Privacy Policy

of PiNCAMP GmbH, Munich

1. Name and address of the person responsible

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
PiNCAMP GmbH
Managing Director: Uwe Frers
Hansastraße 19
80686 Munich
Germany
E-Mail: service@pincamp.de
Website: www.pincamp.de

2. Name and address of the external data protection officer

The data protection officer of the responsible party is
ePrivacy GmbH
Represented by Prof. Dr. Christoph Bauer
Burchardstraße 14
20095 Hamburg
Germany
Contact: service@eprivacy.eu

3. General information on data processing

3.1 General information

In the following, we provide information about the collection of personal data when using our app. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

We collect and use our users' personal data to the necessary extent to provide a functional and user-oriented app as well as our content and services and to advertise these in a targeted manner. In addition to the merely informational use of our app, we offer various services that you can use if you are interested. To do so, you generally have to provide additional personal data that we use to provide the respective service.

In some cases, we use external service providers to process your data. These have been carefully selected by us and are contractually agreed to comply with current data protection laws. If our service providers or partners are based in a country outside the European Economic Area (EEA), there is either an adequate decision or we have secured ourselves with appropriate guarantees that the data processing complies with the principles of the GDPR. We will inform you about the respective guarantees in the description of the offer.

3.2 Use of the Apple App Store or Google Play Store - Collection of user data and app ratings

When the app is downloaded, the required information is transferred to the App Store (iOS app) or Google Play Store (Android app), in particular the user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only receive anonymized data from the platforms, which is evaluated to optimize the distribution of the app.

The use of the platforms (iOS App - Apple App Store from Apple Inc. or Android App - Google Play Store from Google LLC) is based on the contractual relationship between the user and the respective platform operator, based on the terms of use and data protection regulations accepted by the user.

The user also has the option of evaluating the app on the platforms and submitting a written review. These can be viewed by PiNCAMP GmbH in the public area of the platform. PiNCAMP GmbH has the option of publicly commenting on the reviews on the respective platform.

4. Data processing on informational use of the app

4.1. Description and extent of data processing

When using the app for informational purposes, i.e. without registration or other transmission of information, we collect the personal data described below, which is technically necessary for us to offer you the functions of our app and to ensure the stability and security of the app:

• Device identification number: Device ID for Android, IDFA for iOS
• IP address
• Language and version of the app
• Operating system
• Date and time of the request
• Type of device, device properties
• Type of network connection (e.g. WiFi, 3G, LTE, Bluetooth), network provider, network performance, amount of data transferred in each case
• Information about interactions with the app
• Location data for the display of search results, if applicable

This information is processed to technically enable you to use our app, Art. 6 paragraph 1 sentence 1 lit. b GDPR, as we need the automatically collected data to provide a functional app (e.g. by adapting the app to the needs of your device). In addition, this information is processed for our legitimate interest in optimizing the app and ensuring the stability and security of the app and our information technology systems, Art. 6 paragraph 1 sentence 1 lit. f GDPR. The automatically collected personal data is stored for 30 days or 90 days in the case of error messages and then properly deleted, unless longer storage is required or justified by law.

We evaluate the so-called usage data (technical usage data, app version) in anonymized form for analysis purposes in order to be able to further develop the app.

4.2. Data recipient

The app processes and stores most of the data locally on the device in order to protect the user's privacy as much as possible. However, the app also uses external data sources to provide the desired content and functions. This requires data communication between the device and external servers to ensure that current and relevant information is available to the user.

An external hosting service provider (Amazon Web Services EMEA SARL) is used to host the app and store personal data such as IP addresses and user-related information.

Personal data may be transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf\_en). Amazon Web Services Inc. is certified under the adequacy decision on the EU-US Data Privacy Framework of the EU Commission, so that the usual level of protection of the GDPR applies to the transmission.

Integration of Google Maps and Apple Maps
We use Google Maps (Android) and Apple Maps (iOS) to provide map and location services in the app. These services are required to enable the user to use the app functions such as location display and route planning. Without these services, it is not possible to use the app to its full extent.
The use of Google Maps and Apple Maps means that certain personal data - such as location data, IP addresses and device-related information - is transmitted to Google LLC and Apple Inc. respectively. These companies are independent data processors and process the data in accordance with their respective privacy policies. Further information can be found here:

• Google Privay Policy
• Apple Privacy Policy

The legal basis for the integration of the map services is Art. 6 paragraph 1 lit. b GDPR, as they are necessary for the provision of the app functionality.

4.3. Legal basis for data processing

The legal basis for the temporary storage of personal data is Art. 6 paragraph 1 lit. f GDPR.

