Privacy Policy

Privacy Policy Regarding the Use of Data on Tanooky.com and Tanooky app.

Data privacy is a matter of trust, and your trust matters to Tanooky, a Virail company. It is therefore important to us that your personal data is protected and that its collection, processing and use in relation to Virail’s services in our app and on our website virail.com complies with the law. In this Policy, we want to tell you about how we collect and use data, in order to give you an overview of how your personal data will be used.

1. Overview

The following Privacy Policy contains information about the way and extent to which personal data is processed by Virail. Personal data is information that can be directly or indirectly attributed to or associated with you personally, such as your name or your email address.

2. Name and contact details of the controller responsible for processing and the company’s Data Protection Officer

This Privacy Policy applies to the data processing performed for the Tanooky product by Virail GmbH, Winsstraße 15, 10405 Berlin (the “controller”, hereinafter “Virail”), to be contacted at [email protected], and for the following website or application: www.tanooky.com

3. The purposes for which data is processed, the legal basis and legitimate interests pursued by Virail or a third party, as well as categories of recipients

3.1. Accessing our website/application

When you access our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in what is known as a log file. We have no control over this. The following information will also be collected without any action on your part and be stored until it is automatically deleted:

The legal basis for processing your IP address is Article 6 (1) (f) of the General Data Processing Regulation (GDPR). Our legitimate interest is based on the purposes of data collection listed below. We would like to point out that we are unable to draw any direct conclusions regarding your identity from the data that is collected, and that we refrain from doing so.

We use the IP address of your device and the other data listed above for the following purposes:

The data is stored for a period of up to 7 days and is then deleted automatically. We also use what are known as cookies for our website/application, as well as tracking tools, targeting methods and social media plug-ins. The exact procedures used and how your data are used for this purpose are explained in more detail below.

3.2. Bookings and booking requests

3.2.1 Our Dual Functionality: Meta-Search and OTA

At Virail, we operate in a unique dual capacity within the travel industry. Our services encompass both a meta-search engine and the direct selling of travel tickets as an Online Travel Agency (OTA). Here's how each function serves our users:

3.2.2 Commitment to User Experience

Our dual operation as both a meta-search engine and an OTA reflects our commitment to providing versatile and user-friendly travel solutions. We are dedicated to maintaining the high standards of service and convenience that our users expect from Virail, whether they are comparing options or booking directly with us.

3.3. Cookies – general information

We use cookies on our website on the basis of Article 6 (1) (f) GDPR. Our interest in optimizing our website is deemed to be legitimate within the meaning of the aforementioned provision.

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website or use our app. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. The information stored in the cookie is tied to the specific device used. However, this does not mean that we are immediately aware of your identity. In part, cookies are used to make the use of our service more pleasant for you. For example, we use what are known as session cookies to detect that you have already visited individual pages on our website or that you have already logged in to your user account. These are automatically deleted after you leave our website. In addition, to ensure user-friendliness we also use temporary cookies, which are stored on your device for a specific period of time. If you visit our website again to use our services, it is automatically detected that you have already visited us, as well as what information you entered and the settings you used, so that you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of our website, to optimize our services, and to display information tailored to your specific needs. These cookies enable us to automatically detect that you have previously visited us when you return to our website. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or to make sure that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website. The storage period of cookies depends on their purpose and therefore varies.

3.4. Analytical tools: Google Analytics

In order to customize and continuously optimize our websites in line with users’ needs, we deploy tools on the basis of Article 6 (1) (f) GDPR which permit us to analyze the use of our website.

We use Google Analytics, a web analytics service provided by Google. In doing so, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, e.g. browser type/version, operating system used, Referrer URL (the previously visited page), hostname of the accessing computer (IP address), time of server request, is transmitted to a Google server in the US and stored there. Google complies with the Privacy Policy of the US Privacy Shield and is registered with the U.S. Department of Commerce’s US Privacy Shield Program. In addition, we have entered into a data processing agreement for the use of Google Analytics. Under this agreement, Google assures that Google processes data in accordance with the General Data Protection Regulation and ensures the protection of the data subject’s rights.

The information is used to evaluate the use of the website, to compile reports on the activity on the website, and to provide other services related to the use of the website and internet usage for the purposes of market research and to customize the design of these websites in line with the needs of users. This information may also be transferred to third parties if required by law or if third parties are contracted to process this data. Under no circumstances will your IP address be combined with any other data from Google. The IP addresses are anonymized, which means that it is not possible to identify specific individuals (“IP masking”).

You can prevent the installation of cookies by setting your browser software accordingly. However, disabling cookies completely may mean that you will not be able to use all the features of our website. You may also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information regarding data privacy related to Google Analytics, visit the Google Analytics website: https://support.google.com/analytics/answer/6004245?hl=en.

