Hotline: +49 911 / 2336-0

Data Privacy Protection Information

Last Modified: 05.03.2024 - This information will be updated at irregular intervals. To guarantee optimum transparency we recommend that you visit this page frequently.

The Nuremberg Convention and Tourist Office offers you a broad spectrum of online services (hereafter called "services"). This page informs you of your rights according to Article 12 (and following) of the General Data Protection Regulation (GDPR) about the type, purpose and scope of the processing and use of personal data by our services. The legal framework is provided by the EU General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG), the data protection provisions of the Telecommunication-Telemedia Act (TTDSG), the German Commercial Code (HGB) as well as other detailed regulations. We update this information when required and recommend that you read this site again when you use our services.

If you wish to communicate with us, you will find the name of the appropriate contact person for your concern in section 6. You may do so without incurring additional costs other than the usual transmission costs at the basic rates.

Contents

1. Legal Framework

2. Type, Scope and Purpose of the Collection, Processing and Use of Data

3. Processes to Optimize Our Services

4. Additional Applications of Our Services (Third-Party & Social Media)

5. Protection of Your Rights as a Concerned Party (Examples)

6. Contact for Further Questions or Suggestions for Data Protection

1. Legal Framework

We collect, process and use your personal data which is created though use of our online services only within the scope of legal regulations and based on:

  • A contract or a relationship of trust similar to a contract (Art. 6 § 1b DSGVO); the use of copyright protected material, online booking, for example
  • Your explicit permission (Art. 6 § 1a DSGVO); a newsletter subscription, for example
  • A legal obligation (Art. 6 § 1c DSGVO); identification of suppliers, for example
  • Legitimate interests of our organization (Art. 6 § 1f DSGVO), if the interests, basic rights and fundamental freedoms of those parties concerned do not outweigh such interests. Legitimate interests include, for example, the proper performance, security and provision of a comfortable user interface for your online services with the assistance of optimization methods.

2. Type, Scope and Purpose of the Collection, Processing and Use of Data

Personal data is information that allows the identification of you as a specific individual. This includes, for example, names, contact data, photos, information about interests and hobbies and memberships as well as technical data collected by our system such as your IP address or that of your internet provider (provider or host).

When you use our services or view content, we automatically collect data in the form of serverlog files. This includes the name, date and time of the viewed website, filenames, quantity of data transmitted, access status of the server (data transferred, data not found, command not executed, etc.), browser type and version as well as specific browser settings such as country and language, user's operating system, device information (Unique Device Identifier UDID and device type, for example), the previously visited page (referrer), IP address, internet service provider and requesting computer access method (PC, mobile, remote access, etc.).

We use all logged data only for our own analysis of operation, for security purposes and to optimize our services. Personal identification is generally not possible and is not pursued. However, we reserve the right to subsequently review the log files on a case-by-case basis when there is tangible evidence or a justified suspicion of illegal use of our services.

Anytime you contact us, whether by contact form, e-mail or by telephone, we collect and use your data within the framework of specified business activities or to process your query. Data that are not mandatory to process your request are only given voluntarily (your address, for example).

At your request, we will send you information about our services and products. For this purpose, you many subscribe to various newsletters. To do so, we require an e-mail address, which we will check for validity before the subscription order is binding. We will also request your title and first and surname in order to optimize our service for you (so that we may address you with the correct name).The newsletter is ordered and managed by our carefully selected partner Wilken AG Software und Consulting, Blumenaustraße 8, CH-9320 Arbon TG. This partner is also contractually obliged to comply with data protection regulations.

If you send us an application in digital form, we will process and save it during the application process for the job for which you have applied. Unsolicited applications will be assigned to appropriate openings. Once someone has been hired for an advertised position, we will archive your data for six months, in case of any legal claims. Once this legal storage time has expired, your data will be deleted in conformance with data protection requirements. Where appropriate, we will ask for your written permission to store your data longer (for up to two years), if there is a possibility that your application might be appropriate for a future job opening.

Within the scope of your orders and bookings, whether online, verbal, written or per telephone, fax or e-mail, we offer you the opportunity to evaluate the services you have received as well as our service in providing them. To this end, after you have completed your stay or received your order you will receive an e-mail with a link which will lead you to a short questionnaire. Your evaluation is completely voluntary and anonymous and serves only to improve the quality of our products and services. If you do not want to receive this evaluation e-mail, please send a brief notice to: info@ctz-nuernberg.de.