The purpose of processing your data is to safeguard the following legitimate interests:

• the improvement of our offer,
• protection of our systems from misuse,
• the compilation of statistics,
• marketing purposes, and
• the storage of any correspondence with you.

4.4. Purpose of data processing

The temporary storage of the anonymized IP address by the system is necessary to enable the provision of the website to the user's computer. For this purpose, the anonymized IP address of the user must remain stored for the duration of the session.

4.5. Duration of data storage

Any personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

5. Reservation requests

5.1. Description and extent of the data processing

We offer you the opportunity to send reservation requests to campsites. For this, we ask you to provide the following data:

• first name, surname
• E-mail address
• Check in / Check out
• Campsite

This information is automatically forwarded to the operator of the requested campsite and processed there so that your request can be checked and answered. This information and your IP address will also be stored by us for a short time (until the requested reservation period) in order to verify your request and to be able to clarify any misuse.

5.2 Data recipients

In order to send reservation requests, we use the European-based processor Episerver GmbH, which is effectively integrated and bound by an agreement in accordance with Art. 28 GDPR. Data processing takes place exclusively in Europe. The information collected is not passed on to third parties.

5.3. Legal basis for data processing

The legal basis for the storage of the above-mentioned reservation data and its forwarding to the campsite operators is Art. 6 paragraph 1 lit. b GDPR. The legal basis for the storage of the IP address and the e-mail address is Art. 6 paragraph 1 lit. f GDPR (legitimate interest).
The purpose of processing your data is to safeguard the following legitimate interests

• the protection of our systems against misuse and
• the compilation of statistics.

5.4. Purpose of data processing

The purpose of data processing is the initiation of an accommodation contract.

5.5. Duration of data storage

Your personal data will be deleted shortly after the expiry of the requested travel date, but after 2 years at the latest.

5.6. Possibility of objection and removal

You can object to the use of your data for processing your reservation request at any time. However, if you have already concluded an accommodation contract with a campsite operator as a result of the reservation request and the data processing is consequently necessary to fulfill the contract with you, there is no possibility of objection. If we base the processing of your personal data on a legitimate interest, you can object to the processing at any time via datenschutz@pincamp.de.

6. Bookings

6.1. Description and extent of data processing

The booking process is carried out within the app in a so-called web view. This means that the booking process takes place in an embedded web version within the app. The following personal data is collected during the booking process:

• First name, surname
• Age of children traveling with you
• Number of the identity card / passport
• Date of birth
• Address data
• Telephone number
• E-mail address
• Arrival and departure date
• Means of payment (e.g. account details or credit card details)
• License plate number

This information is stored and automatically compared with the availability of the selected campsite so that your booking request can be checked and answered. It is also automatically forwarded to the operator of the booked campsite as the contractual partner of the accommodation contract and stored and processed there so that the accommodation contract can be executed. Similarly, your payment data will be forwarded to the relevant payment service provider in order to process the payment.
This information is also stored by us in order to contact you specifically after your trip and to enable you to evaluate the campsite you visited. Furthermore, when you make a booking, we store your IP address for a short time (until the requested booking period) in order to be able to verify your booking and investigate any misuse.
To enable the booking, we store your data between the individual booking steps to enable the booking. If you cancel the booking process, your data will not be processed any further and will be deleted after 2 hours.

6.2. Data recipients

We use the following processors based in Europe to check booking requests and carry out the booking:

• Camping.care B.V.
• CompuSoft A/S
• CTOUTVERT SARL
• Google Ireland Limited
• jawigo GmbH
• Lehnen Websolutions GmbH & Co. KG
• Sendinblue GmbH
• Sequoiasoft, SAS
• TOURIST Pro GmbH
• Travelnode GmbH
• Unzer GmbH
• Visit Group International AB

These are contractually bound by an agreement in accordance with Art. 28 GDPR.

6.3. Legal basis for data processing

The legal basis for the storage and processing of the above-mentioned booking data and its forwarding to the campsite operators and payment service providers is Art. 6 paragraph 1 lit. b GDPR (initiation or conclusion and execution of a contract) and § 25 paragraph 2 no. 2 TTDDG. The legal basis for the storage of the IP address and the e-mail address for the evaluation query is Art. 6 para. 1 lit. f GDPR (legitimate interest). In addition, we process your data on the legal basis of Art. 6 para. 1 lit. c GDPR to fulfill legal obligations.
The purpose of processing your data in the form of storing the IP address and the e-mail address for the evaluation query is to safeguard the following legitimate interests

• Analysis and improvement of customer satisfaction
• Improvement and further development of our offers
• Marketing, Customer Loyalty

6.4. Purpose of data processing

The purpose of data processing is to enable direct bookings of campsite services and thus the initiation and execution of an accommodation contract. Furthermore, the purpose of the storage with us is the traceability of your booking, the associated billing of our commission, as well as the enabling of the evaluation query and calculation of the conversion rate. Finally, we store data in order to comply with legal retention obligations.

