Doggy Bag Tours
ENNLDE
Book Now
Book Now

Privacy Policy

How we handle personal data, bookings, website use and guest information.

In case of discrepancies, the German version shall prevail.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

DBT GmbH (Doggy Bag Tours) Körnerstr 16

10785 Germany

Email: contact@doggybagtours.de Phone: 0176-4767 8220

Where this Privacy Policy refers to “we”, “us” or “our”, DBT GmbH is meant.

2. General information on data processing

Protecting your personal data is important to us.

We process personal data solely in accordance with applicable data protection law, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant statutory provisions.

Personal data is processed only where necessary to provide our services, perform contracts, comply with legal obligations or pursue legitimate interests.

3. Categories of data processed

Depending on how you use our services, we may in particular process:

  • Name
  • Address
  • Phone number
  • Email address
  • Booking data
  • Payment data
  • Invoice data
  • Communication data
  • Contract data
  • Participant data
  • Technical usage data
  • Photo and video material
  • Location data from rental bicycles (where available)

4. Legal bases for processing

Personal data is processed in particular on the basis of:

Art. 6(1)(a) GDPR (Consent)

Art. 6(1)(b) GDPR (Performance of a contract and pre-contractual measures)

Art. 6(1)(c) GDPR (Legal obligations)

Art. 6(1)(f) GDPR (Legitimate interests)

Legitimate interests may in particular include:

  • Running our tours
  • Bicycle rental
  • Customer service
  • Fraud prevention
  • Protection against theft
  • Protection of property
  • IT security
  • Enforcement of legal claims
  • Documentation of damage incidents

5. Bookings and contract performance

When you book tours, events or rental services, we process the personal data required for this purpose.

This may in particular include:

Processing is carried out for:

The legal basis is Art. 6(1)(b) GDPR.

  • Name
  • Email address
  • Phone number
  • Number of participants
  • Time of booking
  • Payment information
  • Billing address
  • Handling the booking
  • Performance of the contract
  • Communication with participants
  • Invoicing
  • Payment processing
  • Handling complaints

6. Bookings via third parties

Tours and services may be booked via external platforms or tour operators.

These include in particular:

In these cases we receive personal data only to the extent required to deliver the booked service.

The privacy policies of the respective contracting partner also apply to data processing in connection with the booking.

  • Baja Bikes
  • TUI
  • Tour operators
  • Travel agencies
  • Schools
  • Companies
  • Other distribution partners

7. Contacting us

If you contact us by email, phone, contact form or otherwise, we process the data you provide to handle your enquiry.

This concerns in particular:

Processing is based on Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

  • Name
  • Contact details
  • Content of the enquiry
  • Correspondence history

8. Accounting and tax retention

To meet statutory retention and documentation obligations, we store billing-related data in accordance with legal requirements.

This includes in particular:

Processing is based on Art. 6(1)(c) GDPR.

Statutory retention periods are generally six to ten years.

  • Invoices
  • Payment receipts
  • Booking records
  • Tax-relevant documents

9. Bicycle rental and identity verification

When renting bicycles, e-bikes or other equipment, personal data may be collected where necessary to perform the rental contract, prevent fraud, handle damage claims or protect our property.

This may in particular include:

We may require presentation of a valid identity card, passport or comparable official identification document.

To simplify contract handling and avoid transmission errors, the identity document may be photographed.

Where possible and practicable, the photograph on the document will be partially covered by the holder or a staff member to make misuse of the image more difficult.

Photographic documentation is used solely for:

It is not used for marketing, profiling or other non-contractual purposes.

Access to this data is limited to staff who need it to perform the rental contract, handle damage incidents or enforce legitimate claims.

Stored data is protected against unauthorised access by appropriate technical and organisational measures.

Only data necessary for the purposes stated above is processed.

Unless statutory retention periods apply or outstanding claims, damage incidents, investigations or other legitimate interests exist, identity verification data is deleted after a reasonable period.

