top of page

PRIVACY POLICY

I.DATA PROTECTION AT A GLANCE

1.General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can personally identify you. Detailed information on data protection can be found in our privacy policy below.

2.Data Collection on This Website

a.Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. The operator's contact details can be found in the section "Notice Regarding the Responsible Party" in this privacy policy.

b.How do we collect your data?

Your data is collected in two ways:

  • Some data is collected when you provide it to us. This could be data entered into a contact form, booking form, or customer account registration, for example.

  • Other data is automatically collected or with your consent when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

c.What do we use your data for?

Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior, to process your travel bookings and provide consultation services, to communicate with you about your trip, and to fulfill our contractual obligations.

d.What rights do you have regarding your data?

You have the right to request information about the origin, recipient, and purpose of your stored personal data at any time free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. In certain circumstances, you also have the right to request the restriction of processing of your personal data. Furthermore, you have the right to file a complaint with the competent supervisory authority.

You can contact us at any time regarding these and other data protection questions.

II.HOSTING

Our website is hosted on Wix.com Ltd. Wix.com provides us with the online platform that allows us to offer our services. Your data may be stored through Wix’s data storage, databases and general Wix applications. They store your data on secure servers behind a firewall.

Wix stores data in data centers located in the United States, Europe, and Israel.

 

Please find more information regarding the WIX Privacy Policy on:

https://www.wix.com/about/privacy

 

III.GENERAL INFORMATION AND MANDATORY NOTICES

1.Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.

When you use this website, various personal data are collected. Personal data are data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission over the Internet (e.g., communication via email) can have security gaps. Complete protection of data against access by third parties is not possible.

2.Notice Regarding the Responsible Party

The responsible party for data processing on this website is:

RoxysTravelPlan

Fichtenstraße 8

93458 Eschlkam

Germany

Phone: +4915254252476

Email: info@roxystravelplan.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

3.Storage Duration

Unless a more specific storage period is stated in this privacy policy, your personal data remain with us until the purpose for the data processing ceases. If you assert a legitimate request for deletion or revoke your consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after these reasons no longer apply.

Specific Retention Periods:

4.General Information on Legal Bases for Data Processing

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special data categories according to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), the processing is additionally based on Section 25(1) TDDDG. Consent can be revoked at any time.

If your data is required for contract fulfillment or pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation under Art. 6(1)(c) GDPR. Data processing may also occur based on our legitimate interest according to Art. 6(1)(f) GDPR. The relevant legal bases for data processing are provided in the subsequent sections of this privacy policy.

5.Recipients of Personal Data

As part of our business operations, we collaborate with various external entities. Transferring personal data to these external entities may be necessary. We only share personal data if required for contract fulfillment, if we are legally obligated (e.g., transfer of data to tax authorities), if we have a legitimate interest per Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. If we use processors, we only provide personal data based on a valid processing agreement. In cases of joint processing, a joint processing agreement is established.

Categories of Recipients:

  • Hosting provider (WIX Ltd) - Worldwide

  • Payment processors (eg, Stripe, Wix Payment, Pay Pal, Wise - Worldwide

  • Travel service providers (airlines, hotels, tour operators) - Worldwide

  • Email service provider IONOS - Worldwide

  • Tax authorities and legal authorities (when legally required)

6.International Data Transfers

When booking travel services, your data may be transferred to service providers located outside the European Economic Area (EEA), particularly when booking flights, accommodations, or activities in non-EU countries. We ensure such transfers comply with GDPR through:

  • EU Standard Contractual Clauses (SCCs) with data processors

  • Adequacy decisions by the EU Commission (for countries with adequate protection)

  • Your explicit consent for transfers necessary for contract performance (Art. 49(1)(b) GDPR)

Primary countries where data may be transferred: United States (for some payment processors and airlines), United Kingdom, Switzerland, and destination countries where you book travel services.