For one-time orders, your personal data will only be used to complete the order. After billing and payment is completed, only the data required by law will be stored according to the HGB and when the required storage limit has expired, deleted. All data that is not required by law will be deleted immediately.

We offer you the opportunity to book city tours and comparable services from other providers through us. To process these bookings, we enter the necessary data from you directly into the booking system of the provider responsible for your desired service. Further processing, including the processing of your orders, the handling of payment transactions and, if applicable, your authentication, is the responsibility of the respective provider:

For city tours and sightseeing tours

  • Provider bookingkit GmbH, · Sonnenallee 233, 12059 Berlin ("bookingkit"). You can find more information about terms and conditions, data privacy and any use of third-parties to process your data by bookingkit at bookingkit.net/de/datenschutzerklaerung/.
  • Provider Citivent (Foxtrail Nürnberg), Preysingstraße 1, 90475 Nürnberg ("Foxtrail"), Information about data privacy at foxtrail.info/datenschutz/
  • Provider Regensburger Stadtrundfahrten GmbH, Posthorngässchen 6, 93047 Regensburg ("Stadtrundfahrten"), Data protection information https://www.city-tour.info/en/legal-information

For the "Nürnberg Card!

You can explore chosen Nuremberg Neighborhoods live via our Web-App. If you allow your mobile device to recognize your location, the App will display the distance to a given neighborhood and the offers there. The calculation of distance takes place only locally via Javascript on your mobile device, via a Flag Function Display on a street map section. No data is transferred to a third party. That is why the App does not offer route planning.

You can also request vouchers from local business via the Web-App and store them directly on your mobile device as a QR-Code in your electronic wallet, where they can be managed and redeemed onsite. The delivery of these QR-Codes to your mobile device as well as the internal administration of vouchers takes place via the software "Passcreator" from the supplier "mediahelden GmbH", Walter-Gropius-Straße 15, 80807 Munich, Germany.

No personal data is processed: For the assignment of vouchers a code (Barcode, QR-Code) and an automatic ID is generated by the system. For administration of the vouchers, only the type of mobile device (for example "Apple"), date and time of the request and the status of voucher use (number, status of use) is used. There is no use of personal data.

For fee-based services, you can normally choose between various forms of payment. For this purpose, the responsible payment processor may collect, save and process personal data such as your name, your address, your telephone number and your e-mail address as well as your credit card or bank account data. You submit data related to this transaction exclusively to the payment processor. This payment processor is therefore responsible for the protection and use of your data. Their separate terms and conditions apply to this transaction. We only receive information confirming whether payment has been made or not.

For hotel reservation

For payment by direct debit or credit card - for example for a hotel reservation - our carefully chosen and certified Swiss Payment Partner "Datatrans AG" is responsible. You submit the relevant data for this purpose to this partner. A specialized payment platform is integrated into our services for this purpose. More information at https://www.datatrans.ch/en/privacy-policy/.

For payment in the online shop

For payment processing in our online shop, our chosen and certified Payment Partner "payone" is responsible. A specialized payment platform is integrated into our services for this purpose. You submit the relevant data for this purpose to this partner. at https://www.payone.com/DE-en/data-protection-regulations.

Payment for City Tours and similar services

A specialized booking platform offering the following methods of payment is integrated into our services. .

The service PayPal is offered from PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg bereitgestellt. If you pay through PayPal, you will be connected to the PayPal website through a link. You can find more information about their data privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

DServices for payment through bank transfer, credit or debit cards, SEPA direct debit, immediate transfer, Giropay, iDeal and Przelewy24 are provided by MANGOPAY S.A, 10 Boulevard Royal, L-2449 Luxemburg erbracht. You can find more information about their data privacy policy at https://mangopay.com/privacy-statement.

Data transmission is of course encrypted in accordance with the latest security standards. In addition, the procedures of the payment partners mentioned fulfill the requirements of the Payment Card Industry Data Security Standard (PCI DSS)

Special case: Booking by fax

In the case of bookings from a provider, who, due to technical limitations, can only transfer data via fax, this data will be transferred unencrypted. To protect especially sensitive data such as credit card numbers, you can transfer these per telephone. Fax bookings are sent directly to the responsible service staff, are booked as soon as possible and are then saved in a secured archive in accordance with statutory requirements and, once the required legal storage time is over, will be destroyed in conformance with data protection requirements by a certified and tested service provider.

