Data protection
General remarks
Privacy is an important matter for Voyages Emile Weber, this declaration explains how your personal data is processed when you browse our website.
Data collection on our website
Who is responsible for data collection on this website?
Data on this website is processed by the website operator, whose contact details may be found in this website’s legal notices.
How do we collect your data?
Some data is collected when provided by yourself, for example when filling out the contact form.
Other data is collected automatically by our computer systems when you browse our website. It is mainly a matter of technical data (e.g., internet browsers, operating systems, or the time at which the page was viewed). Data is collected automatically once you access our website.
Why do we collect your data?
Some of the data is collected to ensure our website may be used without error messages. Others may be used to analyse your user behaviour.
What are your rights regarding your data?
You are entitled to receive information free of charge about the origin, recipient, and the purpose of your saved personal data at any time. Furthermore, you are entitled to ask for data to be corrected and limit its processing until we verify its accuracy, you may request for it to be blocked or erased and may take action with the relevant supervisory authority.
Analysis tools and third-party service provider tools
Your browsing behaviour may be subject to statistical analysis when you view our website, mainly by using cookies and analysis programs. Your browsing behaviour analysis is mainly anonymous, this means that your browsing behaviour cannot be traced back to you. You may object to this analysis or prevent it by not using some tools. More information can be found about this in the confidentiality declaration below.
General remarks and mandatory information
Data protection
The website operators take protection of your personal data very seriously. We process your personal data in a confidential manner and in accordance with Luxembourgish and European legal provisions regarding data protection such as the General Data Protection Regulation (N°679/2016/EU) (GDPR), as well as this confidentiality declaration.
A variety of personal data is collected when you use this website. Personal data is data which personally identifies you. This confidentiality declaration explains the data we collect and what we use it for. It also explains how and why.
We would like to draw your attention to the fact that transferring data on the internet (for example via email communications) may present security shortcomings. It is impossible to fully protect data from being accessed by third parties.
Information about the responsible organisation
The organisation responsible for data processing on this website is:
Voyages Emile Weber S.à r.l.
Z.A. Reckschléed L-5411 Canach, Luxembourg
Telephone: (+352) 35 65 75 – 1
Email: dpo@ew.lu
The organisation responsible is a physical person or entity, who, alone or with others, may make decisions about the purpose and means used to process personal data (e.g., surnames, email addresses, etc.).
Withdrawal of consent for data processing
Many data processing processes require your express consent. You may withdraw your consent at any time and object to the processing of your data in the future; you simply need to send us an informal email. Withdrawal does not affect the legality of data processing processes performed prior to withdrawal.
Right to take action with the relevant supervisory authority
In the event of a data protection infraction, the person affected is entitled to take action with the relevant supervisory authority. The relevant supervisory authority for data protection matters is the CNPD (National Commission for Data Protection): https://cnpd.public.lu/fr.html
Right to data portability
You are entitled to recover or provide the data we automatically process to a third-party based on your consent or as part of fulfilling a contract, in a format that is currently used and readable by a machine. Any request from yourself to directly transfer data to another entity responsible for processing data will only be carried out if the transfer is technically possible.
SSL/TLS encryption
This website uses SSL/TLS encryption for security purposes and to protect confidential content transfers such as orders or requests you send to us as site operator. A secure connection may be identified by “https://” in the browser address bar rather than “http://” as well as a padlock which appears.
Data you transmit cannot be read by third parties when the SSL/TLS encryption is activated.
Secure payments on this website
If you are required to send your payment details to us when you sign a contract for a paid service (e.g., account number for authorising a direct debit), these details are needed to complete payment.
Payment by the usual means (Visa/MasterCard, direct debit) is only carried out via an SSL/TLS secure connection. A secure connection may be identified by “https://” in the browser address bar rather than “http://” as well as a padlock which appears.
The payment data you transmit to us cannot be read by third parties during a secure connection.
Blocking and erasing data
As part of the current legal provisions, you may obtain information free of charge about your personal data which has been stored, about its origin, its recipient, as well as the purpose for the data processing, and, as the case may be, you are entitled to correct, block or erase this data. If you have any questions about this subject or any other aspect of personal data, you may contact us at the address stated in the legal notices.
Objection to advertising emails
It is hereby prohibited to use the contact details published in the legal notices to send advertising material and information that has not expressly been requested. The operators of this website expressly have the right to undertake legal action in the event of receiving unsolicited advertising such as spam.
Legal data protection officer
Our company has appointed a Data protection officer.
Please find their contact details below:
Philippe TEX
Z.A. Reckschléed, L-5411 Canach, Luxembourg
Telephone: (+352) 35 65 75 - 409
Email: dpo@ew.lu
Data collection on our website
Internet pages sometimes use things called “cookies.” Cookies do not damage your computer in any way and do not contain viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are little text files which are memorised on your device and stored on your browser.
