Last Modified: 03.01.2022 - This information will be updated at irregular intervals. To guarantee optimum transparency we recommend that you visit this page frequently.
The Nuremberg Convention and Tourist Office offers you a broad spectrum of online services (hereafter called "services"). This page informs you of your rights according to Article 12 (and following) of the General Data Protection Regulation (GDPR) about the type, purpose and scope of the processing and use of personal data by our services. The legal framework is provided by the EU General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG), the data protection provisions of the Telecommunication-Telemedia Act (TTDSG), the German Commercial Code (HGB) as well as other detailed regulations. We update this information when required and recommend that you read this site again when you use our services.
If you wish to communicate with us, you will find the name of the appropriate contact person for your concern in section 6. You may do so without incurring additional costs other than the usual transmission costs at the basic rates.
1. Legal Framework
2. Type, Scope and Purpose of the Collection, Processing and Use of Data
3. Processes to Optimize Our Services
4. Additional Applications of Our Services (Third-Party & Social Media)
5. Protection of Your Rights as a Concerned Party (Examples)
6. Contact for Further Questions or Suggestions for Data Protection
1. Legal Framework
We collect, process and use your personal data which is created though use of our online services only within the scope of legal regulations and based on:
- A contract or a relationship of trust similar to a contract (Art. 6 § 1b DSGVO); the use of copyright protected material, online booking, for example
- Your explicit permission (Art. 6 § 1a DSGVO); a newsletter subscription, for example
- A legal obligation (Art. 6 § 1c DSGVO); identification of suppliers, for example
- Legitimate interests of our organization (Art. 6 § 1f DSGVO), if the interests, basic rights and fundamental freedoms of those parties concerned do not outweigh such interests. Legitimate interests include, for example, the proper performance, security and provision of a comfortable user interface for your online services with the assistance of optimization methods (See Section 3).
2. Type, Scope and Purpose of the Collection, Processing and Use of Data
Personal data is information that allows the identification of you as a specific individual. This includes, for example, names, contact data, photos, information about interests and hobbies and memberships as well as technical data collected by our system such as your IP address or that of your internet provider (provider or host).
2.1 Data Collected by Our System and the Protection of Your Privacy
When you use our services or view content, we automatically collect data in the form of serverlog files. This includes the name, date and time of the viewed website, filenames, quantity of data transmitted, access status of the server (data transferred, data not found, command not executed, etc.), browser type and version as well as specific browser settings such as country and language, user's operating system, device information (Unique Device Identifier UDID and device type, for example), the previously visited page (referrer), IP address, internet service provider and requesting computer access method (PC, mobile, remote access, etc.).
We use all logged data only for our own analysis of operation, for security purposes and to optimize our services. Personal identification is generally not possible and is not pursued. However, we reserve the right to subsequently review the log files on a case-by-case basis when there is tangible evidence or a justified suspicion of illegal use of our services.
2.2 Queries & Newsletter
Anytime you contact us, whether by contact form, e-mail or by telephone, we collect and use your data within the framework of specified business activities or to process your query. Data that are not mandatory to process your request are only given voluntarily (your address, for example).
At your request, we will send you information about our services and products. For this purpose, you many subscribe to various newsletters. To do so, we require an e-mail address, which we will check for validity before the subscription order is binding. We will also request your title and first and surname in order to optimize our service for you (so that we may address you with the correct name).
2.3. Digital Applications
If you send us an application in digital form, we will process and save it during the application process for the job for which you have applied. Unsolicited applications will be assigned to appropriate openings. Once someone has been hired for an advertised position, we will archive your data for six months, in case of any legal claims. Once this legal storage time has expired, your data will be deleted in conformance with data protection requirements. Where appropriate, we will ask for your written permission to store your data longer (for up to two years), if there is a possibility that your application might be appropriate for a future job opening.
2.4 Ordering, Booking & Evaluation (Customer Satisfaction)
Within the scope of your orders and bookings, whether online, verbal, written or per telephone, fax or e-mail, we offer you the opportunity to evaluate the services you have received as well as our service in providing them. To this end, after you have completed your stay or received your order you will receive an e-mail with a link which will lead you to a short questionnaire. Your evaluation is completely voluntary and anonymous and serves only to improve the quality of our products and services. If you do not want to receive this evaluation e-mail, please send a brief notice to: email@example.com.