3.5. Targeting

The targeting measures listed below and used by us are implemented on the basis of Article 6 (1) (f) GDPR. Targeting is used to perform targeted advertising. Through the targeting measures we use, we want to make sure that advertisements which are geared to your interests are displayed on your devices.

3.5.1. Double Click

On our website, information used for the optimization of advertisements is collected and evaluated using cookies (see section 3.6.). To do this, we use Google’s targeting technologies (Double Click). These technologies enable us to provide you with customized, interest-based advertising. The cookies used provide e.g. information regarding which of our products you are interested in. Based on this information, we can also display services on third-party websites that are specifically oriented towards your interests you have shown through your previous user behavior. The collection and evaluation of your user behavior takes place exclusively in pseudonymized manner and does not enable us to identify you. In particular, the information is not combined with personally identifiable information about you.

The cookie is automatically deleted after 30 days.

You can also set preferences for the display of interest-based advertising through the Google Ads Settings Manager (https://adssettings.google.com/authenticated?hl).

For more information and the privacy policy regarding advertising and Google, please refer to Google’s Privacy Policy and Terms of Service (https://policies.google.com/technologies/ads?hl).

3.5.2. Google AdWords

Virail uses Google’s AdWords service, which uses conversion tracking to measure the effectiveness of individual ads, offers and features. For this, a cookie is set as soon as you click on a Google ad. This cookie does not personally identify you, but rather makes it possible to determine whether you return to the page with the specific offer during the 30-day period in which the cookie is valid.

Each AdWords advertiser receives a different cookie. As a result, cookies cannot be tracked via the website of AdWords advertisers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. We track the total number of users who have clicked on an ad and were redirected to the website with a conversion-tracking tag.

You can permanently prevent the storage of the Google conversion cookie by setting your browser software accordingly. Google’s privacy policy on conversion tracking can be found here: https://services.google.com/sitestats/en.html.

When creating an account on Virail, or making a purchase via our checkout, the information we are provided such as email address may be shared with third parties to on occasion undertake services on our behalf. This data will be strictly handled in accordance to all applicable laws and regulations.

By agreeing to our terms and conditions, you consent to us being able to provide this information to third parties.

As an example use of this consent, Virail could provide more precise targetting via Google Ads using Google's Customer Match.

3.5.3. Google Dynamic Remarketing

We use the features of Google Dynamic Remarketing with the cross-device features of Google AdWords and Google DoubleClick.

This feature allows us to link the advertising audiences created with Google Dynamic Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized for you based on your past usage and browsing behavior on a device (e.g., smartphone) may also be displayed on another device you use (e.g., tablet or PC).

If you have given the appropriate consent to Google, Google will link your web and app browsing history with your Google Account for this purpose. That way, the same personalized advertising messages can appear on any device you use to sign in to your Google Account.

To support this feature, Google Analytics collects Google-authenticated IDs of users who are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account. To do so, follow this link: https://adssettings.google.com/authenticated?hl.

For more information, as well as the provisions regarding data privacy, please see the Google Privacy Policy at https://policies.google.com/technologies/ads?hl.

3.5.4. Google AdSense

On our website, we use Google AdSense for displaying advertisements. In this way we can show you advertisements that may be of interest to you. These advertisements can be recognized by the reference “Google Ads”. To do this, Google uses web beacons and cookies (see section 3.6.). The information generated by cookies and web beacons about the use of the website (including your IP address) and delivery of advertising formats is transmitted to a Google server in the US and stored there. Google may share this information with third parties.

We have enabled third-party Google AdSense ads. The data may be transferred to third parties (named at https://support.google.com/dfp_sb/answer/94149).

You can prevent Google AdSense from installing cookies by disabling interest-based ads on Google via the link https://adssettings.google.com/authenticated?hl.

For more information, as well as the provisions regarding data privacy, please see the Google Privacy Policy at https://policies.google.com/technologies/ads?hl.

3.5.5. Google AdMob

We use Google AdMob to display ads in the Virail app. Google uses the Apple “Advertising Identifier” (hereafter “Apple Ad-ID”) for advertising control in the app. A pseudonymized user profile is created under the Apple Ad-ID so that the user can be matched to different advertising segments on the Apple advertising platform in order to be able to display interest-based advertising.

The Apple Ad-ID is a pseudonym that prevents personal plain data from being disclosed to Google. The Apple Ad-ID is transmitted to a Google server in the US and stored there.

You can prevent the use of the Apple Ad-ID by clicking on “No Ad-Tracking” under “Privacy/Advertising” in your system settings. Alternatively, you can also click “Reset Ad ID” to generate a new, randomly chosen Apple Ad ID and thus prevent a profile from being generated.

