ROBINSON App & ROBINSON.com Privacy Notice

Think Travel. Think TUI. At TUI we create unforgettable moments for our customers across the world and make their dreams come true. Looking after the personal data you share with us is an important part of this. We want you to be confident that your data is safe and secure with us, and understand how we use it to offer you a better and more unique and inspiring experience. See the TUI Group website for more information about us.

What this Privacy Notice covers

The data controller is Robinson Club GmbH, Karl-Wiechert-Allee 4, 30625 Hannover, Germany (referred to in this Notice as “we” or “us”), part of the TUI Group. We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains: We have tried to keep this Notice as simple as possible, but if you are not familiar with terms such as data controller, special categories of personal data, then read about these and some others in Key terms.

Personal data we collect

When you register for any of our services, you may provide us with

When you book a hotel accommodation or other products or services from our offers, we collect data for the fulfillment of your contract with us:

When you browse our websites or use our mobile apps, we may collect:

If you book hotel accommodation, buy other products or services from our offers, browse our websites or use our mobile apps, we may collect:

During your stay in our hotels we may collect:

When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our services, we may collect:

Other sources of personal data:

Personal data you provide about other individuals:

Using your personal data

We use your personal data in a variety of ways, as explained below.

To provide the products and services you request

We need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.

To manage and improve our products, services and day-to-day operations

We use personal data to manage and improve our products, websites, mobile apps, customer loyalty or recognition programme(s) and other services

We monitor how our services are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our services.

We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.

We use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, shops, IT systems, security, know-how and the way we communicate with you.

We use CCTV images to help maintain the safety of anyone working in or visiting our shops, premises and other buildings, and for the prevention, detection and prosecution of criminal offences. We may also rely on the images to establish, exercise or defend our legal rights.

To make contact and interact with you

We want to serve you better as a customer so if you contact us, for example by email, post, and phone or via social media, we may use personal data to provide clarification or assistance to you.

We need to process your personal data so that we can manage any promotions and competitions you choose to enter, including those we run with our suppliers and retail partners. For example, if you win a prize.

We may invite you to take part in customer surveys, questionnaires and other market research activities carried out by the TUI Group and by other organisations on our behalf.

To help us to better understand you as a customer, and to be able to provide you with services and marketing communications (including online advertising relevant to your interests), we may combine the personal data we collect when you make purchases in-shop with personal data collected from our websites, mobile apps and other sources.

We do not sell your personal data to third parties.

Marketing measures with your consent

From time to time we may send you relevant offers and news about our products and services in a number of ways, including by email, messenger or phone. We may also send you information about other companies’ products and services that we believe may be of interest to you. We will only do this if you previously agreed to receive these marketing communications.

When you book or register with us we will ask if you would like to receive marketing communications.We will require verification of your online contact information for marketing purposes using our double opt-in procedure. This will require you to activate a link sent via email, we will only send you email marketing when you have done this. You can retract your consent to our marketing communications at any time (right to object) We verify your online contact information for marketing information once again, so we ask you, for example when registering for e-mail marketing, to confirm this in the so-called double opt-in procedure, i.e. we only send you e-mail marketing Communication when you activate via the Sent link. . You can retract your consent to the marketing communication at any time(right to object e.g. by email to crm@robinson.com). You can retract your consent any time. If you no longer wish to receive advertising via a particular channel (e.g. telephone), you should inform us of this in the same way as mentioned above as well as a retraction for all given consent for marketing purposes. Of course, the choice is entirely yours, but if you say you do not want to receive marketing information from us this will prevent you from receiving great offers or promotions that may be of interest to you.

You may still receive service-related communications from us. For example, confirming bookings you make with us and providing important information about the use of our products or services.

Product recommendation via e-mail

As a customer of Robinson Club GmbH you will receive regular product recommendations from us by email. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter, or if you have agreed to the marketing communication by email. On the basis of your latest purchase with us, we will send you information about our product offerings. We strictly comply with the legal requirements. If you do not wish to receive any product recommendations by email from us, you can retract your consent at any time; sending an email to: crm@robinson.com is sufficient. Of course you will also find an unsubscribe link in every email.

To personalise your experience

We want to ensure that marketing communications (also online advertisement) relating to our products and services, and those of our suppliers, retail partners and the TUI Group, including online advertising, are relevant to your interests.

To do this, we may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you. We use existing information such as receipt and read confirmation of e-mails, information about computers and connection to the Internet, operating system and platform, your order history, your service history, date and time you visited the homepage and products you have looked at. This analysis and evaluation helps us to better understand you as a customer and it allows us to provide you with personalised offers and services. Our aim is to make our advertising more useful and interesting for you, which enables us to offer you products and services that better meet your needs as a customer

If you do not want to receive a personalised service from us, you have the right to object your consent to us at any time by writing (e.g. email) to crm@robinson.com. In this case, you will receive unadjusted standard advertising. Of course, you can also retract your consent to all marketing communications by us at any time or revoke your consent with effect for the future. We will update our records as soon as we can.

