Privacy Policy

Privacy Policy Regarding the Use of Data on Virail.com

Data privacy is a matter of trust, and your trust matters to Virail. It is therefore important to us that your personal data is protected and that its collection, processing and use in relation to Virail’s services in our app and on our website virail.com complies with the law. In this Policy, we want to tell you about how we collect and use data, in order to give you an overview of how your personal data will be used.

1. Overview

The following Privacy Policy contains information about the way and extent to which personal data is processed by Virail. Personal data is information that can be directly or indirectly attributed to or associated with you personally, such as your name or your email address.

2. Name and contact details of the controller responsible for processing and the company’s Data Protection Officer

This Privacy Policy applies to the data processing performed by Virail GmbH, Winsstraße 15, 10405 Berlin (the “controller”, hereinafter “Virail”), to be contacted at [email protected], and for the following website or application: www.virail.com.

3. The purposes for which data is processed, the legal basis and legitimate interests pursued by Virail or a third party, as well as categories of recipients

3.1. Accessing our website/application

When you access our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in what is known as a log file. We have no control over this. The following information will also be collected without any action on your part and be stored until it is automatically deleted:

The legal basis for processing your IP address is Article 6 (1) (f) of the General Data Processing Regulation (GDPR). Our legitimate interest is based on the purposes of data collection listed below. We would like to point out that we are unable to draw any direct conclusions regarding your identity from the data that is collected, and that we refrain from doing so.

We use the IP address of your device and the other data listed above for the following purposes:

The data is stored for a period of up to 7 days and is then deleted automatically. We also use what are known as cookies for our website/application, as well as tracking tools, targeting methods and social media plug-ins. The exact procedures used and how your data are used for this purpose are explained in more detail below.

3.2. Bookings and booking requests

3.2.1 Our Dual Functionality: Meta-Search and OTA

At Virail, we operate in a unique dual capacity within the travel industry. Our services encompass both a meta-search engine and the direct selling of travel tickets as an Online Travel Agency (OTA). Here's how each function serves our users:

As a Meta-Search Engine: We continue to provide comprehensive comparison capabilities, allowing users to search and compare travel options from various service providers. This includes aggregating information about prices, services, schedules, and more, to help users make informed decisions.

As an Online Travel Agency: In addition to our meta-search offerings, we also facilitate direct ticket sales. This allows users to conveniently book travel services directly through our platform, streamlining the booking process. Data Collection and Processing: Whether redirecting to partner sites or processing bookings directly, we collect essential data such as selected arrival and departure dates and cities. This practice aligns with Article 6 (1) (1) (b) of the GDPR, ensuring the privacy and security of user data.

3.2.2 Commitment to User Experience

Our dual operation as both a meta-search engine and an OTA reflects our commitment to providing versatile and user-friendly travel solutions. We are dedicated to maintaining the high standards of service and convenience that our users expect from Virail, whether they are comparing options or booking directly with us.

3.3. Cookies – general information

We use cookies on our website on the basis of Article 6 (1) (f) GDPR. Our interest in optimizing our website is deemed to be legitimate within the meaning of the aforementioned provision.

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website or use our app. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. The information stored in the cookie is tied to the specific device used. However, this does not mean that we are immediately aware of your identity. In part, cookies are used to make the use of our service more pleasant for you. For example, we use what are known as session cookies to detect that you have already visited individual pages on our website or that you have already logged in to your user account. These are automatically deleted after you leave our website. In addition, to ensure user-friendliness we also use temporary cookies, which are stored on your device for a specific period of time. If you visit our website again to use our services, it is automatically detected that you have already visited us, as well as what information you entered and the settings you used, so that you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of our website, to optimize our services, and to display information tailored to your specific needs. These cookies enable us to automatically detect that you have previously visited us when you return to our website. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or to make sure that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website. The storage period of cookies depends on their purpose and therefore varies.

3.4. Analytical tools: Google Analytics

In order to customize and continuously optimize our websites in line with users’ needs, we deploy tools on the basis of Article 6 (1) (f) GDPR which permit us to analyze the use of our website.

