Protecting your privacy is important to us, particularly when it comes to your personality rights when processing and using personal information. In this context, we would like to inform you on the following:

• Personal Data
• Transmission of Personal Data to Third parties
• Subscribing to our Newsletter
• Technical Standards - Secure Transmission
• "Cookies"
• Links to other websites
• Right of objection to the use of your data
• Questions and comments

The German Youth Hostel Association (DJH, Deutsches Jugendherbergswerk) takes the protection of your personal information very seriously. We want you to know which personal data we collect and store from users of our websites and how we process it. We have taken organisational steps and implemented technical means to make sure that all legal requirements regarding data protection are met, both by ourselves and by our external service providers. 
Our compliance with applicable data protection laws is permanently monitored by our data protection officer.

Personal Data

Personal data is defined as any information relating to you personally. This includes information such as your name, date of birth, (postal) address, telephone number or bank details. 
Information that cannot be directly linked to your actual identity (such as the length of time spent on our website or number of website users) is not considered personal data. Personal data is collected, for instance, when filling in the membership application or when using the discussion panels and forums. Booking a stay or a package tour or purchasing items from the shop requires the collection of personal data. If these are sensitive data, such as your bank details, the information is transmitted via a secure connection.

Central Storage of Data

Certain parts of the information collected via our website is stored in a central database. For example, membership details are stored at the DJH Service Center at the National Association's office (Bismarckstrasse 8, 32756 Detmold, Germany).

Transmission of Personal Data to Third Parties

We will generally not pass on your personal data to third parties outside the German Youth Hostel Association without your consent. External service providers who process data on our behalf are contractually bound to the strict provisions of the German Data Protection Act (BDSG, Bundesdatenschutzgesetz). 
Any person processing your data has entered a written commitment to respect the provisions of the Data Protection Act and any other applicable laws. However, we will pass on data to a competent authority if required to do so by law or court ruling.

Only with your Consent

We can only offer some services, such as our member magazine, various newsletters, or information on attractive offers, if you consent to us processing your personal data for this purpose. The same applies to when you provide feedback online

Should you no longer wish to receive our services, you may withdraw your consent at any time. Please indicate precisely for which services you are withdrawing your consent (for instance: I hereby withdraw my consent to receiving newsletters at my email address).

Please address your withdrawal to our member service: DJH Hauptverband, Mitgliederservice, Bismarckstrasse 8, 32756 Detmold, Phone: +49 (5231) 7401-0, email: djh-service@jugendherberge.de.

Online Feedback

Your opinion matters to us! That's why, every time you have stayed in one of our Youth Hostels, we ask you whether you would be prepared to give us some brief online feedback on your stay afterwards. You may withdraw your consent at any time. 

In order to be able to reply to your remarks, we store your name and e-mail address exclusively for this purpose. Any feedback data published on our website is, of course, completely anonymous and will not contain personal information.

Subscribing to our Newsletter

We are happy to keep you updated with our electronic newsletter.  In order to send it to your e-mail address, we require you to express your consent personally by ticking the respective box in the entry form. Should you wish to unsubscribe, you can withdraw your consent at any time.

Technical Standards - Secure Transmission

As a rule, we use a security system called SSL (Secure Socket Layer) in combination with 256-bit encryption when transmitting your data. This method ensures maximum security and is also used, for instance, by banks as a means of data protection in online banking. Your browser will display a key or lock symbol in the lower status bar when data is encrypted for transmission.
We constantly adapt our security measures to the state of the art. However, even applying state of the art, it is ultimately not possible to guarantee absolute security of data on the internet.

Use of Cookies

Cookies are small data packets, usually no larger than 1 Kbyte. They contain information used by a web server to recognise a user (PC) the next time he or she visits a website or one of its subpages. In order to identify you the next time you visit our site, your  browser needs to save a cookie on your local hard disk. Other cookies used by our website are only used for a single visit, not stored on your hard disk and deleted when you close your browser. These cookies are required, for instance, for the various search functions. 