If you use an application in our services that is specially protected due to the use of sensitive data, we require - as sometimes also required by law - mandatory data for registration and processing of your order. Contact forms follow the principle of economy of data; mandatory data fields are identified accordingly. When we require your consent to collect and use your data, this will only take place after notification of the purpose of the processing and your rights associated with this process. You will be explicitly notified of these facts before you submit your data. Data transmission will take place encrypted according to current security standards.

As a service, we provide event organizers with a digital location finder for planned events. For this purpose, we use a "Nuremberg channel" of our carefully selected provider Meetago GmbH, Junkersring 5, 53844 Troisdorf, Germany. The purpose of the web portal is to process conference, group or apartment inquiries, including the preparation of offers and booking information. For this purpose, your details will be forwarded to suitable providers. As this is a target group-oriented function, registration is required to use the location finder, which already asks for all the master data required to create an offer. You can request the deletion of your profile at any time using the contact details provided in the legal notice. If your profile is not used for more than two years, we reserve the right to irretrievably delete it without further notice.

Further data protection information from Meetago: www.meetago.com/en/data-privacy-statement/

This initiative of the "Wirtschafts- und Wissenschaftsreferates der Stadt Nürnberg", der "Industrie- und Handelskammer Nürnberg für Mittelfranken" (IHK) and ourselves has set itself the task of making Nuremberg's city center more lively - with your ideas. The NCW supports committed people with new, innovative and feasible project ideas for the revitalization of Nuremberg's city center through targeted publication and, if necessary, support as an "authority guide" so that your idea arrives exactly where it can be realized.

The NCW is a network of stakeholders that works together to ensure that committed people can implement their good ideas for our city center. "Just do it" is the motto. They make the complicated simple and get started as quickly as possible. The focus is on trying things out and learning from each other. Anyone can apply informally with their idea, e.g. by e-mail.

Your data will only be passed on by the contact person you have chosen at NCW if this is necessary to process your project idea. The recipients are exclusively NCW employees. All further steps will be discussed with you beforehand. Your data will be processed, stored, archived and, if necessary, deleted in accordance with our general data protection concept. Special consideration is given to the aspect of data minimization according to the need-to-know principle as well as appropriate technical and organizational measures depending on the protection requirements of the information you provide. The City Werkstatt participants reserve the right to archive the projects with the (small amount of) data for chronicling purposes in the long term.

We process the collected data for the purpose of optimizing customer service in cooperation with all departments within our organization. By this means we can spare you unnecessary multiple queries and contacts and provide you with the appropriate contact person for your specific request, who can provide you with complete and expert advice.

We would be pleased upon request to provide you a list of cooperating suppliers for our online services (third-parties who process data on our behalf). We do not transfer your data to third parties, nor do we sell your data.

A processing of personal data outside the European Union (EU) and European Economic Area (EEA) does not take place and is also not planned, unless expressly stated in an individual case hereinafter.

We cannot ignore the shift to digital data processing, which has made great progress in recent years, especially as it also offers you many advantages, such as fast and versatile information options, accessibility and short distances. We are aware that most of our members, customers and interested parties work more frequently than average with standard market programs and systems, such as Windows computers and Microsoft Office programs.

At the latest since the trend for providers to offer their software (in some cases) only online, the security of the personal data processed in this way has been called into question - and rightly so. However, the use of alternative applications still fails too often due to compatibility problems. Documents are then displayed incorrectly or incompletely, can only be used to a limited extent or cannot be opened at all.

In some cases, we are currently unable to avoid the products of the global market leaders. That is why we are giving a lot of thought to using software as securely as possible in order to optimally protect your privacy and that of our employees when processing their data. For example, we have reorganized our entire data storage so that we can optimally control which data is processed and stored at all and where, and when it is deleted. With a consistent concept for assigning access and processing rights based on user groups and roles, we can generally prevent unauthorized access. Our contractors are also carefully selected from a data protection perspective and contractually bound to data protection in accordance with legal requirements. Within the EU, agreements on order processing are concluded for this purpose, and the EU standard contractual clauses are concluded with contractors without an EU-like level of data protection.

 

• With Microsoft's MS 365, we can exclude the transfer of personal data to third countries through our "Premium" license, even in the case of support. In addition, Microsoft has made a voluntary commitment to the new EU-U.S. Data Privacy Framework. On the other hand, we have concluded the so-called EU standard contractual clauses for compliance with the EU data protection level as a data protection agreement with Microsoft.