3.5.6. Bing Ads

We use Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (“Microsoft”). This allows us to track user activity on our website when users reach our website through advertisements from Bing Ads.

If you reach our website via a Bing Ads advertisement, a cookie will be placed on your computer (see section 3.6.). A Bing UET tag is integrated into our website. This is a code that is used to store data about the use of the website in connection with the cookie. Among others, this includes the time spent on the website, which areas of the website were accessed, and what ads brought users to the website. Information about your identity is not collected.

This information is transmitted to Microsoft servers in the US and stored there for a maximum of 180 days.

More information on Bing Ads’ analytical services can be found on Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2). For more information about Microsoft’s privacy practice, please see Microsoft’s Privacy Policy (https://privacy.microsoft.com/en-us/privacystatement).

3.5.7. MediaAlpha

We offer personalized shopping experiences and advertising through MediaAlpha. To view MediaAlpha's privacy policy, click here. You can opt out at any time by clicking here. Information relevant for European visitors can be found here.

3.5.8. ADARA

We use ADARA’s cookie to assist with our marketing campaigns in addition to gaining valuable insights to allow ADARA to present more relevant and personalized offers. Information shared through the ADARA cookie is aggregated and anonymous and therefore unable to identify you by your name. You can opt-out at www.adara.com/opt-out. You can also request your data as well as request deletion of your data from go.adara.com/sar-1018

3.5.9. Travel Audience

Travel Audience operates a data-driven travel advertising platform. We use the cookie from Travel Audience to assist with our marketing campaigns in addition to gaining valuable insights to allow Travel Audience to present more relevant and personalized offers. You can opt-out at https://travelaudience.com/product-privacy-policy/ (7.2f).

3.5.10. Sojern

Sojern operates a data-driven travel advertising platform. We use the cookie from Sojern to assist with our marketing campaigns in addition to gaining valuable insights to allow Sojern to present more relevant and personalized offers. You can opt-out at https://www.sojern.com/privacy/.

3.5.11. Clicktripz

We offer personalized shopping experiences and advertising through Clicktripz. To view Clicktripz's privacy policy, click here. You can opt out at any time by clicking here.

3.6. Option to object/opt-out

You can prevent the targeting technologies we described by activating the appropriate cookie setting in your browser (see also section 3.5.). In addition, you have the option of deactivating preference-based advertising with the help of the preference manager available here: http://www.youronlinechoices.com/uk/your-ad-choices.

4. Newsletter

4.1. General information

With your consent under Article 6(1)(a) GDPR, you can subscribe our newsletter which will inform you about offers on our Services and from third parties. To sign up for our newsletter, we use the “double opt-in” method. This means that after you have signed up, we will send you an e-mail to the e-mail address specified, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your sign-up within 24 hours, your information will be locked and automatically deleted after one month.

In addition, we save the IP addresses you used and the times of sign-up and confirmation. The purpose of the procedure is to verify your sign-up and, if necessary, to inform you about possible misuse of your personal data.

The only requirement for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6(1)(a) GDPR.

You may revoke your consent to receiving the newsletter at any time by clicking the link provided in each newsletter e-mail or by contacting our data protection officer.

4.2. Newsletter Tracking

We use web beacons, tracking pixels and other technologies to track and analyze your interactions with the newsletter. This data is allocated to your e-mail address and a pseudonymized ID. We use this data to generate a user profile to personalise the newsletter for you. Your user profile will be based on the interactions you have with the newsletter, our Services and third-party websites and apps.

You can object to this at any time by using the unsubscribe link provided in each e-mail or by contacting our data protection officer.

Newsletter tracking is not possible if you've deactivated image viewing by default in your e-mail application. In this case, the newsletter will not be displayed in full and you won’t be able to use all the features. If you display images manually, tracking will occur.

5. Google Maps

We use Google Maps API for displaying interactive maps directly on our website and to enable the simplified use of map functionality. Your IP address is transmitted and stored on one of Google’s servers in the US for the usage of Google Maps functionality (see section 3.7.1 regarding the US Privacy Shield). Legal basis is (Article 6 (1) (f) GDPR).

Please see the Terms of Service for Google Maps here: https://www.google.com/intl/en/help/terms_maps.html. You can find further information on data privacy in Google’s Privacy Policy here: https://policies.google.com/privacy.

6. Mobile App Analytics and Crash Reporting

6.1 Statistics and Analytics

We use data analytics services in our mobile apps to better understand how users interact with our app, improve our services, and provide a seamless experience. These analytics services help us analyze app usage data, track transitions to our partner websites, and gather aggregated information about app interactions. For such purposes, we may use your IP address and device identifier to create pseudonymized usage profiles, also known as "cross-device tracking." You can disable the analytics functionality in the app settings at any time.

