We are glad that you are interested in our company. The Company’s management places a special emphasis on data security. The use of our Internet pages can be possible even without providing any personal information; however, in case a particular subject wishes to use specific services provided by our company through our website, personal data processing may be required. If the personal data processing is required and there is lack of legal justification for it, we usually obtain the accordance or the subject of personal data’s consent.
Personal data, like a data subject’s postal and electronic (e-mail) address, phone number, or name, will be processed always in accordance with the GDPR – General Data Protection Regulation and the country-specific regulations on the data protection that are applicable. Our company is informing the public on the scope, nature, and purpose of this personal data our website stores, processes, and uses through the present data protection declaration. Furthermore, by means of this declaration for data protection, data subjects are educated of the entitled rights.
As controller, we have put in place various organizational and technical means to ensure the optimal safeguard of personal data handled via the present website. However, because data transmissions based through Internet may have gaps in the security, no absolute protection can be promised nor guaranteed. As a result, each data subject has the option of transferring personal data to our side by using other means, like a telephone.
Definitions
The Company’s data security declaration is based on the terminology used by the EU legislator in adopting the GDPR – General Data Protection Regulation. The public, but also our business partners and clients, should be able to read and understand our data protection declaration. To ensure this, we’d like to first define the terminology.
“We”, “Us”, “Our”, “Administrator”, “Service Provider” and “the company” mean bonairetax.us.
Inter alia, we use the following terms in the present data protection declaration:
Personal data
Personal data refers to any information pertaining to a known or natural identifiable person (the “data subject”). The natural identifiable person can be detected, actively or passively, by its name, location data, identification number, an online presence and IP, and one or several signs applying only to that natural person’s emotional, physical, genetic, physiological, cultural and social, and economic identity.
Data Subject
A data subject, this is a natural individual who can be categorized, directly or indirectly, based on specific information reflecting personal data.
- Processing
Processing is defined as any process or series of operations conducted on private data or collections of private data, via or without electronic means, such as processing, tracking, structuring, storing, organization, modification or adaptation, retrieval, consultation, usage, disclosure by transmission, distribution, and / or making accessible, alignment or mixture, limitation, erasure, or destruction.
- Processing restriction
Processing restriction – this is the labeling of retained personal data with intention of preventing their potential processing.
- Profiling
Profiling is described as any type of automatization of personal data that involves the use of personal data to determine some personal aspects with regard to a person, specifically to explore or forecast aspects relating to that person’s job efficiency, economic condition, interests, personal preferences, health, behavior, reliability, position, or movements.
- Pseudonymization
Pseudonymization is the process of processing personal data in a way that the personal data can’t be traced any more to a certain data subject without using further information, so that this further information is stored separately and applies to organizational and technical measures to guarantee that this data is not linked to any identifiable or identified person.
- Controller or the controller processing responsibility
The controller or the controller processing responsibility is the person, the agency, or authority, or any other body that, alone or in collaboration, identifies means and purposes of personal data processing; where the means and purposes of this processing are set by the Union or Member State law, the controller or standardization for its nomination can be given.
- Processor
Any process or series of operations conducted on personal data or collections of personal data, whether or not by automatic means, such as processing, logging, organization, structuring, storing, modification or adjustment, retrieval, analysis, usage, disclosure by transfer, distribution, or otherwise making accessible, coordination or combination, limitation, erasure, or destruction.
- Recipient
A natural and/or lawful entity, governmental authority, organization, or other individual to which personal data are exposed, including a third party, is referred to as a recipient. Public bodies who can collect personal data in the context of a specific investigation under Union or Member State legislation are not considered recipients; the data collection by the public bodies must be in line with the relevant data privacy laws based on the objectives of the processing.
Third party
A third party is any natural or lawful entity, public official, organization, or body different than the data subject, processor, controller, and individuals allowed to process personal data under the controller’s or processor’s direct authority.
- Consent
A third party is any natural or lawful entity, public official, organization, or body different than the data subject, processor, controller, and individuals allowed to process personal data under the controller’s or processor’s direct authority.
Processing of personal data
In its role as controller of personal data, the Company collects personal data in a way that guarantees an acceptable degree of security, like defense against unaccredited or unlawful processing and unintentional loss, harm, or injury, while employing appropriate technological or/and organizational steps in accordance with the principles listed below:
- In relation to the data matter, legally, reasonably, and transparently (“lawfulness, justice, and transparency”)
- Data is obtained for specific, explicit, and legitimate purposes and is not further stored in a way that is incompatible with those purposes (“appropriateness in personal data collection and intent limitation”).
- adequate, appropriate, and restricted to the needed for the purposes to which they are processed (“data minimization”)
- precise and stored up to date.
- storage for no longer than is needed for the needs for which they are used (“storage limitation”)
- processed in a way that ensures adequate personal data security, such as protection against improper or unauthorized processing and data leakage, degradation, or harm, using appropriate technological or organizational steps (“integrity and confidentiality”).