We use Google Analytics, a web analytics service provided by Google. In doing so, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, e.g.

is transmitted to a Google server in the US and stored there. Google complies with the Privacy Policy of the US Privacy Shield and is registered with the U.S. Department of Commerce’s US Privacy Shield Program. In addition, we have entered into a data processing agreement for the use of Google Analytics. Under this agreement, Google assures that Google processes data in accordance with the General Data Protection Regulation and ensures the protection of the data subject’s rights.

The information is used to evaluate the use of the website, to compile reports on the activity on the website, and to provide other services related to the use of the website and internet usage for the purposes of market research and to customize the design of these websites in line with the needs of users. This information may also be transferred to third parties if required by law or if third parties are contracted to process this data. Under no circumstances will your IP address be combined with any other data from Google. The IP addresses are anonymized, which means that it is not possible to identify specific individuals (“IP masking”).

You can prevent the installation of cookies by setting your browser software accordingly. However, disabling cookies completely may mean that you will not be able to use all the features of our website. You may also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information regarding data privacy related to Google Analytics, visit the Google Analytics website: https://support.google.com/analytics/answer/6004245?hl=en.

3.5. Targeting

The targeting measures listed below and used by us are implemented on the basis of Article 6 (1) (f) GDPR. Targeting is used to perform targeted advertising. Through the targeting measures we use, we want to make sure that advertisements which are geared to your interests are displayed on your devices.

3.5.1. Double Click

On our website, information used for the optimization of advertisements is collected and evaluated using cookies (see section 3.6.). To do this, we use Google’s targeting technologies (Double Click). These technologies enable us to provide you with customized, interest-based advertising. The cookies used provide e.g. information regarding which of our products you are interested in. Based on this information, we can also display services on third-party websites that are specifically oriented towards your interests you have shown through your previous user behavior. The collection and evaluation of your user behavior takes place exclusively in pseudonymized manner and does not enable us to identify you. In particular, the information is not combined with personally identifiable information about you.

The cookie is automatically deleted after 30 days.

You can also set preferences for the display of interest-based advertising through the Google Ads Settings Manager (https://adssettings.google.com/authenticated?hl).

For more information and the privacy policy regarding advertising and Google, please refer to Google’s Privacy Policy and Terms of Service (https://policies.google.com/technologies/ads?hl).

3.5.2. Google AdWords

Virail uses Google’s AdWords service, which uses conversion tracking to measure the effectiveness of individual ads, offers and features. For this, a cookie is set as soon as you click on a Google ad. This cookie does not personally identify you, but rather makes it possible to determine whether you return to the page with the specific offer during the 30-day period in which the cookie is valid.

Each AdWords advertiser receives a different cookie. As a result, cookies cannot be tracked via the website of AdWords advertisers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. We track the total number of users who have clicked on an ad and were redirected to the website with a conversion-tracking tag.

You can permanently prevent the storage of the Google conversion cookie by setting your browser software accordingly. Google’s privacy policy on conversion tracking can be found here: https://services.google.com/sitestats/en.html.

When creating an account on Virail, or making a purchase via our checkout, the information we are provided such as email address may be shared with third parties to on occasion undertake services on our behalf. This data will be strictly handled in accordance to all applicable laws and regulations.

By agreeing to our terms and conditions, you consent to us being able to provide this information to third parties.

As an example use of this consent, Virail could provide more precise targetting via Google Ads using Google's Customer Match.

3.5.3. Google Dynamic Remarketing

We use the features of Google Dynamic Remarketing with the cross-device features of Google AdWords and Google DoubleClick.

This feature allows us to link the advertising audiences created with Google Dynamic Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized for you based on your past usage and browsing behavior on a device (e.g., smartphone) may also be displayed on another device you use (e.g., tablet or PC).

If you have given the appropriate consent to Google, Google will link your web and app browsing history with your Google Account for this purpose. That way, the same personalized advertising messages can appear on any device you use to sign in to your Google Account.

To support this feature, Google Analytics collects Google-authenticated IDs of users who are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account. To do so, follow this link: https://adssettings.google.com/authenticated?hl.