According to its own statements, Microsoft only processes anonymized metadata for its own purposes, so that our previous statements also apply to this. What we cannot influence is what Microsoft does with data that you yourself make available to the company, for example, if you live a more extensive data release (e.g. are permanently logged in to Microsoft or generously allow logging). This increases convenience as a user, but may lead to data being exchanged as a result of the networking inherent in MS 365. This may be additional information about you or a profile picture that you have stored in your application and thus made available.

In addition, our contractual partner, Microsoft Deutschland GmbH, a subsidiary of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, provides the following information online athttps://privacy.microsoft.com/de-de/privacystatement selbst umfangreiche Informationen zu seinen Datenschutzmaßnahmen zur Verfügung.

• Avaya Deutschland GmbH, a subsidiary of Avaya LLC 350 Mt. Kemble Avenue Morristown, NJ 07960. USA, has so-called "Binding Corporate Rules" (BCR) as a special guarantee for an EU-like level of data protection. These are approved by the responsible supervisory authority in a complex procedure and also apply to subcontractors here. In addition, we have concluded the aforementioned EU standard contractual clauses for compliance with the EU level of data protection as a data protection agreement. Details on data protection: www.avaya.com/en/trust-center-privacy/

The responsible use of digital communication media, for example in the form of video conferencing or the use of collaboration tools, is now part and parcel of modern, location-independent communication.

The use of established platforms - and therefore platforms that can be used by all participants - often involves the transfer of personal participant data (name, email address, IP address, date and duration of the event, chat contributions, and possibly also video or audio recordings) to technical providers whose headquarters are located in countries that do not have an EU-like level of data protection.

Video conferencing system teams: Recordings of our online meetings and events primarily concern the speakers and moderators, unless contributions from the plenary session also need to be recorded for verification purposes. Recordings are always announced in advance and directly before the start of the function so that you can protect your rights. The active recording function is also indicated visually, e.g. with a glowing red signal dot.

Avaya telephone system: We do not migrate any data to the telephone system and also pay attention to appropriate data minimization. Recordings of conversations are not planned. Should this be desired in justified individual cases, we will define the scope of data processing together beforehand.

When using such applications, we naturally pay attention to data minimization and strict access control as well as to default settings that are as data protection-friendly as possible (privacy by default in accordance with the GDPR) in order to adequately protect the privacy of all parties involved and our business secrets. Required recordings are marked visually in the application and with a note that requires confirmation. The data is only stored for the required duration and then deleted in accordance with data protection regulations.

In addition, our contractors are carefully selected and contractually committed to data protection in accordance with legal requirements. Microsoft has committed to the new EU-US Privacy Framework, which grants affiliated companies privileged status as contractors with an EU-comparable level of data protection. Avaya has established globally binding rules of conduct within its Group, which have been approved by the responsible supervisory authority.

Please note that when using our services on mobile end devices (such as cell or smart phones and tablets) that, depending on your permissions and the technology used, precise location data may be collected, used and shared, including the geographic location of your device. In addition, within the framework of the terms of use of your respective telecommunications provider, further data may be collected, processed and used. Over this we have no influence.

3. Processes to Optimize our Online Presence

The use of our website is generally possible without providing personal data. All of the elements mentioned below (hereinafter referred to collectively as "cookies") for measuring reach and statistics generate technical data that we need to examine user behavior (usage tracking), for example to optimize usability, the ability to find information or loading times and display options (usability). These elements can also play a role in the use of plug-ins (e.g. weather app) or other online applications. They support the retrieval of values from the website address (URL), the linking of values or the recording of form aborts for forwarding to us as the website operator. This enables us to analyse the use of our website without personal reference, to recognize the device you are using on your next visit, to improve forms and thus to make our website more and more user-friendly.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. In addition, we only use pseudonymized data and do not merge it with user profiles. In this way, even your IP address remains anonymous to us.

The term "cookies" refers to functional information or data records that are usually stored on your computer in a browser-managed database structure and can be stored either only for the duration of a page visit or permanently on the end device you are using.

We have done a lot to live an optimal data minimization. However, every integrated third-party provider naturally also records log files on the system about the data traffic that takes place. This system data (often initially pseudonymized on the basis of the IP address) may also be transmitted to countries with a lower level of data protection (e.g. Google, USA). However, it should only be possible to merge this data with a user profile that can be assigned to you if you are actively registered ("logged in"). To protect your privacy, we recommend that you always log out of social platforms and other online services with user profiles at the end of your session in order to reduce profiling.