Most of the cookies we use are what we call “session cookies.” They are automatically erased at the end of your visit. The other cookies stay saved on your device until you erase them. Cookies allow us to recognise your browser when you next visit.
Your browser may be set up to inform you when cookies are created, to not install them in specific cases, to exclude accepting cookies in some cases or in general and to activate automatic erasing of the cookies when you close your browser. Deactivation of cookies may restrict website functionality.
Cookies are necessary for running the electronic communication process or for some features you may wish to use (e.g., the “Basket” function), which are saved in accordance with article 6, paragraph 1, section f, of the GDPR. The website operator has a legitimate reason for saving cookies to ensure that services are technically free of errors and are optimised. Other cookies (e.g., cookies used for browsing behaviour analysis) will be handled separately in this confidentiality declaration.
Data from cookies is erased after a twelve-month period in any case.
Server log files
The website provider automatically collects and saves data in what we call server log files that your browser sends to us automatically. This data includes information about the type of browser and its version
- the operating system used
- the referrer URL
- the host name of the access device
- the time of the request to the server
- the IP address
This data is not cross-checked with other data sources.
Data is processed based on article 6, paragraph 1, section b, of the GDPR, which authorises data processing when it is necessary to fulfil a contract or pre-contractual measures.
Contact form
If you send a request via the contact form, we will save the information provided in this form, including contact details to process your request and if there are any further questions. This data will not be transmitted without your consent.
The data provided in the contact form will only be processed according to your consent (article 6, paragraph 1, section a), of the GDPR). You may withdraw your consent at any time; you simply need to send us an informal email. Withdrawal does not affect the legality of data processing processes performed prior to withdrawal.
We store the data provided in the contact form until you request for it to be erased, until you withdraw your consent for its storage or until it is no longer required (e.g., once your request has been handled fully). The legally binding provisions - inter alia time limits for storing data - are not affected.
Registration on this website
You may register on this website to use complementary features on the website. We only use data provided to use the product or the service you have registered to use. Mandatory data required when registering must be provided in full, otherwise your registration will be refused.
We use the email address provided for registration to keep you informed of any important changes, for example if the volume of the offer has been adapted or when a technical modification is necessary.
The data provided when registering will be processed according to your consent (article 6, paragraph 1, section a), of the GDPR). You may withdraw your consent at any time; you simply need to send us an informal email. Withdrawal does not affect the legality of data processing processes performed prior to withdrawal.
We will store data provided when registering for as long as you are registered on our website and will then erase it. The legal provisions on time limits for storing data are not affected.
Data processing (customers and contracts)
We only collect, process, and use personal data that is necessary for establishing, arranging content, or modifying the legal relationship (permanent data). To do this we refer to article 6, paragraph 1, section b, of the GDPR, which authorises data processing when it is necessary to fulfil a contract or pre-contractual measures. We only collect, process, and use personal data from using our internet pages (data usage) when necessary to provide the user with a service or to invoice them for it.
Customer data collected is erased once the mandate has been completed or at the end of the business relationship. The legal provisions on time limits for storing data are not affected.
Transfer of data when entering into a contract for online shopping, retailers and sending goods
We only transfer personal data to third parties when it is necessary to fulfil a contract, for example to delivery companies or the credit institute in charge of payment completion. No other data transfer will take place unless you have expressly agreed to it. Your data is not transferred to third parties without your express agreement, for example for advertising.
Data is processed based on article 6, paragraph 1, section b, of the GDPR, which authorises data processing when it is necessary to fulfil a contract or pre-contractual measures.
Transfer of data when a contract has been signed for digital services and content
We only transfer personal data to third parties when it is necessary to fulfil a contract, for example to delivery companies or the credit institute in charge of payment completion.
No other data transfer will take place unless you have expressly agreed to it. Your data is not transferred to third parties without your express agreement, for example for advertising.
Data is processed based on article 6, paragraph 1, section b, of the GDPR, which authorises data processing when it is necessary to fulfil a contract or pre-contractual measures.
Analysis and advertising tools
Matomo
This website uses Matomo, an open source, self-hosted software to collect anonymous usage data for this website.
The data on visitor behaviour is collected to spot possible problems such as pages not found, search engine problems or unpopular pages. Once the data (number of visitors who see error pages or only one page, etc.) is processed, Matomo generates reports for website operators to react to. (layout changes, new content, etc.)