For more information, as well as the provisions regarding data privacy, please see the Google Privacy Policy at https://policies.google.com/technologies/ads?hl.

3.5.4. Google AdSense

On our website, we use Google AdSense for displaying advertisements. In this way we can show you advertisements that may be of interest to you. These advertisements can be recognized by the reference “Google Ads”. To do this, Google uses web beacons and cookies (see section 3.6.). The information generated by cookies and web beacons about the use of the website (including your IP address) and delivery of advertising formats is transmitted to a Google server in the US and stored there. Google may share this information with third parties.

We have enabled third-party Google AdSense ads. The data may be transferred to third parties (named at https://support.google.com/dfp_sb/answer/94149).

You can prevent Google AdSense from installing cookies by disabling interest-based ads on Google via the link https://adssettings.google.com/authenticated?hl.

For more information, as well as the provisions regarding data privacy, please see the Google Privacy Policy at https://policies.google.com/technologies/ads?hl.

3.5.5. Google AdMob

We use Google AdMob to display ads in the Virail app. Google uses the Apple “Advertising Identifier” (hereafter “Apple Ad-ID”) for advertising control in the app. A pseudonymized user profile is created under the Apple Ad-ID so that the user can be matched to different advertising segments on the Apple advertising platform in order to be able to display interest-based advertising.

The Apple Ad-ID is a pseudonym that prevents personal plain data from being disclosed to Google. The Apple Ad-ID is transmitted to a Google server in the US and stored there.

You can prevent the use of the Apple Ad-ID by clicking on “No Ad-Tracking” under “Privacy/Advertising” in your system settings. Alternatively, you can also click “Reset Ad ID” to generate a new, randomly chosen Apple Ad ID and thus prevent a profile from being generated.

3.5.6. Bing Ads

We use Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (“Microsoft”). This allows us to track user activity on our website when users reach our website through advertisements from Bing Ads.

If you reach our website via a Bing Ads advertisement, a cookie will be placed on your computer (see section 3.6.). A Bing UET tag is integrated into our website. This is a code that is used to store data about the use of the website in connection with the cookie. Among others, this includes the time spent on the website, which areas of the website were accessed, and what ads brought users to the website. Information about your identity is not collected.

This information is transmitted to Microsoft servers in the US and stored there for a maximum of 180 days.

More information on Bing Ads’ analytical services can be found on Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2). For more information about Microsoft’s privacy practice, please see Microsoft’s Privacy Policy (https://privacy.microsoft.com/en-us/privacystatement).

3.5.7. MediaAlpha

We offer personalized shopping experiences and advertising through MediaAlpha. To view MediaAlpha's privacy policy, click here. You can opt out at any time by clicking here.

Information relevant for European visitors can be found here.

3.5.8. ADARA

We use ADARA’s cookie to assist with our marketing campaigns in addition to gaining valuable insights to allow ADARA to present more relevant and personalized offers. Information shared through the ADARA cookie is aggregated and anonymous and therefore unable to identify you by your name.

You can opt-out at www.adara.com/opt-out . You can also request your data as well as request deletion of your data from go.adara.com/sar-1018

3.5.9. Travel Audience

Travel Audience operates a data-driven travel advertising platform. We use the cookie from Travel Audience to assist with our marketing campaigns in addition to gaining valuable insights to allow Travel Audience to present more relevant and personalized offers. You can opt-out at https://travelaudience.com/product-privacy-policy/ (7.2f).

3.5.10. Sojern

Sojern operates a data-driven travel advertising platform. We use the cookie from Sojern to assist with our marketing campaigns in addition to gaining valuable insights to allow Sojern to present more relevant and personalized offers. You can opt-out at https://www.sojern.com/privacy/.

3.5.11. Clicktripz

We offer personalized shopping experiences and advertising through Clicktripz. To view Clicktripz's privacy policy, click here. You can opt out at any time by clicking here.

3.6. Option to object/opt-out

You can prevent the targeting technologies we described by activating the appropriate cookie setting in your browser (see also section 3.5.). In addition, you have the option of deactivating preference-based advertising with the help of the preference manager available here: http://www.youronlinechoices.com/uk/your-ad-choices.

