Hotline: +49 911 / 2336-0

Data Privacy Protection Information

Last Modified: 24.06.2019 - This information will be updated at irregular intervals. To guarantee optimum transparency we recommend that you visit this page frequently.

When you use our online services (called here "services"), you, as a user, agree that we as the responsible party (see details in Section 6 at the end of this page) in accordance with the data protection law, may collect, process and use the following data listed here in the manner described in this document. We would be pleased to provide you a list of all our online services upon request.

This privacy policy also informs you about your rights as defined by Article 12 et seq of the General Data Protection Regulation (DSGVO) about the type, scope and purpose of the collection and use of personal data by our services. The legal framework is found in the EU General Data Protection Regulation (DSGVO), the German data protection law (BDSG), the German Telemedia Act (TMG), the German Commercial Code (HGB) and other detailed regulations, among others. We will update this information when required and recommend that you visit this page frequently when you use our services.

If, as a user, you want to contact us to protect your rights, you will find information about the correct contact persons in Section 6. Through such contact, you will accrue no additional costs, other than the basic costs of transmission (phone, mail or e-mail, for example).

Contents

1. Legal Framework

2. Type, Scope and Purpose of the Collection, Processing and Use of Data

3. Processes to Optimize Our Services

4. Additional Applications of Our Services (Third-Party & Social Media)

5. Protection of Your Rights as a Concerned Party (Examples)

6. Contact for Further Questions or Suggestions for Data Protection

1. Legal Framework

We collect, process and use your personal data which is created though use of our online services only within the scope of legal regulations and based on:

- A contract or a relationship of trust similar to a contract (Art. 6 § 1b DSGVO); the use of copyright protected material, online booking, for example

- Your explicit permission (Art. 6 § 1a DSGVO); a newsletter subscription, for example

- A legal obligation (Art. 6 § 1c DSGVO); identification of suppliers, for example

- Legitimate interests of our organization (Art. 6 § 1f DSGVO), if the interests, basic rights and fundamental freedoms of those parties concerned do not outweigh such interests. Legitimate interests include, for example, the proper performance, security and provision of a comfortable user interface for your online services with the assistance of optimization methods (See Section 3).

2. Type, Scope and Purpose of the Collection, Processing and Use of Data

Personal data is information that allows the identification of you as a specific individual. This includes, for example, names, contact data, photos, information about interests and hobbies and memberships as well as technical data collected by our system such as your IP address or that of your internet provider (provider or host).

2.1 Data Collected by Our System and the Protection of Your Privacy

When you use our services or view content, we automatically collect data in the form of serverlog files. This includes the name, date and time of the viewed website, filenames, quantity of data transmitted, access status of the server (data transferred, data not found, command not executed, etc.), browser type and version as well as specific browser settings such as country and language, user's operating system, device information (Unique Device Identifier UDID and device type, for example), the previously visited page (referrer), IP address, internet service provider and requesting computer access method (PC, mobile, remote access, etc.).

We use all logged data only for our own analysis of operation, for security purposes and to optimize our services. Personal identification is generally not possible and is not pursued. However, we reserve the right to subsequently review the log files on a case-by-case basis when there is tangible evidence or a justified suspicion of illegal use of our services.

2.2 Queries & Newsletter

Anytime you contact us, whether by contact form, e-mail or by telephone, we collect and use your data within the framework of specified business activities or to process your query. Data that are not mandatory to process your request are only given voluntarily (your address, for example).

At your request, we will send you information about our services and products. For this purpose, you many subscribe to various newsletters. To do so, we require an e-mail address, which we will check for validity before the subscription order is binding. We will also request your title and first and surname in order to optimize our service for you (so that we may address you with the correct name).

2.3 Ordering, Booking & Evaluation (Customer Satisfaction)

Within the scope of your orders and bookings, whether online, verbal, written or per telephone, fax or e-mail, we offer you the opportunity to evaluate the services you have received as well as our service in providing them. To this end, after you have completed your stay or received your order you will receive an e-mail with a link which will lead you to a short questionnaire. Your evaluation is completely voluntary and anonymous and serves only to improve the quality of our products and services. If you do not want to receive this evaluation e-mail, please send a brief notice to: info@ctz-nuernberg.de.