Pages that are linked to ours may also use cookies, of which we cannot notify you. Most browsers' default settings automatically accept cookies. However, you may change the settings so cookies are not blocked or so that your browser notifies you when a website uses cookies.

Third-party tracking technologies for advertising purposes

We use cross-device tracking technologies that enable us to display targeted advertising to you on other web pages based on your visit to our website and to determine how effective our advertising has been.

Data is processed on the basis of your consent if you have consented accordingly through one of our banners. Your consent is voluntary and can be withdrawn at any time.

How does tracking work?

When you visit our web pages, the third-party providers mentioned below may retrieve data by which your browser can be identified (e.g., data called a 'browser fingerprint') or your IP address evaluated, or may store or retrieve data from your device by which the device can be identified (e.g., cookies), or access individual tracking pixels.

Such identifying data may be used by these third parties to recognise your device when you access other internet pages. We may commission such third parties to display advertising to you on websites based on the sites you visited before.

What does cross-device tracking mean?

When you log on to a third-party site with your user credentials, identifiers collected from different browsers and devices can be linked to each other. If the third-party provider has created its own identifier for the laptop, desktop, smart phone or tablet you are using to access their site, the different identifiers can be linked to each other as soon you use the third-party service while logged in with your own user credentials. This way, third-party providers can display our campaigns in a targeted manner even across various devices.

Which third-party providers do we use for this?

Below, we list the third-party providers we cooperate with for the purpose of delivering adverts. Insofar as data is processed outside the EU or EEA for this purpose, please note that there is a risk that authorities may access such data for reasons of security and supervision without the requirement to notify you of this or the possibility for you to seek redress. To the extent that we commission service providers in unsafe third countries and you have given us your consent, data is transmitted to the third country on the basis of Art. 49 Para. 1 lit. a GDPR.

Providers / adequate level of data protection / how to object

Facebook (USA and/or Ireland)
No adequate level of data protection. Data is transmitted on the basis of Art. 49 Para. 1 lit. a GDPR. If you wish to withdraw your consent, please click on the purple 'Privacy Settings' tab on the right and adjust the settings accordingly.

Google LLC (USA)
No adequate level of data protection. Data is transmitted on the basis of Art. 49 Para. 1 lit. a GDPR. If you wish to withdraw your consent, please click on the purple 'Privacy Settings' tab on the right and adjust the settings accordingly.

Your Rights as a User

As a user, you have the right to request information at any time on what personal data we have stored and for which purpose we have stored them. Moreover, you have the right to correction of incorrect information and deletion of data the storage of which is not permissible or no longer required.

Questions and Comments

We welcome your questions and comments on data protection and they are important to us. 
You can reach us under the following e-mail address: datenschutz-hvb@jugendherberge.de. The rapid development of web technologies requires us to make adjustments to this privacy statement from time to time. This is where you are informed of any changes.

Duty to provide information in accordance with art. 13 of the GDPR

The party responsible
for data processing is the Die JugendHerbergen gemeinnützige GmbH (Youth Hostels gGmbH), Woltmershauser Allee 8, 28199 Bremen and the DJH Landesverband Westfalen-Lippe gemeinnützige GmbH (German Youth Hostels Regional Association for Westphalia-Lippe gGmbH), Eppenhauser Straßsse 65, 58093 Hagen.

General information
As a matter of principle, we only collect the data required to safeguard legitimate interests

Data processing to safeguard the legitimate interests of the party responsible
We process the data collected via the contact form in accordance with art. 6 para. 1 letter f of the GDPR so that we can adequately respond to your enquiry. Our legitimate interest primarily lies in enabling you to get in touch quickly and easily, and in enabling us to process your enquiry. In the medium term, it also lies in starting up a contractual relationship. Data processing covers the following, in particular: company, association, institution; membership number (if available); title; name; address; telephone; email address.
The data will be stored up to 6 months after the final processing of your enquiry. If legal retention periods exist, the data concerned will be archived for the duration of these periods and blocked for general access if it is no longer required for the fulfilment of the contract.
We process your name and address in accordance with art. 6 para. 1 letter f of the GDPR so that we can inform you of new offers by post. Our legitimate interest lies in increasing the utilisation of the courses on offer and in boosting our revenue.