4. Newsletter

4.1. General information

With your consent under Article 6(1)(a) GDPR, you can subscribe our newsletter which will inform you about offers on our Services and from third parties. To sign up for our newsletter, we use the “double opt-in” method. This means that after you have signed up, we will send you an e-mail to the e-mail address specified, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your sign-up within 24 hours, your information will be locked and automatically deleted after one month.

In addition, we save the IP addresses you used and the times of sign-up and confirmation. The purpose of the procedure is to verify your sign-up and, if necessary, to inform you about possible misuse of your personal data.

The only requirement for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6(1)(a) GDPR.

You may revoke your consent to receiving the newsletter at any time by clicking the link provided in each newsletter e-mail or by contacting our data protection officer.

4.2. Newsletter Tracking

We use web beacons, tracking pixels and other technologies to track and analyze your interactions with the newsletter. This data is allocated to your e-mail address and a pseudonymized ID. We use this data to generate a user profile to personalise the newsletter for you. Your user profile will be based on the interactions you have with the newsletter, our Services and third-party websites and apps.

You can object to this at any time by using the unsubscribe link provided in each e-mail or by contacting our data protection officer.

Newsletter tracking is not possible if you've deactivated image viewing by default in your e-mail application. In this case, the newsletter will not be displayed in full and you won’t be able to use all the features. If you display images manually, tracking will occur.

5.Google Maps

We use Google Maps API for displaying interactive maps directly on our website and to enable the simplified use of map functionality. Your IP address is transmitted and stored on one of Google’s servers in the US for the usage of Google Maps functionality (see section 3.7.1 regarding the US Privacy Shield). Legal basis is (Article 6 (1) (f) GDPR).

Please see the Terms of Service for Google Maps here: https://www.google.com/intl/en/help/terms_maps.html. You can find further information on data privacy in Google’s Privacy Policy here: https://policies.google.com/privacy.

6. Mobile App Analytics and Crash Reporting

6.1 Statistics and Analytics

We use data analytics services in our mobile apps to better understand how users interact with our app, improve our services, and provide a seamless experience. These analytics services help us analyze app usage data, track transitions to our partner websites, and gather aggregated information about app interactions. For such purposes, we may use your IP address and device identifier to create pseudonymized usage profiles, also known as "cross-device tracking." You can disable the analytics functionality in the app settings at any time.

Our apps use the following analytics services:

  • Google Analytics and Firebase Analytics: These services are provided by Google LLC. ("Google") and use SDKs (software development kits) installed on the app to analyze app usage. Information collected includes truncated IP addresses and other interaction data, which is sent to Google servers in the United States. To ensure your privacy, IP anonymization is enabled; this means IP addresses are shortened within the EU or EEA before transfer to Google’s servers in the U.S., except in rare cases. Google uses this data to evaluate app usage, compile reports, and improve the app experience. Further information can be found in Google’s Privacy Policy at https://policies.google.com/privacy.

6.2 Crash Reporting

To improve app stability and address technical issues, we use Sentry, a crash-reporting service. Sentry collects information on errors and crashes that occur during app usage, which may include device information and app usage details. This data helps us identify and resolve technical problems to ensure a better user experience. Sentry handles data according to GDPR compliance standards, and no personally identifiable information is stored in crash reports. For more information, please refer to Sentry’s Privacy Policy at https://sentry.io/privacy.

7. Contact

If you have any question, please contact our customer service directly at [email protected].

8. Your rights

8.1. Overview

In addition to the right to revoke the consent you have granted to us, you are entitled to the following further rights if the relevant legal requirements apply:

8.2. Right to object

Under the conditions of Article 21 (1) GDPR, data processing can be objected to on grounds relating to the particular situation of the data subject.

The above general right of objection applies to all processing purposes described in this Privacy Policy which are based on Article 6 (1) (f) GDPR. Unlike the special right of objection to data processing for advertising purposes, under the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance for this (for example, possible danger to life or health).