data protection

The data controller is Robinson Club GmbH (referred to in this Notice as “we” or “us”), part of the TUI Group.

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains:

• What types of personal data we collect and why we collect it.
• When and how we may share personal data within the TUI Group and with other organisations.
• The choices you have, including how to access and update your personal data.

We have tried to keep this Notice as simple as possible, but if you are not familiar with terms such as “data controller” or “special categories of personal data”, then read about these and some others in Key terms.

Back to the beginning of the section

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG neu). Personal data is processed by us for the fulfilment of contractual obligations according to Art. 6 para. 1 p. 1 lit. b) DSGVO. In addition, we process your data to protect our legitimate interests according to Art. 6 para. 1 p. 1 lit. f) DSGVO.

When you register for any of our services, you may provide us with:

• Your personal details, including your address, email address, phone number and date of birth.
• Your account login details, such as your username and the password you chose.

When you browse our websites or use our mobile apps, we may collect:

• Travel preferences.
• Information about your browsing behaviour on our websites and mobile apps.
• Information about when you click on one of our adverts, including those shown on other organisations’ websites.
• Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details.
• Social preferences, interests and activities.

When you buy our products in our shops or online, we may collect:

• Passenger information, passport details, other ID document details.
• Insurance details.
• Relevant medical data and any special, dietary, religious or disability requests.
• Information about your purchases, including what you bought, when and where you bought it, how you paid for it and credit or other payment information.
• Information about your browsing behaviour on our websites and mobile apps.
• Information about when you click on one of our adverts, including those shown on other organisations’ websites.
• Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details.
• Social preferences, interests and activities.
• Your preferences concerning the accommodation.
• Your questions / comments / requests in connection with your hotel stay.

During your stay in our hotels we may collect:

• Information about the traveller, passport data, other identification information
• Relevant medical data and any special, dietary requests or other food requirements due to religious reasons or reasons of physical impairment.
• Information about your purchases, such as what you purchased, when and where you purchased it, how you paid, and credit or other payment information.
• Information about reservations of services and activities (e.g. sports activities, table reservations, etc.).
• Data in connection with your questions / comments / complaints / wishes.
• If you arrive by personal car or motorbike, your license plate.
• Data necessary for childcare.
• Your IP address when using the hotel’s WiFi for the fulfilment of legal obligations and for the provision of the internet connection.

When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our services, we may collect:

• Personal data you provide when you connect with us, including by email, post and phone or through social media, such as your name, username and contact details.
• Details of emails and other digital communications we send to you that you open, including any links in them that you click on.
• Your feedback and contributions to customer surveys and questionnaires.

Other sources of personal data

• We may use personal data from other sources, such as specialist companies that supply information, retail partners and public registers.
• Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
• If you log-in using your social network credentials to connect to our platforms and online services, e.g. Facebook, Google+ and Twitter, you will agree to share your user details with us. For example your name, email address, date of birth, location and any other information you choose to share with us.
• We may use CCTV images, IP address and browser details collected in or in the immediate vicinity of our shops, premises, other buildings and cruise ships.

Personal data you provide about other individuals

• We use personal data about other individuals provided by you, such as those people on your booking.
• By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.

Zurück zum Anfang des Abschnitts

We use your personal data in a variety of ways, as explained below.

To provide the products and services you request

We need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.

To manage and improve our products, services and day-to-day operations

We use personal data to manage and improve our products, websites, mobile apps, customer loyalty or recognition programme(s) and other services.

We monitor how our services are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services.

This helps us to make sure that you can safely use our services. We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.

We may use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, shops, IT systems, security, know-how and the way we communicate with you.

We use CCTV images to help maintain the safety of anyone working in or visiting our shops, premises and other buildings, and for the prevention, detection and prosecution of criminal offences. We may also rely on the images to establish, exercise or defend our legal rights.

To personalise your experience

We want to ensure that marketing communications relating to our products and services, and those of our suppliers, retail partners and the TUI Group, including online advertising, are relevant to your interests.

To do this, we may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.

Looking at your browsing behaviour and purchases helps us to better understand you as a customer and it allows us to provide you with personalised offers and services.

We may also measure your responses to marketing communications relating to products and services we offer, which enables us to offer you products and services that better meet your needs as a customer.

If you do not want to receive a personalised service from us, you can change your preference online, over the phone or by writing (e.g. email) to us at any time. We will update our records as soon as we can.

To make contact and interact with you

We want to serve you better as a customer, so if you contact us, for example by email, post, and phone or via social media, we may use personal data to provide clarification or assistance to you.

We need to process your personal data so that we can manage any promotions and competitions you choose to enter, including those we run with our suppliers and retail partners. For example, if you win a prize.

We may invite you to take part in customer surveys, questionnaires and other market research activities carried out by the TUI Group and by other organisations on our behalf.