6.5. Duration of data storage

We store your data,

• if we need the data to perform a contract, at most for as long as the contractual relationship with you exists
• if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymization does not prevail;
• if statutory retention obligations exist, until the end of the retention periods.

6.6. Objection and removal options

You can object to the processing of your data for the purpose of making a booking request at any time. However, as soon as the booking is successful and has been confirmed to you by email, i.e. an accommodation contract has been concluded with a campsite operator and the data processing is therefore necessary to fulfill or process the contract or to fulfill legal obligations (e.g. statutory retention obligations), there is no possibility of objection. If we base the processing of your personal data on the legitimate interest, you can object to the processing at any time via datenschutz@pincamp.de.

7. Rating of Campsites

7.1. Description and extent of data processing

Among other things, we offer you the option of evaluating the campsites. We ask for the following data during the evaluation:

• Name (optional)
• E-Mail address

Your e-mail address will not be forwarded to the campsite operators. We store this information to verify your identity. The verification is carried out via a double opt-in procedure. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to prove your registration and to be able to clarify any misuse.
If you take part in competitions that we offer as part of the campsite evaluation, we may pass on your e-mail address to companies in the ADAC Group, the Touring Club Switzerland or contractually bound partner companies.

7.2. Legal basis and purpose of data processing

The legal basis for the storage of the above-mentioned data is your consent in accordance with Art. 6 paragraph 1 lit. a GDPR.
The purpose of processing your reviews is to improve the quality and quantity of the information on our website for our website visitors and campsites. Your data is also used to determine the winner of the competition.

7.3. Duration of the data storage

If you do not confirm your identification via the double opt-in procedure, your data will be marked for deletion and automatically deleted after 5 days. Your personal data will be deleted after 2 years. The name or pseudonym you have provided (optional in the evaluation) will be deleted if you withdraw your consent.

7.4. Possibility of objection and removal

You can revoke the consent you have given for your review and participation in the competition at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. You can object to the processing of your data for the storage of your evaluation at any time via datenschutz@pincamp.de.

8. Authentication for the campsite rating

8.1. Description and extent of data processing

To send the authentication emails, we use the order processor Auth0 Inc. with the Amazon Web Services, Simple Email Service (SES) of Amazon Web Services Inc. connected there, which are effectively integrated and bound by an agreement in accordance with Art. 28 GDPR. Data processing generally takes place in Europe. Auth0 reserves the right to process your data in the USA in special cases in order to offer the services (see also section 8.2).

8.2. Data recipients

Personal data is processed by Auth0®, Inc. and Amazon Web Services Inc. as part of the authentication for the campsite evaluation.
Further information on the type and scope of data collection and its processing by the tool provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.
Auth0®, Inc., 10900 NE 8th Street, Suite 700, Bellevue, WA 98004, U.S.A., +1 (425) 312-6521

• https://auth0.com/web-terms
• https://auth0.com/privacy/

Amazon Data Services Ireland Limited, Shannon Building, Burlington Road, Dublin 4, Dublin, D04 HH21, Dublin, Ireland

• https://aws.amazon.com/de/privacy/
• https://aws.amazon.com/de/terms/

Personal data may be transferred to the USA in some circumstances. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf\_en). Auth0®, Inc. and Amazon Web Services Inc. are certified under the adequacy decision of the EU-US Data Privacy Framework of the EU Commission, so that the usual level of protection of the GDPR applies to the transfer.

8.3. Purpose and legal basis for data processing

The legal basis for the processing of the data is the consent given by you in the course of the authentication process in accordance with Art. 6 para. 1 lit. a GDPR. The processing of personal data for authentication purposes ensures the quality and reliability of campsite ratings. Authentication ensures that a user can only write one review for one campsite. This function makes it more difficult to create fake reviews.

8.4. Duration of data storage

The personal data collected during the authentication process will be deleted at the latest after a period of two years or if consent is withdrawn.

8.5. Possibility of objection and removal

You have the option to object to the processing of your personal data at any time by sending an email to datenschutz@pincamp.de.

9. Newsletter

9.1. Description and extent of data processing

With your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers. Our advertised goods and services are those from the camping sector, e.g. our PiNCAMP magazine, ADAC products and services, recommendations on special camping topics and travel destinations.
We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any misuse.
For the purpose of continuously improving our newsletter, we store the IP addresses you use and the times at which the emails are opened and determine whether and which links in the newsletter are clicked on. We also create recipient profiles in order to better tailor the newsletter to the interests of our readers.
The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter.

