement to this data processing can be revoked at any time by sending “stop” in the respective messenger.

To delete all data that is stored by our technical service provider, please send a message with „delete all data“ through your messenger.

Sender uses the technical service provider MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany as data processor for this messenger service.

    Adjust GmbH

    • Address: adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany
    • GDPR Compliance:
    • Purpose:
      • Unterstützung bei der Identifizierung des Verhaltens in der mobilen Anwendung, um Entscheidungen über gezieltes Marketing vorzubereiten; Unterstützung bei der effizienten Handhabung und Optimierung der mobilen Kampagnen für soziale Netzwerke und anderswo im Internet.
    • All anonymized data:
      • Anonymous cookie ID, ad ID and device ID used by a particular person, events in the mobile app about the use of the mobile app by a particular user (in particular login, successful completion of the transaction), but no payment and financial data.
      • Content of the advertisement to be delivered to a particular user and, as appropriate, classified advertising group to which that person belongs.


    • Address: Paramount House, Delta Way, Egham TW20 8RX, UK
    • GDPR Compliance:
    • Purpose:
      • Providing with the header bidding technology called prebid to carry out bidding auctions for display advertisement between various RTB demand channels
    • All anonymized data:
      • Device Information
        • When using a mobile device StreamAMP collects device-specific information (such as a user’s hardware model, operating system version, unique device identifiers).
      • Event Logs
        • When a visitor views an ad on a publisher's site StreamAMP automatically collects and store certain information surrounding that event including:
          • URL and query parameters
          • Advertising information
          • Winning partner
          • Bid Price
          • Advertiser (if available)
          • Deal ID (if available)
          • Additional segment and targeting data provided by the publishers (First Party data)
          • Location Information
      • StreamAMP uses a user's IP Address to estimate a user's location.
      • Local Storage
        • StreamAMP may collects and store information (including personal information) locally on a user’s device using mechanisms such as browser web storage (including HTML 5) and application data caches.
      • Cookies and similar technologies
      • StreamAMP use cookies or similar technologies to identify visitor browsers or devices across sessions.


    • Address & place of jurisdiction: Instapage, Inc., Legal Department, 118 King St. Suite 450 San Francisco, CA 94107
    • GDPR Compliance:
    • Purpose:
      • Your personalised data only get collected by us if you take part in the “Golden Ticket” contest. These data serve for optimization and measuring purposes for marketing campaigns
    • Disclosed Data: Cookie-ID, IP-Adresse
    • More information:

    3. How We Use Information

    We use the information we have (subject to choices you make) to operate, provide, improve, understand, customize, support, and market our Services. Here's how:

    • Our Services.We use the information we have to operate and provide our Services, including providing customer support, and improving, fixing, and customizing our Services. We understand how people use our Services and analyze and use the information we have to evaluate and improve our Services, research, develop, and test new services and features, and conduct troubleshooting activities. We also use your information to respond to you when you contact us.
    • Safety And Security.We verify accounts and activity, and promote safety and security on and off our Services, such as by investigating suspicious activity or violations of our Terms, and to ensure our Services are being used legally.
    • Third-Party Banner Ads. The Site uses DoubleClick, a third party advertising provider, to serve advertisements on the Site. Advertising providers are third parties that display advertisements based on your visits to the Site and other web sites you have visited, allowing targeted advertisements to be delivered to you for products and services in which you might be interested. The Site also uses a third party traffic measurement service to analyse how visitors use the Site. Third party advertising providers, advertisers (whose ads are displayed via the advertising provider) and the traffic measurement services used on the Site may use cookies, web beacons or embedded scripts (described above) or other similar mechanisms to automatically collect web site usage information. Third party advertising providers and the advertisers may use this web site usage information for, among other purposes, helping deliver advertisements to you that you might be interested in, to prevent you from seeing the same advertisements too many times and to conduct research regarding the usefulness of certain advertisements are to you. Traffic measurement services used on the Site may use the collected web site usage information for, among other purposes, gathering information about users' interactions with the Site, such as which links are clicked on. Cookies, web beacons and embedded scripts and other similar mechanisms used to collect web site usage information from advertising providers, advertisers and traffic measurement services are governed by their respective privacy policies and not this Privacy Policy. However, we do not share any Personal Information with these third parties in connection with their performing these services on the Web Site.For more information about DoubleClick, including instructions on how to opt out of DoubleClick's targeted advertising, please see . For additional information about how to opt out of targeted advertising from DoubleClick and other members of the Network Advertising Initiative, please see http://www.networkadvertising.... .The following paragraph is a template for an opt-out statement, the properties may feature Nielsen proprietary measurement software, which will allow users to contribute to market research, such as Nielsen TV Ratings. To learn more about the information that Nielsen software may collect and your choices with regard to it, please see the Nielsen Digital Measurement Privacy Policy at

    The tracking of Ad Up, a technology and service provider of Axel Springer Teaser Ad GmbH (Axel-Springer-Strasse 65, 10969 Berlin), is integrated on our websites. By collecting anonymised and / or pseudonymous data, Ad Up will then be able to display advertisements for a
    specific time on websites. Ad Up uses cookies to provide advertisers with conversion tracking that determines the effectiveness of their ads and keywords. More information about the data protection of Axel Springer Teaser Ad GmbH is available at Via the button "Activate opt-out cookie" you also have the possibility to set an opt-out-cookie in your browser and deactivate Ad Up in this browser.

    4. How We Process Information

    Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we've explained these below. You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, and erasure of your data under the General Data Protection Regulation (the "GDPR"). To exercise your rights, see our Privacy Policy under How You Exercise Your Rights.