To help us to better understand you as a customer, and to be able to provide you with services and marketing communications (including online advertising relevant to your interests), we may combine the personal data we collect when you make purchases in-shop with personal data collected from our websites, mobile apps and other sources.

We do NOT sell your personal data to third parties.

Back to the beginning of this section

From time to time we may send you relevant offers and news about our products and services in a number of ways, including by email. We may also send you information about other companies’ products and services that we believe may be of interest to you. We will only do this if you previously agreed to receive these marketing communications.

When you book or register with us we will ask if you would like to receive marketing communications. You can change your marketing preferences by writing to us at any time: Email to service.magiclife@tui.com or in writing to TUI Magic Life GmbH, Karl-Wiechert-Allee 4, D-30625 Hannover, Germany. Of course, the choice is entirely yours, but if you say you do not want to receive marketing information from us this will prevent you from receiving great offers or promotions that may be of interest to you.
You may still receive service-related communications from us. For example, confirming bookings you make with us and providing important information about the use of our products or services.

Product recommendation by e-mail

As a customer of Robinson Club GmbH, you will regularly receive product recommendations from us by e-mail. You will receive these product recommendations from us irrespective of whether you have subscribed to a newsletter or whether you have consented to marketing communication by e-mail. In this way, we want to send you information about products from our range that may be of interest to you based on your most recent purchases from us.
In doing so, we strictly comply with the legal requirements.
The product recommendations by e-mail are based on the legal basis of Art. 6(1)f) DS-GVO and are also permissible by e-mail for our customers within the framework of § 7 (3) UWG. For any use of your contact data for advertising purposes, we expressly draw your attention to your right to object, which you can exercise simply and unbureaucratically at any time. If you no longer wish to receive product recommendations from us by e-mail, you can object to this at any time; a text message to service.magiclife@tui.com is sufficient for this. Of course, you will find an unsubscribe link in every e-mail.

Back to the beginning of this section 

We like to hear your views to help us to improve our products and services, so we may contact you for market research purposes. You always have the choice about whether to take part or continue in our market research.

Back to the beginning of this section

In order to provide products or services requested by you we may share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies.

We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services.

We may need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.

When we share personal data with other organisations we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

We only share the minimum personal data that enable our suppliers and retail partners to provide their services to you and us.

Back to the beginning of the section

So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.

Some countries will only permit travel if you provide your advance passenger data (for example Caricom API Data and US Secure Flight Data). These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may assist where appropriate.

We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.

Back to the beginning of this section

Our Privacy Notice applies to all of the services offered by the TUI Group but excludes services that have separate privacy notices that do not incorporate this Privacy Notice. We may share the minimum personal data necessary with other companies in the TUI Group, for example, to provide the products and services you request; to manage and improve our products, services and day-to-day operations; to help to personalise your experience; where appropriate, to make contact and interact with you; and, if allowed and appropriate, for marketing or market research purposes.

We may also share personal data with an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in line with this Privacy Notice.

Back to the beginnging of the section

We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.

The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Notice. These protections include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission, and appropriate security measures.

Back to the beginning of this section

We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.

Back to the beginning of this section

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. Please also note our separate Cookie Notice. Please see our sep. cookie-attachement. 

Back to the beginning of this section

Our websites or mobile apps may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.

Back to the beginning o the section

Our websites or mobile apps may contain social media features such as Facebook, Twitter, Google+ and Pinterest that have their own privacy notices.

Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.

Back to the beginning of this section

You have a right to ask for a copy of the personal data we hold about you, although you should be able to access online the personal data associated with your account or booking. You can write to us asking for a copy of other personal data we hold about you.

Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.

We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.

You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organisation.

We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.

You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority http://www.lfd.niedersachsen.de/startseite/.

If you want to contact the local data protection authority:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
D-30159 Hannover
Germany
Phone: +49 511 120-4500
Fax: +49 511 120-4599
E-Mail: poststelle@lfd.niedersachsen.de

Please submit your request or complaint in writing to the Legal Department / Data Protection Officer if you wish to complain to us too:

Datenschutzbeauftragter TUI Magic Life
TUI Magic Life GmbH, Karl-Wiechert-Allee 4
30625 Hannover

or

write an E-Mail to the DPO Email DPOHotels@tui.com. Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.

Back to the beginning of this section

We will only collect and use your personal data if at least one of the following conditions applies:

• We have your consent;
  Example: Customer account
  You give us permission to process your personal data when you register for a customer account.
• It is necessary for a contract with you or to take steps at your request prior to entering into a contract;
  Example: To provide the products and services you request
  We need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.
• It is necessary for us to comply with a legal obligation;
  Example: Sharing personal data with regulatory authorities
  So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
• It is necessary to protect your vital interests or those of another individual;
  Example: In an emergency
  Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
• It is in the public interest or we have official authority; or
  Example: Security operations
  We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.
• It is in our or a third party’s legitimate interests and these are not overridden by your interests or rights.
  Example: To personalise your experience
  We may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.

Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest. 

