Data Pro­tec­tion



This Privacy Notice informs you about the type, scope and purpose of the collection, processing, and use of personal data within our online services, the functions and content of our online services, as well as external platforms such as our social media accounts (collectively referred to as ‘online services’).  If you are redirected via links from our website to third-party sites, please find out about the respective handling of your data there.

  • For information about the processing of data in relation to photography and filming in public spaces, please read this .
  • You can find our data processing notice for applicants here (in German).
  • You can find our data processing notice for TMN’s B2B contacts, partners and service providers here .

This website uses TLS encryption for security reasons and to protect the transmission of personal data. You can recognise an encrypted connection by ‘https://’ in the URL.

We reserve the right to amend the content of this Data Protection Statement from time to time. We therefore recommend that you reread our Privacy Notice at regular intervals.

1. Controller within the meaning of data protection law and the Data Protection Officer
The controller responsible for the data processing is
TourismusMarketing Niedersachsen GmbH (TMN)
Essener Str. 1
30173 Hanover
Email: info@tourismusniedersachsen.de
Telephone: 0 511 / 270 488 0
Fax: 0 511 / 270 488 88

2. Data Protection Officer
We have appointed an external Data Protection Officer. You can contact them as follows:
List + Lohr Datenschutz und Informationssicherheit GmbH
Garvensstraße 4
30519 Hanover
Email: datenschutz@tourismusniedersachsen.de

3. Personal data
‘Personal data’ is any information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). An identifiable natural person is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4. Objectives and legal bases of the processing of your personal dataWe undertake to comply with all data protection regulations when handling the data of our website users. We only process data to the extent that this is necessary and permitted under data protection law, for example, to enable you to use the website, to enable the fulfilment of a contract to which you are a party, or if you consent to the data processing. In particular:

a. Informational use of our website
You can visit our website without providing any personal information. If you use our website for informational purposes only and do not register, log in, or otherwise actively provide us with information about yourself, we do not collect any personal data. An exception applies to data transmitted by you (such as through your browser) to enable your visit to the website, as well as information provided to us by cookies.
For the purpose of the technical provision of the website, it is necessary for us to process certain automatically transmitted information from you, so that your browser can display our website and you can use it. This information is automatically collected each time our website is accessed and is stored in our server log files. We collect the following information:
• browser type/version
• operating system used
• referrer URL (the webpage visited immediately before you visit our website)
• host name of the accessing device (IP address)
• time of the server query
We process your personal data for the technical provision of our website in accordance with Article 6(1)(b) GDPR and to protect our legitimate interests in accordance with Article 6(1)(f) GDPR. Data is collected and stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR. 
After anonymising your IP address, this data cannot be attributed to specific individuals and will be deleted within seven (7) days. This data will not be merged with other data sources.

b. Contact
We process the personal data you provide (such as via the contact form, telephone or email) for the purpose of responding to your enquiries and to maintain personalised communication, should you wish it. It is entirely up to you whether you choose to provide this data. The data collected via a contact form is specified within the contact form itself. We use the information we store based on Article 6(1)(b) GDPR to provide the services you have requested and based on Article 6(1)(f) GDPR for customer care and market research purposes (e.g. anonymised, internal analysis of our customer base). Our legitimate interest lies in tailoring our services to meet needs and enhance user and customer satisfaction. Your data will be deleted once your enquiry has been fully processed, provided there are no legal retention obligations preventing its deletion.

c. Cookies
We use cookies as part of the technical design of our website. Cookies are small text files that we place on your device to store information about the user and their activities. Some of the cookies (known as session cookies) we use are deleted at the end of your browser session, i.e. when you close your browser. Other cookies remain on your device and enable us to recognise your browser on your next visit (persistent cookies). When cookies are placed on your device, they collect and process certain user information to a specific extent, such as browser and location data, as well as IP addresses.

Some of the cookies are technically necessary to provide our website and its features. If such cookies also process personal data, this processing is carried out in accordance with Article 6(1)(f) GDPR.

If we place and/or retrieve cookies that are not technically necessary, your active consent is required, which we request when you access our website. The processing of personal data in connection with these cookies is based on Article 6(1)(a) GDPR in that case.

For more information on the cookies used on our website, please refer to the cookie settings when accessing our website. You will also find information there on what cookies are placed for what reasons and to which third parties data from the cookies may be transmitted.

