Data protection

1. We are responsible for your data.
As a visitor to the Sinsheim Adventure Region you can expect not only holiday full of highlights, but also high quality standards in the processing of your personal data. We are responsible for the handling of your data, which we process according to your wishes and as specified in German and EU data protection legislation. Your personal data are only processed by us where this is permitted by law or where you have given us your prior consent.

The data controllers are Stadt Sinsheim (Sinsheim Town Council), Wilhelmstrasse 14-18, 74889 Sinsheim, Germany (Tourismus@sinsheim.de) and our contractors, who process your data at our request for the purposes specified below (hereinafter: “we”).

Our main contractors include IT service providers, file and internet hosts, printshops and lettershops as well as payment and web analysis service providers. Our contractors are prohibited from processing your data for any purposes outside their specific brief.
The contractors who enable the display of our website and its functions include Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States, (“Amazon”), and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Amazon and Google have agreed to submit to the EU Privacy Shield. According to the EU Commission, the EU Privacy Shield provides an adequate guarantee for a sufficient level of data privacy whenever data are processed in the United States. (The certificate can be viewed at:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4 or https://
www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
The transparent and lawful processing of your data is extremely important to us. The purpose of the following information is to ensure that you always know which of your personal data are collected when you visit our website and use our services and that you are also aware how we process your data.

Oberbürgermeister Jörg Albrecht
Wilhelmstraße 14-18
74889 Sinsheim
Tel.: +49 (0)7261 404-0
Fax : +49 (0)7261 404-165

E-Mail: rathaus@sinsheim.de

2. How secure are your data?
We take technical and organisational security precautions to protect your personal data against accidental and deliberate manipulation, loss, destruction and unauthorised access and also to guarantee the protection of your rights and the observance of any data protection regulations applicable in Germany and the EU.
The precautions we take have the purpose of permanently ensuring the confidentiality, integrity, availability and resilience of our systems and services in conjunction with the processing of your data, and to warrant speedy recovery in the event of a physical or technical incident.
They also include the encryption of your data. Any details that you enter online are, as a minimum, encrypted under SSL technology (secure socket layers, SSL, RSA, 1024-bit, RC4 256-bit) before being sent to our servers. Our data processing and security precautions are continually being improved to reflect the latest developments in technology.

3. Our Data Protection Officer
Should you have any questions about data protection or data security, please feel free to contact our Data Protection Officer by email: datenschutz@sinsheim.de or by phone: +49 7261 404 106.

4. Which personal data do we process?
Personal data are any information relating to an identified or identifiable person. They include, for example:
• Address details: name, postal address, email address
• Telecommunication details: landline number, mobile phone number, email address
• Booking and purchase transaction details: requested, booked/ordered services, category, period or quantity, prices, service providers, payment method and details of any accompanying travellers
• Financial details: bank accounts details, credit card details, PayPal transaction details

5. What are mandatory details?
If certain data fields are shown as mandatory and are therefore marked with an asterisk (*), then the provision of such details is a statutory or contractual requirement, or they are needed for the purpose of contractual conclusion, for the fulfilment of the requested service or for the specified purpose. You are still free to provide or not to provide the relevant details. However, if you do not provide the details, we may be unable to fulfil the contract or to provide the requested service, or it may not be possible to achieve the specified purpose.