For one-time orders, your personal data will only be used to complete the order. After billing and payment is completed, only the data required by law will be stored according to the HGB and when the required storage limit has expired, deleted. All data that is not required by law will be deleted immediately. Established customers (those who order often) will receive a customer number. Their data will be saved in a customer data bank to make order and contract processing easier.
2.5 Booking of City Tours
To process our city tours, we use a booking system provided by bookingkit GmbH, Sonnenallee 233, 12059 Berlin ("bookingkit"). When you book a tour on our website, the data required for your offer and contract is processed directly by their system. Your personal data is transferred to bookingkit. The saving and processing of your data is used to support the processing of your order, for authentication purposes and for payment processing. You can find more information about terms and conditions, data privacy and any use of third-parties to process your data by bookingkit at bookingkit.net/de/datenschutzerklaerung/.
2.6 "Nürnberger Quartiere" - Mobile Use of Vouchers
You can also request vouchers from local business via the Web-App and store them directly on your mobile device as a QR-Code in your electronic wallet, where they can be managed and redeemed onsite. The delivery of these QR-Codes to your mobile device as well as the internal administration of vouchers takes place via the software "Passcreator" from the supplier "mediahelden GmbH", Walter-Gropius-Straße 15, 80807 Munich, Germany.
No personal data is processed: For the assignment of vouchers a code (Barcode, QR-Code) and an automatic ID is generated by the system. For administration of the vouchers, only the type of mobile device (for example "Apple"), date and time of the request and the status of voucher use (number, status of use) is used. There is no use of personal data.
2.7 Payment Function
For fee-based services, you can normally choose between various forms of payment. For this purpose, the responsible payment processor may collect, save and process personal data such as your name, your address, your telephone number and your e-mail address as well as your credit card or bank account data. You submit data related to this transaction exclusively to the payment processor. This payment processor is therefore responsible for the protection and use of your data. Their separate terms and conditions apply to this transaction. We only receive information confirming whether payment has been made or not.
For hotel reservation and package booking
For payment by direct debit or credit card - for example for a hotel reservation or package booking - our carefully chosen and certified Swiss Payment Partner "Datatrans AG" is responsible. You submit the relevant data for this purpose to this partner. A specialized payment platform is integrated into our services for this purpose. Information
For payment in the online shop
For payment processing in our online shop, our chosen and certified Payment Partner "GiroSolution AG" is responsible. You submit the relevant data for this purpose to this partner. A specialized payment platform is integrated into our services for this purpose.
Payment for City Tours
Special case: Booking by fax
In the case of bookings from a provider, who, due to technical limitations, can only transfer data via fax, this data will be transferred unencrypted. To protect especially sensitive data such as credit card numbers, you can transfer these per telephone. Fax bookings are sent directly to the responsible service staff, are booked as soon as possible and are then saved in a secured archive in accordance with statutory requirements and, once the required legal storage time is over, will be destroyed in conformance with data protection requirements by a certified and tested service provider.
2.8 Registration Function
If you use an application in our services that is specially protected due to the use of sensitive data, we require - as sometimes also required by law - mandatory data for registration and processing of your order. Contact forms follow the principle of economy of data; mandatory data fields are identified accordingly. When we require your consent to collect and use your data, this will only take place after notification of the purpose of the processing and your rights associated with this process. You will be explicitly notified of these facts before you submit your data. Data transmission will take place encrypted according to current security standards.
2.9 Transfer of Data
We process the collected data for the purpose of optimizing customer service in cooperation with all departments within our organization. By this means we can spare you unnecessary multiple queries and contacts and provide you with the appropriate contact person for your specific request, who can provide you with complete and expert advice.
We would be pleased upon request to provide you a list of cooperating suppliers for our online services (third-parties who process data on our behalf). We do not transfer your data to third parties, nor do we sell your data.
