Data protection is a matter of trust and your trust is important to us. We respect your privacy. The protection and legally compliant collection, processing and use of your personal data is therefore an important concern for us. To ensure that you feel safe when visiting our website, we strictly observe the statutory provisions when processing your personal data and would like to inform you here about our data collection and data use.
I. The person responsible for data processing within the meaning of Art. 4 No. 7 DSGVO is:
1. Responsible body:
Kur- und Badegesellschaft mbH
Stadtgarten / Passstr. 79
Mr. Dipl. Kfm. Björn Jansen
II. Scope and purpose of data processing
1. Anonymous data collection
We process personal data of website visitors only to the extent necessary to provide a functional website and our contents and services.
You can visit our website without providing any personal information. For technical reasons, among other things, to ensure a secure and stable Internet presence, we only store so-called “server log files”, access data without personal reference, such as your Internet provider, the Internet browser you use, the page from which you visit us, the date and time of your access or the name of the requested file.
The storage in “server log files” takes place to ensure the functionality of the website and for security reasons, in particular for the prevention and detection of attacks on our website or fraud attempts. The data is deleted as soon as it is no longer required, to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
These anonymous data are stored separately from any personal data you may have provided and thus do not allow any conclusions to be drawn about a specific person. They are evaluated for statistical purposes, in order to be able to optimise our website and our offers. The legal basis for the temporary storage of the data and the “server log files” is Art. 6 para. 1 lit. f DSGVO.
2. Collection and processing of personal data
If you wish to use a service of our company via our website, it is possible that the processing of personal data will be necessary. If there is no legal basis for the processing of personal data, we will request your consent. This will be apparent in the appropriate place and is necessary when you request our newsletter or contact us via email, for example. The legal basis for processing operations, in the case of which we obtain consent from you for processing purposes, is in accordance with Art. 6 (1) lit. a DSGVO. If the processing of personal data is necessary for the performance of a contract or the initiation of a contract (e.g., for the delivery of goods or the provision of such services, or in the case of enquiries about our products and services), processing is carried out in accordance with Art. 6 (1) lit. b DSGVO.
We store and use the personal data you provide, such as name, company, address, e-mail and telephone, for the purpose of individual communication with you in accordance with the German Data Protection Regulation (DSGVO) and the “BDSG (2018)”. Please note that generally no confidential information should be sent via the contact form.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.
3. Provision of the online offer and web hosting
In order to provide our website securely and efficiently, we use the services of a web hosting provider from whose servers our website can be accessed. We have concluded an order processing contract with the provider in accordance with Art. 28 DSGVO. The legal basis for the use of web hosting is Art. 6 para. 1 lit. f DSGVO (legitimate interest).
4. Newsletter registration
After you have expressly registered for the newsletter, you will regularly receive interesting offers about our products, services and activities by e-mail. Each email contains information on how you can unsubscribe from receiving the emails with effect for the future. To register for the newsletter, it is sufficient to provide your email address, which takes place by using the so-called “double opt-in” procedure. After registration, you will automatically receive an email in which you are asked to confirm / activate your registration by clicking on a link. This serves to prevent a third party from misusing your e-mail address and subscribing to our newsletter without your knowledge. With your registration to our newsletter, we store your IP address, the date and time of your registration, as proof of the registration process in accordance with legal requirements.
5. Newsletter dispatch with CleverReach
The service provider may use the data of the recipients in pseudonymous form, i.e., without assignment to a user, to optimise or improve its own services, e.g., to technically optimise the dispatch and presentation of the newsletter or for statistical purposes. However, the service provider does not use the data of our newsletter recipients to personally write to them or to pass the data on to third parties.
Cookies” are used when you visit our website. Cookies are small files that are stored on your terminal device during your visit to a website. From this it can be seen, for example, whether there has already been a connection between the device and the web pages and your preferred language or other settings and certain functionalities are taken into account as well as your interests on a usage basis are recognized.
Information about the cookies used
The following cookies are used on the website:
Necessary cookies and session cookies
Cookies Type: HTTP Cookie
Cookies Name: Polylang
Purpose: Polylang is a multi-language system for WordPress websites. The cookies store the user’s language and can redirect the user to the version of the website that corresponds to the language of the user’s browser.
Validity: 1 year(s)
Real Cookie Banner
Cookies Type: HTTP Cookie
Name: Real Cookie Banner
Purpose: Real Cookie Banner asks the user to agree to the cookies used on this website. The cookies store the UUID (pseudonymization of the user) and the selection of accepted cookie groups and cookies.