The legal basis for data processing based on your consent is Art. 6 para. 1 lit. a DSGVO.

Cookie minimization - generally switched off

By default, we only use the technically mandatory technical elements. We do not require consent for these, as they ensure the proper functioning of our website. You therefore do not need to take any action to protect your right to privacy when using our website.

If you reject all cookies across the board, you will receive all the basic information you need, but will initially only be able to experience the amenities of our multimedia offering to a limited extent, including the following

  • YouTube videos or images of testimonials from social platforms (Instagram etc.) not displayed (placeholders instead).
  • Offers that are tailored to your previous habits are not generated and displayed to you preferentially to make your selection easier.
  • useful tips and additional services for your booked stay, such as our very popular NürnbergCard, are also not suggested for technical reasons.

Release of all cookies - for the multimedia experience of our region

As a tourist office, one of our tasks is to present our region to you in the most appealing and informative way possible. You should be able to gain a good first impression of our region and its attractive offers in as little time as possible. Digital media is the contemporary form for such inspiring "eye-catchers". That's why we offer you many impressions from Instagram users and YouTube videos, among other things. With your approval of "all cookies", all third-party content is activated. In this way, you do not have to manually activate each of our numerous experience posts.

Change cookie settings - at any time and very easy

Of course, you can change your cookie settings at any time, either functionally or individually. You can find detailed information on the respective elements and their third-party providers in the footer under "Cookies & tracking" or by clicking on the coat of arms symbol in the bottom left-hand corner. You can also make cookie and tracking settings in your browser.

In the event that you allow cookies, here is some detailed information.

For optimal operability without cookies and for analysis of the attractiveness of our services, we use the Canvas element. Through its use, device-related characteristics can be taken into consideration, making use of our services more comfortable. Conventional browsers unfortunately offer no means to shut off this element. If you wish to do so, we recommend the use of the necessary plug-ins or a browser that offers an advanced user more control possibilities (for example, the Tor Browser, available at www.torproject.org).

Our website partly uses applications from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics to analyze how our offer is used (usability)

This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses so-called "cookies", small text files which are saved on your computer allowing an analysis of your use of our website. The information collected by this cookie about the use of this website is normally sent to a Google server in the USA and saved there. At this website, IP anonymization is activated, so that the IP addresses of users within the member states of the European Union or other nations which have signed agreements with the European Economic Area will be shortened. Only in rare cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate the use of the website by users, to create reports about website activities and to provide other services concerning website use and internet use for the website operator. The IP address from your browser which has been transferred as part of the Google Analytics services will not be merged with other data from Google.The retention period is 14 months.

Google AdServices

Google Adservices collects information about user behavior with the help of cookies. In addition, Google uses so-called "web beacons", invisible graphics via which personal data and activities are transmitted to Google's servers in the USA via the IP address and further processed or stored there. You can prevent the collection and further processing of your data from this application if you deactivate the execution of Java scripts in your browser or install an application that suppresses such scripts.

To exercise your right to object to the collection of usage data by Google, Google provides a deactivation add-on that you can install (https://tools.google.com/dlpage/gaoptout?hl=en).

Further information about data processing by Google, its terms of use and data protection can be found in the cookie area (click on the shield symbol at the bottom left of the page) or in the current version in the Privacy Center http://www.google.de/intl/de/policies/privacy/

With large providers such as Google, profiling can never be completely ruled out, as even with pseudonymous data, the sum of a large amount of individual information allows clear conclusions to be drawn about a user, even if the name is not known - depending, of course, on how many traces you have left on the Internet so far, through your own activity or that of third parties, e.g. family members, clubs, friends or even employers.

Google signals

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

To exercise your right to object to the collection of usage data by Google, Google provides a deactivation add-on that you can install https://tools.google.com/dlpage/gaoptout?hl=de/.

Further information about data processing by Google, its terms of use and data protection can be found in the cookie area (click on the shield symbol at the bottom left of the page) or in the current version in the data protection center www.google.de/intl/de/policies/privacy/

With large providers such as Google, profiling can never be completely ruled out, as even with pseudonymous data, the sum of a large amount of individual information allows clear conclusions to be drawn about a user, even if the name is not known. This is directly dependent on how many traces you yourself leave behind on the Internet, through your own activities or those of third parties, e.g. family members, clubs, friends or even employers. We have no influence on this.

