Burda International ASIA
Data Privacy Statement
1. General Information
This section of the privacy statement contains information on the scope of validity, the person responsible for data processing, the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.
1. Definition of main terms
Browser: Computer program used to display websites (e.g., Chrome, Firefox, Safari)
Cookies: Text files which the web server places on the user’s computer by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The browser sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most browsers accept cookies automatically. Cookies can be managed using the browser functions (usually under “Options” or “Settings”). The storage of cookies may be disabled in this way or it may be made dependent on the user’s approval in any given case or otherwise restricted. Cookies may also be deleted at any time.
Third countries: Countries outside the European Union (EU) “offered
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679
PCPD: Regulation (HK) 1996/20/12, The office of the Privacy commissioner for Personal Data in Hong Kong, to oversee the enforcement of the Personal Data (Privacy) Ordinance (Cap. 486), available at https://www.pcpd.org.hk/
PDPA: Regulation (SG) 2012, The Personal Data Protection Act 2012 (PDPA), https://www.pdpc.gov.sg/Legislation-and-Guidelines/Personal-Data-Protection-Act-Overview
PDP: Regulation (MY) 2010, The Personal Data Protection Act 2010 (PDP), http://www.pdp.gov.my/images/LAWS_OF_MALAYSIA_PDPA.pdf PDPA: Personal Data Protection Act, B.E. 2562 (2019), https://www.mdes.go.th/law
PDPB: Regulation (IN) 2019, The Personal Data Protection Bill (PDPB) http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf
Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. Services: Our offers to which this data privacy statement applies (cf. Scope of validity).
Tracking: The collection of data and their evaluation regarding the behavior of visitors in response to our services.
Tracking technologies: Actions can be tracked either via the activity records (log files) stored on our web servers or by collecting data from end devices via pixels, cookies or similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pixel: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually carried out by calling up a small program (JavaScript). Certain types of information can be detected on your computer system in this way and shared, such as the content of cookies, the time and date of the visit, and a description of the page on which the tracking pixel is located.
2. Scope of validity
This data privacy statement applies to the following offers:
– our website Burda International Asia Website, most notably available at www.burdaluxury.com
– our online publications and titles owned & fully operated by Burda International Asia
– whenever reference is made to this data privacy statement from one of our offers (e.g., websites, subdomains, mobile applications, web services or integrations in third-party websites), regardless of the way in which it is accessed or used
All these offers are also collectively referred to as “services”.
3. Controller
The following party is responsible for the processing of data in relation to the services, i.e., this is the person who determines the purposes and means of processing personal data:
Burda Singapore PTE. LTD, 15 Scotts Road, #04-10, 15 Scotts, Singapore 228218 Email: general@burda.com.sg
Hubert Burda Media Malaysia SDN BHD 1201-01, Tower 1, Wisma AmFIRST, Jalan SS 7/15 Kelana Jaya, 47301 Petaling Jaya, Selangor, Malaysia Tel: +603 7887 3899
Hubert Burda Media Hong Kong Limited 14/F Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong Tel: +852 3192 7038
Burda (Thailand) Co., Ltd. 3 Rajanakarn Building, 16th Floor Zone A, South Sathorn Road, Yannawa, Sathorn, Bangkok, 10120, Thailand Tel: +662 676 8999
Burda Media India Pvt. Ltd. Ambience Mall, 07th Floor, Gate No -04, NH – 48, Gurugram, Haryana – 122002
4. Data protection officer
The data protection officer for Burda International and the companies, pertaining in paragraph 3, can be contacted at info@burdaluxury.com. For the attention of the privacy department or via our parent company,
I. itemization of data processing operations
This section of the data privacy statement contains detailed information about the processing of personal data in the context of our services. The information is subdivided for greater clarity into certain functions in connection with our services. In case of the normal use of the services, different functions and therefore also different processing operations can be implemented consecutively or simultaneously.
1. General information about the data processing operations
The following applies to all the processing operations listed below, unless stated otherwise:
a) No obligation to provide personal data & consequences of failure to provide such data
The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information needs to be provided for the relevant service (e.g., by indicating “mandatory fields”). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.
