Data Protection


Data Protection
This privacy policy tells you about the nature, scope and purpose of the personal data that is collected, processed and used within our website, online features and content, and external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”). If you are forwarded to other sites via links from our website, please check how your data is handled at those sites in each case.

For security reasons and to protect transmissions of personal data, this website uses TLS encryption. You can recognise an encrypted connection by the “https://” in your browser address bar.

We reserve the right to amend the content of this privacy policy from time to time. It is therefore recommended that users check our privacy policy again at regular intervals.

1. Controller as defined by data protection legislation
TourismusMarketing Niedersachsen GmbH (TMN)
Essener Str. 1
30173 Hannover
Email: info@tourismusniedersachsen.de
Telephone: 0 511 / 270 488 0
Fax: 0 511 / 270 488 88

2. Data protection enquiries and deletion requests should be sent to: datenschutz@tourismusniedersachsen.de

3. Personal data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4. Purpose of and legal basis for the processing of personal data
We undertake to comply with all provisions of data protection law when handling data pertaining to visitors to this website. We will only process data where necessary and where permitted under data protection legislation, for example to enable access to the website, to fulfil contractual purposes or where you consent to said data processing. In detail:

a. Use of our website for information
You may visit our website without providing any personal information. If you are using our website for information purposes only and do not register or otherwise actively send us information about you, we will not collect any personal data. Exceptions to this are data transmitted by your browser to enable you to visit the website and information transmitted to us by any cookies being used.

For technical delivery of the website, we need to process certain information about you that is transmitted automatically so that your browser can display our website and so that you can use the site. This information will be recorded automatically each time our website is accessed and will be stored in our server log files. We collect the following information here:

• browser type/version
• the operating system being used
• referrer URL (the site previously visited)
• IP address of the accessing computer
• time of the server request.

We process your personal data for technical delivery of our website in accordance with Art. 6(1)(b) of the General Data Protection Regulation (GDPR) and to protect our legitimate interests pursuant to Art. 6(1)(f) of the GDPR. The data is recorded and stored in log files to ensure functionality of the website. We also use this data to optimise the website and to safeguard the security of our information technology systems. In accordance with Art. 6(1)(f) of the GDPR, our legitimate interest in the data processing also lies in these purposes.
Following anonymisation of your IP address, this data cannot be linked to specific individuals and will be erased after 7 days. This data will not be combined with other data sources.

b. Contacting us
We will process the personal data you have provided (e.g. by contact form, telephone or email) for the purpose of answering your enquiries and to maintain personal communications if you wish. Disclosure of this data by the user will be on an expressly voluntary basis. The data that is collected in the case of a contact form can be seen from that contact form. We will thus use the information we have saved on the basis of Art. 6(1)(b) of the GDPR to perform the services you have requested, and on the basis of Art. 6(1)(f) of the GDPR for the purpose of customer care and market research (anonymised, internal evaluation of the customer structure). Our legitimate interest lies in tailoring our services to demand and in fostering user and customer satisfaction. Your data will be deleted once your enquiry has been processed in full providing there are no statutory retention obligations preventing the deletion.

c. Cookies
We use cookies to optimise our website. These are small text files that are placed on your end device. Some of the cookies we use are deleted again after the browser session ends, in other words when you close your browser (these are called session cookies). Other cookies stay on your end device and these enable us to recognise your browser again the next time you visit (long-term cookies). If cookies are set, these individually collect and process certain user information such as browser and location data as well as IP addresses.

Where personal data is also processed by individual cookies implemented by us, such processing will be in accordance with Art. 6(1)(a) of the GDPR.

Please note that you can configure your browser such that you are informed when cookies are set and so you can decide whether or not to accept them individually, accept cookies in certain scenarios only or block cookies in general. Every browser is different in how it manages cookie settings. This is described in the Help menu for each browser which tells you how you can change your cookie settings. A general objection to the use of cookies used for online marketing purposes may be declared for many services, particularly in the case of tracking, via the American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that if cookies are disabled, it may not be possible to use all of the features of this website.

d. Web analytics with Google Analytics
This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on the basis of Art. 6(1)(a) of the GDPR. Google Analytics uses “cookies”, which are text files stored on your computer, to enable analysis of how you use the website. The information generated by the cookie about your use of this website will usually be transmitted to and stored on a Google server in the United States. This website only uses Google Analytics with the “_anonymizeIp()” add-on which ensures anonymisation of the IP address by shortening it and prevents it from being directly linked to a particular individual. This add-on ensures that your IP address is truncated by Google however first within the member states of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA (where an equivalent level of data protection exists in accordance with Art. 45(1) of the GDPR as a result of Google’s participation in the Privacy Shield) in exceptional cases and will be truncated there. We have also concluded a contract processing agreement with Google LLC (USA) in accordance with Art. 28 of the GDPR. Google will use this information on our behalf, and strictly in accordance with our instructions, to evaluate your use of the website, compile reports on website activities and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics will not be combined with any other data held by Google.