Market research

We like to hear your views to help us to improve our products and services, so we may contact you for market research purposes. You always have the choice about whether to take part or continue in our market research.

Sharing personal data with suppliers and retail partners

In order to provide products or services requested by you we may share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies, including independent operators of our spa, sports providers (e.g. water sports), security services and other applicable service providers.

We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, advertising campaign, market research, processing payments and delivering products and services.

We may need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.

When we share personal data with other organisations we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

We only share the minimum personal data that enable our suppliers and retail partners to provide their services to you and us.

Sharing personal data with regulatory authorities

So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.

We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.

Protecting your personal data

We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.

The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Notice These protections include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission , and appropriate security measures.

Data retention

We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.

About cookies and similar technologies

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience.

Links to other websites

Our websites or mobile apps may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.

Collection of general data and information

Requests from the app automatically generate a web server log entry - the same happens when opening a web page - as well as requesting other third-party content. Since the log entry (also "log file") is a standard format, it always contains a defined set of information about the requesting browser client: date, time, referrer, IP address of the client, user agent, etc. The log file is stored on the server. This data is usage data that is generated during any data transfer on the Internet. The IP address is stored anonymized (truncated by the last four digits). Solely in the event of errors or attacks, we will store the non-anonymized IP address for 24 hours. The legal basis for this data collection is Art. 6 para. 1 lit. f GDPR.

The app requests permission to send push notifications so that users can be informed about offers during their stay. This sharing is purely voluntary and can be revoked at any time in the operating system settings.

For certain functions, the app requests permission to use the user's location. The permission is voluntary. This location data is forwarded to the servers of the Provider. This data is used anonymously in order to improve the user experience of the app and the stay on site. This data will not be passed on to third parties.

The permission to use locating data can be revoked at any time by withdrawing access to the locating data from the app in the operating system settings.

Firebase Analytics and Crash Reporting in the app

The ios and Android apps use Firebase Analytics, an analytics service provided by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”).

The app uses a cookie-like token (Instance ID) to recognize the device at Firebase Analytics and to enable an analysis of your usage behavior. The token is unique to the app and not retained on reinstalling the app or resetting the mobile device. We have disabled collection of Advertising IDs and Indentifiers, so that a persistent, a cross-app and a cross-device recognition is not possible. The information about app usage gathered by means of the Instance ID is sent to Google’s servers in the USA. The IP address used during use is shortened before leaving the EU or the EEA. Only in exceptional cases does this reduction take place in the USA. The IP address transmitted by the app is not linked to any other data at Google. Google will use this data to analyze app usage on behalf of the Provider and compile reports for the Provider. These reports are anonymised. Therefore, they do not contain personal data and do not allow the identification of individual users. Instead, the data is aggregated over all users. These reports include, for example, the frequency of use, the place of use and the content viewed. With the help of these reports, the Provider will improve the product quality. This also explains the legitimate interest of the Provider in data processing. The legal basis for the use of Firebase Analytics is § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR. The collected data will be deleted after 2 months.

For Crash Reporting, we’re using “Firebase Crashlytics”, which sends the aforementioned Instance ID when using the app. When a crash occurs, the App will also send crash reports to Google’s servers to help us improve the quality of the app by being able to in-depth analyze crashes of the app. The legal basis for the use of Firebase Crashlytics is § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR. The collected data will be deleted after 90 days.

You can opt-out of the analysis of your user data at any time by deactivating the "Tracking" function in the settings of the native app. If you're using the web app, you need to install the browser Add-On which Google offers at this link https://tools.google.com/dlpage/gaoptout. This prevents the future collection of your data (including the anonymised IP address) and sending it to Google. You will need to disable this setting on all devices on which you use the App. Also if you delete and reinstall the app on a device, you must disable tracking again.

Further information and Google's current privacy policy can be found at https://www.google.de/policies/privacy/ and https://www.google.com/analytics/terms/ More detailed information about Google Analytics is available via this link https://www.google.com/analytics/.

Bookings in the app

Within the app, we're offering a service to make bookings for the stay in the hotel. The entry of first/last name and room number/booking number is mandatory in accordance with legal requirements. If necessary, further personal data is requested which might be required for the processing of the booking. Under no circumstances is data queried that is not necessary for executing the booking. The data entered is required to forward the bookings to the appropriate locations in the hotel and to prevent misuse.

Personal data will only be forwarded to the respective supplier and, if necessary, to external booking providers fulfilling the booking, but never to other third parties.

Pinboard functionality in the app

The app offers a pinboard functionality where users of the app can mutually exchange messages with each other. In order to use the pinboard, an email address, a freely selectable user name as well as an optional profile picture must be entered. The e-mail address is not publicly visible and is only used to send notifications about new messages to the user. Employees will only see the email address if there is justified interest (e.g. misuse).

Due to the free choice of user name and profile picture, every user is free to use the pinboard anonymously or with clear names. The username and profile picture are displayed to other users who also participate in the pinboard functionality.

Furthermore, pinboard users can write messages as well as answers to existing messages. These are displayed within the app to other users and are stored on the server side with creator and time stamp.