We do process personal information when one of the following criteria is met:
- Processing is essential for the execution of an agreement or contact with the company of which the data provider is a participant or to carry out measures at the data subject’s request prior to collaborating with us.
- Processing is necessary for the execution of any agreement with the Company of which the data subject is a participant or to take action at the data subject’s request prior to signing any agreement with us.
- The data subject has provided their permission for their personal data to be used for one or even more particular purposes. When personal data is stored exclusively on the basis of consent, the data recipient has the right to revoke that consent at any time. Withdrawal of the data subject’s approval is not valid where the collection of the data is dependent on the terms of items “a” and “b” above.
The Company, in its role as controller, does not collect personal information that exposes ethnic or racial origin, opinions linked to political, religious, or other philosophical view and beliefs, labor-union liaisons. The processing of biometric and/or genetic data, uniquely for the means of identification of the person, data regarding health or sexual life or orientation of the person except when we have received data subject’s explicit accord for the processing of this kind of data for one or more than one purposes.
Name and Address of the controller
In charge of the aims of the GDPR – General Data Protection Regulation, specific data protection regulations applicable in European Union Member States, and other data protection requirements is:
Name and Address of the Data Protection Officer
Controller’s Data protection Officer: Bill Martinez
Data subjects can contact our Data Protection Officer directly at any time with any questions or suggestions about the protection of information and data.
Cookies
We do use cookies. These are text files guarded in a system of computers via I-net (Internet) browser.
They are used by many servers and websites. A cookie ID is used in many cookies. An ID of cookies is the cookie’s unique id. It is made up of a character string that allows Internet sites and servers to be allocated to the same I-net browser where the cookie was placed. This enables visited Internet pages and servers to select the data subject’s particular browser from other browsers with other cookies. Using the special cookie ID, a particular Internet browser may be recognized and marked.
The Company will offer more usage experience services to the website’s clients and visitors by using cookies, which otherwise will not be available without the cookies’ policy establishment. The content and deals on our website can be optimized with the customer in mind by using cookies. As previously stated, cookies help us to remember our website visitors. This acknowledgment is intended to make it easy for people to access our website. Clients of a website with cookies are not asked to insert access data any time the website is visited, since this is handled by the cookies’ policy and the website and is therefore saved on the user’s computer device. Another illustration is the cookie associated with a shopping basket in a web store. A cookie is used by the online retailer to recall goods stored in the online shopping basket by a client.
The data subject can stop the cookies’ setting at any time via the website by making the appropriate configuration in the used I-net browser, and this way permanently refuse cookie setting. Additionally, those already set cookies can be removed at any time using an I-net browser and various software programs. This is achievable in any of the popular web browsers. When the data subject disables the cookie settings in the I-net browser selected, not all the website’s features will be fully functional.
Collection of general information and data
When a client, (a data subject) or an automated system uses the website, the latter collects general information and data. This information and general data are then kept in the log files of the server. Collected data may include:
- the operating system of the accessing system.
- the version and the type of the I-net browser.
- sub-websites.
- referrers – website used by the accessing system to reach our website.
- IP address
- date and time of reaching our website.
- the Internet service provider of the accessing system.
- other similar information and data that may be used under attacks on our IT systems.
The Company does not evaluate the data subject while in use of the information and general data. This information is rather needed to:
- provide and deliver correct content.
- optimize the website and advertisement’s content.
- ensure the viability of our website technology and IT systems, and
- in case of a cyber-attack, provide the information needed to the law enforcement authorities.
This means that we do analyze anonymously the information and data collected statistically to increase the protection and the security of the data of our Company, but also to ensure the optimal possible level of the personal data’s protection processed by us. Server log files’ anonymous data is kept separately and away from the personal information provided by a data subject.
Contact possibility via the website
The website provides information enabling urgent direct communication electronic communication with us, and this also comprises a general address of e-mails. Therefore, personal data sent by the data subject is stored automatically when a data subject contacts us via our contact form or by email. Such voluntary transmission of personal data by the data subject to us – the data controller is kept to process or contact the data subject. During this process, no transfer of this type of personal data is made to third parties.
Comments’ function in the blog on the website
We can offer our users and clients the possibility to leave comments on the blog posts published on a blog, on the controller’s website. The blog is web – based and publicly – accessible. We publish blog posts from bloggers and writers.
If the comments’ function is available and a data subject decides to leave a comment under a blog post published on our website, the data subject’s comments will also be published and stored. Information on the time and date of the commentary and of the data subject’s username will be stored too. Logged will be also the IP address. The latter is due to security reasons – the protection of third parties in case of violation of third parties’ rights, or of illegal publication provided within a comment. This means that by storing such personal data, the controller keeps its interest so he can exculpate in the event of an infringement. Third parties will not have access to the above collected personal data unless it is required by the law or can be served to defend controller’s data.
