Privacy statement

This privacy policy, hereafter known as: “Privacy Policy” applies whenever you use the website www.ostbelgien.eu (including the sections www.ostbelgien.eu/fr/shop and www.ostbelgien.eu/de/essen-sch...) (hereinafter the “Site”). A more detailed description of its terms can be found in the Legal Notice.

The purpose of this Privacy Policy is to inform you about the data collected through this website by the Agence du Tourisme des Cantons de l’Est, a public utility foundation (hereinafter “ATCE”), registered under company number BE 0715 454 578 at Hauptstraße 54, 4780 Saint Vith, Belgium. This Privacy Policy specifies how and for what purposes ATCE collects, processes, protects and shares your personal data when you use this Site.

The protection of your personal data is important to us. Personal data is information about the personal or factual circumstances of a specific or identifiable natural person. This includes, for example, name, address, telephone number and date of birth, but also all other data that can be related to an identifiable person. Since personal data enjoys special legal protection, we only collect it to the extent necessary for the provision of our website and our services.

By using this Site, you consent to ATCE processing your personal data as described in this Privacy Policy. You confirm that you are at least 18 years old or that you have obtained permission from your parents or legal guardians to give this consent.

ATCE respects your privacy and the way you choose to provide data. ATCE recognises the need to properly safeguard and manage the personal data it collects.

Our data protection practices comply with the legal regulations, in particular those of the EU's General Data Protection Regulation (GDPR). We will only collect, process and store your personal data insofar as this is necessary for the functional provision of this website and our contents and services, as well as for the processing of enquiries and, if applicable, for the processing of orders/contracts, but in each case only insofar as there is a justified interest within the meaning of Art. 6 (1) sentence 1 lit. f GDPR or another permissible circumstance. Your data will only be used for further purposes specified in your consent, e.g. for the sending of promotional information by newsletter, if you have given your consent separately beforehand.

ATCE conducts its business in accordance with this Privacy Policy to help you understand what types of personal data ATCE may collect, for what purposes it may be used and with whom it may be shared.

If you have any questions about this Privacy Policy, please contact us using the details below:

Responsible according to Art. 4. No. 7 GDPR

Agence du Tourisme des Cantons de l’Est asbl
E-mail: info@ostbelgien.eu
Registration number: BE 0715 454 578
Address: Hauptstrasse 54, 4780 St. Vith
Phone number: +32 80 227 664

Name and address of the data protection officer

TPO Eupen
Hochstrasse, 81
B-4700 Eupen
TVA BE.0672.648.973
RPM Eupen
+32 (0)87 71 02 00
E-mail: office@tpo.solutions

When you use the Site, you have the option of choosing what personal data you are willing to provide. By providing this personal data, you agree that ATCE may process your data within the context of your visit to and use of the Site. Depending on which services you subscribe to, you will be asked to provide information. Some of it is mandatory and other parts are optional (marked on the Site with the symbol “∞” bottom left of the screen).

More specifically, the categories of personal data listed below, whether mandatory or optional, are collected, processed, and used by ATCE in accordance with this Privacy Policy so that you can make reservations on the Site, buy products in our Touristshop and enjoy the benefits of other services offered on this Site. ATCE collects and processes the following categories of personal data:

1. Personal data processed in the context of overnight bookings or other tourist services in accordance with the General Conditions of Services: Last name, First name, E-mail address, Address, Street, Postal code, City, Country, Civil status, Title, Telephone, Fax, Company, Message

2. Personal data collected in the context of the conclusion and management of online sales contracts via the Touristshop in accordance with the general conditions of online sale: Title, Last name, First name, E-mail, Phone, Fax, Address, Number, Postal code, Town, Country, Payment method, Company

3. Personal data processed to respond to your requests as listed below:

– Subscribing to the ostbelgien.eu newsletter:
E-mail  
The data recorded in the registration page of our newsletter will be used by us exclusively for sending our newsletter, in which we inform you about all our services and news. After registration, we will send you a confirmation email containing a link that you need to click to complete the registration for our newsletter (double opt-in). You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link, which is also included in every newsletter. Your data will be deleted by us immediately after unsubscribing, provided that there are no legal obligations to retain the data. Likewise, your data will be deleted by us immediately should your newsletter registration not be completed. We reserve the right to delete data without giving reasons and without prior or subsequent information.
Necessity of providing personal data : If you would like to use our newsletter, you need to fill in the fields marked as mandatory and confirm your email address by clicking on the double opt-in link. The newsletter registration details are neither necessary to enter into a contract with us nor legally binding. They are used exclusively for sending our newsletter. If you do not fill in the mandatory fields, we will unfortunately not be able to provide you with our newsletter.

