1. We are responsible for your data.
As a visitor to the Sinsheim Adventure Region you can expect not only holiday full of highlights, but also high quality standards in the processing of your personal data. We are responsible for the handling of your data, which we process according to your wishes and as specified in German and EU data protection legislation. Your personal data are only processed by us where this is permitted by law or where you have given us your prior consent.
The data controllers are Stadt Sinsheim (Sinsheim Town Council), Wilhelmstrasse 14-18, 74889 Sinsheim, Germany (Tourismus@sinsheim.de) and our contractors, who process your data at our request for the purposes specified below (hereinafter: “we”).
Our main contractors include IT service providers, file and internet hosts, printshops and lettershops as well as payment and web analysis service providers. Our contractors are prohibited from processing your data for any purposes outside their specific brief.
The contractors who enable the display of our website and its functions include Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States, (“Amazon”), and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Amazon and Google have agreed to submit to the EU Privacy Shield. According to the EU Commission, the EU Privacy Shield provides an adequate guarantee for a sufficient level of data privacy whenever data are processed in the United States. (The certificate can be viewed at:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4 or https://
The transparent and lawful processing of your data is extremely important to us. The purpose of the following information is to ensure that you always know which of your personal data are collected when you visit our website and use our services and that you are also aware how we process your data.
Oberbürgermeister Jörg Albrecht
Tel.: +49 (0)7261 404-0
Fax : +49 (0)7261 404-165
2. How secure are your data?
We take technical and organisational security precautions to protect your personal data against accidental and deliberate manipulation, loss, destruction and unauthorised access and also to guarantee the protection of your rights and the observance of any data protection regulations applicable in Germany and the EU.
The precautions we take have the purpose of permanently ensuring the confidentiality, integrity, availability and resilience of our systems and services in conjunction with the processing of your data, and to warrant speedy recovery in the event of a physical or technical incident.
They also include the encryption of your data. Any details that you enter online are, as a minimum, encrypted under SSL technology (secure socket layers, SSL, RSA, 1024-bit, RC4 256-bit) before being sent to our servers. Our data processing and security precautions are continually being improved to reflect the latest developments in technology.
3. Our Data Protection Officer
Should you have any questions about data protection or data security, please feel free to contact our Data Protection Officer by email: firstname.lastname@example.org or by phone: +49 7261 404 106.
4. Which personal data do we process?
Personal data are any information relating to an identified or identifiable person. They include, for example:
• Address details: name, postal address, email address
• Telecommunication details: landline number, mobile phone number, email address
• Booking and purchase transaction details: requested, booked/ordered services, category, period or quantity, prices, service providers, payment method and details of any accompanying travellers
• Financial details: bank accounts details, credit card details, PayPal transaction details
5. What are mandatory details?
If certain data fields are shown as mandatory and are therefore marked with an asterisk (*), then the provision of such details is a statutory or contractual requirement, or they are needed for the purpose of contractual conclusion, for the fulfilment of the requested service or for the specified purpose. You are still free to provide or not to provide the relevant details. However, if you do not provide the details, we may be unable to fulfil the contract or to provide the requested service, or it may not be possible to achieve the specified purpose.
6. What is the purpose of processing your data?
(a) Contact enquiries
We process your data in order to answer your contact enquiries (GDPR article 6 (1) points b and f), either directly through our contractors, or by transferring your data to the relevant service provider (accommodation, leisure activity provider, etc.). In order to deal with your request and reply to you via the requested channel of communication, we need your address details and/or telecommunication details. After we or the relevant service provider have answered your request, we and/or they generally store the details from your contact enquiry for another six months, so that we can answer any further enquiries you may have. However, this is on the proviso that there are no legal provisions stipulating longer retention periods (e.g. see also below, (b), on the retention period for purchases, bookings and contract-specific enquiries).
(b) Bookings and purchases
In the event of a booking, a purchase or any other contract-specific enquiries, we process your personal data (address details, telecommunication details, booking and purchase details as well as, where required, financial details) primarily in order to handle and process your booking, order or other contract-specific enquiry and, where applicable, for billing and payment purposes (GDPR article 6 (1) point b).
When you book or purchase third-party services, we send your details to the relevant service provider, as specified in the offer, who then processes your data for the same purposes.
Whenever details are marked as mandatory, they are necessary for the processing or handling of the relevant contracts or for billing purposes.
Any of your details that are relevant to a booking, order or other contract-specific enquiry, and any documents that are also necessary for this purpose (e.g. commercial correspondence, invoices), are stored either by ourselves or by our service providers in accordance with the relevant legal requirements upon conclusion of the contract under statutory provisions. Such storage is for a period of either six years (German Commercial Code, HGB, section 257 (4) and GDPR article 6 (1) point c) or ten years (German Tax Regulation, AO, section 147 (3) and GDPR article 6 (1) point c).