Routine erasure and blocking of personal data
The personal data’s time of storage by the controller is set by the European legislator or any other regulator or legislator under which the controller is falling. Therefore, it will be stored for the time of achieving the purpose of the storage or as long as the law requires.
All personal data is blocked or erased routinely in accordance with the requirements set by the European legislator or another regulatory body when the storage purpose is inapplicable, or if a storage period expires.
Data protection provisions about the Facebook use and application
The controller has incorporated enterprise Facebook components on this website.
Facebook is a social networking site.
A social network is an online community that enables users to interact in a digital environment and connect. It is a venue for social meetings on the Internet.
A social network may serve as a forum for the sharing of experiences and ideas, or it may enable the Internet community to share business-related or personal information.
Facebook enables users of the social network to set up private profiles, network via friend requests, and upload images.
Facebook’s operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States.
If you live outside of the US or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the individual pages of this i-net website are accessed by the data subject, which is run by the controller and into which was inserted a Facebook feature (Facebook plug-ins), the web browser on the data subject’s information technology device is automatically prompted to download a display of the Facebook corresponding component from Facebook via the component of Facebook.
A list of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/.
During the process of this technological method, Facebook learns which particular sub-site of our website the data subject visited.
If the data subject is logging in to Facebook at the same time, Facebook detects which particular sub-domain of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the time of stay on our website.
This information is collected through the Facebook portion and associated with the data subject’s Facebook account.
When data subject chooses one of the Facebook buttons built into our website, such as the “Like” button, or submits a message, this information is matched by Facebook with the data subject’s personal Facebook user account and retains the personal data.
Facebook collects information about a data subject’s visit to our website via the Facebook portion whenever the data subject is logged in on Facebook at the same time as the call-up to our website.
This occurs whether or not the data subject clicks on the Facebook component.
If the data subject does not want such a transmission of information to Facebook, he or she can avoid it by logging out of their Facebook account before visiting our website.
Facebook’s data security guideline, which is available at https://facebook.com/about/privacy/, offers details about Facebook’s collection, processing, and usage of personal data.
Furthermore, it is clarified there, what privacy settings Facebook provides to protect the data subject’s privacy.
Furthermore, various options for configuration are available to enable the removal of transmission of data to Facebook.
The data subject is able to use the applications to avoid sending data to Facebook.
Data protection provisions about the Google AdSense use and application
The controller has used Google AdSense on this website.
Google AdSense is an online service that allows advertisers to insert advertisements on third-party websites.
Google AdSense is based on an algorithm that chooses advertisements displayed on third-party sites that are relevant to the content of the third-party site.
Google AdSense enables interest-based targeting of Internet users, which is accomplished by creating individual user profiles.
Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the company that runs Google’s AdSense component.
The Google AdSense component aims to integrate advertising on our website.
Google AdSense puts a cookie on the data subject’s information technology device.
The meaning of cookies has already been clarified.
Alphabet Inc. is able to analyze our website usage thanks to the cookie.
For each of the controller’s i-net site’s pages visit, and through which a Google AdSense component is inserted, the Internet browser on the data subject’s information technology infrastructure will automatically send data to Alphabet Inc. for the purposes of online advertisement and commission settlement.
During the process of this technological practice, Alphabet Inc. gains knowledge of personal data, such as the data subject’s IP address, which allows Alphabet Inc. to understand the clicks and visitors’ origin and, as a result, establish commission settlements.
As previously mentioned, the data subject can, at any time, the setting of cookies prevention via our website by adjusting the web browser used, and thus permanently refuse the setting of cookies.
A change to the Internet browser used will also prevent Alphabet Inc. from placing a cookie on the data subject’s information technology infrastructure.
Furthermore, cookies previously used by Alphabet Inc. can be removed at any time using a web browser or other software programs.
Google AdSense also employs so-called monitoring pixels.
A monitoring pixel is a small graphic that is inserted in web pages to allow log file logging and analysis, which allows statistical analysis to be conducted.
Alphabet Inc. will decide whether and when a data subject opened a page, as well as which links the data subject clicked on, using the embedded tracking pixels.
Tracking pixels are used to analyze the movement of traffic on a website, among other things.
Personal information and data, which includes the IP address and is required for the collection and accounting of the displayed advertisements, are transmitted to Alphabet Inc. in the United States of America through Google AdSense.
This personally identifiable information will be stored and processed in the United States of America.
Alphabet Inc. can reveal the collected personal data to third parties through this technical procedure.
Google AdSense is discussed in greater detail at https://www.google.com/intl/en/adsense/start/.
Data protection provisions (with anonymization function) about the Google Analytics
Use and application
The controller has included a Google Analytics component on this website (with the anonymizer function).
Google Analytics is a service for web analytics.
Gathering, collecting, and review of data regarding website visitors’ activities is web analytics.
A web analysis service gathers information such as the website from which the referrer – an individual came which sub-pages were accessed, how long or/and how often certain sub-page was visited.
Online analytics was mostly used for website optimization and to do analysis of the Internet ads’ cost-benefit.
Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the operator of the Google Analytics portion.
The controller employs the application “_gat. _anonymizeIp” for web analytics through Google Analytics.
When a data subject accesses our websites from a Member State of the EU or another Contracting State to the Agreement on the European Economic Area, Google abridges and anonymizes the IP address of the data subject’s Internet link.
The component of Google Analytics aims to analyze the traffic on our Internet site.
Google uses the collected information and data, among other things, to analyze our website usage and to provide reports online that display on our website activities, as well as to provide us with further services associated to the Internet site usage.
Google Analytics puts a cookie on the data subject’s information technology infrastructure.
The meaning of cookies has already been clarified.
Google is able to analyze the use of our website thanks to the cookie.
With each visit to some of the pages of the Website, which is run by the controller also into which a component of Google Analytics is inserted, the Internet browser on the data subject’s information technology infrastructure will automatically upload data to Google for online advertisement and commission settlement.
During the process of this technological practice, the enterprise Google obtains personal information, such as the data subject’s IP address, which allows Google to understand the clicks and visitors’ origin and, as a result, establishes commission settlements.
The cookie is used to store personal information such as the time of access, the location from which the access was made, and the frequency with which the data subject visits our website.
Such personal data, including the IP address of the data subject’s Internet connection, will be transmitted to Google in the United States of America for each visit to our Internet site.
Google stores these personal data in the United States of America.
Google can disclose the personal information gathered through the third parties’ technical procedure.
As previously mentioned, the data subject can, at any time, prevent the setting of cookies through our website by adjusting the web browser used, and thus permanently refuse the setting of cookies.
A change to the Internet browser used will also prevent Google Analytics from placing a cookie on the data subject’s information technology infrastructure.
Furthermore, Google Analytics cookies can be removed at any time using a web browser or other software programs.
Furthermore, the data subject has the option of objecting to a set of data produced by Google Analytics that is relevant to the use of this website, and also the data processing by Google and the ability to prevent such processing.
To accomplish this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout.
This i-net add-on sends data to Google Analytics via JavaScript that any information and data about Internet page visits will not be sent to Google Analytics.
Google considers the installation of browser add-ons to be an objection.
If the data subject’s information technology infrastructure is subsequently removed, formatted, or newly updated, the data subject must reinstall the browser add-ons to disable Google Analytics.
If the data subject or any other individual within their domain of competence uninstalled or disabled the browser add-on, the reinstallation or reactivation of the browser add-ons is possible.
More details and Google’s relevant data security provisions can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html.
Google Analytics is explained in greater detail at https://www.google.com/analytics/.
Data protection provisions about the Google Remarketing use and application
The controller has incorporated Google Remarketing services on this website.
Google Remarketing is a Google AdWords feature that allows a business to show advertisements to Internet users who have previously visited the business’s website.
As a result of integrating Google Remarketing, an enterprise can generate user-based ads and display relevant advertisements to interested Internet users.
Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the organization that operates the Google Remarketing services.
Google Remarketing aims to incorporate advertisements that are important to the user’s interests.
Google Remarketing enables us to display advertisements on the Google network or on other websites that are tailored to the specific needs and desires of Internet users.
Google Remarketing places a cookie on the data subject’s information technology framework.
The meaning of cookies has already been clarified.
With the cookie, Google allows the user to our website to be recognized if he visits consecutive web pages that are also members of the Google advertising network.
For each visit to a website where Google Remarketing has been incorporated, the data subject’s web browser automatically associates with Google.
During the process of this technological method, Google collects personal information, such as the user’s IP address or surfing behavior, which Google uses, among other things, to insert interest-relevant ads.
The cookie is used to store personal information, such as the Internet pages that the data subject has visited.
When we visit our Internet sites, personal data, including the IP address of the data subject’s Internet connection, is transmitted to Google in the United States of America.
Google stores these personal data in the United States of America.
Google can disclose the personal information gathered through the third parties’ technical procedure.
As previously mentioned, the data subject can, at any time, prevent the setting of cookies through our website by adjusting the web browser used, and thus permanently refuse the setting of cookies.
A change to the Internet browser used will also prevent Google from placing a cookie on the data subject’s information technology infrastructure.
Furthermore, Google cookies can be removed at any time using a web browser or other software programs.
Furthermore, the data subject has the option to object to Google’s interest-based ads.
To accomplish this, the data subject must navigate to www.google.com/settings/ads and configure the desired settings on each Internet browser used by the data subject.
More details and Google’s actual data security policy can be found at https://www.google.com/intl/en/policies/privacy/.
Data protection provisions about Google-AdWords use and application
The controller has used Google AdWords on this website.
Google AdWords is an Internet advertising service that allows advertisers to insert advertisements in Google search engine results and the Google advertising network.
Google AdWords enables advertisers to pre-define unique keywords, with the aid of which an ad on Google’s search results is only displayed when a user uses the search engine to retrieve search result which is keyword-relevant.