Online application portal: If you do not provide the data required, you will not be able to submit an online application. All other information is voluntary and has no effect on the selection of applicants.
b) Consent
In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and about the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13, subs. 4, GDPR).
c) Transfer of personal data to third countries
When we send data to third countries, i.e., countries outside the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility.
If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for the establishment, exercise or defence of legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate safeguards under Art. 46 GDPR.
One of these adequacy decisions is the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the “EU-US Privacy Shield” for the USA. The level of data protection is generally considered to be appropriate according to Art. 45 GDPR for transfers to companies which are certified under the EU-US Privacy Shield.
Alternatively or additionally, safeguards under Art. 46 subs. 2 c) GDPR through the conclusion of the EU standard data protection clauses adopted by the European Commission with the receiving body provide appropriate safeguards and an adequate level of data protection. Copies of the standard EU data protection clauses are available on the website of the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
d) Hosting at external service providers
Our data processing work is carried out to a large extent with the involvement of hosting service providers for our Asian publications and services, our providers provide us with storage space and processing capacities at their data centers and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. These service providers process data that are subjected to guaranteed levels of data protection which we have put in place & in addition adhere to local data security clauses in the respected countries (EU, Singapore, Thailand, Malaysia, Hong Kong & India) for our Data subjects.
e) Transmission to government authorities
We send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6, subs. 1 c), GDPR) or when it is necessary for the assertion, exercise, or defense of legal claims (legal basis: Art. 6, subs. 1 f), GDPR).
f) Period of storage
The time specified in the “period of storage” paragraph indicates how long we use the data for the purposes in any given case. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continued processing and storage are required by law (in particular, because it is necessary to fulfil a legal obligation or for the establishment, exercise, or defense of legal claims) or unless you grant us extended consent.
Online application portal: To ensure the application process is conducted proficiently, we require a reasonable time to evaluate applications, select applicants, conduct interviews, etc. You will be informed of the status of the application procedure via letters of confirmation that we will send by email.
Should an employment relationship be established, we are permitted to store your data on a longer-term basis in accordance with Art. 6, subs. 1 b) GDPR.
General Contact Enquiry Forms: Enquiries made via our online contact enquiry forms, will be stored in our customer relationship management system, enquires are defined as customer or partner enquiries on a business relationship and B2B scale, or even a B2C contact. You will be informed when submitting an enquiry and receive a copy of your information submitted via an email notification.
Should an partnership or enquiry relationship be established, we are permitted to store your data on a longer-term basis in accordance to your submission, for removals of your submitted enquiry please refer to section 3, for your respected contact details to further manage your data removal.
g) Data categories
The category names listed below are used for specific types of data in the following sections, only applicable to consent given by the Data Subject, and applicable specifically to Burda International Asia are; :
Account data: Login/user ID and password
Personal master data: Title, salutation/gender, first name, last name, date of birth, occupation,
Personal Preference data; interests preferences; examples are; (types of offers the data subject would like to receive, eg; opt in to Travel, Entertainment, Events, Wealth Management, Shopping, Luxury, Home and Décor, Property & Real Estate, Beauty, Health & Fitness, Food & Beverage, Social Activities, Investment and Banking, Automotive, Education, Lifestyle etc.
Magazine circulation and subscription data: Nationality (‘Country of residence’), marital status, no. of dependents, education level, language preference
Address data: Street, house number, additional address lines (where applicable), postcode, city, country
Contact data: Telephone number(s), fax number(s), email address(s)
Login data: Information about the service via which you logged on; times and technical information on login, authentication and logout; data entered by you when logging on
Press mailing list usage data: Accreditation subject, accreditation time, approval of usage restriction/consent form, downloads of press materials
Newsletter user profile data: Opening of newsletter (date and time), contents, selected links, as well as the following information relating to the computer system accessing the newsletter: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information, if provided.
Access data: Date and time of visit to our service; the page from which the system accessed our site; pages visited during the session; session identification data (session ID), as well as the following information relating to the computer system accessing the service: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information, when applicable.