Validity: 365 day(s)
Adobe Fonts (Typekit)
Cookies Type: HTTP Cookie
Cookies Name: Adobe Fonts (Typekit)
Purpose: Adobe Fonts (Typekit) is a service that downloads fonts that are not installed on the user’s client device and embeds them in the website. No cookies in the technical sense are set on the user’s client device, but technical and personal data such as the IP address are transferred from the client to the service provider’s server, to enable the use of the service.
Cookies Type: HTTP CookieCookies
Purpose: YouTube allows content published on youtube.com to be embedded directly into websites. The cookies are used to collect visited websites and detailed statistics about user behaviour. This data can be linked to the data of users registered on youtube.com and google.com.
Duration: 2 year(s)
Statistics, marketing and personalization cookies
Cookies Type: HTTP Cookie
Cookies Name: Google Analytics
Purpose: Google Analytics is a service to create detailed statistics about user behaviour on the website. The cookies are used to distinguish users, throttle the request rate, link the client ID with the AMP client ID of the user, store campaign-related information from and for the user and to link data from multiple page views.
Duration: 2 year(s)
7. Use of tools and plugins on our website
– Linking to social media sites via “Shariff Wrapper”
We have linked social media logos of Facebook and Instagram (hereinafter “providers”) on our website by means of the plugin “Shariff Wrapper”, which redirect to our respective profiles deposited with the providers and are intended to enable you to follow us there, to communicate with the users active there or to offer information about us.
– Facebook is a service of Meta Platforms Inc. (formerly Facebook Inc.), 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is in turn operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook”.
– Instagram is a service of Meta Platforms Inc. (formerly Facebook Inc,) 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is in turn operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
For data protection reasons, we have only implemented a link to our respective profiles with the providers. This means that no data about you will be transmitted to the providers, unless you click on the respective social media logo. However, as soon as you click on the link to our respective profile set on our part, you will be forwarded to the website of the provider, which leads to data being transferred to the respective provider. We have no influence on this – possibly personal – data transmission and data collection to/from the providers. Likewise, we have no knowledge of the individual purposes of this data processing or its scope and storage period. Whether the providers carry out deletions, generate or assign profiles or set anonymisations is also not known to us and is also not within our sphere of influence.
If you are logged in to one of the aforementioned providers at the same time as clicking on the respective link implemented on our website, the data collected by the provider will be directly assigned to your profile there, when you call up their website.
The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 (1) lit. f DSGVO. If the users are asked by the respective providers for consent to data processing (i.e., declare their consent, e.g., by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6 (1) lit. a DSGVO in conjunction with. Art. 7 DSGVO.
For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks. In the case of requests for information and the assertion of data subject rights, we also point out that these can be asserted with the respective provider, as they have access to the users’ data and can take appropriate measures and provide information.
– Use of Google Analytics
We use “Google Analytics” to measure the reach and evaluate and analyse the usage behaviour of visitors to our website. The service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the EU, this service is in turn operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis is Art. 6 para. 1 lit. f DSGVO (legitimate interest in the analysis, optimization and economic operation of our website). If you have given your consent to the setting of cookies by “Google Analytics” via our cookie banner (legal basis is Art. 6 para. 1 lit. a DSGVO), usage/user-related information (IP address, location, time, frequency of visits to our website) will be transmitted to a Google server – which may also be located outside the EU/EEA – and stored there. This data is used by Google to provide us with an evaluation of the visit to our website and the usage activities there.
In order to fully comply with the legal data protection requirements, we have concluded a contract with Google on commissioned processing within the meaning of Art. 28 DSGVO.
You can prevent the collection of your data by Google Analytics by not giving your consent to the cookie being set, or by clicking on the following link https://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be set, which will prevent the collection of your data during future visits to our website: Disable Google Analytics.
– Use of Adobe Typekit Fonts
– Using Polylang Pro
To offer multilingualism on our website, we use the WordPress plugin “Polylang Pro”. The provider is WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France. Cookies from Polylang are set exclusively to detect and record the language used or chosen by the user. These cookies remain stored for one year and are then deleted. For more information on privacy compliance, please visit https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/.
– Use of Real Cookie Banner
In order to be able to document the consent of visitors to our website to the storage of cookies that require consent, we use the “Real Cookie Banner”. The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling. The legal basis is Art. 6 para. 1 lit. c DSGVO (obtaining the legally required consent for the use of certain analysis/tracking technologies).