Ads in the Google Advertising Network are distributed on related web pages automatically using an algorithm that takes into account previously identified keywords.
Google AdWords is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
Google AdWords aims to promote our website by including related ads on third-party websites and in Google search engine results, as well as the insertion of third-party advertising on our website.
If a data subject visits our website after clicking on a Google ad, Google places a conversion cookie on the data subject’s information technology device.
The meaning of cookies has already been clarified.
The validity of a conversion cookie expires after one month and it is not used to classify the data topic.
If not expired, the conversion cookie is needed and used to determine if those sub-pages on our website, such as the shopping cart from an online shop system, were accessed.
The conversion cookie allows both Google and the controller to determine if a person who clicked on an AdWords ad on our website made sales, i.e. completed or canceled a sale of products.
Google uses the information and data obtained by the conversion cookie to generate our website’s visits’ statistics.
These are used to calculate the total number of users served by AdWords advertising in order to determine each AdWords ad’s success or failure and to refine our AdWords ads in the future.
Google does not provide our company or other Google AdWords advertisers with details that could be used to classify the data topic.
Personal information, such as the Internet pages accessed by the data subject, is stored in the conversion cookie.
When we visit our Internet sites, personal data, including the IP address of the data subject’s Internet connection, is transmitted to Google in the United States of America.
Google stores these personal data in the United States of America.
Google can disclose the personal information gathered through the third parties’ technical procedure.
The data subject can, at any time, prevent our website from setting cookies, as mentioned above, by using a corresponding setting of the Internet browser used, and thus permanently refuse cookie setting.
A similar Internet browser setting will also prohibit Google from adding a conversion cookie on the data subject’s information technology device.
Furthermore, a Google AdWords cookie can be removed at any time using an Internet browser or other software programs.
The data subject has the option to object to Google’s interest-based advertising.
As a result, the data subject must access the connection www.google.de/settings/ads from each browser and set the desired settings.
More details and Google’s relevant data security provisions can be found at https://www.google.com/intl/en/policies/privacy/.
Data protection provisions about Instagram use and application
The controller has incorporated Instagram components on this website.
Instagram is a website that can be classified as an audiovisual site because it allows users to post images and videos as well as share those data on other social networks.
Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES, is the operating company for the services provided by Instagram.
With each visit to some of the pages of the Website, which is run by the controller and on which an Instagram feature (Insta button) has been integrated, the Internet browser on the data subject’s information technology device is prompted automatically to download a set of the corresponding Instagram component of Instagram.
During this technological process, Instagram learns which particular sub-page of our website the data subject visited.
If the data subject is logging in to Instagram at the same time, Instagram detects which particular sub-page of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is gathered by the Instagram portion and is associated with the data subject’s Instagram account.
If the data subject clicks on one of the Instagram buttons embedded on our website, Instagram matches this information with the data subject’s personal Instagram user account and stores the personal data.
Instagram receives information that the data subject has visited our website via the Instagram portion if the data subject is logged in at Instagram at the time of the call to our website.
This happens whether or not the individual clicks on the Instagram button.
If the data subject does not want such a transmission of information to Instagram, he or she can avoid it by logging out of their Instagram account before visiting our website.
More details and Instagram’s relevant data security provisions can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
LinkedIn – use and application of the social network’ data protection provisions
On this website, the controller has incorporated LinkedIn Corporation components.
The web-based social network – LinkedIn allows users to communicate with established business contacts and create new business affiliations and contracts.
The social network has around 400 million signed-in users from over 200 countries.
As a result, LinkedIn is also the biggest forum for entrepreneurial contacts. This is one of the world’s most visited social networks.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, UNITED STATES, is the company’s operating company.
LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is accountable for privacy matters outside of the UNITED STATES.
With each visit to some of the pages of the Website, which is run by the controller and on which a plug-in – a component by LinkedIn has been inserted, the i-net browser regarding the data subject’s IT system is prompted automatically to download display of the related LinkedIn component of LinkedIn.
More details about the LinkedIn plug-in are available at https://developer.linkedin.com/plugins.
In course of this technical process, LinkedIn learns which of our website’s sub-page(s), the data subject has visited.
If the data subject is registering into LinkedIn and LinkedIn, at the same time, detects which particular sub-page of our Internet page was accessed by the data subject, for the data subject’s call directed to our website — and for our website visit duration.
This information is gathered by the component of LinkedIn and related with the data subject’s LinkedIn account.
If a data subject clicks on the buttons incorporated on our website, LinkedIn relates this to the data subject’s own LinkedIn user account to keep the personal data.
LinkedIn obtains information for the visits to our website from the data subject through the LinkedIn component, given that the data subject is logged in at LinkedIn at the time of the call-up to our website.
This happens whether or not the individual clicks on the LinkedIn button.
If the data subject does not want such an information transmission directed to LinkedIn, he/she can avoid it by logging out of their LinkedIn account prior entering our Internet site.