You may prevent cookies from being stored by adjusting the corresponding setting in your browser software. Note, however, that if you choose to do so you may not be able to use all of the features of this website to their full extent. You may also prevent data generated by the cookie and related to your use of the website (incl. your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en#

As an alternative to the browser plug-in, or in browsers on mobile devices, please click on the following link to place an opt-out cookie which will prevent data from being collected by Google Analytics on this website in future (this opt-out cookie only works in this browser and for this domain; if you delete your cookies in this browser, you will need to click on the following link again): Disable Google Analytics.

e. Newsletter
The information below is provided to inform you about the content of our newsletter, the subscription and delivery procedures and your right to object. By subscribing to our newsletter, you declare your consent to receiving the newsletter and the procedures described.

• Content of the newsletter: The possible content of our newsletter can be seen in the subscription form. In general, we will send you information about and offers for travel destinations, events and competitions.

• Double opt-in and logging: Subscription to our newsletter follows a double opt-in procedure. In other words, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using email addresses that do not belong to them. Subscriptions to the newsletter are logged so that the subscription process is traceable in accordance with the statutory requirements. This includes saving the time of the subscription and confirmation and the IP address. Any changes to your data saved by the delivery service provider will also be logged.

• Subscription data: Only your email address is required to subscribe to the newsletter. We also give you the option of providing your name so the newsletter can be addressed to you personally.

• If you have consented to delivery of the newsletter, we will use your personal data (e.g. name and email address) to send you our newsletter on a regular basis.

• We will process your data in order to send out the newsletters and personalise the greeting on the following legal basis:

- Where you have given us your consent, in accordance with Art. 6(1)(a) of the GDPR;

- Where you have sent us your email address in connection with the purchase of goods or services, or where we send you personalised advertising, in order to safeguard our legitimate interests pursuant to Art. 6(1)(f) of the GDPR in conjunction with Section 15(3) of the German Telemedia Act in conjunction with Section 7(3) of the Law on Unfair Competition. Our legitimate interest is based on our economic interest in conducting advertising initiatives and target group-oriented advertising.

• We also use the data, on the basis of Art. 6(1)(a) and (f) of the GDPR, to analyse whether or not you open our newsletter and which related links you click on. Our legitimate interest here lies in optimising the content of our newsletter and/or tailoring it to your individual requirements.

• Cancellation/revocation – you may cancel your subscription to our newsletter at any time, in other words, withdraw your consent. You will find an unsubscribe link at the bottom of every newsletter. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interest before we delete them for newsletter delivery purposes in order to prove that consent was previously granted. The processing of this data will be limited to the purpose of potentially defending any claims which may be asserted. An individual deletion request is possible at any time providing confirmation is given that consent did formerly exist at the same time.

• The subscription process will be logged on the basis of our legitimate interest in accordance with Art. 6(1)(f) of the GDPR. Our interest is aimed at deploying a user-friendly and secure newsletter system which both serves our business interests and meets the expectations of users, whilst permitting us to provide evidence of consent.

When sending out newsletters, we use the Maileon service via the provider Tripicchio AG, Engesserstraße 4, 79108 Freiburg, Germany. In particular, we have obliged the service provider to comply with the statutory data protection provisions and our instructions on the basis of Art. 28 of the GDPR.

f. Taking up offers via forms (in particular printed media orders, reservation requests, competitions)
Our website enables you to take advantage of various offers which require you to transmit your data via a form provided for this purpose.

In each case, the data will only be used, on the basis of Art. 6(1)(b) of the GDPR, to process your respective enquiry and provide the services you have requested as well as, on the basis of Art. 6(1)(f) of the GDPR, for market research purposes (anonymised, internal evaluation of the customer structure) and completion of the offers. Our legitimate interest lies in tailoring our services to demand and in fostering user and customer satisfaction.

We offer the following services in particular:

• You have the option of ordering various print media (in particular, catalogues, brochures and books). We will only use the data collected in the form for this purpose to fulfil the order and to send you the requested products. The personal data collected by us for the order will be erased automatically after 3 years.

• You also have the option of arranging reservation requests through us for various events and/or accommodation facilities. We will only forward the data to the relevant email addresses of providers to obtain your requested information.