Postal advertising and customer analyses
Where we receive your personal data (address details and bookings/purchase details) through bookings or purchases, we process the data for the purpose of postal advertising, i.e. sending you tourist information and offers from our region. To provide you with suitable information, we also conduct internal marketing and customer analyses (GDPR article 6 (1) point f).
Provided that we have your consent, we will email you our newsletter with tourist information about our region (German Act against Unfair Competition, UWG, section 7 (2) no. 3 and GDPR article 6 (1) point a).
You can of course withdraw your consent at any time and with future effect. To obtain your consent to our email newsletter, we use an online double opt-in procedure, whereby we prevent our newsletter from being emailed to anyone who has not requested it. For this purpose you will receive a confirmation request by email, and you will not start to receive our newsletter until you have provided confirmation. At the same time, we will also record your IP address, which we store for documentation purposes (GDPR articles 7 (1) and 6 (1) point c).
Retention period for advertising purposes
If we collect your data for advertising purposes, we store them for the duration of the advertising purpose or until we receive from you a revocation of your consent or an objection against the processing of your data for advertising purposes (see clause 7).
(d) Display of web content and functions
Furthermore, any data resulting from your use of our website will of course be processed in order to display the requested content and to carry out the functions you selected (GDPR article 6 (1) b and f).
(e) Ensuring system security
Whenever a user accesses a page on our website, data relating to this transaction are temporarily saved to a log file and processed there (GDPR article 6 (1) point f). These are:
• Category/type, name and URL of file accessed
• Date and time of file access
• Volume of transferred data
• Notification indicating success or failure of file access
• Access method/function requested by computer
• Web browser used, with further details about the system
• IP address
• Website from which access takes place.
The temporary storage of these server logs is a technical requirement for the provision of the service and is subsequently necessary to ensure system security. No later than seven days after storage, data are anonymised by truncating the IP address. However, this is on the proviso that there are no irregularities pointing to possible system errors, unauthorised access attempts or other hacker attacks, making it necessary to store the data for a longer period in order to resolve the issue, solve technical problems and/or take any legal action that may be required. Any other evaluation of these data takes place in anonymised form, for statistical purposes.
(f) Change of purpose
(g) Extension of storage periods
The storage periods mentioned above may from case to case be extended if the statutory or contractual storage period is longer, particularly in cases where data are being processed for a variety of purposes.
7. Right to object and right of revocation at any time
If there are reasons arising from your particular situation and provided that the legal requirements are met, you are entitled at any time to object to the processing of your data.
If you would like to object to your data being processed for advertising purposes or if you want to revoke your consent, you can at any time simply send a brief email to our Data Protection Officer, at Datenschutz@sinsheim.de or a letter to Stadt Sinsheim, Wilhelmstraße 14-18 in 74889 Sinsheim. To unsubscribe from our email newsletter is particularly easy – just click “Unsubscribe” in the newsletter. Your data will then no longer be processed for advertising purposes. However, this does not affect the legitimacy of any processing that may have taken place up until your objection or revocation.
Once you have objected to the processing of your personal data for advertising purposes or you have revoked your consent, we are compelled under data protection regulations specified by the German data protection supervisory authorities to enter the relevant data (name, address and email address) in our internal non-advertising list where we must store them permanently (thus blocking them) and only for this particular purpose, so that we can align any future advertising files with those data (GDPR articles 21 (3), 17 (3) point b, 6 (1) points c and f).
This means that we permanently take account of your objection to advertising and/or your revocation of consent.
8. Cookies and tracking
Cookies are small files sent by your web browser or other programs or apps on your device (e.g. computer or smartphone). They are saved to your device and continue to be available for later access.
Our website also contains cookies from our service providers, for the following purposes:
• To enable the use of certain technical functions, e.g. making bookings (GDPR article 6 (1) points b and f)
• To analyse visits to our website (web tracking), so that we can optimise our website, adjust it to suit your needs and make it more user-friendly (GDPR article 6 (1) point a)
• To see whether you have accepted or rejected the setting of cookies (GDPR article 6 (1) point f)
(b) Rejection/deletion of cookies
Unless you have given your consent (see point d), our system will only set cookies that are technically necessary. You can make a setting in your web browser, so that it will notify you whenever cookies are placed or so that it either refuses all cookies or limits the placement of cookies on your computer. However, if you disable or limit the setting of cookies via your browser, you will no longer be able to use a number of functions on our website. Using your web browser, you can delete saved cookies at any time, and you can also automate this process. Use the following links to find out about this option, as implemented in the most widely used browsers:
• Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
• Safari: https://support.google.com/chrome/answer/95647?hl=en-GB
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Unless you specify or have specified different settings, any cookies that are intended to enable or ensure the required technical functions will stay on your device until you close the browser, while other cookies can stay on your device for longer (see below, point c).