LinkedIn offers the option to cancel the e-mail notifications subscription, direct advertisements, and SMSs, but also monitoring ad settings, at https://www.linkedin.com/psettings/guest-controls.
Affiliates on LinkedIn include Google Analytics, Eire, DoubleClick, BlueKai, Comscore, Eloqua, Lotame, and Nielsen.
According to https://www.linkedin.com/legal/cookie-policy, such cookies can be refused.
LinkedIn’s privacy policy can be found at https://www.linkedin.com/legal/privacy-policy.
LinkedIn’s Cookie Policy can be found at https://www.linkedin.com/legal/cookie-policy.
Pinterest – use and application of the social network’ data protection provisions
Pinterest Inc. components have been incorporated by the controller on this website.
Pinterest is a form of social network.
The term “social network” is a social gathering place on the Internet, a digital community enabling users to connect and interact among one another in a digital environment.
It can be used to share experiences and ideas, or it can be used to provide business or personal-related information to the Internet community.
Pinterest users can post, among other things, picture database and single images, but also explanations, on virtual pins aka pinboards, which can then be exchanged also known as re-pins or commented by other users.
Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, UNITED STATES, is the company’s operating company.
For each visit to the website’s pages, which is run by the controller and on which a plug-in – a component of Pinterest was integrated, the data subject’s information technology system’s Internet browser is prompted automatically to download a display Pinterest’s corresponding component via the respective Pinterest component.
More information about Pinterest can be found at https://pinterest.com/.
During the process of this technological method, Pinterest learns which of our website’s sub-page the data subject has visited.
If the data subject is logging in to Pinterest at the same time, Pinterest detects which particular sub-page of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is gathered by the Pinterest portion and associated with the data subject’s Pinterest account.
If a data subject clicks on one of the Pinterest buttons integrated on our website, Pinterest assigns this information to the data subject’s own Pinterest user account and stores the personal data.
Pinterest receives information that the data subject has visited our website via the Pinterest component, given that the data subject is logged in at Pinterest at the time of the call-up to our website.
This happens whether or not the individual clicks on the Pinterest component.
If the data subject does not want such a transmission of information to Pinterest, he or she can avoid it by logging out of their Pinterest account before visiting our website.
Pinterest’s data security guidelines, which are available at https://about.pinterest.com/privacy-policy, offer information on Pinterest’s collection, processing, and usage of personal data.
Data protection provisions about Tumblr use and application
Tumblr components have been built into the controller on this website.
Tumblr is a blogging site that allows users to build and manage their own blogs.
A blog is a web-based, usually public-accessible forum where one or more people known as bloggers or web-bloggers can post articles or write down thoughts in blog posts.
In a Tumblr blog, for example, the user can publish text, photographs, links, and videos and distribute them in the digital space.
Tumblr users can also import content from other websites into their own blogs.
Tumblr’s parent company is Tumblr, Inc., 35 East 21st Street, Ground Floor, New York, NY 10010, UNITED STATES.
The Internet browser on the data subject’s information technology infrastructure automatically downloads a view of the corresponding Tumblr component of Tumblr for each call for each visit to the website’s pages, which is run by the controller and on which a Tumblr component (Tumblr button) has been integrated.
More information about Tumblr buttons can be found at https://www.tumblr.com/buttons.
Tumblr learns the specific sub-page of our website the data subject accessed during this technical procedure.
The integration of the Tumblr component serves as retransmission of this website’s contents, allowing our users to bring this web page to the digital world and increase our visitor numbers.
If the data subject is logged in at Tumblr, Tumblr detects which particular sub-page of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is gathered by the Tumblr portion and associated with the data subject’s Tumblr account.
If a data subject clicks on one of the Tumblr buttons integrated on our website, Tumblr assigns this information to the data subject’s own Tumblr user account and stores the personal data.
Tumblr receives information that the data subject has visited our website via the Tumblr component, given that the data subject is logged in at Tumblr at the time of the call-up to our website.
This happens whether or not the individual clicks on the Tumblr component.
If the data subject does not want such a transfer of information to Tumblr, he or she can avoid it by logging out of their Tumblr account before visiting our website.
Tumblr’s relevant data security policies can be found at https://www.tumblr.com/policy/en/privacy.
Twitter data protection provisions about the use and the application
Twitter components have been integrated by the controller on this website.
Twitter is a multilingual, publicly available micro-blogging site where users can publish and spread so-called ‘tweets,’ which are short messages of up to 280 characters.
These short messages are accessible to all users, including those who are not logged in to Twitter.
The tweets are also shown to the respective user’s “followers.”
Other Twitter users who follow a user’s tweets are known as followers.
Furthermore, Twitter helps you to reach a large number of people by using hashtags, links, or retweets.
Twitter, Inc. is the holding firm, and its address is 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
With each visit to some of the pages of the Website, which is run by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the data subject’s information technology device is automatically prompted to download a display of the corresponding Twitter component.