Please note that you can configure your browser to inform you about the placement of cookies and decide on a case-by-case basis whether to accept or reject them in certain cases or in general. Each browser differs in the way it administers cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can reject the use of the cookies for online marketing purposes across the board for a large number of services, especially for tracking purposes, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/. Furthermore, you can prevent the saving of cookies by disabling them in your browser settings. Please note that in this case, you may not be able to use all the functions of our website.

d. Use of Google Analytics

This website uses Google Analytics 4, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’), based on your consent pursuant to Article 6(1)(a) GDPR. Consent is requested when you access our website.
Google Analytics 4 was developed for the analytics needs of the future, collecting event-based data from websites and apps, including:

  • The collection of website and app data for a better understanding of the purchasing process
  • The use of event-based instead of session-based data
  • Data protection settings such as analyses without cookies as well as behaviour and conversion modelling
  • Forecast functions for orientation aids without complicated models
  • Direct integration into media platforms for more interactions with an organisation’s website or app

You can find more information about Google Analytics 4 at https://support.google.com/analytics/answer/10089681?hl=en&sjid=8313419567596990645-EU.

Google Analytics 4 uses cookies, i.e. text files that are saved on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is also transferred to third countries and stored there.

You can find information on any other data being collected at https://support.google.com/analytics/answer/11593727?hl=en&sjid=8313419567596990645-EU.

The purpose of collecting data via Google Analytics is to enable us to better analyse and understand our website data in order to make better decisions and improve your user experience.

Google Analytics 4 will not log or save your IP addresses. We also have an order processing contract with Google in accordance with Article 28 GDPR. On our behalf, Google will use this information strictly in accordance with our instructions to evaluate your use of our website, compile reports on activity on our website, and provide us with other services related to our website and internet use. The IP address transferred by your browser through Google Analytics will not be merged with any other data held by Google.

All data used for tracking (especially cookies) will be deleted by Google after a maximum of 14 months.

You can prevent this tracking by Google Analytics at any time in various ways:

a) By configuring your browser software accordingly
b) By deactivating cookies or device recognition in Google’s advertising settings here: https://www.google.com/settings/ads
c) By installing the plug-in provided by Google here: https://tools.google.com/dlpage/gaoptout?hl=en.
d) By visiting the deactivation page of the Network Advertising Initiative (https://optout.networkadvertising.org/?c=1) or by managing the use of device identifiers via your device settings.
e) As an alternative to the browser plugin or for browsers on mobile devices, please click on the following link to install an opt-out cookie that will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you must reinstall the opt-out cookie): Disable Google Analytics.
f) You also have the option of changing your settings at any time in our cookie manager, which appears when you access the website.

e. Subscribing to our newsletter
This statement provides you with information about the content of our newsletter, how you can subscribe to it, how we administer it as well as your right to object. By subscribing to our newsletter, you agree to receive it and to the aspects described below.

• Content of the newsletter: We provide you with information and offers on travel destinations in Niedersachsen (Lower Saxony) as well as related events and competitions.

• To optimise the newsletter for you, we offer to enhance your profile with information about your interests. Your newsletter will then be tailored towards topics that match your interests. You can find the link to customise your profile at the end of every newsletter. If you inform us of your preferences, we will save them.

• Double opt-in and logging: Subscribing to our newsletter takes place via a double opt-in procedure. This means that you will receive an email after you subscribe asking you to confirm your subscription. If you do not confirm your subscription within 24 hours, the information you have submitted up to that point will be deleted. If you confirm within the time limit, the information will be saved. This confirmation is necessary so that no other party can subscribe using your email address. We keep a log of newsletter subscriptions in order to be able to document the sign-up process in accordance with legal requirements. The time of the subscription request and confirmation as well as the IP address are saved as well. The purpose of this storage is to be able to prove that you did indeed subscribe and, if necessary, to clarify any possible misuse of your personal data.

• Registration details: To subscribe to the newsletter, simply enter your email address. As an option, we ask you to enter a name so that we can address you personally in the newsletter.

• If you have consented to receiving the newsletter, we will use the personal data you enter in the registration form (such as your name and email address) to send you our newsletter on a regular basis.

• We process your data in order to send you newsletters and personalise communication based on the following legal grounds:

- If you have given us your consent, this is pursuant to Article 6(1)(a) GDPR.