6. What is the purpose of processing your data?
(a) Contact enquiries
We process your data in order to answer your contact enquiries (GDPR article 6 (1) points b and f), either directly through our contractors, or by transferring your data to the relevant service provider (accommodation, leisure activity provider, etc.). In order to deal with your request and reply to you via the requested channel of communication, we need your address details and/or telecommunication details. After we or the relevant service provider have answered your request, we and/or they generally store the details from your contact enquiry for another six months, so that we can answer any further enquiries you may have. However, this is on the proviso that there are no legal provisions stipulating longer retention periods (e.g. see also below, (b), on the retention period for purchases, bookings and contract-specific enquiries).
(b) Bookings and purchases
In the event of a booking, a purchase or any other contract-specific enquiries, we process your personal data (address details, telecommunication details, booking and purchase details as well as, where required, financial details) primarily in order to handle and process your booking, order or other contract-specific enquiry and, where applicable, for billing and payment purposes (GDPR article 6 (1) point b).
When you book or purchase third-party services, we send your details to the relevant service provider, as specified in the offer, who then processes your data for the same purposes.
Whenever details are marked as mandatory, they are necessary for the processing or handling of the relevant contracts or for billing purposes.
Any of your details that are relevant to a booking, order or other contract-specific enquiry, and any documents that are also necessary for this purpose (e.g. commercial correspondence, invoices), are stored either by ourselves or by our service providers in accordance with the relevant legal requirements upon conclusion of the contract under statutory provisions. Such storage is for a period of either six years (German Commercial Code, HGB, section 257 (4) and GDPR article 6 (1) point c) or ten years (German Tax Regulation, AO, section 147 (3) and GDPR article 6 (1) point c).
(c) Advertising
Postal advertising and customer analyses
Where we receive your personal data (address details and bookings/purchase details) through bookings or purchases, we process the data for the purpose of postal advertising, i.e. sending you tourist information and offers from our region. To provide you with suitable information, we also conduct internal marketing and customer analyses (GDPR article 6 (1) point f).

Email newsletter

Provided that we have your consent, we will email you our newsletter with tourist information about our region (German Act against Unfair Competition, UWG, section 7 (2) no. 3 and GDPR article 6 (1) point a).
You can of course withdraw your consent at any time and with future effect. To obtain your consent to our email newsletter, we use an online double opt-in procedure, whereby we prevent our newsletter from being emailed to anyone who has not requested it. For this purpose you will receive a confirmation request by email, and you will not start to receive our newsletter until you have provided confirmation. At the same time, we will also record your IP address, which we store for documentation purposes (GDPR articles 7 (1) and 6 (1) point c).

Retention period for advertising purposes
If we collect your data for advertising purposes, we store them for the duration of the advertising purpose or until we receive from you a revocation of your consent or an objection against the processing of your data for advertising purposes (see clause 7).
(d) Display of web content and functions
Furthermore, any data resulting from your use of our website will of course be processed in order to display the requested content and to carry out the functions you selected (GDPR article 6 (1) b and f).
(e) Ensuring system security
Whenever a user accesses a page on our website, data relating to this transaction are temporarily saved to a log file and processed there (GDPR article 6 (1) point f). These are:
• Category/type, name and URL of file accessed
• Date and time of file access
• Volume of transferred data
• Notification indicating success or failure of file access
• Access method/function requested by computer
• Web browser used, with further details about the system
• IP address
• Website from which access takes place.
The temporary storage of these server logs is a technical requirement for the provision of the service and is subsequently necessary to ensure system security. No later than seven days after storage, data are anonymised by truncating the IP address. However, this is on the proviso that there are no irregularities pointing to possible system errors, unauthorised access attempts or other hacker attacks, making it necessary to store the data for a longer period in order to resolve the issue, solve technical problems and/or take any legal action that may be required. Any other evaluation of these data takes place in anonymised form, for statistical purposes.
(f) Change of purpose
If the purpose of our processing changes over time, we will send you advance information via an update of this Privacy Policy.
(g) Extension of storage periods
The storage periods mentioned above may from case to case be extended if the statutory or contractual storage period is longer, particularly in cases where data are being processed for a variety of purposes.