Application documents: Information about your education and/or professional development and qualifications (e.g. CV or references), application letter
Enquiry form and online registrations: information about your enquiry, your first name, last name, your enquiry details, company or organization name, telephone number(s), email address, postcode, city, country and address
Accessing our services
The passages below set out how your personal data are processed when you access our services (e.g., loading and viewing the website, opening the mobile app and navigating within the app). We would point out, in particular, that it is impossible not to send access data to external content providers (cf. subsection b.) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data Category
Access Data
Intended Purposes
Establishing connection, presenting contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis
Legal basis
EU – Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Legitimate interest where applicable
Proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference in information systems
Storage period
3 months or if required by law, within the minimum jurisdiction of consumption of services offered by countries specified in section 1
Data Category
Account Data
Intended Purposes
Identification, checking authorization to call up the service
Legal Basis
EU – Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Storage period
Until application documents are transmitted
b. Recipients of personal data
Recipient categoryLegal basis
External content providers who provide content which is needed to display the service (e.g., images, videos, embedded postings from social networks, banner, ads, fonts, update information)
Data concerned
Access Data
EU – Art. 6, subs. 1 f), GDPR
Art. 6, subs. 1 f), GDPR; in case of transmission to the USA also Art. 45 GDPR in conjunction with the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the “EU-US Privacy Shield”
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Legitimate interests, where applicable
Proper functioning of services, (accelerated) display of content
Recipient category
IT Security services providers
Data concerned
Access data
Legal Basis
EU Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Legitimate interests, where applicable
Prevention of attacks through exploitation of security gaps and or vulnerabilities.
3. Newsletter subscriptions
The tables below show how your personal data are processed when you subscribe to a newsletter:
Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category
Email address
Intended purposes
Verification of the application (double opt-in procedure) sending of the newsletter
Legal basis
EU Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Period of Storage
Duration of newsletter subscription
Data Category
Personal Master data
Data concerned
Personalization of newsletter
Legal basis
EU Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Period of Storage
Duration of newsletter subscription
Data Category
Personal Master data
Data concerned
Personalization of newsletter
Legal basis
EU Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Period of Storage
Duration of newsletter subscription
c. Recipients of personal data
Recipient category
Company advertising the vacancy
Data concerned
Address data, contact data, personal master data, application documents
Legal basis
EU Art. 6, subs. 1 b), GDPR, Art. 9, subs. 2 b), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
5. Sending press releases and information
The tables below show how your personal data are processed in connection with the sending of press releases and information
Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category
Personal master data, contact data, address data
Intended purposes
Identification, establishment of contact
Legal basis
EU-Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Legitimate interests, where applicable
Informing media representatives, maintaining contact with PR/journalists
Period of storage
Duration of registration
Data category
Role, medium represented, contact topics
Intended purposes
Checking qualification when distributing press materials
Legal Basis
EU Art. 6, subs. 1 f), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Legitimate interests, where applicable
Informing media representatives, maintaining contact with PR/journalists
Period of storage
Duration of registration and within communication measures
6. Customer Feedback
The tables below show how your personal data are processed when you contact us via our feedback channels:
Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data Category
Personal master data, contact data, contents of enquiries/complaints
Intended purposes
Processing of customer enquiries, user complaints, subscription order enquires
Legal basis
EU Art. 6, subs. 1 b), GDPR, Art. 9, subs. 2 b), GDPR
HK PCPD
TH PDPB
SG PDPA
MY PDA
IN PDPB
Legitimate interests, where applicable
Improvement of our service
Period of storage
During the processing of the enquiry
7. Tracking
The passages below explain how your personal data are processed with the help of tracking technologies to analyze and optimize our services and to serve promotional purposes, services include Google analytics and 3rd party providers.
The explanation of the tracking methods also includes information on how to prevent or object to the processing of data.
denial of consent to processing, is usually stored via cookies. If you use our services on a new end device or in a different browser, or if you have deleted the cookies set by your browser, you will need to reconfirm the refusal of consent.
The tracking methods presented here will only process personal data in pseudonymous form. No connection is made with a specific, identified natural person, i.e., the data are not merged with information which would reveal the identity of the person behind the pseudonym.