9.2. Data recipients

To send the newsletter, we use the European-based processor Episerver GmbH, which is effectively integrated and bound by an agreement in accordance with Art. 28 GDPR. Data processing takes place exclusively in Europe. The information collected is not passed on to third parties.

9.3. Purpose and legal basis for data processing

The legal basis for data processing is Art. 6 paragraph 1 lit. a GDPR (consent).
The purpose of collecting and processing the personal data collected is to enable the sending and delivery of the pincamp.de newsletter. The newsletter provides information about news, products and services of PiNCAMP GmbH, companies of the ADAC Group (ADAC e.V. and ADAC SE and their affiliated companies) and other advertising partners.

9.4. Duration of data storage

If you do not confirm your registration via the double opt-in procedure, your data will be marked for automatic deletion after 7 days.

9.5. Possibility of objection and removal

You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to datenschutz@pincamp.de or by sending a message to the contact details given in the imprint.

10. E-Mail Contact

10.1. Description and extent of data processing

In the app, it is possible to open the user's email app to contact us. No further personal data is collected or processed within the app. As soon as the user opens the email app and writes a message, the data protection information of the respective email provider applies.

10.2. Data recipients

For the targeted processing and answering of your requests, we use the order processor Freshworks (Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, United States) for some e-mail inboxes, which is effectively integrated and bound by an agreement in accordance with Art. 28 GDPR and EU Standard Contractual Clauses.
Further information can be found in Freshworks' privacy policy at https://www.freshworks.com/privacy/. Freshworks is also ISO 27001:2013 certified.

10.3. Purpose and legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR (legitimate interest). If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 paragraph 1 lit. b GDPR (contract).
We process the personal data from the contact solely for the purpose of processing the contact. This also constitutes the necessary legitimate interest in processing the data.

10.4. Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected, but at the latest after 2 years. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

10.5. Possibility of objection and removal

If you contact us by email, you can object to the storage of your personal data at any time by sending an email to datenschutz@pincamp.de. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

11. Social Media appearances

11.1 Description and extent of data processing

As part of our online presence, we also operate company profiles on the following social media platforms:

• Facebook
• Twitter
• Instagram
• Pinterest
• Youtube
• LinkedIn
• XING

The social media platforms store the data collected about you as user profiles and use these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website.
You can find more information on data processing by the platforms in the following privacy policy:

• Facebook
• Twitter
• Pinterest
• Youtube
• Instagram
• LinkedIn
• XING

--Facebook Fanpage--
We operate a Facebook page (so-called “fan page”) on Facebook, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Facebook collects and uses data to provide analytics services, known as “Page Insights”, to Page operators to help them understand how people interact with their Pages and the content associated with them. This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices used by users, such as IP addresses, operating system, browser type, language settings, cookie data.
We are jointly responsible with Meta Platforms Ireland Ltd. for the collection and processing of data from visitors to our fan page. The legal basis is our legitimate interest in this information for advertising purposes, Art. 6 paragraph 1 sentence 1 lit. f. GDPR. We have therefore concluded a joint responsibility agreement with Facebook regarding the processing of your data in accordance with Art. 26 GDPR. In particular, the agreement with Facebook also regulates which security measures Facebook must observe and that Facebook must fulfill the rights of data subjects.
https://de-de.facebook.com/legal/terms/information_about_page_insights_data. The terms and conditions of the contract concluded with Facebook can be viewed here: https://de-de.facebook.com/legal/controller_addendum

12. External Services via our consent tool services

• Usercentrics Consent Management Platform: Management of user decisions on data protection and tracking settings.
• Google Maps (Android): Display of maps and location information within the app for Android users.
• Apple Maps (iOS): Display of map and location information within the app for iOS users.
• Piwik Pro: Analysis of user interactions to optimize functions within the app.
• Sentry: Recording of technical app errors and system crashes to ensure stability and functionality.

13. Your rights

You have the right - partly under certain conditions -

• to request information about the processing of your data free of charge and to receive a copy of your personal data. Among other things, you can request information about the purposes of the processing, the categories of personal data being processed, the recipients of the data (if a transfer takes place), the duration of the storage or the criteria for determining the duration;
• to rectify your data. If your personal data is incomplete, you have the right to have the data completed, taking into account the purposes of the processing;
• to have your data erased or blocked. Reasons for the existence of a right to erasure/blocking may include the withdrawal of consent on which the processing is based, the data subject objects to the processing, the personal data has been processed unlawfully;
• to have the processing restricted;
• object to the processing of your data;
• to withdraw your consent to the processing of your data for the future and
• complain to the competent supervisory authority about unlawful data processing.

There is no automated decision-making including profiling in accordance with Art. 22 GDPR.

We will adjust the information in the case of changes to our processes.

State of this privacy statement: February 2025