To measure our reach and the quality of our offer, we use the "Hotjar" service from the European provider Dragonara on our website. When you visit a Hotjar-based website, Hotjar may temporarily process your IP address to ensure that our service works smoothly and to improve the quality of our software. IP addresses processed by us are used solely for related performance metrics (i.e. data on how well our software performs on the Hotjar-based website) and to control and track application errors. For this purpose, we may store your IP address with Hotjar's sub-processors, who are subject to strict confidentiality obligations and will only process your data in accordance with our instructions. We will never access these IP addresses without an operational or security need. IP addresses processed or stored by us are automatically deleted within 30 calendar days.

Further information on Hotjar's terms of use and data protection can be found in the cookie section or directly from the provider: www.hotjar.com/legal/policies/privacy/de/

4. Additional Applications of Our Services (Third-Party & Social Media)

In some cases, we round out our services for you through links to carefully selected third parties. We accept no responsibility for their contents or privacy policies. Based on the technology, third parties will normally receive at the minimum your IP address. In view of our responsibility according to the DSGVO, we strive in your interest to only offer links for which the providers use IP addresses for delivery of content only. However, we have no influence on whether third-party providers store your IP address for statistical or other purposes. If we are aware that this is the case, we will inform you.

We offer you the possibility to expand your interest in special topics through links. These internet pages are carefully selected by us for you and are reviewed by us at irregular intervals. However, for these offers their policies apply, including their use of your data. Please be aware of this, if you choose to call up these external sites.

On this website, we offer you the service of shortened link addresses with the format "go.nuernberg.de/[...]". This helps you when you have a targeted approach to a specific page in our service by shortening your time typing and offering you more overview. These links are generated by the URL shortening service of the city of Nuremberg. When you click on a link, it will be decrypted on the city's server and the request will be forwarded to the underlying target address. The target address may lie outside our and the city's internet services. If you wish to know which target address will be called up, you can view it on our website go.nuernberg.de.

The following data from your visit to our internet site are automatically saved on the webservers of the city of Nuremberg: Date and time of the request, the requesting computer's desired access method or function, the input data received from the requesting computer, name of the requested file, URL created by the file request or desired function, information about the browser and operating system used, anonymized IP address. IP addresses are collected anonymously and used for marketing and service optimization without any connection to personal data.

The booking process for services offered by Ameropa Reisen GmbH on our page will be processed directly on their website. Please read the data privacy protection policy of their website. For customer service, we receive some personal data from this provider: Name and contact data, transaction number, tour information and services booked, for example. We assure you that this data is only used to process your booking. It will not be given to third parties.

You can of course "like" our content and "share" it in your online profiles or jump directly to our offer on various social network platforms. We do not use the usual plug-ins with the active elements of the providers (scripts). Instead, we use the data protection-friendly buttons with share parameters ("Shariff") or completely passive links.

Both forms do not collect personal data by themselves, but only when you actively use these elements and a connection with the respective platform is established. In such cases, the respective provider collects and processes your data as a user under its own responsibility. Therefore, if you use one of these elements with us, the following information about the operator and their data protection information is provided for your information.

Application: www.facebook.com || www.instagram.de

Operator: Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA

Data protection information: https://www.facebook.com/privacy || privacycenter.instagram.com

On our central website, we give Instagram users the opportunity to share selected images of Nuremberg and the region with you in constant rotation ("social wall"). To do this, the Instagram profile owner sets one or more of our special keywords ("hashtags") for the desired photo. As soon as the Instagram user removes the hashtags they have set on their Instagram post, the link to our social wall is removed. Our current hashtags are for example #nuernberg_travel", #tastenuremberg, #seimeingast and #stadtglück.

Application: www.youtube.com |Operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection information: http://www.google.de/intl/de/policies/privacy/

If we use fonts from Google Web Fonts, this is done locally from our servers. There is no connection to Google servers, so no data is transmitted.