A processing of personal data outside the European Union (EU) and European Economic Area (EEA) does not take place and is also not planned, unless expressly stated in an individual case hereinafter.
2.10 Mobile Use
3. Processes to Optimize our Online Presence
The use of our internet websites is, in principle, possible without disclosing personal data. Any other elements for audience measurement and user statistics serve a legitimate interest to optimize our processes and promote our contents and products. We work with a pseudonymized form of your data, as usage data is not linked with personal user data. That means even your IP address remains a pseudonym.
If you wish to take advantage of these offers in the future (or deselect), you can return to your cookie settings by clicking on the small shield symbol which is located at the lower right-hand corner of each page. You can set your browser to warn you that you are about to receive a cookie, allowing you to decide on a case-by-case basis when to accept a cookie or you may exclude all incoming cookies. You can find more details at www.aboutcookies.org. If you do not consent to the saving and processing of your data for optimization and marketing purposes by this or other technologies, you can prevent this by using the methods supplied by your provider. In this case, a so-called "opt-out" cookie will be placed in your browser, which recognizes that no session data should be collected.
Please note that a complete deletion of all your cookies through a browser setting will also remove such opt-out cookies, which must be thereafter reactivated. Here you can find a list of cookies applied by other providers
For optimal operability without cookies and for analysis of the attractiveness of our services, we use the Canvas element. Through its use, device-related characteristics can be taken into consideration, making use of our services more comfortable. Conventional browsers unfortunately offer no means to shut off this element. If you wish to do so, we recommend the use of the necessary plug-ins or a browser that offers an advanced user more control possibilities (for example, the Tor Browser, available at https://www.torproject.org/).
3.3 Google reCAPTCHA
Our services sometimes use "reCAPTCHA" operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to protect your contact with us. The query provided by reCAPTCHA helps to decide if the answer is provided by a human or a fraudulent automated machine. The query includes the sending of your IP address and (in some cases) other necessary data required for the reCAPTCHA service to Google. For this purpose, your input will be sent to Google and processed there. You can find the data protection policy of Google here: https://policies.google.com/privacy?hl=de.
3.4 Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses so-called "cookies", small text files which are saved on your computer allowing an analysis of your use of our website. The information collected by this cookie about the use of this website is normally sent to a Google server in the USA and saved there. At this website, IP anonymization is activated, so that the IP addresses of users within the member states of the European Union or other nations which have signed agreements with the European Economic Area will be shortened. Only in rare cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate the use of the website by users, to create reports about website activities and to provide other services concerning website use and internet use for the website operator. The IP address from your browser which has been transferred as part of the Google Analytics services will not be merged with other data from Google.
3. Verfahren zur Optimierung unserer Onlinepräsenz
Die Nutzung unserer Internetseiten ist grundsätzlich ohne Angabe personenbezogener Daten möglich. Alle nachfolgend genannten Elemente zu Reichweitenmessung und Statistiken zum Verhalten unserer Nutzer dienen unserem berechtigten Interesse an der kontinuierlichen Optimierung der Darstellung und Übermittlung unserer Inhalte und Produkte für Sie. Wir arbeiten dabei mit der pseudonymisierten Form Ihrer Daten und führen Informationen zum Nutzerverhalten nicht mit persönlichen Nutzerprofilen zusammen. Auf diese Weise bleibt selbst Ihre IP-Adresse ohne Personenbezug.
Standardmäßig setzen wir nur die technisch erforderlichen Cookies. Für diese benötigen wir keine Einwilligung, da sie die ordnungsgemäße Funktion unseres Angebots sicherstellen. Sie brauchen also grundsätzlich nicht aktiv werden, um Ihr Recht auf Privatsphäre bei der Nutzung unseres Angebots zu wahren.
Auf verschiedenen Seiten unseres Angebots werden zusätzliche Cookies unterschiedlicher Art verwendet. Es handelt sich dabei um sehr kleine funktionale Dateien, die auf Ihrem Rechner abgelegt werden. Die in den Cookies hinterlegten gerätebezogenen Informationen ermöglichen uns, die Nutzung unseres Angebots ohne direkten Personenbezug zu analysieren und Ihr genutztes Endgerät beim nächsten Besuch wiederzuerkennen. Dies macht Ihnen die Nutzung unserer Internetseiten bequemer (Benutzerfreundlichkeit) und gibt uns die Möglichkeit, Ihre Bedürfnisse besser nachvollziehen zu können und unser Angebot danach für Sie auszurichten.