For one-time orders, your personal data will only be used to complete the order. After billing and payment is completed, only the data required by law will be stored according to the HGB and when the required storage limit has expired, deleted. All data that is not required by law will be deleted immediately. Established customers (those who order often) will receive a customer number. Their data will be saved in a customer data bank to make order and contract processing easier.

2.4 Payment Function

For fee-based services, you can normally choose between various forms of payment. For this purpose, the responsible payment processor may collect, save and process personal data such as your name, your address, your telephone number and your e-mail address as well as your credit card or bank account data. You submit data related to this transaction exclusively to the payment processor. This payment processor is therefore responsible for the protection and use of your data. Their separate terms and conditions apply to this transaction. We only receive information confirming whether payment has been made or not.

For hotel reservation and package booking

For payment by direct debit or credit card - for example for a hotel reservation or package booking - our carefully chosen and certified Swiss Payment Partner "Datatrans AG" is responsible. You submit the relevant data for this purpose to this partner. A specialized payment platform is integrated into our services for this purpose. Information

For payment in the online shop

For payment processing in our online shop, our chosen and certified Payment Partner "GiroSolution AG" is responsible. You submit the relevant data for this purpose to this partner. A specialized payment platform is integrated into our services for this purpose.

Payment for City Tours

A specialized booking platform offering the following methods of payment is integrated into our services. The service PayPal is offered from PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg. If you pay through PayPal, you will be connected to the PayPal website through a link. You can find more information about their data privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full. Services for payment through bank transfer, credit or debit cards, SEPA direct debit, immediate transfer, Giropay, iDeal and Przelewy24 are provided by MANGOPAY S.A, 10 Boulevard Royal, L-2449 Luxemburg. You can find more information about their data privacy policy at www.mangopay.com/privacy.

Special case

When you book using a provider which uses fax registration or order forms, the transfer of your data takes place unencrypted, due to the limitations of this technology. For the best protection of particularly sensitive data (credit card information, for example) which are required for your booking, you may choose to transmit them by telephone. Fax bookings go directly to the responsible service employee, are booked as soon as possible and then sealed and stored or archived according to regulation. When the required storage limit has expired, the faxes are disposed of properly by a certified and tested service provider

2.5 Additional Services

Nuremberg has a lot to offer its guests. We therefore sometimes send you e-mails describing advantageous proposals which correspond to your booked or ordered services. If you do not wish to receive these e-mails, please send a notice to info@ctz-nuernberg.de.

2.6 Registration Function

If you use an application in our services that is specially protected due to the use of sensitive data, we require - as sometimes also required by law - mandatory data for registration and processing of your order. Contact forms follow the principle of economy of data; mandatory data fields are identified accordingly. When we require your consent to collect and use your data, this will only take place after notification of the purpose of the processing and your rights associated with this process. You will be explicitly notified of these facts before you submit your data. Data transmission will take place encrypted according to current security standards.

2.7 Transfer of Data

We process the collected data for the purpose of optimizing customer service in cooperation with all departments within our organization. By this means we can spare you unnecessary multiple queries and contacts and provide you with the appropriate contact person for your specific request, who can provide you with complete and expert advice.

We would be pleased upon request to provide you a list of cooperating suppliers for our online services (third-parties who process data on our behalf). We do not transfer your data to third parties, nor do we sell your data.

A processing of personal data outside the European Union (EU) and European Economic Area (EEA) does not take place and is also not planned, unless expressly stated in an individual case hereinafter.

2.8 Mobile Use

Please note that when using our services on mobile end devices (such as cell or smart phones and tablets) that, depending on your permissions and the technology used, precise location data may be collected, used and shared, including the geographic location of your device. In addition, within the framework of the terms of use of your respective telecommunications provider, further data may be collected, processed and used. Over this we have no influence.