7.Revocation of Your Consent to Data Processing

Many data processing activities are only possible with your explicit consent. You can revoke your already granted consent at any time. The legality of data processing carried out until the revocation remains unaffected.

To revoke consent, contact us at: info@roxystravelplan.com with subject line 'Consent Revocation'

8.Right to Object to Data Collection (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME. THIS ALSO APPLIES TO PROFILING RELATED TO DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

9.Right to Lodge a Complaint with Supervisory Authority

In the case of GDPR violations, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace, or the place of the alleged violation. This right to lodge a complaint is without prejudice to other administrative or judicial remedies.

10.Right to Data Portability

You have the right to have data that we process based on your consent or in fulfillment of a contract automatically delivered to you or a third party in a standard, machine-readable format. If you request the direct transfer of data to another controller, this will only be done if technically feasible.

11.Right to Information, Correction, and Deletion

Within the framework of applicable legal provisions, you have the right to free information about your stored personal data, its origin, recipients, and the purpose of the data processing, as well as the right to correction or deletion of this data at any time. You can contact us at any time regarding this or other questions about personal data.

12.Right to Restrict Processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time regarding this. The right to restriction of processing applies in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.

  • If the processing of your personal data was/is unlawful, you may request restriction of data processing instead of deletion.

  • If we no longer need your personal data, but you need it for exercising, defending, or asserting legal claims, you have the right to request restriction of processing instead of deletion.

  • If you have objected according to Art. 21(1) GDPR, a balance between your interests and ours must be determined. Until it is established whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data – apart from storage – may only be processed with your consent or for asserting, exercising, or defending legal claims or for protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

13.SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, or booking information and payment data. You can recognize an encrypted connection by the address line of your browser changing from 'http://' to 'https://' and by the lock symbol in your browser line.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

14.DATA PROCESSING FOR TRAVEL BOOKINGS AND SERVICES

Purpose and Legal Basis:

When you book travel services through our platform, we process your personal data to fulfill the contract (Art. 6(1)(b) GDPR).

 

This includes:

  • Data Categories Processed:

    • Name, address, date of birth, nationality

    • Contact information (email, phone)

    • Passport/ID information (when required for bookings)

    • Travel preferences and special requirements (dietary, accessibility, medical)

    • Payment information (credit card, bank details)

    • Booking details (destinations, dates, services selected)

  • Your booking data is shared with:

    • Airlines, hotels, car rental companies, tour operators (as necessary for your booking)

    • Payment processors (to process transactions)

    • Immigration/customs authorities (when required by law)

Retention: Booking data is retained for 10 years to comply with German tax and commercial law (§ 147 AO, § 257 HGB).

IV.DATA COLLECTION ON THIS WEBSITE

1.Cookies

Our website uses so-called "cookies." Cookies are small data packets that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or they are automatically removed by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from external companies within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are required for electronic communication processes, the provision of certain functions you request (e.g., shopping cart functionality), or the optimization of the website (e.g., cookies for measuring web traffic) are stored based on Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of their services. If consent for storing cookies and similar recognition technologies is requested, processing occurs exclusively based on this consent (Article 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

Regarding the cookies collected on our Wix Website please refer to the Wix Cookies Policies: https://www.wix.com/about/cookie-policy

You can configure your browser to notify you when cookies are set, allow cookies only in individual cases, exclude cookies in specific cases or in general, and activate automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.

2.Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and version

  • Operating system used

  • Referrer URL

  • Hostname of the accessing computer

  • Time of the server request

  • IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, the server log files must be recorded.

Retention: For retention duration please refer to Wix Privacy Policy: https://www.wix.com/about/privacy

3.Contact Form, Email, Phone, or Fax

If you contact us by contact form, email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry, contact details, message content), will be stored and processed for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the fulfillment of a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR), if requested. Consent can be revoked at any time.