    For all people who have legal capacity to enter into an enforceable contract, we process data as necessary to perform our contracts with you (the Terms of Service, the "Terms"). The core data uses necessary to provide our contractual services are:

    • To provide, improve, customize, and support our Services as described in "Our Services";
    • To promote safety and security;
    • To store, or process your data outside the EEA, including to within the United States and other countries; and
    • To communicate with you, for example, on Service-related issues.

    When we process data you provide to us as necessary to perform our contracts with you, you have the right to port it under the GDPR. To exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.

    The other legal bases we rely on in certain instances when processing your data are:

    Your Consent:

    For collecting and using information you allow us to receive through the device-based settings when you enable them (such as access to your camera, or photos), so we can provide the features and services described when you enable the settings.

    When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time and to port that data you provide to us, under the GDPR. To exercise your rights, visit your device-based settings How You Exercise Your Rights section of the Privacy Policy.

    Legitimate Interest :

    Based on the GDPR art. 6/1f, we will not request nor require consent from a user in order to display advertisements. After having conducted a legitimate interest assessment, we believe that our legitimate interest is appropriate given the value we bring to our users, discovering great travel deals for bargain price. Based on data collected, we will show ads to users that deliver the best user experience. By doing so, we allow users to enjoy the inspiration and the free of charge site browsing while driving revenue for the company to maintain and develop the product. Moreover, we are fully supportive of the digital ad industry consent mechanisms and will continue to test consent mechanisms as potential alternative legal basis for processing.

    For all people, including those under the age of majority:

    • For providing measurement, analytics, and other business services where we are processing data as a controller. The legitimate interests we rely on for this processing are:
      • To provide accurate and reliable reporting to businesses and other partners, to ensure accurate pricing and statistics on performance, and to demonstrate the value our partners realise using our Services; and
      • In the interests of businesses and other partners to help them understand their customers and improve their businesses, validate their pricing models, and evaluate the effectiveness and distribution of their services and messages, and understand how people interact with them on our Services.
    • For providing marketing communications to you. The legitimate interests we rely on for this processing are:
      • To promote and send you, as customer, our last offers.

    You have the right to object to, and seek restriction of, such processing; to exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.

    We will consider several factors when assessing an objection including: our users' reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

    5. How The General Data Protection Regulation Applies To Our Users

    5.1 How You Exercise Your Rights

    Under the General Data Protection Regulation (GDPR) or other applicable local laws, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can access or port your information using our in-app Request Account Info feature (to be developed). You can access tools to rectify, update, and erase your information directly in-app as described in the Managing and Deleting Your Information section. Where we use your information for direct marketing for our own Services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications (Newsletter), or by removing your Travel Preferences and turning off the Spectacular Deals and Error fares switches.

    5.2 Affected rights (revocation and opposition rights)

    "Regardless of the explanations above, you may object to the use of your information at any time and revoke any consent to use your information at any time."

    Here, the right of objection under Art. 21 para. 1 and 2 GDPR applies to the processing of your data in connection with direct advertisement, if this is done on the basis of a balance of interests.

    Moreover, you have the right to correct, delete or restrict the processing of your information, as well as the right to object to processing and the right to transfer your data. Please note that we may require proof from you in the event of a request for information that has not been made in writing, proving that you are the person you are spending yourself on.

    Contact person:

    HolidayPirates GmbH
    Wallstr. 59
    10179 Berlin
    Email: [email protected]

    6. Managing and deleting Your Information

    We store information until your account is deleted.

    If you would like to manage, change, or delete your information, we allow you to do that through the following features:

    • User Profile. Under User Profile you can manage all the information related to your profile. You can create, edit and delete your Travel Preferences. You can change your username, your profile picture, your email and your password.
    • Delete Account. Under the User Profile (in-app) you have the right to be forgotten by removing your account from our systems.
    • Analytics: Under the Settings in-app you can stop being tracked. Notice that by turning off the Analytics will restrict how we customize our Services to better suit your preferences.

    7. Law and Protection

    Art. 6 I lit. a GDPR is the legal basis for our company to processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the provision of any other service or consideration, the processing is based on Art. 6 I lit , b GDPR. Same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. We collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to: (a) respond pursuant to applicable law or regulations, to legal process, or to government requests; (b) enforce our Terms and any other applicable terms and policies; (c) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our users, HolidayPirates GmbH, or others.

    8. Updates To Our Policy

    We will notify you before we make changes to this Privacy Policy and give you the opportunity to review the revised Privacy Policy before you choose to continue using our Services.

    9. Contact Information

    The Data Protection Officer for HolidayPirates GmbH can be contacted here ([email protected]).

    If you have questions about our Privacy Policy, please write us here:

    HolidayPirates GmbH

    Wallstr. 59

    10179 Berlin

    Phone: +49 30 34 655 0074

    10. Cookies

    10.1 About Cookies

    A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device.

    10.2 Wie wir Cookies verwenden

    We use cookies to understand, secure, operate, and provide our Services. For example, we use cookies:

    • to provide HolidayPirates for web and other Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services;
    • to simplify the log-in process or to customize our content in line with your interests and preferences.
    • If you book a trip with one of our business partners via our site, appropriate personal data will be passed to the business partner. This includes cookies used to record the booking process. The cookies enable our business partner to ascertain that you have taken advantage of the offer presented via our website. Our partners may use information about your booking to improve your/their offering.

    10.3 How to control Cookies

    You can follow the instructions provided by your browser or device (usually located under "Settings" or "Preferences") to modify your cookie settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.

    Should you have questions about your personal data, you can contact us via the contact form on our website.

    24. Mai 2018