- If you have provided us with your email address in connection with the purchase of goods or services, we will send you newsletters about similar goods and/or services in keeping with our legitimate interests in accordance with Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG (Unfair Competition Act). Our legitimate interest is based on our economic interest in conducting promotional activities and targeted advertising.
You can object to receiving the newsletter based on an order you have placed at any time without incurring any costs other than the transmission costs according to the basic rates. We will clearly and explicitly inform you of this when collecting your email address and each time we use it.

• Moreover, we use the data based on Article 6(1)(a) and (f) GDPR to analyse whether you open our newsletter and which links you click. Our legitimate interest lies in optimising the content of our newsletter and/or adapting it to your individual needs.

• Cancellation/withdrawal – You can cancel your subscription to our newsletter (revoke your consent) at any time. You will find an ‘Unsubscribe’ link at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them for newsletter purposes, in order to demonstrate that you had previously given your consent. The processing of this data is limited to the purpose of a possible defence against claims. You may cancel at any time, provided that you simultaneously confirm that you had previously given your consent.

• The subscription process is logged on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR. We are interested in having a user-friendly, secure newsletter system that serves both our business interests and the expectations of users while also providing us with proof of consent.

We use the E-Marketing Suite service from starmate solutions GmbH (member of Wilken Software Group), Hörvelsinger Weg 29-31, 89081 Ulm, Germany, to send newsletters. We have contractually obligated the service provider to comply with data protection regulations and our instructions based on Article 28 GDPR.

f. Submitting data via forms (particularly print media orders, booking enquiries, competitions)
Our website provides various services that require you to submit your data via a form designed for this purpose.

The data will be used solely to process your request and provide the services you have requested based on Article 6(1)(b) GDPR. Additionally, based on Article 6(1)(f) GDPR, the data will be used for market research purposes (anonymous, internal evaluation of our customer base) and the provision of the services. Our legitimate interest lies in the needs-based design of our services and the promotion of user and customer satisfaction.

We offer the following services in particular:

• You can order various print media (in particular catalogues, brochures, and books). We use the data collected in the form provided for this purpose exclusively to fulfil the order and to send you the desired products. The personal data collected by us for the order will be anonymised and rendered unrecognisable after six (6) months and will be automatically deleted after one year.

• Furthermore, you can enquire about booking various events and/or accommodation through us. We use this data exclusively by forwarding it to the email addresses of the providers in question in order to supply you with the requested information.

• We regularly invite you to take part in various prize draws on our website. The data you provide for this purpose will be used solely to enable your participation in the prize draw. For more detailed information about the individual prize draws, please refer to the respective terms and conditions, which we highlight in connection with each promotion.  After the promotion ends and the prizes have been awarded, your data will be promptly deleted unless we are required by law to retain it for a longer period.

g. Social media
We maintain a presence on social media networks and platforms to communicate with active customers, prospective customers and other users and to inform them about our services there. When you use those social media platforms, the general terms and conditions and the data processing guidelines of the platforms shall apply.
Unless otherwise stated in our Privacy Notice, we process users’ data based on Article 6(1)(b) and (f) GDPR only if they communicate with us on social media platforms, such as by commenting on our accounts or sending us messages. Our legitimate interest lies in user and customer communication and the optimisation of our offers.

  • Information about the collection and processing of data on our Facebook fan page

Our Facebook fan page uses the Facebook Insights service. The Insights function enables a statistical analysis of the use of our fan page based on criteria specified by us. Via the Facebook Insights function we receive statistically processed and anonymised information from Facebook about people who are connected to or visit our webpage. Based on these anonymised statistics, we can better understand the interests of our fan page users, adapt and improve our offers in a more targeted manner and thus also improve our service quality. The Insights function also enables us to conduct the market and opinion research required to optimise our services.

Facebook Insights stores cookies on our users’ end devices to create the statistics we need. The cookies placed by Facebook store the data required for our statistical analyses. There is no legal or contractual obligation to provide your personal data via cookies.

Facebook analyses the data collected through cookies and provides it to us in anonymised form as statistics. It is not possible for us to identify you using the Insights function and the statistics it provides at any time during your visit to our fan page.

Please note that Facebook Insights, as well as the entire Facebook fan page, is a service provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (‘Meta’). Meta can also transfer data to the US. 