3. Processes to Optimize Our Services

The use of our internet websites is, in principle, possible without disclosing personal data. All the following elements for audience measurement and statistics about the behavior of our users serve only our legitimate interests to optimize our processes and promote our contents and products. We work with a pseudonymized form of your data, as usage data is not linked with personal user data. That means even your IP address remains a pseudonym.

3.1 Cookies

On various websites of our services, cookies of various types are used. Cookies are small text files which are saved on your computer. They do no damage and contain no personal data. The device-related data in the cookies allow us to analyze your use of our services without reference to you as an individual and to recognize your end device if you visit our sites again. This makes the use of our websites easier for you (user-friendliness) and gives us the opportunity to optimize our services for you.

You can set your browser to warn you that you are about to receive a cookie, allowing you to decide on a case-by-case basis when to accept a cookie or you may exclude all incoming cookies. You can find more details at www.aboutcookies.org.

If you do not consent to the saving and processing of your data for optimization and marketing purposes by this technology or in a specific case, you can prevent this by using the methods supplied by your provider. In this case, a so-called "opt-out" cookie will be placed in your browser, which recognizes that no session data should be collected. Please note that a complete deletion of all your cookies through a browser setting will also remove such opt-out cookies, which must be thereafter reactivated.

3.2 Canvas

For optimal operability without cookies and for analysis of the attractiveness of our services, we use the Canvas element. Through its use, device-related characteristics can be taken into consideration, making use of our services more comfortable. Conventional browsers unfortunately offer no means to shut off this element. If you wish to do so, we recommend the use of the necessary plug-ins or a browser that offers an advanced user more control possibilities (for example, the Tor Browser, available at  https://www.torproject.org/).

3.3 Google reCAPTCHA

Our services sometimes use "reCAPTCHA" operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to protect your contact with us. The query provided by reCAPTCHA helps to decide if the answer is provided by a human or a fraudulent automated machine. The query includes the sending of your IP address and (in some cases) other necessary data required for the reCAPTCHA service to Google. For this purpose, your input will be sent to Google and processed there. You can find the data protection policy of Google here: https://policies.google.com/privacy?hl=de.

3.4 Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses so-called "cookies", small text files which are saved on your computer allowing an analysis of your use of our website. The information collected by this cookie about the use of this website is normally sent to a Google server in the USA and saved there. At this website, IP anonymization is activated, so that the IP addresses of users within the member states of the European Union or other nations which have signed agreements with the European Economic Area will be shortened. Only in rare cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate the use of the website by users, to create reports about website activities and to provide other services concerning website use and internet use for the website operator. The IP address from your browser which has been transferred as part of the Google Analytics services will not be merged with other data from Google.

You may prevent the installation of cookies by selecting the appropriate settings on your browser; however, we point out that in this case you may not be able to use all the functions of this website to their full extent. The user can also prevent the transfer of the data that has been created by the cookie concerning the use of the website (including the IP address) to Google and prevent Google from analyzing the data by downloading and installing the browser plug-in available at the link listed below. The current link is: tools.google.com/dlpage/gaoptout;http://tools.google.com/dlpage/gaoptout?hl=de>. You can find more information about terms of use and data privacy protection at www.google.com/analytics/terms/de.html bzw. unter www.google.de/intl/de/policies/.

4. Additional Applications of Our Services (Third-Party & Social Media)

In some cases, we round out our services for you through links to carefully selected third parties. We accept no responsibility for their contents or privacy policies. Based on the technology, third parties will normally receive at the minimum your IP address. In view of our responsibility according to the DSGVO, we strive in your interest to only offer links for which the providers use IP addresses for delivery of content only. However, we have no influence on whether third-party providers store your IP address for statistical or other purposes. If we are aware that this is the case, we will inform you.

4.1 Links

We offer you the possibility to expand your interest in special topics through links. These internet pages are carefully selected by us for you and are reviewed by us at irregular intervals. However, for these offers their policies apply, including their use of your data. Please be aware of this, if you choose to call up these external sites.