User name, profile picture and messages are used exclusively in the context of the pinboard functionality and are not passed on to third parties. Users and messages can be reported to moderators by other users and may be deleted or blocked by them.

In the settings of the app, the participation of the pinboard functionality can be revoked by deleting the pinboard profile, whereby the personal data including the posts are removed from the pinboard. The data will then remain on our servers within a retention period of 7 days in order to comply with legal requirements in case of fraudulent use. The legal basis for the storage of the pinboard profile Is Art. 6 para 1 lit. a.

Social media features

Our websites or mobile apps may contain social media features such as Facebook, Twitter, Google+ and Pinterest that have their own privacy notices.

Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data. We do not accept any responsibility or liability for these features.

On our websites we use following Plugins: Facebook, Twitter und GooglePlus. If you do not want social networks to collect data about you through active plugins, you can use the "block third party cookies" feature in your browser settings. Your browser will then not send cookies to the server for embedded content from other providers. With this setting, however, other cross-page functions may no longer work except for the plug-ins.

When these plugins are enabled, your browser will connect to the servers of the social network directly as soon as you access a website of our internet presence. The content of the plugin is transmitted directly from the social network to your browser and is integrated into the website. By incorporating the plugins, the social network receives the information that you have called the corresponding page of our Internet presence. If you are logged in to the social network, you can assign the visit to your account. If you interact with the plugins, such as the Facebook ' like me ' button or leave a comment, the corresponding information is transmitted from your browser directly to the social network and stored there. The purpose and scope of the data collection and the further processing and use of the data by social networks, as well as their respective rights and settings for the protection of your privacy, can be consulted in the data protection information of the relevant networks or Web pages. You will find the links below.

Even if you are not signed in to social networks, Web pages with active social plug-ins can send data to the networks. An active plugin is used to set a cookie with an identifier each time the webpage is visited. Since your browser sends this cookie unasked with every connection to a network server, the network could in principle create a profile with Web pages of the user belonging to the identifier. It would also be possible to assign this identifier to a person again later, for example when you log on to the social network later.

Involvement Facebook Social Plugins

In our website are Social plugins ("plugins") of the social network facebook.com, which Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), Involved. If you wish to know more about the purpose and the scope of the data collection, the further processing and use of the data by Facebook, as well as your rights and settings in this regard to protect your Privacy, please refer to the Facebook privacy policy: http://www.facebook.com/policy.php. You can also block Facebook social plugins with add-ons for your browser, for example With the "Facebook blocker".

Involvement Google Plus Plugins

In our website are Social plugins ("plugins") of the social network of Google Plus, which From Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google") is involved. If you wish to know more about the purpose and the scope of the data collection, the further processing and use of the data by Google Plus, as well as your rights and settings in this regard for the protection of your privacy, please refer to the Google Privacy Policy: http://www.google.com/intl/de/policies/privacy/.

Involvement Twitter Plugins

In our website are Social plugins ("plugins") of the social network of Twitter, which is Twitter Inc., based in 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, operates ("Twitter"). If you wish to know more about the purpose and scope of the data collection, the further processing and use of the data by Twitter as well as your rights and settings to protect your privacy, please refer to the Privacy policy of Twitter: https://twitter.com/privacy.

Involvement Pinterest Plugins

On this website are further plugins of the social Network Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest") integrated. The Pinterest plugin is visible on the "Pin it-button" on our website. If you click on the Pinterest "Pin IT-button" while you are logged in to your Pinterest account, you can link the contents of our pages to your Pinterest profile. This allows Pinterest to associate the visit to our pages with your user account. We point out that we are not aware of the contents of the transmitted data and their use by Pinterest. For more information, please refer to the Pinterest Privacy policy: http://about.pinterest.com/de/privacy

Involvement Instagram Plugins

On this website are also integrated plugins of the social Network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram"). The Instagram plugin is visible by the "Instagram-button" on our site. If you click on the Instagram button while you are logged in to your Instagram account, you can link the content of our pages to your Instagram profile. This will allow Instagram to associate the visit to our pages with your user account. We point out that we are not aware of the content of the transmitted data and its use by Instagram. For more information, please refer to the Instagram privacy policy: http://instagram.com/about/legal/privacy/

Accessing and updating your personal data; and complaints

You have a right to ask for a copy of the personal data we hold about you, although you should be able to access online the personal data associated with your account or booking. You can write to us asking for a copy of other personal data we hold about you.

Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.

We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.

You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organisation.

We will update or erase your data, unless we have to keep it for legitimate business or legal purposes. You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority.

Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else

Please submit your request or complaint in writing to the Legal Department/Data Protection Officer: Rachel White, Robinson Club GmbH

Legal basis for processing personal data

We will only collect and use your personal data if at least one of the following conditions applies: Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest.

Change to our Notice

This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Privacy Notice changes.

Last update: October 2019

Key terms

Data controller: The data controller determines the purpose and manner in which personal data is used.
European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.
Online advertising: Marketing messages that you may see on the internet.
Special categories of personal data:This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.