This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online services and the associated websites, features, content and external online presences, such as our social media profiles (hereinafter collectively referred to as "online services"). With regard to the terminology used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Sightseeing-Touren Sebastian Jelsch
Sebastian Jelsch
Haimhauser Straße 8
80802 Munich
Email: contact@sightseeing-munich.tours
Owner: Sebastian Jelsch
Link to Legal Notice: https://sightseeing-munich.tours/en/legal
– Master data (e.g. names, addresses).
– Contact data (e.g. email, phone numbers).
– Content data (e.g. text entries, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta/communication data (e.g. device information, IP addresses).
Visitors and users of the online services (hereinafter we also refer to the data subjects collectively as "users").
– Provision of the online services, their features and content.
– Responding to contact enquiries and communicating with users.
– Security measures.
– Reach measurement / marketing.
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not specified in this Privacy Policy, the following applies for users within the scope of the GDPR (i.e. the EU and EEA):
The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR;
The legal basis for processing to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR;
The legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) GDPR;
Where processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.
The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.
The legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR.
Processing of data for purposes other than those for which it was collected is governed by the provisions of Art. 6(4) GDPR.
Processing of special categories of data (pursuant to Art. 9(1) GDPR) is governed by the provisions of Art. 9(2) GDPR.
In accordance with legal requirements and taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, ensuring availability and separation of data. We have also established procedures to ensure the exercise of data subject rights, deletion of data and response to data threats. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and processes, in accordance with the principle of privacy by design and privacy-friendly defaults.
If we disclose data to other persons and companies (processors, joint controllers or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if transmission of the data to third parties, such as payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose, transfer or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis complying with the statutory requirements.
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or this occurs in the context of using third-party services or disclosing or transferring data to other persons or companies, this only takes place to fulfil our (pre-)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we only process or allow data to be processed in third countries with a recognised level of data protection.
You have the right to request confirmation as to whether data concerning you is being processed and to information about such data as well as further information and a copy of the data in accordance with legal requirements.
You have the right in accordance with legal requirements to request the completion of data concerning you or the rectification of inaccurate data concerning you.
You have the right in accordance with legal requirements to request that data concerning you be deleted immediately or alternatively to request restriction of the processing of the data.
You have the right to request that data concerning you which you have provided to us be received in accordance with legal requirements and to request its transfer to other controllers.
You also have the right in accordance with legal requirements to lodge a complaint with the competent supervisory authority.
You have the right to revoke consent granted with effect for the future.
You may object to the future processing of data concerning you in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.
"Cookies" are small files that are stored on users' computers. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as "session cookies" or "transient cookies", are deleted after a user leaves an online service and closes their browser. Such a cookie may store, for example, the contents of a shopping basket in an online shop or a login status. "Permanent" or "persistent" cookies remain stored even after the browser is closed. For example, the login status can be saved if users visit after several days. Likewise, such a cookie can store users' interests, which are used for reach measurement or marketing purposes. "Third-party cookies" are cookies offered by providers other than the controller who operates the online service (otherwise, if they are only their cookies, they are called "first-party cookies").
We may use temporary and permanent cookies and inform you about this in our Privacy Policy.
If users are asked to consent to the use of cookies (e.g. in the context of a cookie consent), the legal basis for this processing is Art. 6(1)(a) GDPR. Otherwise, users' personal cookies are processed in accordance with the following explanations within the framework of this Privacy Policy on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6(1)(f) GDPR) or where the use of cookies is necessary for the provision of our contract-related services, pursuant to Art. 6(1)(b) GDPR, or where the use of cookies is necessary for the performance of a task in the public interest or in the exercise of official authority, pursuant to Art. 6(1)(e) GDPR.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies may lead to functional restrictions of this online service.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookies can be prevented from being stored by deactivating them in the browser settings. Please note that in this case not all functions of this online service may be available.
The data we process is deleted or its processing restricted in accordance with legal requirements. Unless expressly stated in this Privacy Policy, the data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations preventing deletion.
If data is not deleted because it is required for other legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
We ask you to regularly inform yourself about the content of our Privacy Policy. We will adapt the Privacy Policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an action on your part (e.g. consent) or other individual notification.
In addition, we process
– Contract data (e.g. subject matter of contract, term, customer category).
– Payment data (e.g. bank details, payment history)
from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
When contacting us (e.g. via contact form, email, telephone or social media), the user's details are processed for the purpose of handling the contact enquiry and its processing pursuant to Art. 6(1)(b) (in the context of contractual/pre-contractual relationships) and Art. 6(1)(f) (other enquiries) GDPR. User details may be stored in a Customer Relationship Management system ("CRM system") or comparable enquiry management system.
We delete enquiries if they are no longer required. We review the necessity every two years; the statutory archiving obligations also apply.
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services that we use for the purpose of operating this online service.
In doing so, we or our hosting provider process master data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
We or our hosting provider collect data on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR on every access to the server on which this service is located (so-called server log files). Access data includes the name of the website retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security purposes (e.g. to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online service). The Tag Manager itself (which implements the tags) does not process any personal data of users. For information on the processing of users' personal data, please refer to the following information on Google services. Terms of use: https://www.google.com/intl/en/tagmanager/use-policy.html
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google uses cookies. The information generated by the cookie about users' use of the online service is generally transmitted to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate users' use of our online service, to compile reports on activity within this online service and to provide us with other services relating to the use of this online service and internet use. Pseudonymous usage profiles of users may be created from the processed data.