– Registration for the winter information point (see info "subscribing newsletter))
Name, E-mail

– Contact page(s)
The data you have inputted on our contact page(s) in the respective fields provided there. 
We will only use the data collected via our contact page(s) to process the specific contact request received through that page. Please note that in order to fulfil your contact request, we may also send you emails to the address you have provided. The purpose of this is to confirm that your enquiry has been received by us. However, the sending of this confirmation email is not obligatory for us and is only for your information. The use of our contact page(s) is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the contact page(s), but can also use the other contact options provided on our website. If you wish to use our contact page(s), you need to fill in the fields marked as mandatory. If you do not fill in the required information on the contact page(s), you will either not be able to send the enquiry or we will unfortunately not be able to process your enquiry.

– Request for information about a tourist service provider (hotels, campsites, cottages and furnished accommodation, inns, holiday villages, bed and breakfast, activities) (see info "Contact page(s))
Last name, First name, Street + No., Postal code + Town, Country, Tel, Fax, E-mail address, Your question

– Registration for press releases (see info "Contact page(s))
Title, Last name, First name, Address, Postal code, Town, Country, E-mail, Function, Type of media organisation, Publication, Frequency of publication, Edition, Topics of interest, Comment

– Contact (reserved for members of the press) (see info "Contact page(s))
Message, Title, Last name, First name, Number, Address, Postal code, Town, Country, Phone, Interests, E-mail – Access to the image bank of the Agence du Tourisme de l’Est de la Belgique (reserved for members of the press) First name, Last name, E-mail, Password, Acceptance of the Terms of Use

ATCE will use aggregated data (data that cannot identify or be linked to you, e. g., statistical data) to measure your interest in the Site and how you use it. ATCE may use this aggregated data to coordinate statistical and/or other summary analyses of the behaviour and characteristics of visitors to the Site. ATCE may use third-party providers to collect and analyse this data. While ATCE may share this aggregated data with third parties, none of this data will allow anyone to identify you.

ATCE does not collect or process any specific category of personal data, unless you have explicitly, intentionally, and freely shared it with us. Special categories of personal data are referred to as “sensitive” personal data and refer to information relating to racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation.

ATCE may use your personal data for other purposes not yet covered in this Privacy Policy but still with the legal authorisation or your consent to do so. In all cases, ATCE will inform you of changes to this Privacy Policy prior to using your personal data for other purposes. In the event of activities based on consent, ATCE will offer you the opportunity to reject these changes.

ATCE will also process your personal data to the extent necessary to manage its contractual relationship with you (e. g., to correspond with you).

We collect, process and store the following data when this website or individual files on the website are accessed: IP address, website from which the file was accessed, name of the file, date and time of access, amount of data transferred and report on the success of the access (so-called web log). We use this access data exclusively in a non-personalised form for the continuous improvement of our website and for statistical purposes.
We also use the following web trackers to analyse visits to this website.

Google Tag Manager

Scope of the processing of personal data

• On our website, we use the service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Tag Manager). Google Tag Manager provides a technical platform for executing and bundling other web services and web tracking programmes by means of tags. In this context, Google Tag Manager stores cookies on your computer and analyses your surfing behaviour (tracking), insofar as web tracking tools are executed using Google Tag Manager. This data sent by individual tags integrated in Google Tag Manager is merged, stored and processed by Google Tag Manager under a uniform user interface. All integrated tags are listed separately again in this privacy statement. You can find more information on the data protection of the tools integrated in Google Tag Manager in the respective section of this privacy statement. When using our website with activated integration of tags from Google Tag Manager, data, such as your IP address and your user activities, are transmitted to servers of Google Ireland Limited and processed and stored outside the European Union, e.g. in the USA. The EU Commission has not established that there is an adequate level of data protection in the USA. In particular, the USA lacks appropriate legal means for individuals to defend themselves against the disclosure of personal data to public authorities, such as intelligence services. With regard to the web services integrated via Google Tag Manager, the regulations in the respective section of this privacy statement apply. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager before transmission by means of IP anonymisation of the source code. In doing so, Google Tag Manager is only enabled to record IP addresses anonymously (IP masking).