Bereits auf der Startseite haben Sie die Möglichkeit, in einem gesonderten Fenster alle Cookies abzulehnen oder zuzulassen sowie detailliertere Einstellungen vorzunehmen. Möglicherweise können Sie bei einer pauschalen Ablehnung zusätzliche Annehmlichkeiten, die bestimmte nutzungsbasierte Informationen benötigen, nicht nutzen:
- Angebote, die auf Ihre bisherigen Gewohnheiten zugeschnittenen sind, können Ihnen dann nicht bevorzugt angezeigt werden;
- nützliche Tipps und Zusatzleistungen zu Ihrem gebuchten Aufenthalt, wie etwa unsere sehr beliebte NürnbergCard, können Ihnen dann technisch bedingt ebenfalls nicht vorgeschlagen werden.
Möchten Sie diese und weitere Vorteile zu einem späteren Zeitpunkt nutzen (oder Cookies abwählen), gelangen Sie über einen Klick auf das kleine Schildsymbol, das Sie in der unteren linken Ecke jeder Seite finden, wieder in die Einstellungen zu den Cookies.
Sie können natürlich auch weiterhin die Cookie-Optionen in Ihrem Browser nutzen. Weitere Details hierzu finden Sie unter https://www.aboutcookies.org. Darauf haben wir keinen Einfluss.
Für den Fall, dass Sie pauschal alle Cookies zulassen, nachfolgend ein paar zusätzliche Detailinformationen.
Für optimale Bedienbarkeit auch ohne Cookies und zu Auswertungen über die Attraktivität unseres Angebots verwenden wir bei einem Teil unseres Angebots zeitgemäße Canvas. Hierbei können die gerätebezogenen Besonderheiten berücksichtigt und damit die Nutzung unserer komfortabler genutzt werden. Herkömmliche Browser bieten bislang leider noch keine Möglichkeit an, auch dieses Element abzuschalten. Wir empfehlen hier, auf entsprechende Plug-Ins oder einen Browser, der Ihnen als fortgeschrittenem Nutzer mehr Steuermöglichkeiten anbietet, auszuweichen (etwa den Tor-Browser, erhältlich unter www.torproject.org).
3.3 Google reCaptcha
Unser Angebot nutzt teilweise zum Schutz Ihrer Kontaktaufnahme mit uns per den Dienst reCAPTCHA des Unternehmens Google Inc. mit Sitz in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Die Abfrage dient der Unterscheidung, ob die Eingabe durch einen Menschen oder missbräuchlich durch automatisierte, maschinelle Verarbeitung erfolgt. Die Abfrage schließt den Versand der IP-Adresse und ggf. weiterer von Google für den Dienst reCAPTCHA benötigter Daten an Google ein. Zu diesem Zweck wird Ihre Eingabe an Google übermittelt und dort weiterverarbeitet.
Weitere Ausführliche Informationen zu Nutzungsbedingungen und Datenschutz bei Google finden Sie im Cookiebereich (Klick auf das Schild-Symbol unten links auf der Seite).
3.4 Google Analytics
Diese Webseite benutzt Google Analytics, einen Webanalysedienst der Google Inc. ("Google"). Google Analytics verwendet sog. "Cookies", funktionale Dateien, die auf Computer der Nutzer gespeichert werden und die eine Analyse der Benutzung unseres Online-Angebots ermöglichen. Die erzeugten Informationen werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert. Da die IP-Anonymisierung aktiviert ist, werden die IP-Adresse der Nutzer von Google innerhalb von Mitgliedstaaten der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum zuvor gekürzt. Nur in Ausnahmefällen wird die volle IP-Adresse an einen Server von Google in den USA übertragen und dort gekürzt. In unserem Auftrag wird Google diese Informationen benutzen, um die Nutzung unseres Angebots online auszuwerten, um Reports über die Websiteaktivitäten zusammenzustellen und um für uns weitere mit der Websitenutzung und der Internetnutzung verbundene Dienstleistungen zu erbringen. Die im Rahmen von Google Analytics von Ihrem Browser übermittelte IP-Adresse wird nicht mit anderen Daten von Google zusammengeführt. In der Regel ist bei Endverbrauchern durch die IP-Adresse kein direkter Rückschluss auf Sie als Person möglich.