We only use Google Analytics with IP anonymisation enabled. This means that users' IP addresses are truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online service to Google and the processing of this data by Google by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=en.
Where we ask users for consent (e.g. in the context of a cookie consent), the legal basis for this processing is Art. 6(1)(a) GDPR. Otherwise, users' personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6(1)(f) GDPR).
To the extent that data is processed in the USA, we point out that Google is certified under the standard contractual clauses of the EU Commission and thereby undertakes to comply with European data protection law.
For further information on data use by Google, settings and opt-out options, please refer to Google's Privacy Policy (https://policies.google.com/privacy) and Google's settings for the display of advertisements (https://adssettings.google.com/authenticated).
Users' personal data will be deleted or anonymised after 14 months.
We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
We use the AdSense service, which enables advertisements to be displayed on our website and for which we receive remuneration for their display or other use. For these purposes, usage data such as clicks on an advertisement and the IP address of users are processed, with the IP address being truncated by the last two digits. Processing of users' data is therefore pseudonymised.
We use AdSense with personalised ads. Google uses information about websites visited or apps used by users and the user profiles thereby created to draw conclusions about their interests. Advertisers use this information to align their campaigns with these interests, which is equally beneficial for users and advertisers. For Google, ads are personalised when collected or known data determines or influences the ad selection. This includes, among other things, previous searches, activities, website visits, the use of apps, demographic and location information.
Where we ask users for consent (e.g. in the context of a cookie consent), the legal basis for this processing is Art. 6(1)(a) GDPR. Otherwise, users' personal data is processed on the basis of our legitimate interests (Art. 6(1)(f) GDPR).
For further information on data use by Google, settings and opt-out options, please refer to Google's Privacy Policy (https://policies.google.com/technologies/ads) and Google's ad settings (https://adssettings.google.com/authenticated).
We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
We use the AdSense service, which enables advertisements to be displayed on our website and for which we receive remuneration. For these purposes, usage data such as clicks on an advertisement and the IP address of users are processed, with the IP address being truncated. Processing of users' data is therefore pseudonymised.
We use AdSense with non-personalised ads. In this case, ads are not displayed based on user profiles. Non-personalised ads are not based on previous user behaviour. Targeting uses contextual information, including coarse (e.g. at city level) geographic targeting based on the current location, the content on the current website or app and current search terms. Google prohibits any personalised targeting, including demographic and user list targeting.
For further information on data use by Google, settings and opt-out options, please refer to Google's Privacy Policy (https://policies.google.com/technologies/ads) and Google's ad settings (https://adssettings.google.com/authenticated).
We use the online marketing method Google "AdWords" to place advertisements in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. This allows us to display advertisements for and within our online service in a more targeted manner in order to present users only with advertisements that potentially match their interests. If, for example, a user is shown advertisements for products in which they have shown an interest on other online services, this is referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device. In this file, which websites the user has visited, which content they are interested in and which offers the user has clicked on are noted, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online service.
We also receive an individual "conversion cookie". The information obtained with the help of the cookie serves Google to compile conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our advertisement and were redirected to a page with a conversion tracking tag. We do not receive any information that allows users to be personally identified.
Users' data is processed pseudonymously within the Google advertising network. For further information on data use by Google, settings and opt-out options, please refer to Google's Privacy Policy (https://policies.google.com/technologies/ads) and Google's ad settings (https://adssettings.google.com/authenticated).
Within our online service, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content are aware of the user's IP address, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content. We endeavour to only use content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online service, as well as being linked to such information from other sources.
We integrate maps from the "Google Maps" service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data processed may include in particular users' IP addresses and location data, which are not collected without their consent (generally carried out in the settings of their mobile devices). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
We integrate maps from the "OpenStreetMap" service (https://www.openstreetmap.de), which are offered on the basis of the Open Data Commons Open Database Licence (ODbL) by the OpenStreetMap Foundation (OSMF). Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
To our knowledge, users' data is used by OpenStreetMap exclusively for the purpose of displaying map functions and caching selected settings. This data may include in particular users' IP addresses and location data, which are not collected without their consent (generally carried out in the settings of their mobile devices).
The data may be processed in the USA. For further information, please refer to OpenStreetMap's Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
We use the Formspree service provided by Formspree Inc. (2104 Broadway, Suite 303, New York, NY 10023, USA) for our contact form. This serves our legitimate interest in fast and secure processing of user enquiries (Art. 6(1)(f) GDPR). The data you enter is transmitted to Formspree, processed there and forwarded to our email address. As this involves a transfer to the USA, we note that Formspree offers adequate guarantees to comply with European data protection standards. For further information, please refer to Formspree's Privacy Policy: https://formspree.io/legal/privacy-policy.
We use the unpkg service (npm files) for the correct display and function of the audio waveforms. For technical reasons, your IP address is transmitted to the CDN operator to deliver the required JavaScript library to your browser. This is done on the basis of our legitimate interest in the technically sound and optimised presentation of our online service pursuant to Art. 6(1)(f) GDPR.
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke
DE