Privacy policy

In this privacy policy, we inform you about the processing of personal data when using our website.

Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, for example your name, telephone number, address or e-mail address. Statistical data that we collect, for example, when you visit our website and that cannot be linked to your person do not fall under the concept of personal data.

You can print or save this privacy policy by using the usual functionality of your browser.

Contact

The contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is the Tourismusverband Franken e.V., Pretzfelder Straße 15, 90425 Nuremberg, Germany, phone: +49 (0) 911 94151 - 0, e-mail: info@frankentourismus.de.

Calling our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:

  • IP address of the requesting device;
  • Date and time of the request;
  • Address of the website accessed and the requesting website;
  • Information about the browser used and the operating system;
  • Online identifiers (e.g. device identifiers, session IDs).


The data processing of these access data is necessary to enable the visit of the website and to ensure the permanent functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above, in order to compile statistical information about the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g., if the proportion of mobile devices used to access the pages increases) and to generally maintain our website administratively. The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

The information stored in the log files does not allow any direct conclusions to be drawn about your person; in particular, we only store the IP addresses in shortened, anonymized form. The log files are stored for 30 days and archived after subsequent anonymization.

Orders

In the case of an order process (e.g. when ordering brochures), we collect mandatory data necessary for the processing of the contract:

  •  Salutation;
  •  First and last name;
  •  address.


Optionally, information such as e-mail address or telephone number are possible, so that we can contact you in case of queries also on these ways. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

Events, photos and videos

If you register for one of our events, we will process the information you provide in the input fields solely for the purpose of running the event (e.g. to enable your participation and to create lists of participants or name badges). The legal basis for this data processing is Art. 6 para. 1 lit. b) DSGVO and Art. 6 para. 1 lit. f) DSGVO to protect our legitimate interests in conducting the event accordingly.

It may happen that we take photos and videos at an event in order to document the event and use them for promotional external presentation (e.g. at events, in info materials, on websites or social media fan pages). If you do not wish to appear in the recordings, you can inform us of this at any time. The legal basis for this data processing is Art. 6 para. 1 lit. a) DSGVO, insofar as the processing is based on your consent, Art. 6 para. 1 lit. b) DSGVO, insofar as the processing is necessary for the performance of contracts and the exercise of rights, as well as Art. 6 para. 1 lit. f) DSGVO for the protection of our legitimate interests to create and use the photos and videos.

Use of own cookies

For some of our services, it is necessary that we use so-called cookies. A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. The main purpose of our own cookies is rather to provide an offer tailored specifically to you and to make the use of our services as time-saving as possible.

Most browsers are set to accept cookies by default. However, you can adjust your browser settings so that cookies are rejected or stored only after prior consent. If you reject cookies, not all of our offers can work for you without problems.

We use our own cookies in order to provide you with a more comfortable and individualized use of our website. These services are based on our aforementioned legitimate interests, legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

In addition, we also use cookies and comparable technologies (e.g. web beacons) from partners for analysis and marketing purposes. This is described in more detail in the following sections.

Use of cookies and comparable technologies for analysis purposes

In order to improve our website, we use cookies and comparable technologies (e.g. web beacons) for statistical collection and analysis of general usage behavior based on access data. We also use analytics services to evaluate the use of our various marketing channels.

The legal basis for the data processing described in the following section is Art. 6 (1) p. 1 lit. f DSGVO, based on our legitimate interest in the needs-based design and continuous optimization of our website.

In the following listing of the technologies we use, you will also find information in each case on the options for objecting with regard to our analysis measures by means of a so-called opt-out cookie. Please note that after deleting all cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again.

Use of cookies and comparable technologies to technologies for online advertising

We also use cookies and similar technologies for advertising purposes. Some of the access data generated when using our website is used for interest-based advertising. By analyzing and evaluating this access data, it is possible for us to display personalized advertising to you on our website and on the websites of other providers. This means advertising that corresponds to your actual interests and needs.

The legal basis for the data processing described in the following section is Art. 6 (1) sentence 1 lit. f DSGVO based on our legitimate interest in advertising our products and services in a personalized form.

In the following section, we would like to explain these technologies and the providers used for this purpose in more detail.

The data collected may include in particular

  • the IP address of the device
  • the date and time of access;
  • the identification number of a cookie
  • the device identifier of mobile devices;
  • technical information about the browser and the operating system.


However, the collected data is stored exclusively pseudonymously, so that no direct conclusions can be drawn about individuals.

In the following descriptions of the technologies we use, you will also find information in each case on the options for objecting with regard to our analysis and advertising measures by means of a so-called opt-out cookie. Alternatively, you can exercise your objection by making the appropriate settings on the websites Truste or Your Online Choices, which provide bundled objection options from many advertisers. Both sites allow you to deactivate all ads at once for the listed providers by means of opt-out cookies or, alternatively, to make the settings for each provider individually. Please note that after deleting all cookies in your browser or using a different browser and/or profile later, an opt-out cookie must be set again.