More information about Twitter buttons can be found at https://about.twitter.com/de/resources/buttons.
During the course of this technological process, Twitter learns which particular sub-page of our website the data subject visited.
The introduction of the Twitter portion serves as retransmission of this website’s contents, allowing our users to add this web page to the digital world and increase our visitor numbers.
If the data subject is logging in to Twitter at the same time, Twitter detects which particular sub-page of our Internet page was visited by the data subject for each call-up to our website by the data subject and for the entire period of their stay on our Internet site.
This information is gathered by the Twitter portion and associated with the data subject’s Twitter account.
If a data subject clicks on one of the Twitter buttons integrated on our website, Twitter assigns this information to the data subject’s own Twitter user account and stores the personal data.
Twitter receives information that the data subject has visited our website via the Twitter component, given that the data subject is logged in on Twitter at the time of the call-up to our website.
This happens whether or not the individual clicks on the Twitter component.
If the data subject does not want such a transmission of information to Twitter, he or she can avoid it by logging out of their Twitter account before visiting our website.
Twitter’s relevant data security requirements can be found at https://twitter.com/privacy?lang=en.
Data protection provisions about the YouTube use and application
YouTube components have been incorporated by the controller on this website.
YouTube is an Internet video site that allows video publishers to freely upload video clips and other users, as well as free streaming, review, and commenting on them.
YouTube allows you to publish any kind of video, so you can watch complete movies and TV shows, as well as music videos, trailers, and videos created by users, through the Internet portal.
YouTube’s parent company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES.
Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES, owns YouTube, LLC.
For each visit to the website’s pages, which is run by the controller and on which a YouTube component (YouTube video) has been integrated, the data subject’s Internet browser on his or her information technology device is automatically prompted to download a display of the corresponding YouTube component.
More information about YouTube is available at https://www.youtube.com/yt/about/en/.
Over the course of this technological process, YouTube and Google learn which unique sub-page of our website the data subject visited.
If the data subject is logged in on YouTube, YouTube recognizes which particular sub-page of our Internet site the data subject visited for each call-up to a sub-page that contains a YouTube video.
This information is gathered by YouTube and Google and allocated to the data subject’s YouTube account.
If the data subject is logged in on YouTube at the time of the call to our website, YouTube and Google will receive information that the data subject has visited our website through the YouTube component; this happens regardless of whether the individual clicks on a YouTube video or not.
If the data subject does not want this information to be sent to YouTube and Google, the distribution will be stopped if the data subject logs out of their own YouTube account before visiting our website.
YouTube’s data security provisions, which can be found at https://www.google.com/intl/en/policies/privacy/, explain how YouTube and Google capture, store, and use personal data.
Payment Method: Data protection provisions about the use of PayPal as a payment processor
PayPal components have been incorporated by the controller on this website.
PayPal is a company that offers online payment services.
Payments are made using PayPal accounts, which are virtual private or company accounts.
If a user does not have a PayPal account, PayPal can still process virtual payments using credit cards.
Since a PayPal account is handled by an e-mail address, there are no traditional account numbers.
PayPal allows you to initiate online transfers to third parties as well as accept payments.
PayPal embraces trustee duties and provides buyer security services as well.
PayPal’s European subsidiary is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects “PayPal” as a payment method in the online shop during the ordering process, we automatically transmit the data subject’s information to PayPal.
By choosing this payment method, the data subject consents to the transfer of personal data necessary for payment processing.
Personal data sent to PayPal is usually first and last name, address, email address, IP address, telephone number, cell phone number, or other payment-related information.
The processing of the purchasing contract necessitates the collection of such personal data as is associated with the respective order.
The data transfer is intended for payment processing and fraud prevention.
The controller can pass personal data to PayPal if there is a valid interest in doing so.
PayPal can send to economic credit agencies the personal data shared between PayPal and the controller for data processing.
This transmission is intended to be used for identity and creditworthiness verification.
PayPal will, if applicable, disclose personal information to affiliates, service providers, or subcontractors in order to satisfy contractual obligations or process data in the order.
The data subject has the option to withdraw consent for the handling of personal data from PayPal at any time.
A revocation has no effect on personal data that must be stored, used, or distributed in order to process (contractual) payments.
PayPal’s relevant data security requirements can be found at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Payment Method: Data protection provisions about the use of CyberSource Corporation as a payment processor
The controller has incorporated payment processing components from CyberSource Corporation and its subsidiaries Authorize.net on this website.
Authorize.net is a payment portal that accepts online payments.
Payments are handled as follows:
1) The customer pays with his credit card.
2) Authorize.Net manages the complex data routing on behalf of the merchant through the steps/entities mentioned below.
3) Authorize.Net sends the encrypted transaction details to the Service Provider (e-payment and – or Talus payment system) over a secure link.
The transaction is sent to the credit card network by the Merchant Bank’s Processor (like Visa or MasterCard).
The credit card network routes the transaction to the bank that issued the customer’s credit card.