- Cookies
- Anonymised IP addresses by removing the last 2 bytes (i.e. 198.51.0.0 instead of 198.51.100.54)
- Pseudo-anonymised location (based on the anonymised IP address)
- Date and time
- Title of the page accessed
- URL of the accessed page
- URL of the previous page (if this is allowed)
- Screen resolution
- Local time
- Files that have been clicked and downloaded
- External links
- Duration of the page load
- Country, region, city (with low precision due to IP address)
- Main language of the browser
- User agent of the browser
Google AdWords und Google Conversion-Tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").
Within the framework of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The storage of "conversion cookies" is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
More information on Google AdWords and Google conversion tracking can be found in Google's privacy policy: https://www.google.de/policies/privacy/.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Newsletter
Newsletter data
If you wish to receive the newsletter proposed on the website, we will need your email address as well as information to verify that the email address is indeed your own and that you agree to receiving the newsletter. No other data will be collected or solely on a voluntary basis. This data will only be used to send the requested information and will not be transferred to third parties.
The data provided in the newsletter subscription form will only be processed according to your consent (article 6, paragraph 1, section a), of the GDPR). You may withdraw your consent for saving this data and your email address as well as its use for sending the newsletter at any time by using the newsletter unsubscribe link for example. Withdrawal does not affect the legality of data processing processes performed prior to withdrawal.
We store the collected data to send the newsletter until you unsubscribe and will then be erased after this. Data saved for other purposes (e.g., email addresses in the member’s space) are not affected by this.
Mailchimp
In accordance with the GDPR, we only send electronic newsletters to persons who have given their express consent.
These electronic newsletters are sent with the help of "Mailchimp software".
This is a US-American software - the servers of this software are located in the U.S. According to Art. 44 GDPR, personal data such as names or e-mail addresses may only be processed in so-called third countries by Mailchimp if it has been checked whether compliance with data protection complies with European standards.
Additional information can be found here: Mailchimp GDPR
Plug-ins and tools
YouTube
Our website uses YouTube website plug-ins, operated by Google. The website operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you browse one of our pages with a YouTube plug-in, a connection is made to YouTube’s servers. Page browsing history from our website will therefore be transmitted to the YouTube server.
If you are logged in to your YouTube account, you allow YouTube to directly attribute your browsing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube to present our online offers in an attractive manner. This is a legitimate reason as stipulated in article 6, paragraph 1, section f, of the GDPR.
More information about managing user data with Google Analytics may be found in YouTube’s confidentiality rules: https://www.google.fr/intl/fr/policies/privacy
Vimeo
Our website uses plug-ins for Vimeo, the video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you browse one of our pages with a Vimeo plug-in, a connection is made to Vimeo’s servers. Page browsing history from our website will therefore be transmitted to the Vimeo server. Furthermore, Vimeo obtains your IP address. This is also the case when you are not logged in to your Vimeo account or do not have one. Data collected by Vimeo will be transferred to the Vimeo server in the USA.
If you are logged in to your Vimeo account, you allow Vimeo to directly attribute your browsing behaviour to your personal profile. You can prevent this by logging out of your Vimeo account.
More information about managing user data with Vimeo may be found in Vimeo’s confidentiality rules: https://vimeo.com/privacy
Google Web Fonts
This website uses things called web fonts provided by Google to ensure that fonts are displayed in a uniform manner. Each time the page is loaded, your browser downloads the required web fonts in your browser’s cache to enable texts and fonts to be displayed correctly.
To do this, your browser must connect to Google’s servers. Google will then be informed that your IP address has been used to browse our website. We use Google web fonts to display our online offers in a uniform and attractive manner. This is a legitimate reason as stipulated in article 6, paragraph 1, section f, of the GDPR.
If your browser does not support web fonts, your computer will use a font by default.
More information about Google web fonts may be found at the address https://developers.google.com/fonts/faq and in Google’s confidentiality rules. https://www.google.fr/policies/privacy/
Google Maps
This site uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address must be saved to be able to use the Google Maps functions. This data is generally transmitted to a Google server in the USA, where it is stored. The website provider has no power over this data transfer.
We use Google Maps to present our online offers in an attractive manner and to facilitate locating places indicated on our website. This is a legitimate reason as stipulated in article 6, paragraph 1, section f, of the GDPR.
More information about managing user data with Google Analytics may be found in Google’s confidentiality rules: https://www.google.fr/intl/fr/policies/privacy/
Social media
Each time you access one of your profiles on social media (Facebook, Instagram, LinkedIn, YouTube) various data is generated, for example about the quantity of data transmitted to the IP address used or about the time it was accessed. Technical access as well as usage of data generated later when accessing one of our profiles on social media is managed essentially by social media operators. We do not have access to the usage data collected and cannot determine how this data is used by the various operators. We cannot therefore be held responsible for the way this data is managed in terms of data protection. Nevertheless, we would like to draw your attention to the fact that data processing by Facebook, Instagram, LinkedIn, or YouTube may be carried out outside of the European Union or the European Economic Area. Please contact the operators directly for more information about how they manage the data collected.