4.2 Shortened Links: "go.nuernberg.de"

On this website, we offer you the service of shortened link addresses with the format "go.nuernberg.de/[...]". This helps you when you have a targeted approach to a specific page in our service by shortening your time typing and offering you more overview. These links are generated by the URL shortening service of the city of Nuremberg. When you click on a link, it will be decrypted on the city's server and the request will be forwarded to the underlying target address. The target address may lie outside our and the city's internet services. If you wish to know which target address will be called up, you can view it on our website go.nuernberg.de.

The following data from your visit to our internet site are automatically saved on the webservers of the city of Nuremberg: Date and time of the request, the requesting computer's desired access method or function, the input data received from the requesting computer, name of the requested file, URL created by the file request or desired function, information about the browser and operating system used, anonymized IP address. IP addresses are collected anonymously and used for marketing and service optimization without any connection to personal data.

4.3 Services of the Tour Operator Ameropa

The booking process for services offered by Ameropa Reisen GmbH on our page will be processed directly on their website. Please read the data privacy protection policy of their website. For customer service, we receive some personal data from this provider: Name and contact data, transaction number, tour information and services booked, for example. We assure you that this data is only used to process your booking. It will not be given to third parties.

4.4 Use of Social Plug-Ins or Other Links

We offer you the opportunity to show your interest in our services on various social media platforms. If you do not want data collected through our services to be directly assigned to your profile, please log out of the respective social network (Facebook, for example) before you visit our services. You can control or block the loading of plug-ins with the corresponding add-on applications for your internet browser, for example with a script-blocker such as "NoScript" (http://noscript.net). You could also use a browser that offers an advanced user more control possibilities (See Section 2). If a user is not a member of a given social media platform, it is still possible that a platform will learn and save the user's IP address. We therefore provide the following information about the data privacy protection of various social media platforms.

Facebook

This service uses Social Plug-Ins ("plug-ins") of the facebook.com social network, operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA ("Facebook"). The "Like" and "Share" plug-ins can be recognized by the Facebook logo (white "f" on a blue tile or a "thumbs-up" sign). A list and description of the Facebook Social Plug-Ins can be seen at: developers.facebook.com/docs/plugins/. When you, as user, open a webpage of our services that contains such a plug-in, your browser will create a direct link to the Facebook server. The content of the plug-in will be transferred from Facebook directly to your browser and tied into the webpage. We have no influence over the amount of data that Facebook collects with this plug-in and therefore we here inform you based on the information available at the time of publication.

Through the integration of plug-ins ("Like" button, etc.), Facebook receives notice that a user has called up the respective webpage of the service. If the user is logged in to Facebook, Facebook can assign the visit to the Facebook account of the user. When the user interacts with the plug-ins, for example by clicking on the "Like" button or writing a comment, the respective data will be directly transferred to Facebook from your browser and stored there. If a user is not a member of Facebook, it is still possible that Facebook receives his or her IP address and stores it. According to Facebook, in Germany only anonymized IP addresses are stored. The purpose and amount of data collection and the further processing and use of the data by Facebook as well as the respective rights and configuration options for privacy protection of the user can be read in the privacy policy of Facebook: www.facebook.com/about/privacy/.

Google "+1"Buttons and YouTube

Our online services use the button from YouTube and the "+1" button of the social network Google Plus, which are operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The button from YouTube is a grey base with the two-line black-and-red "You Tube" lettering; the button from Google+ can be recognized by a "+1" symbol on a white or colored background. If you open one of the webpages of our services which contain one or more such buttons, your browser will create a direct link to the Google servers. The content of the button will be transferred from Google directly to the browser and tied into the webpage. We have no influence over the amount of data that Google collects with this button. According to Google, no personal data will be collected without a previous click on the button. Only in the case of logged-in members will data, including the IP address, be collected and processed.

The purpose and amount of data collection and the further processing and use of the data by Google as well as the respective rights and configuration options for privacy protection of the user can be read in the privacy policy of the "+1" button from Google: www.google.com/intl/de/+/policy/+1button.html. Answers to FAQs can be read at www.google.com/intl/de/+1/button/.