Weitere Informationen zu Nutzungsbedingungen und Datenschutz bei Google finden Sie im Cookiebereich (Klick auf das Schild-Symbol unten links auf der Seite).
4. Additional Applications of Our Services (Third-Party & Social Media)
In some cases, we round out our services for you through links to carefully selected third parties. We accept no responsibility for their contents or privacy policies. Based on the technology, third parties will normally receive at the minimum your IP address. In view of our responsibility according to the DSGVO, we strive in your interest to only offer links for which the providers use IP addresses for delivery of content only. However, we have no influence on whether third-party providers store your IP address for statistical or other purposes. If we are aware that this is the case, we will inform you.
We offer you the possibility to expand your interest in special topics through links. These internet pages are carefully selected by us for you and are reviewed by us at irregular intervals. However, for these offers their policies apply, including their use of your data. Please be aware of this, if you choose to call up these external sites.
4.2 Shortened Links: "go.nuernberg.de"
On this website, we offer you the service of shortened link addresses with the format "go.nuernberg.de/[...]". This helps you when you have a targeted approach to a specific page in our service by shortening your time typing and offering you more overview. These links are generated by the URL shortening service of the city of Nuremberg. When you click on a link, it will be decrypted on the city's server and the request will be forwarded to the underlying target address. The target address may lie outside our and the city's internet services. If you wish to know which target address will be called up, you can view it on our website go.nuernberg.de.
The following data from your visit to our internet site are automatically saved on the webservers of the city of Nuremberg: Date and time of the request, the requesting computer's desired access method or function, the input data received from the requesting computer, name of the requested file, URL created by the file request or desired function, information about the browser and operating system used, anonymized IP address. IP addresses are collected anonymously and used for marketing and service optimization without any connection to personal data.
4.3 Services of the Tour Operator Ameropa
The booking process for services offered by Ameropa Reisen GmbH on our page will be processed directly on their website. Please read the data privacy protection policy of their website. For customer service, we receive some personal data from this provider: Name and contact data, transaction number, tour information and services booked, for example. We assure you that this data is only used to process your booking. It will not be given to third parties.
4.4 Use of Social Plug-Ins or Other Links
We offer you the opportunity to show your interest in our services on various social media platforms. If you do not want data collected through our services to be directly assigned to your profile, please log out of the respective social network (Facebook, for example) before you visit our services. You can control or block the loading of plug-ins with the corresponding add-on applications for your internet browser, for example with a script-blocker such as "NoScript" (http://noscript.net). You could also use a browser that offers an advanced user more control possibilities (See Section 2). If a user is not a member of a given social media platform, it is still possible that a platform will learn and save the user's IP address. We therefore provide the following information about the data privacy protection of various social media platforms.
This service uses Social Plug-Ins ("plug-ins") of the facebook.com social network, operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA ("Facebook"). The "Like" and "Share" plug-ins can be recognized by the Facebook logo (white "f" on a blue tile or a "thumbs-up" sign). A list and description of the Facebook Social Plug-Ins can be seen at: developers.facebook.com/docs/plugins/. When you, as user, open a webpage of our services that contains such a plug-in, your browser will create a direct link to the Facebook server. The content of the plug-in will be transferred from Facebook directly to your browser and tied into the webpage. We have no influence over the amount of data that Facebook collects with this plug-in and therefore we here inform you based on the information available at the time of publication.