DBT GmbH does not use identity document data for marketing, personality profiling or automated decision-making.

The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

  • Name;
  • Address;
  • Phone number;
  • Email address;
  • Booking data;
  • Rental contract data;
  • Proof of identity.
  • Identity verification;
  • Contract performance;
  • Fraud prevention;
  • Theft prevention;
  • Handling damage incidents;
  • Enforcement of legitimate claims.

10. GPS tracking of rental bicycles

Some rental bicycles may be equipped with GPS tracking systems.

Tracking serves in particular:

GPS systems are not used for continuous monitoring of our customers’ behaviour.

Continuous tracking or recovery cannot be guaranteed at all times due to technical limitations.

GPS technology for non-electric rental bicycles is still under development. Interference, inaccuracy, loss of signal or technical failure cannot be ruled out.

Equipping a bicycle with GPS does not give rise to any claim to successful tracking, recovery or theft investigation.

The legal basis is Art. 6(1)(f) GDPR.

  • Theft prevention;
  • Recovery of lost bicycles;
  • Protection of our property;
  • Clarification of damage incidents.

11. Photo and video recordings during tours

During tours, events, training or other activities, photos and videos may be taken.

These recordings may in particular be used for:

Processing is based on our legitimate interest under Art. 6(1)(f) GDPR or on consent under Art. 6(1)(a) GDPR where required.

Participants may object to use of their image at any time or state at the start of an event that they do not wish to be photographed or filmed.

We endeavour to take the legitimate interests of affected persons appropriately into account.

For group events, school classes or corporate events, additional rules of the respective client may apply.

  • Documentation;
  • Public relations;
  • Marketing;
  • Social media channels;
  • Websites;
  • Print materials;
  • Press work;
  • Corporate presentation.

12. Video surveillance

To protect people, property and operations, premises, storage areas, workshops, entrances, bicycle parking areas or other facilities may be monitored by video.

Video surveillance serves in particular:

The legal basis is Art. 6(1)(f) GDPR.

Surveillance is limited to what is necessary.

Affected areas are indicated by signage.

  • Theft prevention;
  • Protection of employees;
  • Protection of customers;
  • Investigation of criminal offences;
  • Securing evidence in accidents;
  • Documentation of damage incidents;
  • Protection against vandalism;
  • Safeguarding legitimate business interests.

13. Retention period for video recordings

Video recordings are generally stored only for a limited period.

If no security-relevant incident is identified, automatic deletion usually occurs within 72 hours.

If an incident occurs, in particular:

the relevant recordings may be stored until the matter is fully resolved.

After completion, the relevant data is deleted unless statutory retention periods apply.

  • Theft;
  • Property damage;
  • Accident;
  • Act of violence;
  • Suspected fraud;
  • Threats;
  • Vandalism;
  • Other security-relevant events;

14. Damage incidents and incident management

In accidents, damage, loss, theft or other incidents, personal data may be processed where necessary to handle the matter.

This may in particular include:

Processing is carried out in particular for:

The legal basis is Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.

  • Personal details of those involved;
  • Witness statements;
  • Image and video material;
  • Damage reports;
  • Police reference numbers;
  • Insurance information;
  • Communication data;
  • Contract data;
  • Rental data.
  • Damage handling;
  • Assessment of claims;
  • Securing evidence;
  • Communication with insurers;
  • Communication with authorities;
  • Enforcement or defence of legal claims.

15. Applications

If you apply to DBT GmbH, we process the personal data you submit solely to conduct the recruitment process.

This includes in particular:

Data is accessible only to persons involved in deciding on the position. If no employment relationship is established, data is deleted after statutory or permitted retention periods unless you have expressly consented to longer storage.

The legal basis is Art. 6(1)(b) GDPR and Section 26 BDSG.

  • Contact details;
  • CV;
  • Qualification certificates;
  • Correspondence;
  • References;
  • Other application documents.
Privacy Policy | Doggy Bag Tours