7. Right to object and right of revocation at any time
If there are reasons arising from your particular situation and provided that the legal requirements are met, you are entitled at any time to object to the processing of your data.
If you would like to object to your data being processed for advertising purposes or if you want to revoke your consent, you can at any time simply send a brief email to our Data Protection Officer, at Datenschutz@sinsheim.de or a letter to Stadt Sinsheim, Wilhelmstraße 14-18 in 74889 Sinsheim. To unsubscribe from our email newsletter is particularly easy – just click “Unsubscribe” in the newsletter. Your data will then no longer be processed for advertising purposes. However, this does not affect the legitimacy of any processing that may have taken place up until your objection or revocation.
Once you have objected to the processing of your personal data for advertising purposes or you have revoked your consent, we are compelled under data protection regulations specified by the German data protection supervisory authorities to enter the relevant data (name, address and email address) in our internal non-advertising list where we must store them permanently (thus blocking them) and only for this particular purpose, so that we can align any future advertising files with those data (GDPR articles 21 (3), 17 (3) point b, 6 (1) points c and f).
This means that we permanently take account of your objection to advertising and/or your revocation of consent.
8. Cookies and tracking
(a) Cookies
Cookies are small files sent by your web browser or other programs or apps on your device (e.g. computer or smartphone). They are saved to your device and continue to be available for later access.
Our website also contains cookies from our service providers, for the following purposes:
• To enable the use of certain technical functions, e.g. making bookings (GDPR article 6 (1) points b and f)
• To analyse visits to our website (web tracking), so that we can optimise our website, adjust it to suit your needs and make it more user-friendly (GDPR article 6 (1) point a)
• To see whether you have accepted or rejected the setting of cookies (GDPR article 6 (1) point f)
(b) Rejection/deletion of cookies
Unless you have given your consent (see point d), our system will only set cookies that are technically necessary. You can make a setting in your web browser, so that it will notify you whenever cookies are placed or so that it either refuses all cookies or limits the placement of cookies on your computer. However, if you disable or limit the setting of cookies via your browser, you will no longer be able to use a number of functions on our website. Using your web browser, you can delete saved cookies at any time, and you can also automate this process. Use the following links to find out about this option, as implemented in the most widely used browsers:
• Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
• Safari: https://support.google.com/chrome/answer/95647?hl=en-GB
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Unless you specify or have specified different settings, any cookies that are intended to enable or ensure the required technical functions will stay on your device until you close the browser, while other cookies can stay on your device for longer (see below, point c).
(c) Tracking via Google Analytics
Subject to your consent – which you may revoke at any time for the future (see below, point d) – this website uses Google Analytics, a web analysis service from our service provider Google Inc., USA (GDPR article 6 (1) point a). Google uses cookies to analyse the way you use our website. The details that are collected by cookies are usually sent to a Google server in the United States, where they are then stored. As IP anonymisation has been activated for our website, your IP address, which is sent at the same time, is first truncated and thus anonymised by Google within EU Member States or another country that is party to the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and truncated there. Acting at our request, Google will leverage this information to analyse your use of our website, to create reports on website activities and to provide us with other services connected with website and internet use.
Google cookies are stored on your device for 90 days.
If you want to stop cookies from collecting data relating to your site use (including your truncated IP address) and if you want to prevent data from being processed by Google, you can refuse to give your consent (see point d) or you can download and install an opt-out browser add-on via the following link: https://tools.google.com/dlpage/gaoptout.
(d) Consent
When you click on the banner on our website, whether to access content on it or to hide it, you automatically declare your consent (which you may revoke at any time) – under GDPR article 6 (1) point a – that our website may use cookies and pseudonymised analysis techniques, including those provided by our service providers, enabling us to optimise and adjust the website to suit your needs and to make it more user-friendly. To note that you have given your consent, the system sets a consent cookie on your computer.
You can revoke your consent by clicking here. However, please remember that you must not delete your cookies, as we are otherwise unable to respect your revocation on a permanent basis.

9. How can you assert your data privacy rights?

 If you have any questions about the way we process your personal data, we will of course be pleased to give you information about any data relating to you (GDPR article 15).
Also, provided that the legal requirements are met, you have a right to rectification (GDPR article 16), erasure (GDPR article 17) and restriction of processing (GDPR article 18) as well as a right to object (GDPR article 21). Moreover, you also have a right to data portability (GDPR article 20). You are welcome in all these cases to contact our Data Protection Officer, using the details given in this document. In addition, you also have the right to complain to a relevant data protection supervisory authority (GDPR, article 77, and German Data Protection Act, BDSG, section 19).