The data you send us via contact requests will remain with us until you request deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after completing your request). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

Retention: Contact inquiries are retained until the request is fulfilled plus 3 years for potential warranty or liability claims.

4.CUSTOMER ACCOUNT REGISTRATION

If you create a customer account on our website, we process the following data:

  • Name, email address, password (encrypted)

  • Optional: Phone number, date of birth, address

  • Booking history and preferences

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment) or Art. 6(1)(a) GDPR (consent for optional features)

Purpose: To provide you with access to your bookings, saved preferences, and personalized travel recommendations.

Retention: Account data is retained as long as your account is active. After account deletion, data is retained for 3 years for potential claims, then permanently deleted unless legal retention periods require longer storage.

5.NEWSLETTER AND MARKETING COMMUNICATIONS

If you subscribe to our newsletter or opt-in to marketing communications, we will send you regular updates about:

  • Travel offers and recommendations

  • Company news and updates

  • Special promotions and discounts

Legal Basis: Art. 6(1)(a) GDPR (your consent) or Art. 6(1)(f) GDPR (legitimate interest for existing customers regarding similar services)

Data Processed: Email address, name, communication preferences

You can unsubscribe at any time by:

  • Clicking the 'Unsubscribe' link in any marketing email

  • Contacting us at info@roxystravelplan.com

  • Updating your preferences in your customer account

Retention: Marketing consent data is retained until you withdraw consent, after which we will immediately stop sending marketing communications

V.PLUGINS AND TOOLS

1.Google Fonts (Local Hosting)

This site uses Google Fonts provided by Google for uniform font representation. The Google Fonts are installed locally. No connection to Google servers occurs.

For more information about Google Fonts, visit: https://developers.google.com/fonts/faq

Google's privacy policy: https://policies.google.com/privacy?hl=en

2.PAYMENT PROCESSORS

We use WIX Payment, Paypal, Stripe, Wise, Bank Transfer to process payments. When you make a payment, your payment data is transmitted directly to Wix Payment, Stripe, Paypal, Wise via an encrypted connection. We do not store complete credit card numbers on our servers.

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment)

Data Processed: Payment details, transaction amount, date

Privacy Policy:

3.Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to analyze how visitors use this website. The information generated by these cookies (such as pages visited, time spent on pages, device type, browser, and approximate location) is usually transmitted to and stored on Google servers.

We use Google Analytics 4 (GA4) with the following safeguards:

  • IP anonymization is activated (IP addresses are shortened before processing)

  • Data is used only for statistical and analytical purposes

  • We do not use Google Analytics to identify individual users

  • Data is not merged with other Google services

The collected information helps us understand how users interact with our website and improve its functionality and content.

Legal Basis: Art. 6(1)(a) GDPR (consent via cookie banner)

Data Processed: Usage data (e.g. pages viewed, session duration, device information, anonymized IP address)

Data Transfer to Third Countries: Data may be transferred to servers outside Switzerland or the EU (e.g. the United States). Such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission and recognized by Swiss authorities.

Storage Duration: Analytics data is stored for a limited period and automatically deleted according to Google Analytics retention settings.

You can prevent the collection of your data by Google Analytics by:

Google Privacy Policy: https://policies.google.com/privacy?hl=en

  1. Mailchimp (Newsletter & Email Marketing)

We use Mailchimp, an email marketing service provided by The Rocket Science Group LLC (Mailchimp), 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to manage and send newsletters and other email communications.

When you subscribe to our newsletter or provide your email address via a form on our website, the data you enter is transmitted to Mailchimp and stored on their servers. Mailchimp is used to organize, analyze, and send email communications.

Mailchimp allows us to analyze the performance of our campaigns, such as whether emails are opened or links are clicked. This analysis is carried out in an aggregated manner and is used solely to improve our communication.

Legal Basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract performance), where applicable

Data Processed: Email address, name (if provided), subscription date, IP address at the time of registration, usage data (e.g. open and click rates)

Double Opt-In: Newsletter subscriptions are confirmed using a double opt-in procedure. You can withdraw your consent at any time by using the unsubscribe link included in every email.