Application: twitter.com / x.com | Application: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Data protection information: twitter.com/privacy

Application: www.pinterest.com | Operator: Pinterest Inc., 808 Brannan Street, San Franzisco, CA 94301, USA

Data protection information: https://policy.pinterest.com/de/privacy-policy

The "Curator" tool from the operating company curator.io, 2372 Morse Ave, Suite 149, Irvine CA 92651, USA, is used on our website to display the social media feed on our website. Curator collects images and posts from Facebook and Instagram based on the keywords (so-called "tags") set by the profile owners and transfers them technically to the website function for the feed, the "Social Wall". This enables visitors to our website to view images of Nuremberg fans without having to be logged in to the social media. Information on data protection at Curator can be found at https://curator.io/privacy-policy

In order to offer you a panoramic view of the city of Nuremberg in real time, you can use a webcam on our website which is offered by our already mentioned partner feratel media technologies AG. The cam is integrated as a widget directly on our site and does not collect/transmit any data to feratel or third parties.

In the "Nuremberg neighborhoods" section, you can explore selected places in Nuremberg with the help of a small web app. To help you find your way around, we provide a section of the city map, which does not transmit any personal data.

Protection of Your Rights as a Concerned Party (Examples)

  • Right to notification or information (Art. 13, 14 GDPR)
  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure ("right to be forgotten") (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR) - not relevant for our online offering
  • Right to object to the use of data (Art. 21 GDPR)
  •  

    We have taken wide-ranging technical and organizational steps to protect your data when it is processed. We pursue the protective measures of confidentiality, integrity (completeness and accuracy of data), availability and allocation (authenticity). Here are a few examples from our concept.

    • Data transfer as part of our services takes place encrypted according to the most current security standards, as far as technically possible (this does not apply to faxes, for example).
    • Access to our data processing systems takes place via a pre-determined authorization procedure that is regularly reviewed. Statistics about use of our online services are produced either by the system itself or a service provider and contain no person-linked data.
    • The evaluation of logged data takes place mainly pseudonymized and only by authorized employees, who are required to protect your privacy and are continually receiving training on the best methods to do so.
    • If business partners are contracted by us for data processing (outsourcing), they are carefully selected according to legal requirements and are required by contract to data privacy protection. Compliance with this contract will be, if necessary, monitored at their site.
    • Your permission to save and use your data which you have provided to us can be withdrawn at any time, if this data is not required to fulfill a contract or required by law (subject to legal storage limits, for example). You can assert your right to revoke this permission (now and in the future) by sending a notice to those responsible listed at the end of this document.
    • The length of time your data will be saved by our online services is determined by the purpose for which it was transferred to us and legal regulations. It is in our interest to not save your data in our system any longer than necessary. We set time limits for storage corresponding to the requirements of our processing operations. Through appropriate technical standards and procedures, deletion deadlines are determined and the elimination of data which is no longer required initiated as soon as possible, whenever technologically possible.
    • As a user, you have the right to receive free-of-charge information about the personal data we have logged. You have the right to correct inaccurate data, delete or block the use of your personal data, if it is not required to fulfill a contract and when deletion does not violate a legal obligation to retain data. Through such contact, you will accrue no additional costs, other than the basic costs of transmission (phone, mail or e-mail, for example). Your right to a transfer of your data is not currently supported by our online services, as you give us no applicable information online. If you are of the opinion that our data processing does not meet legal requirements, we would be thankful for a notification.
    • Safeguarding of the effectiveness and sustainability of the data privacy protection measures implemented by us is the responsibility of both the executive management (as the responsible party) and the data protection staff, but also a standardized compliance procedure for continually optimizing our standard of data privacy protection. We also call on proven external data protection experts.

    If, when using our services, you call up the webpages and data from third parties and thereby transfer data about yourself, please note that this data transfer may take place unencrypted over the internet and the data may therefore be accessed by unauthorized persons.

    Please note that we have no influence on the collection and use of your data when you visit or use our services with third-party providers (for example, as described above by YouTube). This applies to all related interaction options such as posting pictures and audio material or commentaries, unless these are transferred to our company in a clearly recognizable form such as e-mail. The responsible party in each case is the operator of the platform that you have visited and used. The data protection and privacy policy information on their sites is then valid.

6. Contact for Further Questions or Suggestions for Data Protection

Nuremberg Convention and Tourist Office, Frauentorgraben 3/IV, D-90443 Nuremberg; Telephone: +49 911 2336-0;

E-Mail: info@ctz-nuernberg.de

Our Privacy Policy Administrator Ms. Blossey is happy to address any other issues concerning data privacy protection. You can best reach her via e-mail at datenschutz@ctz-nuernberg.de.

You have the right to appeal to the responsible regulatory authority. The following office is responsible for us: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

Address: Promenade 27, 91522 Ansbach; www.lda.bayern.de, Telefon: +49 981 180093-0

Share it via