We and the provider, Meta Platforms Inc, are jointly responsible under data protection law for the data processing in connection with Insights (Article 26 GDPR). You can exercise your rights as a data subject in relation to the service both with us and with Meta. Details of the agreement between us and Meta can be found at:
https://de-de.facebook.com/legal/terms/page_controller_addendum

To learn about the data protection processes and how your personal data is handled, you can contact Meta at the address listed below and review the privacy policy for Facebook services.

Contact Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

Privacy Policy::
https://www.facebook.com/policy.php and
https://www.facebook.com/help/186325668085084

h. Plugins from third-party providers
Based on Article 6(1)(a) GDPR and your consent given through our cookie manager, we use the following third-party plugins on our website.

  • Facebook Remarketing/Retargeting

Remarketing tags from the social media network Facebook (whose operator is Meta) are integrated on our website. If you visit our website, a direct connection will be established between your browser and the Facebook server through the remarketing tags. In this way, Facebook obtains the information that you visited our website with your IP address. Thus, Meta is able to allocate your visit to our website to your user account. We can use the information obtained in this way to display Facebook Ads. We would like to make you aware that we as providers of the website do not obtain any knowledge of the content of the transmitted data or of their user through Facebook. For further information in this regard, please see Facebook’s Privacy Policy at
https://www.facebook.com/about/privacy/.

  • YouTube

On our website, we use components (videos) from the YouTube streaming service provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. We use the ‘enhanced privacy mode’ option provided by Google. According to Google, this means that your playing of a video on our website is not used to personalise your browsing on YouTube. Any ads that appear in a video that is played in the enhanced privacy mode of the embedded player are also not personalised. Additionally, your viewing of a video in the embedded player’s enhanced privacy mode is not used to personalise advertisements shown to you outside of our website.
You can prevent or at least limit data processing by YouTube by logging out of your YouTube account before visiting our website.
Further information on YouTube’s data protection can be found on Google’s website here: https://policies.google.com/privacy

  • Google Maps

We integrate maps from the Google Maps service provided by Google. If you provide your address in the ‘Plan your journey’ field, which can be found in many places on our website, it will be processed solely by us and sent to Google to provide you with the desired route information. Privacy Statement: https://policies.google.com/privacy Opt-Out: https://adssettings.google.com/authenticated.

  • Google reCAPTCHA

To ensure adequate data security, especially when transmitting forms, we use the reCAPTCHA service provided by Google in certain cases. This is primarily to distinguish whether inputs are made by a human or through automated methods (such as bots). Our legitimate interest lies in securing the services we offer and our servers from the misuse of data, particularly by unauthorised third parties and/or the misuse of automated tools. The service includes the transmission of the IP address and, if applicable, other data required by Google for the reCAPTCHA service. Additionally, Google’s privacy policy applies: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

•  Further information on the above-mentioned Google services (including YouTube): If you have a Google account, you can define the tracking data that is stored in your account yourself. You can find the settings and options at https://policies.google.com/privacy#infochoices

  • Vimeo

Our website uses plugins from the Vimeo video platform. The service provider is Vimeo.com Inc., 330 West 34th Street, 10th Floor, New York, New York 10011, USA.
When you visit one of our webpages featuring a Vimeo plugin, a connection to the Vimeo servers will be established. The Vimeo server is informed which of our webpages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the US.
If you are logged into your Vimeo account, you enable Vimeo to assign your browsing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account. 
We have established standard contractual clauses with Vimeo regarding the embedded player to ensure an adequate level of data protection.
For further information on Vimeo’s handling of user data, please see Vimeo’s Privacy Policy: https://vimeo.com/privacy.

  • Pinterest

We have integrated the Pinterest tag on this website. The providers and data controllers are jointly Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, and Pinter-est Inc., 651 Brannan St., San Francisco, CA 94107, USA. 
The Pinterest tag is used to record certain actions that you perform on our website. The data can then be used to display relevant advertisements to you on our website or on another site within the Pinterest Tag advertising network. For this purpose, the Pinterest tag collects, among other things, a tag ID, your location, and the referrer URL. Additionally, action-specific data may be collected such as the order value if you place an order, the order quantity, order number, the category of the purchased items, and video views. The Pinterest Tag uses technologies that enable cross-site recognition of the user to analyse user behaviour (such as cookies or device fingerprinting). Pinter-est is a global company, which means that data may also be transferred to the US. According to Pinterest, this data transfer is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policy.pinterest.com/de/privacy-policy. You can find more in-formation about the Pinterest tag here: https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.

i. Adequacy decision for the US
To the extent that data is transferred to the US according to this Privacy Notice, we would like to inform you that the European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework on 10 July 2023. The adequacy decision applies to the transfer of personal data to organisations in the US that are appropriately certified. All companies to which we transfer data in the US are appropriately certified, with the exception of Vimeo and Pinterest. For these two companies, we have standard contractual clauses to ensure an adequate level of protection.