Tracking for the analysis and optimization of our services and their use
(1) Purpose of processing
The analysis of user behaviour by means of tracking helps us to check the effectiveness of our services, to improve and adapt them to the needs of the users, and to correct errors. It also allows us to produce statistics on the use of our services (reach, intensity of use, surfing habits of users) – on the basis of uniform standard procedures – and thereby to obtain comparable figures across the market.
(2) Legal basis of processing
In cases where we provide services under a contract, the tracking and the associated analysis of user behaviour are carried out in order to fulfil our contractual obligations. The legal basis for this processing of personal data is Art. 6, subs. 1 b), GDPR. The evaluation of information obtained through tracking is necessary in order to optimize the provision of services according to the contractual purpose and to ensure the greatest possible benefit for you, or where applicable as stated under governing jurisdiction of the data subject
Otherwise, i.e., in cases where services are not connected with a contract, the legal basis for this processing of personal data is Art. 6, subs. 1 f), GDPR. We hereby pursue the legitimate interest in providing attractive services as efficiently as possible on the basis of the information gained through tracking and marketing them in the best possible way.
(3) Explanation of individual tracking methods
Name of service
Facebook (Pixel)
Mode of Operation
This website uses the Facebook pixel tracking to analyze the use of our website and improve it on a regular basis. We use the statistics acquired to improve our services and make them more interesting for you, the user. Cookies are stored on your computer for the purpose of this analysis. The information collected in this way is stored by the responsible party in this case the Data processor ‘Facebook’.
Option of preventing processing (opt-out)
This website uses Facebook Pixels, To prevent the use of Facebook Pixels, you can opt out the ad-preferences supplied by the Data processor by going into your ad preferences, https://www.facebook.com/ads/preferences, the service of tracking will then automatically disable
8. Social media plug-ins
This website may contain plug-ins from social networks such as Facebook, Instagram, Line, Google + which are operated by third parties and which feature a button via which messages can be sent to the corresponding social network for various purposes, such as rating, recommending or sharing content. Our purpose and legitimate interest in this course of action is to publicize our services to greater effect. We configure our services in such a way that data are only sent if you press the button. The legal basis for data transmission in this case is Art. 6, subs. 1 f), GDPR or where applicable upon the jurisdiction of the data subject. The respective provider is responsible for the privacy-compliant processing of the transmitted data.
III. Rights of data subjects
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing with future effect, which includes profiling to the extent that it is related to such direct marketing.
You also have the right, at any time with future effect and for reasons relating to your particular situation, to object to the processing of personal data concerning you which is based on Art. 6, subs. 1 e) or f), GDPR, including profiling based on these provisions, only where applicable upon the jurisdiction of the data subject.
The right to object may be exercised free of charge. In order to be able to process your request faster, please preferably use the form available at the following link:
Data privacy enquiry
Alternatively, you may reach us, for example, using the contact information provided in paragraph I.3:
Attention: Data Protection Officer
Via Email to: info@burdaluxury.com
2. Right of access
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the other information listed in Art. 15 GDPR and only where applicable upon the jurisdiction of the data subject.
3. Right to rectification
You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay (Art. 16 GDPR) or where applicable upon the jurisdiction of the data subject. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4. Right to erasure (“right to be forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17, subs. 1, GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17, subs. 3, GDPR and where applicable upon the jurisdiction of the data subject.
5. Right to restriction of processing
You are entitled to obtain from us the restriction of the processing of personal data if one of the conditions laid down in Art. 18, subs. 1 a) to d) GDPR is met, where applicable upon the jurisdiction of the data subject.
6. Right to data portability
Under the conditions set out in Art. 20, subs. 1, GDPR, you have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance on our part. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible, where applicable upon the jurisdiction of the data subject.
7. Right to withdraw consent
If the processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Where applicable upon the jurisdiction of the data subject.
8. Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority responsible for our company, where applicable upon the jurisdiction of the data subject in the respective authority region.
Subscribe to our newsletter to get the latest on travel, stay & dining.
Thank you for your subscription.