Legal basis for the processing of personal data

• Art. 6 (1) lit. a GDPR (consent, either in the context of registering with Google –opening a Google account and accepting the privacy notices implemented there – or, if you have not registered with Google, by explicitly giving your consent when opening our site.
Purpose of the data processing

• Google will use this information on our behalf for the purpose of analysing your visit to this website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google Ireland Limited.
Storage duration

• Google will store the data relevant for the provision of web tracking for as long as is necessary to fulfil the booked web service. The data collection and storage is anonymised. If a person is referenced, the data will be deleted immediately, insofar as this is not subject to any legal retention obligations. In any case, the data will be deleted after expiry of the retention period.
Withdrawal and deletion

• You can prevent the collection and processing of your data by Google by deactivating the execution of script code in your browser or by installing a script blocker in your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link, http://tools.google.com/dlpage.... Google's security and privacy policy can be found at https://policies.google.com/privacy.

On our website, we use active content from external providers, so-called web services that are not governed by this Privacy Policy. We therefore recommend that you consult the respective privacy policies that apply to these other websites. We are not responsible for the personal data collected through third-party websites, or for their privacy practices. We strongly recommend that you familiarise yourself with each website’s privacy policy before disclosing any personal data.

When you visit our website, these external providers may receive personal information about your visit to our website. This may involve the processing of data outside the EU. You can prevent this by installing an appropriate browser plug-in or by deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit. We use the following external web services:

Cookiebot

A web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: Cookiebot) is loaded on our website. We use this data to ensure the full functionality of our website by obtaining and managing consent to the use of cookies. In this context, your browser may transmit personal data to Cookiebot. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in Cookiebot's privacy policy: https://www.cookiebot.com/en/privacy-policy/

Google

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Google) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google. The legal basis for the data processing is Art. 6 (1) lit. f GDPR. The legitimate interest consists in an error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in Google's privacy policy: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by Google by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

Google Maps

What kind of personal data is collected and to what extent is it processed?

• On our site, we use the map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Maps). Google Maps is integrated on the website via the Google API in order to visualise location information and display it in the form of a map. To display the map, the processing of the IP address by Google Maps is technically necessary. With regard to the other web services integrated via Google APIs, the regulations in the respective section of this privacy statement for Google APIs apply.
Legal basis for the processing of personal data

• Art. 6 lit. f GDPR (legitimate interest). Our legitimate interest lies in being able to present you with the visual presentation of location information as it is usual online.
Purpose of the data processing

• Google will use the information obtained via Google Maps on our behalf to show you the map. Using Google Maps, you will find us faster and more accurately than with a mere non-interactive map.
Storage duration

• Google will store the data relevant to the function of Google Maps for as long as is necessary to fulfil the booked web service. The data collection and storage is anonymised. If a person is referenced, the data will be deleted immediately, insofar as this is not subject to any legal retention obligations. In any case, the data will be deleted after expiry of the retention period.
Withdrawal and deletion

• You can prevent the collection and forwarding of personal data to Google (in particular your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, by installing a script blocker in your browser or by activating the "Do Not Track" setting of your browser. Google's security and privacy policy can be found at https://policies.google.com/privacy.

Joint processing

• We have concluded a joint processing agreement with Google with regard to Google Maps. You can find the content of this agreement here, https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.