Twitter

Our services use the Tweet button of the Twitter service. This button is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. It can be recognized by terms such as "Twitter", "Tweet" or "Follow", in combination with a stylized blue bird. With the aid of this button, it is possible to share a message or a webpage of our services via Twitter or to follow us at Twitter. When you open a webpage of our services that contains such a button, your browser will create a direct link to the Twitter servers. The content of the Twitter button will be transferred from Twitter directly to your browser. We have no influence over the amount of data that Twitter collects with this plug-in. According to Twitter, only the IP address of the user will be sent to the URL of the website when clicking on the button, but it will not be used for purposes other than the depiction of the button. More information is available in the Privacy Policy of Twitter at twitter.com/privacy.

Pinterest

You can use the Pinterest Social Plug-In in our online services. This is provided by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94301, USA ("Pinterest"). The Pinterest Plug-In can be recognized by a white letter "P" on a red background. If you open one of the webpages of our services which contains this symbol, your browser will create a direct link to the Pinterest servers. Log data will be transferred directly to the server of Pinterest in the USA. This log data may contain your IP address, the address of websites you have visited which contain Pinterest functions, the type and settings of your browser, the date and time of your inquiry, your manner of use of Pinterest and cookies. You can find more information about the data privacy policy of Pinterest at about.pinterest.com/de/privacy-policy.

Instagram including Social Walls

Our online services use the Instagram Social Plug-In. This button is offered by Instagram Inc., a subsidiary of Facebook Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. The Instagram button can be recognized as a sepia or brown colored stylized camera. When you activate the Instagram button while you are logged in to your Instagram account, you can link the content of our services to your Instagram profile. By this means, Instagram can assign the visit to our service to your user account. We have no influence over the amount of data that Instagram collects with this plug-in, nor its use. More information is available in the Privacy Policy of Instagram at help.instagram.com/155833707900388/.

Our services offer in part the possibility to display publicly-accessible postings from Instagram users. To this end, we have created a so-called "Social Wall" on our central website. This Social Wall displays a rotating sample of postings (mainly photos), which are currently published on the "Instagram" internet platform. In order to take part in our Social Wall, Instagram users must personally self-activate selected posts - a personal photo taken in Nuremberg, for example - in their Instagram account with the hashtags which have been created by us for this service. They are currently #nuernberg_travel, #tastenuremberg and #seimeingast. As soon as these hashtags have been removed from your Instagram post, the link to our Social Wall will be deleted.

Google Maps & Google Web Fonts

Our websites use applications from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We offer Google Maps on our website to assist you in planning your trip to Nuremberg. If you use this online service, you agree to the collection, processing and saving of your data by Google, its representatives or third parties. You can find detailed information about data use at Google at the data protection / privacy policy center at www.google.de/intl/de/policies/privacy/, the terms of use for Google Maps at www.google.com/intl/de_de/help/terms_maps.html.

Our services use Google Web Fonts for the uniform presentation of fonts which are received from Google. When you call up a page, your browser will load the necessary web fonts in your browser cache, in order to properly display texts and fonts. To this end, your browser must establish a link to the Google servers. Google is thereby notified that your IP address has called up our website. If your browser does not support Web Fonts, your computer will use a standard typeface. You can find more information about Google Web Fonts at developers.google.com/fonts/faq, and all other Google applications at the data protection / privacy policy of Google at www.google.com/policies/privacy/.