10. Amendments
It will be necessary from time to time to amend this Privacy Policy. We therefore reserve the right to make such changes at any time, with effect for the future. In this case, the amended version of our Privacy Policy will also be posted here. When you visit our website again, we would therefore recommend that you read our Privacy Policy again.

Source: Land in Sicht AG

Use of Outdooractive services

(1) We use Outdooractive services on our website. Outdooractive provides electronic databases from which you as our users can benefit. It is an electronic information portal dispensing tourist information via digital means. It includes, for example, maps and route planning.

(2) Outdooractive has access to the following data, which are a technical requirement in order to display electronic databases on your device and to warrant their stability and security (the legal basis is GDPR article 6 (1) sentence 1, point f):

– IP address
– Date and time of enquiry
– Time zone differences in relation to Greenwich Mean Time (GMT)
– Content of request (specific page)
– Access status / HTTP status code
– Data volume sent from case to case
– Website from which the request was presented
– Browser
– User’s location
– Operating system and its user interface
– Language and version of browser software.

(3) To analyse your data, Outdooractive uses cookies saved to your device. Any information that is obtained in this way is then saved by Outdooractive to servers in Germany and in third countries. You can control this analysis by deleting existing cookies and preventing the storage of new ones. If you prevent the storage of cookies, please be aware, however, that you may not be able to make full use of Outdooractive’s electronic databases. You can prevent the saving of cookies through settings in your browser.

The IP address sent by your browser will not be merged with other data we collect.

(4) Outdooractive will continue to use your GPS data when you use its electronic databases.

(5) We have no influence on the data collected or on the data processing, and neither are we aware of the full scope of data collection, the purpose of processing or the storage periods. Also, we have no information on the deletion of data collected by Outdooractive.

(6) Any data that are collected about you are saved by Outdooractive as a user profile and are used for the purpose of market research and/or to customise its electronic databases. You have a right to object to the creation of such user profiles. To exercise this right you will need to contact Outdooractive. The legal basis for the use of Outdooractive services is GDPR article 6 (1), sentence 1, point f.

(7) Further details on the purpose and scope of data collection and the way they are processed by Outdooractive can be found in the Privacy Policy detailed below. It also gives you further details about the rights you have in this connection, and the settings you can make to protect your privacy.

(8) Outdooractive GmbH & Co. KG, Missener Strasse 18, 87509 Immenstadt, Germany; Privacy Policy:
https://corporate.outdooractive.com/en/privacy-policy/?noredirect=en_US
https://corporate.outdooractive.com/en/privacy-policy/?noredirect=en_US.

Instagram

Our website includes a range of functions provided by Instagram. These functions are provided by Instagram LLC, 1601 Willow Road Menlo Park, CA 94025, USA. Instagram LLC has belonged to the Facebook Group since 2012: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
 
For a list of Instagram plugins, see: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
If you interact with a plug-in, e.g. by clicking the Instagram button, the plug-in establishes a direct connection between your browser and the Instagram server. Instagram then receives information that your browser has accessed the relevant page on our website, even if you do not have an Instagram account and even though you may not be logged into Instagram at the time. This information (including your IP address) is sent by your browser directly to the Instagram server in the United States and is then stored there. This allows Instagram to associate your visit to our site with your Instagram account.
 
Please be aware that, as site operators, we have no knowledge of the content of data transmitted or how Instagram uses those data. For further details please refer to the Instagram Data Privacy Policy, at https://www.instagram.com/about/legal/privacy/.
 
If you do not want Instagram to associate your visit to our site with your Instagram account, make sure you log out of your Instagram account first, or ensure that social plug-ins are not activated.

Our use of social plug-ins is based on GDPR article 6 (1) point a. When you click the relevant link, you automatically declare your consent to our data processing. Data processing under GDPR article 6 (1) point f is permitted; clicking the relevant link triggers data processing for advertising purposes, and such clicks are our legitimate interest.