When you visit our website, the following personal data is transferred to the “Real Cookie Banner”:
♣ your consent(s) or revocation of your consent(s)
♣ Your IP address
♣ Information about your browser and terminal device used
♣ Time of the visit to our website
– Use of Facebook Pixel
♣ Information about actions and activities of visitors to our website
Specific pixel information such as the pixel ID and the Facebook cookie.
♣ Information on buttons clicked by visitors to the website
♣ Information present in the HTTP header, such as IP addresses, information about the web browser, the location of the page, and the referrer;
♣ Information about the status of disabling/restricting ad tracking.
Some of this data is information that is stored in the terminal device you are using. In addition, cookies are also used via the Facebook pixel, via which information is stored on your terminal device used. Such storage of information by the Facebook pixel or access to information that is already stored in your terminal device only takes place with your consent.
For more information, please visit https://www.facebook.com/about/privacy. You can object to the collection by the Facebook pixel and the use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook (see there the settings for usage-based advertising), if you are logged in to Facebook: https://www.facebook.com/settings. The settings are platform-independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.
– Integration of services and contents of third parties
It may happen that third-party content, such as videos and/or graphics from other websites, is integrated within our pages. This is done on the basis of our legitimate interests (interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO). This always requires that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the users, since without the IP address the content cannot be sent to the browser of the respective user. The IP address is thus necessary for the display of this content. We endeavour to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence, if the third-party providers store the IP address, e.g., for statistical purposes. Insofar as this is known to us, we inform the users about it.
8. Data subject rights
As a person affected by data processing, you have the right to information (Art. 15 GDPR), correction (Art. 16 GDPR), data deletion (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) as well as data portability (Art. 20 GDPR). We do not use automatic decision-making or profiling (Art. 22 DSGVO).
In addition, in accordance with Art. 21 DSGVO, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is carried out on the basis of a consideration of interests (Art. 6 (1) (f) DSGVO), This is particularly the case, if the data processing is not necessary for the performance of a contract. If you make use of your right to object, we ask you to explain the reasons. We will then no longer process your personal data, unless we can prove to you that compelling reasons worthy of protection for the data processing outweigh your interests and rights. Please address your objection to the contact address of the data controller given above.
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters (The State Commissioner for Data Protection of North Rhine-Westphalia). (Art. 77 DSGVO).
Right of withdrawal (Art. 7 (3) DSGVO)
If you have consented to the processing of your personal data by us, you have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Likewise, further processing of this data on the basis of another legal basis, such as for the fulfilment of legal obligations (e.g., statutory retention periods), remains unaffected.
To exercise the data subject rights, please contact the above-mentioned office. Requests submitted electronically will generally be answered electronically. The information, notifications and measures to be provided in accordance with the GDPR, including “the exercise of data subject rights”, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge an appropriate fee for processing or to refrain from taking action (see Art. 12 para. 5 GDPR).
If there is reasonable doubt about your identity, we may request additional information from you for identification purposes. If we are unable to identify you, we are entitled to refuse to process your request. If we are unable to identify you, we will – as far as possible – notify you separately. (see Art. 12 (6) and Art. 11 DSGVO).
Requests for information will normally be dealt with without delay, within one month of receipt of the request. The time limit may be extended by a further two months where this is necessary, taking into account the complexity and/or number of requests; in the event of an extension of the time limit, we will inform you of the reasons for the delay within one month of receiving your request. If we do not act on a request, we will inform you without delay, within one month of receipt of the request, of the reasons for this and inform you of the possibility of lodging a complaint with a supervisory authority or seeking a judicial remedy. (see Art. 12 (3) and (4) DSGVO).
Please note that you can only exercise your data protection rights within the framework of restrictions and limitations provided for by the Union or the member states. (Art. 23 GDPR).
9. Data security
We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. We use SSL encryption for our website.
10. Deletion and restriction (blocking) of personal data
The deletion and restriction (blocking) of your personal data will be carried out after the purpose limitation has ceased to apply, insofar as they are no longer required for the fulfilment of the contract or the initiation of the contract, taking into account retention periods based on laws and/or the German Fiscal Code.
11. Contact possibility
We offer you the possibility on our site to contact us by e-mail. In this case, the personal data of the user transmitted by you with the e-mail will be stored. This serves us solely to process the contact. The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. The data will be deleted as soon as they are no longer required, to achieve the purpose for which they were collected and there are no retention periods to the contrary.
Status of the data protection declaration: 25.10.2021