Our apps use the following analytics services:

6.2 Crash Reporting

To improve app stability and address technical issues, we use Sentry, a crash-reporting service. Sentry collects information on errors and crashes that occur during app usage, which may include device information and app usage details. This data helps us identify and resolve technical problems to ensure a better user experience. Sentry handles data according to GDPR compliance standards, and no personally identifiable information is stored in crash reports. For more information, please refer to Sentry’s Privacy Policy at https://sentry.io/privacy.

7. Data Sharing

Virail may share your information with, and among, our affiliated companies in order to enhance the products and services that we provide. If affiliates do have access to your information, they will follow practices that are at minimum, equal to the practices within this privacy policy.

7.1. Data transmission related to bookings and search

7.1.1. Transportation providers

In the event that you make a booking with us directly instead of via a partner, we will transmit any required personal data to perform the booking to the transportation provider so that they can process your booking and generate your ticket. The third-party will process your personal data under their own responsibility in accordance with their privacy policies. Consequently, we recommend that you review the privacy policy of each transportation provider that you may wish to book with prior to confirmation of the booking.

7.1.2. Accommodation providers

Alongside transportation providers, your search query may be forwarded to an accommodation service displayed in the search. The service provider will then create a search based on your query and present you with non-binding offers in a new window or tab. A transfer of personal data (excluding IP address) does not take place.

7.1.3. Payment providers

Payment details such as credit card information for bookings made directly via Virail and affiliated sites or through the App are processed by trusted internet payment processors, who will transmit your data directly to the relevant credit card company.

Virail undertakes with its payment processor partners to ensure the card is being used by its legitimate owner in an attempt to prevent cases of online fraud. To do so, encrypted credit card information may be transferred to an external payment security service for auditing purposes. The transfer may include additional personal data to ensure all required checks can be followed out correctly.

Your credit card data is processed at all times by trusted and reliable internet payment processors. Any credit card details are encrypted (typically via SSL protocol) prior to transmission to the payment processor. Your cats data is not disclosed to us by payment processors.

7.1.4. Natural language model or large language model providers

Virail and any affiliated products and brands do not share any user data to LLMs or NLMs. In the event that these models are used, only anonymised or ‘prompt data’ is to be provided.

7.1.5. Other providers

We may use third party service providers for certain technical and business services that may include, but are not limited to, tax advisors, legal counsel etc. This may include the provision of content, statistics and analytics, service desk and support data, CRM systems, fraud prevention and other services and IT developments.

In the event these service providers are used, the data is solely for the contracted service and they are obliged not to use personal data for any other purposes.

8. User account

8.1. Overview

When you create a user account with Virail or affiliate products and brands, you must provide information that is accurate, complete and current at all times. Failure to do so constitutes a breach of terms, and may result in an immediate termination of your account.

We may collect information and data that is automatically transmitted or generated by your browser upon visiting our website(s). This information may include IP address, previously visited websites (the referrer), type of browser and browser language, operating system, access device, time spent on device etc. This data is stored for a period. The information may be used to investigate errors, improve stability and functionality, or assist in resolving any unresolved bookings.

Should you choose to do so, additional data may be stored with us to make future bookings quicker and easier in the event that you register and create an account with us. If you object to our data processing set out under this section, and no opt-out mechanism is available to you directly please send your objection to our Data Protection Team at [email protected].

8.2. Data provided by you or user accounts

8.3. User conversation logs

8.3.1. Customer service

In the event that you require our support and contact us via email or our customer service for, we will use the data you have provided via the form or email to respond. Note, we may ask for further details specifically related to the booking such as origin and destination, date of the trip etc., but we will never request any booking information such as credit card details.

8.3.2. Natural Language and Large Language Models

Virail and its associated companies and products may utilize NLMs or LLMs to create a personalized search experience. Only data related to the travel search or travel-associated services will be used, and no user data will be shared.

9. Contact

If you have any question, please contact our customer service directly at [email protected].

10. Your rights

10.1. Overview

In addition to the right to revoke the consent you have granted to us, you are entitled to the following further rights if the relevant legal requirements apply:

10.2. Right to object

Under the conditions of Article 21 (1) GDPR, data processing can be objected to on grounds relating to the particular situation of the data subject.

The above general right of objection applies to all processing purposes described in this Privacy Policy which are based on Article 6 (1) (f) GDPR. Unlike the special right of objection to data processing for advertising purposes, under the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance for this (for example, possible danger to life or health).