Back to the beginning of this section

This Privacy Notice supersedes all previous versions. We may change the notice at any time, so please check regularly on our website(s) for any updates. If the changes are substantial, we will provide clearly identifiable notification on our website(s). In addition, if we deem it appropriate, we will send you an electronic notification of changes to our Privacy Notice.

Last update: July 2018

Back to the beginning of this section

Data controller: The data controller determines the purpose and manner in which personal data is used.

European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.

Online advertising: Marketing messages that you may see on the internet.

Special categories of personal data: This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.

Caricom API Data: Some or all of the Caricom states have entered into an agreement with the USA whereby advance passenger data, required by and provided to Caricom states for border security purposes, will be passed to the USA Department for Homeland Security for processing on behalf of those Caricom states. Please see the Caricom website for more details.

US Secure flight Data: The Transportation Security Administration (TSA) requires you to provide your full name, date of birth and gender for the purpose of watch list screening. You may also provide your Redress Number, if available. Failure to provide details may result in denial of transport or denial of authority to enter the boarding area. TSA may share information you provide with law enforcement or intelligence agencies or others under its published system of records notice. Please see the TSA website for more details.

Back to the beginning of this section

When registering, we ask for your e-mail address, title, name and password as mandatory information. You have the option of adding further details to your customer account on a voluntary basis. This may include, for example, your address, date of birth and telephone number. We will also use this information to provide the services described below for your Meine-TUI profile.

When you visit our websites and applications, we want to help you find and use the information that is relevant to you more quickly. Therefore, you have the option of logging into your customer account on certain websites and applications offered either by us or by other companies of the TUI Group in order to use the respective service in a personalised manner without having to create a new user account each time. The personalisation consists, for example, of you being addressed personally on the respective website/application, receiving information appropriate to your current booking and/or finding pre-filled forms. You will be informed in detail in advance on the website/application about the type and scope of the personalisation and the data processing required for this, as well as any recipients of your data. Certain data that you enter on a website or in an application while logged in may also be linked to your account, provided that this data has not yet been stored in your customer account, so that the supplemented data will also be available in the future (subject to the respective applicable conditions) for the purposes of our website. Depending on the individual case, this may involve the following categories of data: (i) master data that you enter in forms, (ii) preferences, such as preferred travel destinations, which you expressly indicate as a preference to be stored in the profile, which you add manually on the website/app. In this respect, too, you will be informed in advance on the website/app about any re-storage.

You can sign up to receive our push notifications. To send our push notifications, we use the shipping service operated by Airship Group, Inc, 1225 W Burnside St #401, Portland, OR 97209, www.airship.com. 

You will receive regular information about news, deals, activities in the club, products and matching offers from TUI MAGIC LIFE, ROBINSON Club GmbH via our push notifications. 

To sign up, you need to confirm your app or browser's request to receive notifications. This process is documented and stored by Airship. This includes the storage of the login time of your device ID or browser ID. The collection of this data is necessary so that we can trace the processes in the event of misuse and therefore serves our legal protection. 

In order to show you the push notifications, Airship collects and processes your mobile device ID or browser ID on our behalf. 

By subscribing to our push notifications, you agree to receive them. The legal basis for processing your data after you have subscribed to our push notifications is Art. 6 (1) lit. a GDPR if you have given your consent. 

Airship and TUI MAGIC LIFE also evaluate the push notifications statistically. Airship can thus recognize if and when our push notifications were displayed and clicked on by you. 

You can revoke your consent to the storage and use of your personal data, to receive our push notifications and the statistical collection described above at any time with effect for the future.  

• App push: For the purpose of revoking consent, you can change the designated setting for receiving app push notifications in your mobile device at any time.  
• Web push: For the purpose of revoking consent, you can change the designated setting for receiving web push notifications in your browser. If you use our Web Push notifications on a desktop PC with the "Windows" operating system, you can also unsubscribe from our Push notifications by right-clicking on the respective Push notification in the settings that appear there. 

Your data will be deleted by Airship and TUI MAGIC LIFE as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your data will be stored as long as the subscription to our push notifications is active. 

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any collected reviews as well as to offer Trusted Shops products for buyers after an order has been placed.

In the context of weighing up interests this integration serves to safeguard our legitimate interests in the optimal marketing of our offer pursuant to Section 6 (1,1, f) of the General Data Protection Regulation (GDPR). The Trustbadge and the services advertised are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the Trustbadge is invoked, the Web server automatically stores a server log file to document the request. The server log file can, for example, contain your IP address, date and time of the request, the transferred quantity of data and the provider making the request (access data). These access data will not be evaluated and will be automatically overwritten within seven days after the end of your page visit.

Other personal data will only be transferred to Trusted Shops if and as far as you have consented to this and decide after the completion of an order to use Trusted Shops products or you have already registered for such use. In this case, the contractual agreement between you and Trusted Shops applies.

Back to the beginning of this section