Data Transfer to Third Countries: Mailchimp processes data in the United States. Data transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission and recognized by Swiss authorities.

Storage Duration: Your data is stored for as long as you remain subscribed to the newsletter. After unsubscribing, your data will be deleted or anonymized unless statutory retention obligations apply.

Mailchimp Privacy Policy: https://www.intuit.com/privacy/statement/

5.IONOS (Email Communication)

We use IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, as our email service provider for business communications, including messages sent to and received via info@roxystravelplan.com

When you contact us by email, the information you provide (such as your email address, name, message content, and any attachments) is processed and stored on IONOS servers in order to handle your inquiry and communicate with you.

IONOS acts as a data processor and processes personal data solely in accordance with our instructions and applicable data protection laws.

Legal Basis: Art. 6(1)(b) GDPR (contract performance or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries), Art. 6(1)(a) GDPR (consent), where applicable

Data Processed: Email address, name, message content, attachments, date and time of communication, technical metadata (e.g. IP address, mail server logs)

Data Storage & Location: Data is stored and processed on secure servers located within the European Union.

Storage Duration: Email communications are retained for as long as necessary to process your request and in accordance with statutory retention obligations. Emails that are no longer required are deleted regularly.

IONOS Privacy Policy: https://www.ionos.com/terms-gtc/privacy-policy/

https://www.ionos.de/terms-gtc/terms-privacy

  1. Google Forms (Online Forms & Information Collection)

We use Google Forms, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to collect information submitted by users through online forms (e.g. contact requests, inquiries, questionnaires, registrations, or feedback forms).

When you complete and submit a form created with Google Forms, the information you enter is transmitted to Google and stored on Google’s servers. We use this data exclusively to process your request, respond to your inquiry, organize internal workflows, or fulfill the purpose specified in the respective form.

Google Forms may technically process metadata such as IP address, device information, and timestamps in order to provide and secure the service. We do not use the collected data for automated decision-making or profiling.

Legal Basis:

Art. 6(1)(a) GDPR (consent),

Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures),

Art. 6(1)(f) GDPR (legitimate interest in efficient communication and organization), where applicable.

Data Processed:

  • Information entered into the form (e.g. name, email address, phone number, travel preferences, comments)

  • Date and time of submission

  • Technical metadata (e.g. IP address, browser and device information)

Data Transfer to Third Countries:

Google may process data on servers located outside the European Union, including the United States. Data transfers are safeguarded through Standard Contractual Clauses (SCCs) approved by the European Commission, as well as additional technical and organizational measures implemented by Google.

Storage Duration:

The data collected via Google Forms is stored only for as long as necessary to fulfill the purpose for which it was collected, or as required by statutory retention obligations. Once the purpose no longer applies, the data will be deleted or anonymized.

Withdrawal of Consent:

You may withdraw your consent at any time with future effect by contacting us. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Google Privacy Policy:

https://policies.google.com/privacy

 

VI.CHILDREN'S PRIVACY

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18 without parental consent. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at info@roxystravelplan.com, and we will delete such information from our systems.

When booking travel for minors, the adult making the booking is responsible for providing accurate information and obtaining necessary consents on behalf of the minor.

VII.CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available at https://www.roxystravelplan.com/privacy

Material changes will be communicated via:

  • Prominent notice on our website

  • Email notification to registered users (if applicable)

Last Updated: 29 December 2025

VIII.CONTACT INFORMATION FOR DATA PROTECTION MATTERS

For questions or concerns about this privacy policy or our data processing practices, please contact:

RoxysTravelPlan

Attn: Data Protection

Fichtenstraße 8

93458 Eschlkam, Germany

Email: info@roxystravelplan.com

* * END OF PRIVACY POLICY * * *

bottom of page