Privacy notice

In this privacy notice, Bollig Tours s.à r.l. (hereinafter “we”, “us” or “Bollig Tours”) explains how we collect, use and process personal data in accordance with the EU General Data Protection Regulation 2016/679 (GDPR) and the Luxembourg Data Protection Act of 1 August 2018.

 

1. Controller responsible for data processing

Bollig Tours s.à r.l.
121, Route de Luxembourg
L-6562 Echternach, Luxembourg
RCS Luxembourg: B 104 999
Telephone: (+352) 72 97 22-1
Email: info@bollig-tours.lu

 

2. Personal data

2.1 Visiting our website

When visiting our website, technical access data automatically transmitted by your browser is collected. These are:

– IP address (anonymized)

– Date and time of access

– Accessed page / URL

– Browser type and operating system

– Referrer URL (previously visited page)

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest) – to ensure the technical functionality and security of the website.

2.2 Contact form and travel inquiries

If you contact us via our contact form or by e-mail or request a trip, we process:

– First and last name

– E-mail address

– Telephone number (if provided)

– Travel preferences, travel destinations, desired travel dates

– Number of travelers

– Content of your message

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance / pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to inquiries).

2.3 Booking and contract processing

If you book a trip, we process all data necessary for the performance of the contract, including:

– Personal identification data of all travelers (name, date of birth, nationality)

– Passport or ID card number (where legally required)

– Payment data (bank details / credit card information)

– Health conditions / special needs (only upon your explicit request)

– Emergency contact

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).
For special categories of personal data (e.g. health data): Art. 9 para. 2 lit. a GDPR (explicit consent).

For booking processing, we transfer the necessary data to tour operators, airlines, hotels and other service providers. This transfer is strictly necessary for the performance of the travel contract.

2.4 Newsletter (CleverReach)

If you subscribe to our newsletter, we use the double opt-in procedure: after registration, you will receive a confirmation email in which you must actively confirm your subscription. Only then will you be added to our newsletter list.

We process the following data for sending the newsletter:

– E-mail address (mandatory field)

– First name (optional, for personalization)

– Date and time of registration and confirmation

– IP address at the time of registration (to prove consent)

Legal basis: Art. 6 para. 1 lit. a GDPR (consent). You can withdraw your consent at any time by clicking the unsubscribe link in every newsletter or by sending an e-mail to info@bollig-tours.lu. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Service provider: We use CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany, for sending newsletters. We have concluded a data processing agreement with CleverReach in accordance with Art. 28 GDPR. CleverReach is a European provider; your data is processed on servers in Germany and the EU. Privacy policy of CleverReach: www.cleverreach.com/de/datenschutz/

Our newsletters may contain tracking technologies (open and click tracking) to measure the success of our campaigns. We have activated privacy-compliant settings in CleverReach, where IP addresses are anonymized. You can restrict tracking by disabling images in your email program. Your data will be deleted within 1 month after unsubscribing from the newsletter, unless statutory retention obligations apply.

2.5 Job applications

If you apply via our website or by e-mail, we process your application documents exclusively for the purpose of the application procedure. The data will be deleted no later than 6 months after completion of the procedure, unless another legal basis exists.

Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and Art. 88 GDPR in conjunction with Luxembourg labor law.

 

3. How we use information?

3.1 What are cookies?

Cookies are small text files stored on your device when you visit our website. They allow your browser to be recognized during your next visit.

3.2 Technically necessary cookies

We use technically necessary cookies that are essential for the operation of the website (e.g. session cookies, language settings). These cookies cannot be disabled.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

3.3 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to analyze how visitors use our website.

We have configured Google Analytics with IP anonymization so that your IP address is shortened before being transmitted to Google. The remarketing functions of Google Analytics are disabled on our website. In exceptional cases, a full IP address may be transmitted to servers of Google LLC in the USA; Google LLC is certified under the EU-US Data Privacy Framework.

You can prevent data collection by Google Analytics by downloading and installing the browser add-on: tools.google.com/dlpage/gaoptout

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in website optimization). We inform you about this use in our cookie banner and give you the option to grant or refuse consent.

3.4 Managing cookie settings

You can adjust the use of cookies at any time via the cookie settings on our website. In addition, you can disable the storage of cookies in your browser settings. Please note that this may affect the functionality of our website.

 

4. Third parties and processors

We use the following external service providers with whom we have concluded data processing agreements in accordance with Art. 28 GDPR:

Service providers

WordPress.org

CleverReach GmbH & Co. KG

Google Ireland Ltd.)

Tour operators and service providers

Purpose

Website hosting and content management

Newsletter sending and email marketing

Google Analytics (website analysis)

Booking processing and travel execution (e.g. LuxairTours, Marco Polo, Studiosus)

Location / note

USA / EU servers; wordpress.org/about/privacy/

Germany (EU); DPA concluded

Ireland / USA (EU-US DPF certified)

EU/international; data transfer based on the travel contract

We do not share your data with third parties for advertising or marketing purposes. Data is only shared with travel providers to fulfill the contract.

 

5. Retention periods

We store your personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations:

– Booking and invoice data: 10 years (tax retention obligation under Luxembourg law)

– Travel inquiries (without booking completion): 6 months after completion of the communication

– Newsletter subscribers: until withdrawal of consent; after unsubscription deletion within 12 months, unless statutory retention obligations prevent deletion

– Job application documents: 6 months after completion of the application process (in case of rejection), unless another legal basis exists

– Server log files: 14 days (anonymized data may be stored longer for statistical evaluations)

 

6. Your rights as a data subject

As a data subject, you have the following rights under the GDPR:

– Right of access (Art. 15 GDPR): You have the right to obtain information about the personal data we have stored about you

– Right to rectification (Art. 16 GDPR): You may request the correction of incorrect or the completion of incomplete data

– Right to erasure (Art. 17 GDPR): You may request the deletion of your personal data, provided that no legal retention obligations prevent this

– Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing of your data in certain cases

– Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used and machine-readable format

– Right to object (Art. 21 GDPR): You may object to the processing of your data based on legitimate interests. In the case of direct marketing, you have an unrestricted right to object

– Right to withdraw consent (Art. 7 para. 3 GDPR): You may withdraw your consent at any time with effect for the future

To exercise your rights, please contact: info@bollig-tours.lu or in writing to Bollig Tours s.à r.l., 121, Route de Luxembourg, L-6562 Echternach.

 

7. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint at any time with the competent data protection authority:

Commission nationale pour la protection des données

15, Boulevard du Jazz

L-4370 Belvaux

Luxembourg

Tel.: (+352) 26 10 60 -1

E-Mail: info@cnpd.lu

Website: www.cnpd.lu

 

8. Data security

We implement technical and organizational security measures to protect your data. Our website uses SSL/TLS encryption (recognizable by “https://” and the lock symbol in your browser).

 

9. Changes to this privacy notice

We reserve the right to amend this privacy notice if necessary, for example in the event of changes to our website or legal requirements. The current version is always available on our website. We recommend reviewing this notice regularly.

 

Status: April 2026

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.