(c) Tracking via Google Analytics
Google cookies are stored on your device for 90 days.
If you want to stop cookies from collecting data relating to your site use (including your truncated IP address) and if you want to prevent data from being processed by Google, you can refuse to give your consent (see point d) or you can download and install an opt-out browser add-on via the following link: https://tools.google.com/dlpage/gaoptout.
You can revoke your consent by clicking here. However, please remember that you must not delete your cookies, as we are otherwise unable to respect your revocation on a permanent basis.
9. How can you assert your data privacy rights?
If you have any questions about the way we process your personal data, we will of course be pleased to give you information about any data relating to you (GDPR article 15).
Also, provided that the legal requirements are met, you have a right to rectification (GDPR article 16), erasure (GDPR article 17) and restriction of processing (GDPR article 18) as well as a right to object (GDPR article 21). Moreover, you also have a right to data portability (GDPR article 20). You are welcome in all these cases to contact our Data Protection Officer, using the details given in this document. In addition, you also have the right to complain to a relevant data protection supervisory authority (GDPR, article 77, and German Data Protection Act, BDSG, section 19).
Source: Land in Sicht AG
Use of Outdooractive services
(1) We use Outdooractive services on our website. Outdooractive provides electronic databases from which you as our users can benefit. It is an electronic information portal dispensing tourist information via digital means. It includes, for example, maps and route planning.
(2) Outdooractive has access to the following data, which are a technical requirement in order to display electronic databases on your device and to warrant their stability and security (the legal basis is GDPR article 6 (1) sentence 1, point f):
– IP address
– Date and time of enquiry
– Time zone differences in relation to Greenwich Mean Time (GMT)
– Content of request (specific page)
– Access status / HTTP status code
– Data volume sent from case to case
– Website from which the request was presented
– User’s location
– Operating system and its user interface
– Language and version of browser software.
The IP address sent by your browser will not be merged with other data we collect.
(4) Outdooractive will continue to use your GPS data when you use its electronic databases.
(5) We have no influence on the data collected or on the data processing, and neither are we aware of the full scope of data collection, the purpose of processing or the storage periods. Also, we have no information on the deletion of data collected by Outdooractive.
(6) Any data that are collected about you are saved by Outdooractive as a user profile and are used for the purpose of market research and/or to customise its electronic databases. You have a right to object to the creation of such user profiles. To exercise this right you will need to contact Outdooractive. The legal basis for the use of Outdooractive services is GDPR article 6 (1), sentence 1, point f.
|| Stadtverwaltung Sinsheim
| Data Controller under GDPR Article 4 (7)
Oberbürgermeister Jörg Albrecht
| Official Data Protection Officer
Data Protection Officer
| Purpose(s) of data processing
|| Personal data are processed in the background (toubiz etc.) for the purpose of creating and implementing an online entry on our website www.Sinsheimer-Erlebnisregion.de and in all the systems required for this purpose.
| Planned retention period
|| Data are saved upon submission of the data entry form and then stored for as long as the online entry continues to exist.
| Data recipient or category of data recipients (units to which data are disclosed)
Stadtverwaltung Sinsheim (Sinsheim Local Council), Amt für Wirtschaftsförderung, Tourismus und Öffentlichkeitsarbeit (Office for Economic Development, Tourism and Public Relations), Abteilung Tourismus (Tourism Department), Wilhelmstraße 14-18, 74889 Sinsheim
land in sicht ag, Brühlmatten 16, 79295 Sulzburg
| Rights of data subjects
|| As a data subject, provided that the relevant legal requirements have been met, you are entitled to demand information from Sinsheim Local Council concerning the processing of your personal data (GDPR article 15), and you may also demand the rectification of incorrect data (GDPR article 16), the erasure of data (GDPR article 17) and the restriction of processing (GDPR article 18). You may furthermore demand, under GDPR article 20, that any data you have provided should be sent or transmitted to you. You have the right to object under GDPR article 21. Having consented to the processing of your data, you may revoke your consent at any time. Irrespective of other legal remedies, you are entitled to complain to the State Commissioner for Data Protection and Freedom of Information: Landesbeauftragter für den Datenschutz und die Informationsfreiheit, Postfach 10 29 32, 70025 Stuttgart, Germany, email: email@example.com.
Obligation to provide data
Consequences of refusal
You are under no obligation to provide the required personal data for the purpose mentioned above.
Unless you give your consent, the restaurant cannot be entered on the website www.Sinsheimer-Erlebnisregion.de.