Data sharing

The data collected by us will only be passed on if:

  • you have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO;
  • the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f DSGVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed;
  • we are legally obliged to disclose your data according to Art. 6 para. 1 p. 1 lit. c DSGVO; or
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.


Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and platforms for online booking of accommodation businesses or mailing providers. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by us.

Duration of storage

In principle, we store personal data only as long as necessary to fulfill contractual or legal obligations for which we collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

Your rights

You have the right to request information about the processing of your personal data by us at any time. When providing information, we will explain the data processing to you and provide you with an overview of the data stored about your person.

If any data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You can also request the deletion of your data. If deletion is exceptionally not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.

You can also have the processing of your data restricted, for example, if you believe that the data we have stored is incorrect.

You also have the right to data portability, which means that we will provide you with a digital copy of the personal data you have provided to us upon request.

To exercise your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection.

In addition, you have the right to object to data processing based on Art. 6(1)(e) or (f) DSGVO. Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can assert this right at a supervisory authority in the member state of your residence, your workplace or the location of the alleged infringement. In Nuremberg, our headquarters, the competent supervisory authority is: Bavarian State Office for Data Protection Supervision, postal address: P.O. Box 606, 91511 Ansbach.

Right of revocation and objection

In accordance with Article 7 (2) DSGVO, you have the right to withdraw your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) DSGVO, you have the right to object to the processing of your data pursuant to Art. 21 DSGVO and to provide us with reasons that arise from your particular situation and which, in your opinion, argue for an overriding of your interests worthy of protection. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the contact details above.

Data security

We maintain current technical measures to ensure data security, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art in each case. To secure the personal data you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

Changes to the privacy policy

We occasionally update this privacy policy, for example, when we adapt our website or when legal or regulatory requirements change.

© TVF - Version: 1.1 / Status: May 2019

Contact

You have various options for contacting us. This includes the contact form. In this context, we process data exclusively for the purpose of communicating with you.

The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 p. 1 lit. f DSGVO due to our legitimate interest that you contact us and we can answer your inquiry.

The data we collect when you use the contact form will be automatically deleted after we have fully processed your request, unless we still need your request to fulfill contractual or legal obligations (see section "Duration of Storage").

Obtaining your consent

We use the tool of KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin ("Klaro") to obtain and manage your consent. This generates a banner which informs you about the data processing on our website and gives you the option to consent to all, individual or no data processing through optional tools.

This banner appears the first time you visit our website and when you revisit your choice of settings to change them or withdraw consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookies or information in the local storage have been deleted or have expired.

Klaro does not collect or store any personal information from website visitors. When a visitor provides consent, only an anonymous record of consent is stored on the server, which enables the requirements for documenting consent under the GDPR to be met. More information on this can be found in Klaro's privacy policy.

The data processing by Klaro is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Klaro is Art. 6 para. 1 p. 1 lit. f DSGVO, justified by our interest in fulfilling the legal requirements for consent management. The access to and storage of information in the terminal device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

Google Analytics 4

Our website uses the Google Analytics 4 service ("Google Analytics"), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from Europe, the Middle East and Africa (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google") for all other persons.

Google Analytics uses JavaScript and pixels to read information on your terminal device and cookies to store information on your terminal device. This is used to analyze your usage behavior and improve our website. We will process the information obtained to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of the data. This is done in particular for forecast metrics on the future behavior of visitors based on structured event data, such as the predicted turnover, the probability of purchase and the probability of churn. The forecast metrics can also be used for forecast target groups. To learn more, visit: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions where insufficient data is available to optimize analysis and reports. Find out more at: https://support.google.com/analytics/answer/10710245. Data evaluations are automated using artificial intelligence or based on specific individually defined criteria. You can find out more about this at: https://support.google.com/analytics/answer/9443595.

We have made the following data protection settings for Google Analytics:

  • IP anonymization (shortening of the IP address before evaluation);
  • Automatic deletion of old visit logs by limiting the storage period to 2 months;
  • No reset of the retention period in case of new activity;
  • Disabling the collection of accurate location and position data;
  • Disabled collection of accurate device data;
  • Disabled cross-device and cross-page tracking (Google Signals);
  • Disabled data sharing with other Google products and services, benchmarking, technical support, account manager.


The following data is processed by Google Analytics:

  • IP address;
  • User ID and device ID;
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, time spent);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (conversions), if applicable;
  • Technical information: Operating system; Browser type, version and language; Device type, brand, model and resolution;
  • Approximate location (country and city, if applicable, based on anonymized IP address).