Google (Re)Marketing Services

We use the marketing and remarketing services (hereinafter: “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on the basis of our legitimate interest (i.e. interest in the analysis, optimisation and cost-effective operation of our website under GDPR article 6 (1) point f).
Google is certified under the Privacy Shield Framework, which guarantees its compliance with European data privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services enable us to show advertisements for and on our websites in a more targeted manner, so that users only receive adverts which potentially meet their interests. If, for example, a user is shown advertisements for products in which they have shown an interest on other websites, then this is known as “remarketing”. When you access our website or other sites where Google Marketing Services are employed, a code is immediately implemented by Google and so-called (re)marketing tags (invisible graphics or code, so-called “web beacons”) are integrated into the site. They make it possible to save a specific cookie, i.e. a small file, to the user’s device (although similar technologies may be in use instead of cookies). Cookies can be set by a variety of domains, including by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. The cookie stores details of the websites a user has accessed, what kind of content they are interested in, which offers they have clicked on, and also technical details of their browser and operating system, referring websites, the time when they visited and other details of their site use. Furthermore, the cookie contains the user’s IP address, and under Google Analytics we provide the information that the IP address has been truncated within an EU Member State or in some other country forming part of the European Economic Area; we furthermore provide the information that exceptional circumstance need to apply in order to send an untruncated IP address to a Google server in the United States, so that it is then truncated there. In some exceptional cases, however, the cookie may transfer the entire IP address to a Google server in the United States, in which case it is truncated upon reaching the destination server. The IP address is not merged with any other user data under any other Google services. The details mentioned above may also be combined by Google with details from other sources. If the user subsequently visits other websites, they can be shown adverts that are specially geared towards their interests.
The user’s data are processed by Google Market Services under a pseudonym, i.e. the details that are stored and processed by Google are not the user’s actual name or email address, but the data in the cookie are processed under a pseudonymous user profile. From Google’s perspective, therefore, adverts are not managed and displayed for an identifiable individual, but for the cookie owner, regardless of who this cookie owner may be. However, this does not apply if a user has expressly permitted Google to process their data without this pseudonymisation. The data that are gathered about a user by Google Marketing Services are sent to Google and saved to Google servers in the United States.
The Google Marketing Services we use include the online advertising program Google AdWords, which gives each Google AdWords customer a different “conversion cookie”. This means that cookies cannot be traced via the websites of AdWords customers. Details obtained through conversion cookies serve the purpose of creating conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are told the total number of users who have clicked on their adverts and who have been redirected to a page carrying a conversion tracking tag. However, they do not receive information that might enable them to identify any users in person.
By using the Google Marketing Service AdSense, we can include third-party advertising on our website. AdSense uses cookies that enable Google and its partner websites to place adverts based on users’ visits to this and other websites.
Furthermore, we may also use Google Tag Manager to include and manage Google Analytics and Marketing Services on our website.
Further details on Google’s use of data for marketing purposes can be found on the summary page: https://www.google.com/policies/technologies/ads, and the Google Privacy Policy can be accessed at https://www.google.com/policies/privacy.
Should you wish to object to interest-related advertising through Google Marketing Services, you can use Google’s settings and opt-out procedure: http://www.google.com/ads/preferences.

Data Privacy Policy for the Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter: “Google”). Google Analytics uses so-called cookies – text files that are saved to your computer and which allow us to analyse your use of our website. The information generated by the cookies on your use of this website is generally transmitted to a server belonging to Google in the US, where the information is then stored. However, if you have activated IP anonymisation for this website, your IP address will not be sent without first being truncated by Google within the Member States of the European Union or other parties to the Agreement on the European Economic Area.

Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to assess your use of the website on the webmaster’s behalf to compile reports regarding website activities and provide other services associated with the use of the website and the internet for the webmaster. Google will not associate your browser’s IP address, transmitted for Google Analytics purposes, with any other data held by Google.

You can prevent cookies from being stored by using a corresponding setting in your browser software; however, be advised that you may not be able to make full use of all this website’s functions in such a case. Furthermore, if you wish to prevent the recording of data generated by cookies and related to your usage of the website (incl. your IP address) and if you wish to opt out of such data being processed by Google, you can download and install a browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=en