Our website includes a range of functions provided by Instagram. These functions are provided by Instagram LLC, 1601 Willow Road Menlo Park, CA 94025, USA. Instagram LLC has belonged to the Facebook Group since 2012: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
For a list of Instagram plugins, see: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
If you interact with a plug-in, e.g. by clicking the Instagram button, the plug-in establishes a direct connection between your browser and the Instagram server. Instagram then receives information that your browser has accessed the relevant page on our website, even if you do not have an Instagram account and even though you may not be logged into Instagram at the time. This information (including your IP address) is sent by your browser directly to the Instagram server in the United States and is then stored there. This allows Instagram to associate your visit to our site with your Instagram account.
If you do not want Instagram to associate your visit to our site with your Instagram account, make sure you log out of your Instagram account first, or ensure that social plug-ins are not activated.
Our use of social plug-ins is based on GDPR article 6 (1) point a. When you click the relevant link, you automatically declare your consent to our data processing. Data processing under GDPR article 6 (1) point f is permitted; clicking the relevant link triggers data processing for advertising purposes, and such clicks are our legitimate interest.
Google (Re)Marketing Services
We use the marketing and remarketing services (hereinafter: “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on the basis of our legitimate interest (i.e. interest in the analysis, optimisation and cost-effective operation of our website under GDPR article 6 (1) point f).
Google is certified under the Privacy Shield Framework, which guarantees its compliance with European data privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services enable us to show advertisements for and on our websites in a more targeted manner, so that users only receive adverts which potentially meet their interests. If, for example, a user is shown advertisements for products in which they have shown an interest on other websites, then this is known as “remarketing”. When you access our website or other sites where Google Marketing Services are employed, a code is immediately implemented by Google and so-called (re)marketing tags (invisible graphics or code, so-called “web beacons”) are integrated into the site. They make it possible to save a specific cookie, i.e. a small file, to the user’s device (although similar technologies may be in use instead of cookies). Cookies can be set by a variety of domains, including by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. The cookie stores details of the websites a user has accessed, what kind of content they are interested in, which offers they have clicked on, and also technical details of their browser and operating system, referring websites, the time when they visited and other details of their site use. Furthermore, the cookie contains the user’s IP address, and under Google Analytics we provide the information that the IP address has been truncated within an EU Member State or in some other country forming part of the European Economic Area; we furthermore provide the information that exceptional circumstance need to apply in order to send an untruncated IP address to a Google server in the United States, so that it is then truncated there. In some exceptional cases, however, the cookie may transfer the entire IP address to a Google server in the United States, in which case it is truncated upon reaching the destination server. The IP address is not merged with any other user data under any other Google services. The details mentioned above may also be combined by Google with details from other sources. If the user subsequently visits other websites, they can be shown adverts that are specially geared towards their interests.
The user’s data are processed by Google Market Services under a pseudonym, i.e. the details that are stored and processed by Google are not the user’s actual name or email address, but the data in the cookie are processed under a pseudonymous user profile. From Google’s perspective, therefore, adverts are not managed and displayed for an identifiable individual, but for the cookie owner, regardless of who this cookie owner may be. However, this does not apply if a user has expressly permitted Google to process their data without this pseudonymisation. The data that are gathered about a user by Google Marketing Services are sent to Google and saved to Google servers in the United States.
The Google Marketing Services we use include the online advertising program Google AdWords, which gives each Google AdWords customer a different “conversion cookie”. This means that cookies cannot be traced via the websites of AdWords customers. Details obtained through conversion cookies serve the purpose of creating conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are told the total number of users who have clicked on their adverts and who have been redirected to a page carrying a conversion tracking tag. However, they do not receive information that might enable them to identify any users in person.
Furthermore, we may also use Google Tag Manager to include and manage Google Analytics and Marketing Services on our website.
Should you wish to object to interest-related advertising through Google Marketing Services, you can use Google’s settings and opt-out procedure: http://www.google.com/ads/preferences.
This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter: “Google”). Google Analytics uses so-called cookies – text files that are saved to your computer and which allow us to analyse your use of our website. The information generated by the cookies on your use of this website is generally transmitted to a server belonging to Google in the US, where the information is then stored. However, if you have activated IP anonymisation for this website, your IP address will not be sent without first being truncated by Google within the Member States of the European Union or other parties to the Agreement on the European Economic Area.
Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to assess your use of the website on the webmaster’s behalf to compile reports regarding website activities and provide other services associated with the use of the website and the internet for the webmaster. Google will not associate your browser’s IP address, transmitted for Google Analytics purposes, with any other data held by Google.
You can prevent cookies from being stored by using a corresponding setting in your browser software; however, be advised that you may not be able to make full use of all this website’s functions in such a case. Furthermore, if you wish to prevent the recording of data generated by cookies and related to your usage of the website (incl. your IP address) and if you wish to opt out of such data being processed by Google, you can download and install a browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=en