Events/ optimised analyses:

We have activated the optimised analyses in Google Analytics. This means that in addition to the automatically recorded events (page views, start of page view, duration of use, first call to the website) and website-specific events, additional events and interactions of the visitors are also recorded and evaluated with regard to various parameters. You can find more information on this at: https://support.google.com/analytics/answer/9216061?hl=en&sjid=16584354431768947839-EU

  • Possible website-specific events: Page depth equal to/greater than two, click external accommodation page, click holiday planner, brochure viewed, fill holiday planner, click mail link, brochure ordered, click phone number, click link YouTube, social media link in footer, contact form sent, download PDF holiday planner, click link Facebook, click link Instagram, click link Twitter, click external links, click link komoot, use leaflet catalogues.

  • Events through optimised analytics: scrolls, clicks on external links, website search, interaction with videos, file downloads

Advertising function/ personalised ads:

"As part of Google Analytics, we also use the advertising function for personalised ads. This allows us to personalise our advertisements in Google Ads according to your usage behaviour and interests. These personalised ads are only created and played in German-speaking countries (DACH). You can find more information on this at: https://support.google.com/analytics/answer/9626162

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

  • "_ga" (2 years), "_gid" (24 hours): Recognition and differentiation of visitors by a user ID;
  • "_ga_[GA-ID]" (2 years): Retention of the information of the current session;
  • "_gac_gb_[GA-ID]" (90 days): Retention of campaign-related information and link to Google Ads Conversion Tracking, if applicable;
  • "IDE" (13 months), if applicable: Recognition and differentiation of visitors by a user ID, recording of interaction with advertising, playing out personalized advertising.


For more information about Google Analytics 4 cookies, please visit: https://support.google.com/analytics/answer/11397207?hl=en&sjid=16584354431768947839-EU.

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 p. 1 lit. a DSGVO. Access to and storage of information in the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25 (1) TTDSG.

The data generated in this context may be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has undergone the certification procedure in accordance with the EU-U.S. Data Privacy Framework and can thus invoke the new adequacy decision of the EU Commission (Art. 45 GDPR) for the USA:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

For more information, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245.

Plausible Analytics

We use Plausible Analytics, a web analytics tool provided to us by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

Plausible Analytics is self-hosted by us, so all data collected is processed exclusively on our own servers. No data is passed on or transferred to third parties.

With Plausible Analytics, no cookies are set and no information is stored in the user's browser. Plausible Analytics only uses a script to collect usage data for statistical purposes. We use the insights gained to optimise our content and services accordingly.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO. The access to and storage of information in the terminal device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

For more information, please see the privacy policy of Plausible Analytics: https://plausible.io/privacy.

Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from the European Economic Area and Switzerland and by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together "Google") for all other persons.

The Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to execute a tool, for example through scripts. If these are optional tools, they will only be integrated by the Google Tag Manager with your consent. The Google Tag Manager uses JavaScript and does not use cookies.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO. Access to and storage of information in the terminal device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

For the purposes of ensuring stability and functionality, Google collects information on which tags are integrated by our website within the scope of using the Google Tag Manager. However, the Google Tag Manager does not store any personal data beyond the mere establishment of the connection, in particular no data on user behaviour or the pages visited.

The data generated when using the Google Tag Manager may be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has undergone the certification procedure in accordance with the EU-U.S. Data Privacy Framework and can thus invoke the new adequacy decision of the EU Commission (Art. 45 DSGVO) for the USA: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

For more information, see Google's information on the Tag Manager: https://support.google.com/tagmanager/answer/6102821.

External Media

We also use other external media, such as embedded videos.

The legal basis for this is - unless otherwise stated - your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO, which you give via the cookie banner or with the respective tool itself by individually allowing its use via a banner (overlay) placed above it. For the revocation of your consent, see section "Revoking your consent or changing your selection".

YouTube-Videos

We have embedded videos in our website that are stored on YouTube and can be played from our websites. YouTube is a multimedia service of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube"), which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other persons by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together "Google").

In doing so, YouTube may execute technologies such as JavaScript, which access information in your terminal device. We have activated YouTube's extended data protection mode. According to YouTube's own documentation, Google thus receives less usage information and also does not personalise the video recommendations and advertisements. Cookies are no longer stored.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. Access to and storage of information in the terminal device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

By visiting our website, YouTube and Google receive the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether you are logged in to YouTube or Google or not. YouTube and Google also use this data for the purposes of advertising, market research and demand-oriented design of their services. If you call up YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not want the association, it is necessary that you log out of Google before calling up our website.

In addition to withdrawing your consent, you also have the option of deactivating personalised advertising in Google's advertising settings. In this case, Google will only display non-individualised advertising: https://adssettings.google.com/notarget

The data generated when using YouTube may be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has undergone the certification procedure under the EU-U.S. Data Privacy Framework and can thus invoke the new adequacy decision of the EU Commission (Art. 45 DSGVO) for the USA: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Further information can be found in Google's privacy notices, which also apply to YouTube: https://policies.google.com/privacy?hl=en

schliessen