Juicer

The tool "Juicer" is used on our site in order to display the social-media feed. Juicer aggregates the data from facebook and instagram and delivers it to the feed-plugin. The feed can be viewed without being logged in. According to Juicer, it doesn't collect any personal information on the viewers of the feed.
Juicer's operating company is Juicer.io, 1515 7th Street, #424, Santa Monica, CA 90403.
Juicer's privacy policy can be found at https://www.juicer.io/privacy

4.5 Booking of City Tours

To process our city tours, we use a booking system provided by bookingkit GmbH, Sonnenallee 233, 12059 Berlin ("bookingkit"). When you book a tour on our website, the data required for your offer and contract is processed directly by their system. Your personal data is transferred to bookingkit. The saving and processing of your data is used to support the processing of your order, for authentication purposes and for payment processing. You can find more information about terms and conditions, data privacy and any use of third-parties to process your data by bookingkit at   https://bookingkit.net/privacy-statement/

5. Protection of Your Rights as a Concerned Party (Examples)

We have taken wide-ranging technical and organizational steps to protect your data when it is processed. We pursue the protective measures of confidentiality, integrity (completeness and accuracy of data), availability and allocation (authenticity). Here are a few examples from our concept.

- Data transfer as part of our services takes place encrypted according to the most current security standards, as far as technically possible (this does not apply to faxes, for example).

- Access to our data processing systems takes place via a pre-determined authorization procedure that is regularly reviewed. Statistics about use of our online services are produced either by the system itself or a service provider and contain no person-linked data.

- The evaluation of logged data takes place mainly pseudonymized and only by authorized employees, who are required to protect your privacy and are continually receiving training on the best methods to do so.

- If business partners are contracted by us for data processing (outsourcing), they are carefully selected according to legal requirements and are required by contract to data privacy protection. Compliance with this contract will be, if necessary, monitored at their site.

- Your permission to save and use your data which you have provided to us can be withdrawn at any time, if this data is not required to fulfill a contract or required by law (subject to legal storage limits, for example). You can assert your right to revoke this permission (now and in the future) by sending a notice to those responsible listed at the end of this document.

- The length of time your data will be saved by our online services is determined by the purpose for which it was transferred to us and legal regulations. It is in our interest to not save your data in our system any longer than necessary. We set time limits for storage corresponding to the requirements of our processing operations. Through appropriate technical standards and procedures, deletion deadlines are determined and the elimination of data which is no longer required initiated as soon as possible, whenever technologically possible.

- As a user, you have the right to receive free-of-charge information about the personal data we have logged. You have the right to correct inaccurate data, delete or block the use of your personal data, if it is not required to fulfill a contract and when deletion does not violate a legal obligation to retain data. Through such contact, you will accrue no additional costs, other than the basic costs of transmission (phone, mail or e-mail, for example). Your right to a transfer of your data is not currently supported by our online services, as you give us no applicable information online. If you are of the opinion that our data processing does not meet legal requirements, we would be thankful for a notification.

- Safeguarding of the effectiveness and sustainability of the data privacy protection measures implemented by us is the responsibility of both the executive management (as the responsible party) and the data protection staff, but also a standardized compliance procedure for continually optimizing our standard of data privacy protection. We also call on proven external data protection experts.

If, when using our services, you call up the webpages and data from third parties and thereby transfer data about yourself, please note that this data transfer may take place unencrypted over the internet and the data may therefore be accessed by unauthorized persons.

Please note that we have no influence on the collection and use of your data when you visit or use our services with third-party providers (for example, as described above by YouTube). This applies to all related interaction options such as posting pictures and audio material or commentaries, unless these are transferred to our company in a clearly recognizable form such as e-mail. The responsible party in each case is the operator of the platform that you have visited and used. The data protection and privacy policy information on their sites is then valid.

6. Contact for Further Questions or Suggestions for Data Protection

6.1 Responsible Party

Nuremberg Convention and Tourist Office, Frauentorgraben 3/IV, D-90443 Nuremberg; Telephone: +49 911 2336-0; E-mail: info@ctz-nuernberg.de.

6.2 Person Responsible for Data Protection

Our Privacy Policy Administrator Ms. Blossey is happy to address any other issues concerning data privacy protection. You can best reach her via e-mail at  datenschutz@ctz-nuernberg.de.

6.3 Responsible Regulatory Authority

You have the right to appeal to the responsible regulatory authority. The following office is responsible for us: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA). Address: Promenade 27, 91522 Ansbach; Telephone: +49 (0) 981 53 1300; E-mail: poststelle@lda.bayern.de.

Last Modified: 24.06.2019

Share it via