• We regularly offer you the opportunity to enter various competitions on our website. We will only use the data requested from you for this to enable your participation in the competition and to include you in completion of the competition as a potential winner. For more information about the respective competitions, please see the relevant terms and conditions of participation that we refer to for the competition in question. Your data will be erased without delay following the end of the campaign and once the prizes have been allocated unless we are obliged to store it for longer due to statutory retention periods.

g. Online presences through social media
We maintain online presences on social networks and platforms to communicate there with active customers, potential customers and users and to provide information there about our services. When accessing the respective networks and platforms, the terms and conditions of business and data processing guidelines of the operator in question will apply.

Unless otherwise specified in our privacy policy, we will only process users’ data on the basis of Art. 6(1)(b) and (f) of the GDPR where this is provided to us within the social networks and platforms, e.g. by contributing posts to our profiles or sending us messages. Our legitimate interest lies in communicating with users and customers and in optimising our offers.

  • Information about the acquisition and processing of data on our Facebook Fanpage

Our Facebook Fanpage uses the Facebook Insights service. Using the Insights function enables us to create a statistical analysis of how our Fanpage is used, on the basis of the criteria we specify. The Facebook Insights tool presents us with statistically prepared and anonymised information about the people who visit our page or are linked to it. We can then use these anonymised statistics to collate information about the interests of our Fanpage users and what they want to see, so that we can target our offers more effectively and further improve the quality of our service. We also use the Insights function to carry out market research and hold opinion surveys, to help us design and focus our offers.

Facebook Insights stores the cookies we need to generate these statistics on our users' end devices. The cookies set by Facebook then store the data we need for our statistical analyses. There is no legal or contractual requirement for you to use these cookies to provide your personal data.

Facebook evaluates the data collected by these cookies and makes it available to us in an anonymised format, as statistics. When you visit our Fanpage, it is at no point possible for us to identify you personally using this Insights function or the statistics it provides.

Please note! Facebook Insights and the entire Facebook Fanpage are a service provided by Facebook Inc.

Facebook can also transfer data to the USA. However, Facebook is subject to the data protection regulations of the EU-US Privacy Shield. You will find more detailed information at https://www.privacyshield.gov/EU-US-framework.

If you want to find out more about the processes involved in data protection and how your personal data is handled, you can also contact Facebook at the address given below and view the data protection information provided for the use of Facebook services.

Contact for Facebook Inc.:
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA

Data protection notice:
https://www.facebook.com/policy.php and
https://www.facebook.com/help/186325668085084

h. Plug-ins from third-party providers
On the basis of Art. 6(1)(f) of the GDPR, we use the following third-party provider plug-ins on our website. Our legitimate interest essentially lies in providing you with an appealing web presence and, where applicable, connecting our content and marketing campaigns with the respective platforms.

  • Facebook remarketing/retargeting

On the basis of your consent and Art. 6(1)(a) of the GDPR, remarketing tags from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated in our site. When you visit our website, the remarketing tags will establish a direct connection between your browser and the Facebook server. Facebook will then be able to tell that you have visited our website from your IP address. Facebook can then also link the fact that you have visited our website to your user account. We can use the information gained in this way for displaying adverts on Facebook. Please note that, as the website provider, we do not have access to any information about the content of the data transmitted or about Facebook’s use of the data. You can find more information about this in Facebook’s Data Policy at https://www.facebook.com/about/privacy/. If you do not want your data to be collected as part of custom audience settings, you can disable custom audiences at https://www.facebook.com/ads/website_custom_audiences/.

Facebook is certified under the EU/US Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

  • YouTube

On our website we use components (videos) from the company YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA. For this, we use the “ - enhanced data protection mode -” option provided by YouTube. When you visit a page with an embedded video, a connection will be established with the YouTube servers and a message is sent to your browser to display the content on the web page. According to information from YouTube, in “- enhanced data protection mode -”, data will only be transmitted to the YouTube server, in particular which of our pages you have visited when you watch the video. If you are logged in to YouTube at the same time, it will be possible to link this information to your member account on YouTube.

You can prevent data from being processed by YouTube, or at least restrict the processing, by logging out of your member account before visiting our website.

Further information about YouTube’s Privacy Policy is provided by Google at the following link: https://policies.google.com/privacy?hl=en

YouTube is certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

  • Google Maps

We incorporate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you provide your address in the “Plan your journey” form field which appears in multiple places on our website, this will be processed by us solely to forward you to Google to provide you with the requested route information. Privacy Policy: https://policies.google.com/privacy?hl=en, opt-out: https://adssettings.google.com/authenticated.