5. Processors and third parties / recipients of data
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer data to them, or otherwise grant them access to the data, this will only occur on the basis of legal permission. This may be because you have given your consent, or a legal obligation requires it, or it is necessary for the fulfilment of a contract, or it is based on our legitimate interests (such as for market research purposes through anonymised internal analysis of customer structure). Recipients of the data include IT service providers (such as newsletter services or web hosting providers). 

As a rule, we will only commission service providers within the framework of a data processing agreement based on Article 28 GDPR. If you would like a detailed list of the service providers we use at any given time, we will be happy to provide this upon request.

6. Processing based on your consent (Article 6(1)(a) GDPR) / withdrawal of consent
If you give us consent to process your personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Article 6(1)(a) GDPR. You may revoke your consent at any time. This also applies to the withdrawal of consent given to us before 25 May 2018, when the GDPR entered into force. The withdrawal of consent is effective only for the future and does not affect the lawfulness of data processed up to the point of the withdrawal. If specific consent is required for data processing related to the use of the website, we will explicitly inform you and provide details about the data processing.

You have the right to withdraw your consent with effect for the future pursuant to Article 7(3) GDPR.

If you wish to exercise your right of withdrawal, please email us at datenschutz@tourismusniedersachsen.de or contact the controller through other means (see Section 1).

7. General duration of data storage
In principle, we only store your data for as long as is necessary to fulfil the purposes associated with the data collection. We have implemented organisational measures to ensure the deletion of data that is no longer required as per the above provisions.

8. Rights of data subjects
You have the following rights with regard to your data processed by us:

- the right to information about your personal data stored by us pursuant to Article 15 GDPR;
- where applicable, the right to rectify inaccurate or complete incomplete personal data stored by us pursuant to Article 16 GDPR;
- the right to the erasure of your personal data stored by us and the right to be forgotten pursuant to Article 17 GDPR;
- the right to restrict or block the processing of your personal data pursuant to Article 18 GDPR;
- if applicable, the right to data portability pursuant to Article 20 GDPR;
- the right to object to the processing of your personal data pursuant to Article 21 GDPR;
- the right to revoke any consent given pursuant to Article 7(3) GDPR;
- the right to lodge a complaint with a supervisory authority for data protection pursuant to Article 77 GDPR.

If you have any further questions regarding the processing of your personal data or the exercise of any of the rights available to you, please email us at: datenschutz@tourismusniedersachsen.de

9. The right to object to processing carried out based on legitimate interests pursuant to Article 6(1)(f) GDPR
Pursuant to Article 21 GDPR, you have the right to object to the processing of your personal data when such processing is based on our legitimate interest or that of a third party (particularly for the purposes of usage analysis and the tailored design of our website), provided that there are reasons arising from your particular situation, or if the objection is directed against general or personalised direct advertising. In the latter case, you have a general right of objection that will be implemented by us without specifying any particular situation.

In individual cases, we process your personal data in order to carry out direct advertising (in particular via newsletters). You have the right to lodge an objection at any time against the processing of personal data concerning you for the purposes of such advertising; the foregoing also applies to profiling insofar as it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

If you wish to exercise your right of objection, please email us at datenschutz@tourismusniedersachsen.de or contact the controller through other means (see Section 1).

10. Data security
We have implemented technical and organisational security measures to protect your data, particularly against loss, manipulation or unauthorised access. We regularly adapt our security measures to evolving technological developments.

11. Legal or contractual requirement to provide data
There is no legal or contractual requirement for you to provide us with your data. Please note, however, that some data is necessary to provide you with the services we offer on our website. For example, we need your IP address to display this website in your browser.

12. Automated decision-making
We do not use automated decision-making or profiling.

For more information on the use of our website regarding route data, disclaimers, general disclaimers, copyright and the event database, please click here .

Last update: 05/2024