4) Depending on the customer’s available funds, the issuing bank accepts or rejects the transaction and sends the transaction results back to the credit card network.
The credit card network forwards transaction information to the merchant bank’s processor.
The transaction results are relayed to Authorize.Net by the processor.
5) Depending on the customer’s available funds, the issuing bank accepts or rejects the transaction and sends the transaction results back to the credit card network.
The credit card network forwards transaction information to the merchant bank’s processor.
The transaction results are relayed to Authorize.Net by the processor.
6) The merchant provides the customer with products or services.
7) The issuing bank transfers the purchase funds to the credit card network, which forwards the funds to the merchant’s bank.
The funds are then deposited into the merchant’s bank account by the bank.
This is known as settlement, and the transaction funds are normally deposited into the merchant’s primary bank account within two to four business days.
The address for Authorize.net is (General Inquiries) P.O. Box 8999 San Francisco, CA 94128-8999.
7556 US-70 #200, Bartlett, TN 38133, USA.
Talus is located at 12700 Park Central Dr, Dallas, TX 75251, USA.
If the data subject selects “Authorize.net” as the payment method in the online shop during the ordering process, the data subject’s information is automatically transmitted to the processor.
By choosing this payment method, the data subject consents to the transfer of personal data necessary for payment processing.
Personal data transmitted to the processor via the authorize.net gateway is usually first and last name, address, email address, IP address, telephone number, cell phone number, credit card number, or other payment processing data.
The processing of the purchasing contract necessitates the collection of such personal data as is associated with the respective order.
The data transfer is intended for payment processing and fraud prevention.
The controller can pass personal data to Authorize.net if there is a valid interest in doing so.
Personal data shared between Authorize.net and the controller for data processing will be distributed to economic credit agencies through Authorize.net.
This transmission is intended to be used for identity and creditworthiness verification.
If required, Authorize.net will disclose personal information to affiliates, service providers, or subcontractors in order to satisfy contractual obligations or process data in the order.
Authorize.net provides the data subject with the option to withdraw permission for the handling of personal data at any time.
A revocation has no effect on personal data that must be stored, used, or distributed in order to process (contractual) payments.
CyberSource’s relevant data security requirements can be found at https://www.authorize.net/en-GB/privacy/.
Processing legal basis
Art. 6(1) lit. a GDPR is the legal basis for operating and this is why we obtain consent for some of the operational purposes. If personal data is necessary to be processed for a contract to which of the parties is the data subject, as in this particular case, when processing operations are needed for the provision of services and/or services, the processing is based on Article 6(1) lit. b GDPR. The same applies to the operations needed for carrying out pre-contractual measures, like when there are inquiries regarding our services or products. Is our company subject to a legal obligation by which personal data processing is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. Sometimes, personal data processing may be needed to safeguard data subject or another natural person’s vital interests. A general example: if a client gets injured in a company’s office and his/her health insurance data, age, name, or any other crucial information must be sent on to a hospital or any other third party. In this case, the processing will be based on Art. 6(1) lit. d GDPR. The processing operations can be based on Article 6(1) lit. f GDPR. The legal frame is used for processing operations not covered by any of the abovementioned legal grounds, if the processing is needed for our company’s or third party’s legitimate interests, besides where the above interests are overridden by the interests or data subject’s fundamental rights and freedoms requiring personal data protection. This sort of processing operations is allowed as they have been specifically mentioned by the European legislator considering that a legitimate interest can be assumed if the data subject is controller’s client (Recital 47 Sentence 2 GDPR).
Controller or third party’s legitimate interests
When we process personal data under Article 6(1) lit. f GDPR, our legitimate interest is to manage our business in the best interests of both our employees and shareholders.
Period/time for which the personal data can be stored
The statutory retention period is the criterion used to assess the period of preservation of personal data.
When that time expires, the data corresponding is removed routinely, when it is no longer required for contract fulfillment or contract initiation.
You can ask us to delete your personal information by sending an email to info(at)tourismtaxbonaire.us.us or writing to the address mentioned above.
Personal data collection as a legislative or contractual requirement; a requirement for entering into a contract; the data subject’s obligation to include personal information; potential consequences if such data fails to be provided
We do clarify that the personal data provision is either required by the law (such as tax regulations). It might also be the product of contractual provisions (e.g. information on the contractual partner).
To sign a contract, the data subject may be required to provide us with personal data, which we must then process.
When our company, for example, signs a contract with the data subject, he or she is expected to provide us with personal details.
Failure to provide personal data will prevent the contract between the controller and the data subject from being concluded.
The data subject must first contact controller’s employee before providing personal information.
This employee checks to the data subject whether personal data provision is needed by law or by the contract, or whether it is required for the contract to be concluded, if there is a requirement to provide the personal data, and the failure consequences to provide such data.
Automated decision-making existence
As responsible business, we will not use automated profiling or decision-making.
Last updated: 11 January 2023