Skip to main content

Privacy policy

Last updated: May 2026

1. Controller

The controller responsible for processing within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:

The Travel Consulting Group GmbH
Gervinusstraße 5–7
60322 Frankfurt am Main
Germany

Phone: +49 (0)69 17326905
E-mail: mail@the-tcg.com
Website: https://www.the-tcg.com

Managing Directors: Jürgen Büchy, Thomas Drexler, Jens Vongehr

2. Data Protection Officer

For any questions regarding data protection, you can reach us at:

Jürgen Büchy
The Travel Consulting Group GmbH
Gervinusstraße 5–7, 60322 Frankfurt am Main
E-mail: mail@the-tcg.com

3. General Information on Data Processing

3.1 Scope of processing

As a matter of principle, we only process our users’ personal data to the extent necessary to provide a functional website and our content and services. Processing generally takes place only with the user’s consent or where another legal basis permits it.

3.2 Legal bases

The legal bases for processing arise from Article 6 GDPR:

  • Art. 6(1)(a) GDPR – consent
  • Art. 6(1)(b) GDPR – performance of a contract and pre-contractual measures
  • Art. 6(1)(c) GDPR – compliance with a legal obligation
  • Art. 6(1)(f) GDPR – protection of legitimate interests

Where consent is required for storing information on a user’s terminal equipment or for accessing information already stored there (e.g. cookies), Section 25(1) TDDDG (German Telecommunications Digital Services Data Protection Act) applies in addition.

3.3 Erasure and storage period

Personal data is erased or restricted as soon as the purpose of storage ceases to apply. Storage beyond this takes place only where required by statutory retention obligations (e.g. under commercial and tax law pursuant to the German Commercial Code (HGB) and Fiscal Code (AO)).

4. Provision of the Website and Creation of Log Files

4.1 Server log files

Each time our website is accessed, our system automatically collects data and information from the accessing device, which is stored in the server’s log files. This may include:

  • browser type and version
  • operating system used
  • referrer URL (the previously visited page)
  • host name / IP address of the accessing device
  • date and time of access
  • internet service provider of the accessing system

This data is not combined with other personal data. It serves to deliver website content correctly, to ensure the functionality and IT security of our systems, and, where applicable, to investigate misuse or fraud.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the purposes set out above.

Storage period: Log files are deleted after no later than 30 days. Longer storage is possible where required to investigate security-relevant incidents.

4.2 Hosting

We host our website with united-domains GmbH, Gautinger Straße 10, 82319 Starnberg, Germany. The provider processes the data collected via the website (in particular server log files) on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. Legal basis: Art. 6(1)(f) GDPR (interest in secure and reliable provision).

4.3 SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” prefix in the address bar and the padlock symbol in your browser.

5. Cookies and Consent Management

5.1 General information on cookies

Our website uses cookies — small text files stored on your device. Some cookies are technically necessary for the website to function (e.g. session cookies, storage of your cookie settings). Other cookies serve analytics or advertising purposes and are only set with your consent.

Legal basis for technically necessary cookies: Art. 6(1)(f) GDPR in conjunction with Section 25(2) TDDDG. For all other cookies: your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

5.2 Consent management with Borlabs Cookie

To obtain and document your consent to the use of cookies and services requiring consent, we use the consent technology Borlabs Cookie. The provider is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

When you enter the website, a Borlabs cookie is stored in your browser recording the consent you have given or the withdrawal of such consent. This data is not passed on to the provider. You can adjust or withdraw your consent at any time with effect for the future via the cookie settings on our website.

Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain documented consent) or Art. 6(1)(f) GDPR.

6. Contacting Us

If you contact us by e-mail or telephone, your details (e.g. name, e-mail address, telephone number and the content of your message) are processed for the purpose of handling your enquiry and in case of follow-up questions.

Legal basis: Art. 6(1)(b) GDPR where your enquiry relates to the initiation or performance of a contract; otherwise Art. 6(1)(f) GDPR (interest in handling enquiries effectively).

Storage period: We erase the data once it is no longer required to achieve the purpose, at the latest upon expiry of any statutory retention periods.

7. Web Analytics: Google Analytics 4 (GA4)

Where you have given your consent, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses cookies and similar technologies to analyse your use of the website. The following information, among others, is processed: pseudonymous user identifiers, browser type and version, operating system, referrer URL, approximate location information (based on the IP address), and the date, time and type of interaction with the website. The IP address is used by GA4 to determine location but is not logged or stored permanently.

A transfer of data to Google LLC or to servers in the USA cannot be ruled out; please refer to Section 9 (Transfer to third countries).

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG (consent). You can withdraw your consent at any time with effect for the future via the cookie settings.

Further information: https://policies.google.com/privacy

8. Online Marketing and Embedded Services

8.1 Google Maps

Where you have given your consent, we embed map material from the Google Maps service provided by Google Ireland Limited, e.g. to show you our location. When the map is loaded, data (in particular your IP address) is transmitted to Google.
Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

9. Transfer to Third Countries

Some of the services we use (in particular Google’s services) may result in personal data being transferred to and processed by Google LLC or on servers in the USA.

The USA is generally classified as a third country that does not consistently provide an adequate level of data protection. Where the respective recipient is certified under the EU-U.S. Data Privacy Framework, the transfer takes place on the basis of the European Commission’s adequacy decision of 10 July 2023. In addition or alternatively, we base the transfer on the European Commission’s Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and, where applicable, on your explicit consent pursuant to Art. 49(1)(a) GDPR. Despite these measures, access by US authorities cannot be entirely ruled out.

10. Your Rights as a Data Subject

With regard to the personal data concerning you, you have the following rights against us:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of consent given, with effect for the future (Art. 7(3) GDPR)

10.1 Right to object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6(1)(f) GDPR. Where your data is processed for direct marketing purposes, you have the right to object at any time; thereafter your data will no longer be processed for this purpose.

10.2 Right to lodge a complaint with a supervisory authority

Without prejudice to any other remedy, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
(Der Hessische Beauftragte für Datenschutz und Informationsfreiheit)
P.O. Box 3163, 65021 Wiesbaden, Germany
https://datenschutz.hessen.de

11. Validity and Changes to this Privacy Policy

This privacy policy is dated May 2026. As our website and offerings continue to develop, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can be accessed at any time at https://www.the-tcg.com/en/privacy-policy/.

The Travel Consulting Group
© The Travel Consulting Group GmbH. All rights reserved.