Google "+1"Buttons and YouTube
Our online services use the button from YouTube and the "+1" button of the social network Google Plus, which are operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The button from YouTube is a grey base with the two-line black-and-red "You Tube" lettering; the button from Google+ can be recognized by a "+1" symbol on a white or colored background. If you open one of the webpages of our services which contain one or more such buttons, your browser will create a direct link to the Google servers. The content of the button will be transferred from Google directly to the browser and tied into the webpage. We have no influence over the amount of data that Google collects with this button. According to Google, no personal data will be collected without a previous click on the button. Only in the case of logged-in members will data, including the IP address, be collected and processed.
Instagram including Social Walls
Our services offer in part the possibility to display publicly-accessible postings from Instagram users. To this end, we have created a so-called "Social Wall" on our central website. This Social Wall displays a rotating sample of postings (mainly photos), which are currently published on the "Instagram" internet platform. In order to take part in our Social Wall, Instagram users must personally self-activate selected posts - a personal photo taken in Nuremberg, for example - in their Instagram account with the hashtags which have been created by us for this service. They are currently #nuernberg_travel, #tastenuremberg and #seimeingast. As soon as these hashtags have been removed from your Instagram post, the link to our Social Wall will be deleted.
Google Maps & Google Web Fonts
5. Protection of Your Rights as a Concerned Party (Examples)
We have taken wide-ranging technical and organizational steps to protect your data when it is processed. We pursue the protective measures of confidentiality, integrity (completeness and accuracy of data), availability and allocation (authenticity). Here are a few examples from our concept.
- Data transfer as part of our services takes place encrypted according to the most current security standards, as far as technically possible (this does not apply to faxes, for example).
- Access to our data processing systems takes place via a pre-determined authorization procedure that is regularly reviewed. Statistics about use of our online services are produced either by the system itself or a service provider and contain no person-linked data.
- The evaluation of logged data takes place mainly pseudonymized and only by authorized employees, who are required to protect your privacy and are continually receiving training on the best methods to do so.
- If business partners are contracted by us for data processing (outsourcing), they are carefully selected according to legal requirements and are required by contract to data privacy protection. Compliance with this contract will be, if necessary, monitored at their site.
- Your permission to save and use your data which you have provided to us can be withdrawn at any time, if this data is not required to fulfill a contract or required by law (subject to legal storage limits, for example). You can assert your right to revoke this permission (now and in the future) by sending a notice to those responsible listed at the end of this document.
- The length of time your data will be saved by our online services is determined by the purpose for which it was transferred to us and legal regulations. It is in our interest to not save your data in our system any longer than necessary. We set time limits for storage corresponding to the requirements of our processing operations. Through appropriate technical standards and procedures, deletion deadlines are determined and the elimination of data which is no longer required initiated as soon as possible, whenever technologically possible.
- As a user, you have the right to receive free-of-charge information about the personal data we have logged. You have the right to correct inaccurate data, delete or block the use of your personal data, if it is not required to fulfill a contract and when deletion does not violate a legal obligation to retain data. Through such contact, you will accrue no additional costs, other than the basic costs of transmission (phone, mail or e-mail, for example). Your right to a transfer of your data is not currently supported by our online services, as you give us no applicable information online. If you are of the opinion that our data processing does not meet legal requirements, we would be thankful for a notification.
- Safeguarding of the effectiveness and sustainability of the data privacy protection measures implemented by us is the responsibility of both the executive management (as the responsible party) and the data protection staff, but also a standardized compliance procedure for continually optimizing our standard of data privacy protection. We also call on proven external data protection experts.
If, when using our services, you call up the webpages and data from third parties and thereby transfer data about yourself, please note that this data transfer may take place unencrypted over the internet and the data may therefore be accessed by unauthorized persons.
6. Contact for Further Questions or Suggestions for Data Protection
6.1 Responsible Party
Nuremberg Convention and Tourist Office, Frauentorgraben 3/IV, D-90443 Nuremberg; Telephone: +49 911 2336-0; E-mail: firstname.lastname@example.org.
6.2 Person Responsible for Data Protection
6.3 Responsible Regulatory Authority
You have the right to appeal to the responsible regulatory authority. The following office is responsible for us: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA). Address: Promenade 27, 91522 Ansbach; Telephone: +49 (0) 981 53 1300; E-mail: email@example.com.