Google APIs

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Google APIs) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google APIs. The legal basis for the data processing is Art. 6 (1) lit. f GDPR. The legitimate interest lies in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transmitted data can be found in the privacy statement of Google APIs: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by Google APIs by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

Gstatic

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic. The legal basis for the data processing is Art. 6 (1) lit. f GDPR. The legitimate interest consists in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. For further information on the handling of the transmitted data, please refer to the Gstatic privacy statement: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by Gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

YouTube

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: YouTube) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to YouTube. The legal basis for the data processing is Art. 6 (1) lit. f GDPR. The legitimate interest consists in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transmitted data can be found in the YouTube privacy statement: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by YouTube by deactivating the execution of script code in your browser or installing a script blocker in your browser.

ytimg

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: ytimg) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to ytimg. The legal basis for the data processing is Art. 6 (1) lit. f GDPR. The legitimate interest consists in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transmitted data can be found in the YouTube privacy statement: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by YouTube by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

outdooractive.com

On our website, a web service of the company Outdooractive GmbH & Co. KG, Missener Straße 18, 87509 Immenstadt, DE (hereinafter: outdooractive.com) is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to outdooractive.com. The legal basis for data processing is Art. 6 (1) lit. f GDPR. The legitimate interest lies in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You can find further information on the handling of the transferred data in the outdooractive.com privacy statement: https://www.outdooractive.com/de/datenschutz.html. 

You can prevent the collection and processing of your data by outdooractive.com by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

NodeMapp BV

On our website, a web service of the company NodeMapp BV, A. Van Looplein 19, 2235 Hulshout (Belgique) (hereinafter: NodeMapp) is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to outdooractive.com. The legal basis for data processing is Art. 6 (1) lit. f GDPR. The legitimate interest lies in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You can find further information on the handling of the transferred data in the NodeMapp privacy statement: https://www.nodemapp.com/en/privacy-policy. 

ATCE will not make your personal data available to third parties, except in the case of transfers (i) authorised by the applicable law, (ii) when required to execute your order or (iii) based on your specific consent. In addition, by using the Site, you agree that ATCE may transfer your personal data if ATCE transmits all or part of its activities or assets to a third party.

Insofar as this involves the transfer of your personal data to countries outside the European Economic Area or to countries the European Commission believes do not provide an appropriate level of protection for your personal data, ATCE will ensure that measures are put in place in accordance with the applicable national and European legislation for the protection of privacy.

On 25.05.2018, our subcontractors confirmed they will process the data entrusted to them in accordance with the GDPR (General Data Protection Regulation).

Cookies are data (small electronic text files) stored on the user's hard drive, containing data about the user. When browsing the Site, cookies may be placed on your computer or other electronic device to collect anonymous and personal data about you. In order to provide the services accessible via the site, ATCE installs and uses certain technically required cookies on your device and which do not require your consent in accordance with the requirements of the law relating to electronic communications of June 13, 2005.

By using the Site, you accept that other cookies may also be installed and used.

This is particularly the case for third-party cookies mentioned below. You can delete or block cookies at any time in your browser settings. However, please note (i) that certain features of the Site requiring the use of such cookies may no longer be available or (ii) that you will have to re-enter certain data during your subsequent visits to the Site.

Personal data relating to online contracts you have agreed to is stored for 10 years.

When your personal data is collected for direct marketing purposes, ATCE stores it for two years from the date you register, unless ATCE has a specific legitimate interest in storing your personal data for a longer period.

ATCE has put in place the security measures legally required to prevent the loss, use or unlawful modification of personal data obtained through using our Site. ATCE takes steps to maintain the confidentiality of your personal data and to protect it from being unlawfully disclosed. ATCE will not make your personal data available to the public.

ATCE safeguards your personal data by adopting standard industry practices as well as recognised policies, infrastructures, and tools. Despite our best efforts to ensure the security of your personal data, no website is one hundred percent secure. We therefore recommend that you to take appropriate steps to protect yourself as well, in particular by keeping your access codes confidential.

You have the right to access your personal data, as collected and processed by ATCE, and to request for it to be rectified or deleted if it is incorrect or not required. To exercise your rights, please send a written and signed request to ATCE to the address above, with a copy of your identity card or other identification document proving that you are the user affected by the personal data.

If, at any time, you want ATCE to stop processing your personal data and contacting you for direct marketing purposes, you may object to your personal data being processed for such purposes in the future, at any time, free of charge and without justification, by sending an e-mail to ATCE at info@ostbelgien.eu, or a letter to ATCE’s postal address (see above).