Social media operators only transmit statistics analyses, which are anonymous about access to the profile we opened on their networks. We also see, as can any other user, messages published by individuals on these profiles. We do not analyse this data.
We would like to draw your attention to the fact that messages you publish on profiles we own on these social media can be viewed anywhere in the world.
More information about how Facebook processes your data here: https://www.facebook.com/full_data_use_policy
More information about how Instagram processes your data here: https://help.instagram.com/519522125107875?helpref=page_content
More information about how LinkedIn processes your data here: https://www.linkedin.com/legal/privacy-policy
More information about how YouTube processes your data here: https://www.youtube.com/static?template=terms
Booking
Completing requests for bookings or for other products or services
We need personal data to provide the services that we offer (booking a trip, signing up for travel insurance, taking part in opinion polls, reviews of travel services), for example your title, surname, as the case may be, your date of birth, address, email address, your telephone number and, as the case may be, your banking details or credit card details, as part of the intermediary services contract in accordance with article 6, paragraph 1, section b of the GDPR. We also need personal data to book travel services for the people who will be accompanying you. Please ensure that the people accompanying you have consented to you transmitting their data.
We will transfer this personal data to the service providers involved, for example to tour operators and other service providers that are part of this (e.g., airlines, hotels, shipping companies), as well as to the travel insurance company, to technical booking systems and to internet booking services. Without this data, we will be unable to book travel services.
When a flight is booked to the USA, airlines transmit flight data and each passenger’s booking data to American immigration before arrival. It is impossible to enter the USA without this data.
Booking scheduled flights with Ypsilon.Net AG (Vibeler Landstraße, 203, 60388 Frankfurt) is subject to the following confidentiality rules: http://www.ypsilon.net/datenschutz/
When bookings are made via Traveltainment’s online booking service, Traveltainment uses your details (email address) to send you an email after your trip, which asks you to review the hotel you stayed in. Moreover, Traveltainment is authorised to anonymise personal data and assess user behaviour towards the software.
Booking all-inclusive trips, holiday apartments and hotels with Traveltainment GmbH (Carlo-Schmid- Str. 12, D-52146 Würselen/Aachen) is subject to the following confidentiality rules: http://www.traveltainment.de/datenschutzerklaerung/
For business continuity purposes, Voyages Emile Weber customer data regarding trip bookings made before 1 July 2021 but that will take place after 1 July 2021 will be transferred to TGL (Travel Group Luxembourg). TGL will process data on our behalf in accordance with the appropriate levels of security. TGL is a limited responsibility company under Luxembourgish law, registered at 430-434, route de Longwy, L-1940 Luxembourg, registered on the R.C.S. Luxembourg, section B number 254425.
Booking "Go Lloret"
To participate in the "Go Lloret" excursion, we may request an optional copy of an identification document (e.g., ID card or passport). This is solely for the purpose of age verification and to meet the requirements of the involved hotels and airlines. Providing this information is voluntary and not mandatory to complete the booking. The data is securely stored and used exclusively for these purposes. This is the case for bookings made directly with a travel agency as well as for bookings made directly via our website.
The transmitted documents are processed in accordance with Article 6, Paragraph 1, Letter a of the GDPR (consent) and Article 6, Paragraph 1, Letter f of the GDPR (legitimate interest). The data will be securely deleted no later than 365 days after the trip.
Please note that the data may be shared with the hotel or airlines if necessary to fulfill booking requirements. Without your consent or this information, delays or restrictions in processing may occur.
Payment service providers
Six Payment Services
If you opt for SIX Payment Services’ payment by credit card, payment will be processed by the company SIX Payment Services (Europe) S.A., 10, rue Gabriel Lippmann, L-5365 Munsbach, Luxembourg, to whom we transfer data provided as part of the order process in addition to data about your order, in accordance with article 6, paragraph 1, section b, of the GDPR.
Your data is only transferred for completion of the payment by the service provider SIX Payment Services and only as far as it is required for this.
Payment data processing and completion are only performed by SIX Payment. Furthermore, SIX Payment informs us when a direct debit has been completed, so we are aware that the booking is therefore complete.
SIX Payment is not responsible for processing contract data, only payment completions.
SIX Payment’s confidentiality rules confirm that your personal data is processed in accordance with the GDPR.
SIX Payment’s confidentiality rules may be viewed here: https://www.six-payment-services.com/fr/services/legal/privacy-statement.html#country=lu