Privacy Policy
1. Controller
Technical administrator of this website: Manfred Walberer, Möselstr. 17, 94146 Hinterschmiding, Germany, Email: [email protected]
Role: Technical administration and maintenance of the website. The technical administrator is not the organizer or provider of the displayed
tourist services and assumes no responsibility for content, prices, services, or execution of the offered tours.
2. Provider of Tourist Services
The tourist services displayed on this website are provided exclusively by: Aya Srey, Sihanoukville (no street address available), Cambodia, Phone: +855 71831 5119, Email: [please
insert].
The contractual partner for all bookings is exclusively the provider in Cambodia. This provider is solely responsible for content, prices, service descriptions, and execution of the tours.
3. Hosting
This website is hosted via the website builder of Jimdo GmbH, Stresemannstr. 375, 22761 Hamburg, Germany. When accessing the website, the hosting provider automatically processes technical data
(IP address, date and time of access, browser type, operating system, referrer URL). This processing is necessary to ensure the technical operation and security of the website.
4. Contact Form
If you use the contact form, the data you enter (e.g., name, email address, message) will be stored and processed to handle your inquiry. Booking or tourism-related inquiries are forwarded to the
responsible provider in Cambodia for the purpose of performing pre-contractual measures. The legal basis is Art. 6(1)(b) GDPR (contract initiation) and Art. 6(1)(f) GDPR (legitimate interest in
processing inquiries).
5. Data Transfer to a Third Country (Cambodia)
In connection with booking or travel inquiries, personal data is transferred to the provider in Cambodia. Cambodia is a third country outside the EU without an adequacy decision from the European
Commission, so there may not be an equivalent level of data protection. The transfer is carried out according to Art. 49(1)(b) GDPR for contract performance or pre-contractual measures and, if
applicable, based on your explicit consent (Art. 49(1)(a) GDPR). By submitting an inquiry, you agree to the necessary transfer of your data.
6. Cookies
This website may use technically necessary cookies to ensure functionality. You can disable the storage of cookies in your browser settings.
7. Your Rights
You have the right to access, correct, delete, restrict processing, data portability, and withdraw consent under the GDPR. To exercise your rights, please contact the technical administrator
mentioned above.
8. Liability for Content
The content of this website has been created with the utmost care. The technical administrator assumes no liability for the accuracy, completeness, or timeliness of the information on tourist
services. The provider in Cambodia is solely responsible for the tourist offerings.
Link to Imprint: [here]
-------------------------------------------------------------------------------------------------------------------------------------------------
In addition to the above Privacy Policy, the following also applies, insofar as it is not already covered in the above statement:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data (“data”) within our online offering and associated websites, functions, content, and social
media profiles (“online offering”). Terminology follows Art. 4 GDPR.
Types of Data Processed: registration data (names, addresses), contact data (email, phone), content data (text, photos, videos), usage data (visited pages, access times), meta/communication data (device info, IP).
Data Subjects: visitors and users of the online offering (“users”).
Purpose of Processing: provision of the online offering and its functions, responding to inquiries, security, reach measurement, marketing.
Definitions: personal data: information relating to an identified/identifiable person; processing: any operation on personal data; pseudonymization: processing so data cannot be attributed without additional info; profiling: automated evaluation of personal aspects; controller: entity determining purposes/means of processing; processor: entity processing on behalf of controller.
Legal Basis: consent (Art. 6(1)(a)/7 GDPR), contract performance (Art. 6(1)(b)), legal obligations (Art. 6(1)(c)), legitimate interests (Art. 6(1)(f)), vital interests (Art. 6(1)(d)).
Security Measures: technical and organizational measures per Art. 32 GDPR, including confidentiality, integrity, availability, secure access, deletion procedures, and data protection by design/default (Art. 25 GDPR).
Cooperation with Processors/Third Parties: data shared only with legal basis, consent, contractual necessity, or legitimate interests. Processor contracts under Art. 28 GDPR.
Transfers to Third Countries: only with legal basis, consent, contractual necessity, or safeguards (Arts. 44 ff. GDPR, e.g., Standard Contractual Clauses, Privacy Shield).
Rights of Data Subjects: confirmation and access (Art. 15), correction (Art. 16), deletion/restriction (Arts. 17/18), data portability (Art. 20), complaint to supervisory authority (Art. 77).
Withdrawal/Objection: consent may be withdrawn (Art. 7(3)), objection to processing at any time, including direct marketing (Art. 21).
Cookies/Direct Marketing: temporary/persistent cookies used; third-party cookies may apply; disable via browser settings; general opt-out via http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/.
Data Deletion: data deleted or restricted when no longer needed unless legal retention applies (Germany: 6–10 years, Austria: 7–22 years).
Business Processing: contract/payment data for services, marketing, customer care.
Hosting: hosting provider processes registration, contact, content, contract, usage, and meta data on legitimate interests (Art. 6(1)(f)) with Art. 28 GDPR contract.
Server Log Files: access data (page, date/time, IP, browser, OS) stored max 7 days; longer for legal evidence.
Contractual Services: personal/contract/usage data processed for service fulfillment (Art. 6(1)(b)), mandatory form entries required for contract.
Administration/Accounting: data processed for administration, accounting, legal compliance; may be shared with tax authorities, advisors, payment providers. Business partner data stored permanently.
Contact Requests: processed to handle inquiries (Art. 6(1)(b)), stored in CRM, deleted when no longer needed.
Comments/Contributions: IP addresses stored 7 days for security/spam prevention; data retained until user objection.
Google Analytics: used on legitimate interests (Art. 6(1)(f)), IP anonymized, data sent to USA, pseudonymized, deleted after 14 months; opt-out: http://tools.google.com/dlpage/gaoptout?hl=de.
Social Media: data processed when users interact with our pages; subject to platform terms.
Third-Party Content/Services: embedded content (videos, fonts) requires IP for delivery; third parties may use cookies/pixels for analytics/marketing.
YouTube: videos from Google LLC, Mountain View, CA, USA. Privacy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Generated with Datenschutz-Generator.de by RA Dr. Thomas Schwenke