Data recipients
We will only transfer your data to third parties if we are authorised to do so under data protection law (e.g. in accordance with the above-mentioned legal provisions). Data can also be received by a regional association of the German Youth Hostel Association, if this association would be better able to respond to your enquiry:

• Landesverband Baden-Württemberg e. V. (Regional Association for Baden-Württemberg e.V.), Fritz-Walter-Weg 19, 70372 Stuttgart - Bad Cannstatt
• Landesverband Bayern e.V. (Regional Association for Bavaria e.V.), Mauerkircherstraße 5, 81679 Munich
• Landesverband Berlin-Brandenburg e.V. (Regional Association for Berlin-Brandenburg e.V.), Schulstraße 9, 14482 Potsdam-Babelsberg
• Landesverband Hannover e. V. (Regional Association for Hanover e.V.), Ferdinand-Wilhelm-Fricke-Weg 1, 30169 Hanover
• Landesverband Hessen e.V. (Regional Association for Hesse e.V.), Berner Str. 119, 60437 Frankfurt am Main
• Landesverband Mecklenburg-Vorpommern e.V. (Regional Association for Mecklenburg-Vorpommern e.V.), Konrad-Zuse-Straße 2, 18057 Rostock
• Landesverband Nordmark e.V. (Regional Association for Northern March e.V.), Rennbahnstraße 100, 22111 Hamburg
• Landesverband Rheinland e.V. (Regional Association for the Rhineland e.V.), Düsseldorfer Straße 1a, 40545 Dusseldorf
• Die Jugendherbergen in Rheinland-Pfalz und im Saarland (Youth hostels in Rhineland-Palatinate and Saarland), In der Meielache 1, 55122 Mainz
• Landesverband Sachsen e.V. (Regional Association for Saxony e.V.), Zschopauer Straße 216, 09126 Chemnitz
• Landesverband Sachsen-Anhalt e.V. (Regional Association for Saxony-Anhalt e.V.), Leiterstraße 10, 39104 Magdeburg
• Landesverband Thüringen e.V. (Regional Association for Thuringia e.V.), Zum Wilden Graben 12, 99425 Weimar
• Die JugendHerbergen gemeinnützige GmbH (Youth Hostels gGmbH), Woltmershauser Allee 8, 28199 Bremen
• DJH Landesverband Westfalen-Lippe gemeinnützige GmbH (German Youth Hostels Regional Association for Westphalia-Lippe gGmbH), Eppenhauser Straßsse 65, 58093 Hagen

Contact details of the data protection officer
You can contact our data protection officer via
datenschutz nord GmbH
Konsul-Smidt-Strasse 88, 28217 Bremen

Rights of the data subject
In accordance with the relevant provisions of the GDPR, data subjects have the right to access (art. 15) personal data concerning them and to have incorrect data corrected or deleted (art. 16, 17). There is also the right to limit processing (art. 18) and, in the case of art. 20 of the GDPR, the right to transfer data.

Right to object
If data is collected on the basis of art. 6 para. 1 letter f (data processing to protect legitimate interests), the data subject has the right to object to processing at any time. You primarily hold this right with regard to data processing for advertising purposes. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing which are in need of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

Right to appeal to a supervisory authority
Any data subject has the right to appeal to a supervisory authority if he or she considers that the processing of data concerning him or her is in breach of data protection legislation. In particular, the right to appeal may be exercised before a supervisory authority in the member state in which the data subject resides or in the place where the alleged infringement occurred. In North Rhine-Westphalia, this is The State Data Protection Officer for North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Dusseldorf, Germany. In Bremen, this is The State Data Protection Officer for Freie Hansestadt Bremen, Arndtstraße 1, 27570 Bremerhaven.