  • Google reCAPTCHA

To ensure sufficient data security, particularly when submitting forms, in certain cases we use the reCAPTCHA service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on the basis of Art. 6(1)(f) of the GDPR. The primary purpose of this is to distinguish whether input has been made by a human or abusively via machine or automated processing (e.g. bots). Our legitimate interest lies in securing the services provided and our servers against the improper disclosure of data, particularly by unauthorised third parties and/or the use of automated tools for misuse. The service includes sending the IP address and, where applicable, other data required by Google for the reCAPTCHA service to Google. Google’s Privacy Policy will also apply: https://policies.google.com/privacy?hl=en, opt-out: https://adssettings.google.com/authenticated.

Additional information about the aforementioned services from Google LLC (including YouTube): If you have a Google account, you can specify the tracking data that is saved in your account yourself. This option can be found at Google -> Settings -> Personal info & privacy in the Transparency and choice section: https://policies.google.com/privacy?hl=en#infochoices

Google is certified under the EU/US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

  • Vimeo

Our website uses plug-ins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages featuring a Vimeo plug-in, a connection will be established with Vimeo’s servers. At the same time, the Vimeo server is told which of our pages you have visited. Vimeo will also receive your email address. This applies even if you are not logged in to Vimeo or do not have a Vimeo account. The information recorded by Vimeo will be sent to the Vimeo server in the USA.

If you are logged in to your Vimeo account, you allow Vimeo to link your surfing behaviour to your personal profile directly. You can prevent this by logging out of your Vimeo account.

You can find more information about how user data is handled in Vimeo’s Privacy Policy at: https://vimeo.com/privacy.

5. Collaboration with processors and third parties/data recipients
Where we disclose data to other individuals and companies (processors or third parties) during the course of our processing, transfer data to the same, or otherwise grant them access to the data, this will only be done on the basis of a statutory authorisation, for example because you have granted consent, because a statutory obligation requires this, because it is necessary for the fulfilment of a contract, or on the basis of our legitimate interests (e.g. for the purpose of market research through the anonymised, internal evaluation of the customer structure). IT service providers in particular come into question as data recipients (e.g. newsletter services, web hosters).

We will only ever commission service providers within the framework of a “contract processing agreement” on the basis of Art. 28 of the GDPR.

If you would like a specific list of the service providers used by us at any time, we will happily send you this upon request.

6. Processing based on your consent (Art. 6(1)(a) of the GDPR)/withdrawal
If you consent to us processing your personal data for specific purposes, this processing will be lawful on the basis of your consent in conjunction with Art. 6(1)(a) of the GDPR. Once granted, consent may be withdrawn at any time. This also applies to the withdrawal of consent granted to us prior to 25 May 2018, in other words prior to the GDPR entering into force. The withdrawal of consent will only apply with effect for the future and will not affect the lawfulness of any data processing that took place prior to the withdrawal. Where consent is required in individual cases in respect of data processing associated with use of the website, we will expressly notify you of this and inform you about the data processing.

Pursuant to Art. 7(3) of the GDPR, you have the right to revoke any previously granted consent with effect for the future.

If you wish to assert your right to withdraw consent, please send us an email to datenschutz@tourismusniedersachsen.de or contact the controller (see 1) by some other means.

7. General duration of data storage
We will only ever store your data for as long as is necessary to fulfil the purpose it was collected for. We have implemented organisational measures to ensure that data that is no longer required under the proviso above is erased.

8. Access, erasure, blocking
You have the following rights in respect of your data processed by us:

- the right to access your personal data stored by us pursuant to Art. 15 of the GDPR;
- where applicable, the right to have your incorrect or incomplete personal data stored by us rectified or completed pursuant to Art. 16 of the GDPR;
- the right to have your personal data stored by us erased and forgotten pursuant to Art. 17 of the GDPR;
- the right to restrict or block the processing of your personal data pursuant to Art. 18 of the GDPR;
- where applicable, the right to data portability pursuant to Art. 20 of the GDPR;
- the right to object to the processing of your personal data pursuant to Art. 21 of the GDPR;
- the right to withdraw previously granted consent, where applicable, pursuant to Art. 7(3) of the GDPR;
- the right to lodge a complaint with a supervisory authority pursuant to Art. 77 of the GDPR.

For any other questions about the processing of your personal data or to assert one of the rights open to you, simply send us an email to: datenschutz@tourismusniedersachsen.de

9. Right to object to processing in the case of an overriding interest pursuant to Art. 6(1)(f) of the GDPR
According to Art. 21 of the GDPR, you have the right to object to the processing of your personal data performed on the basis of our legitimate interests or those of a third party (in particular for the purpose of usage analysis and tailoring the website to meet demand) where there are grounds relating to your particular situation or where the objection is directed at general direct advertising or direct advertising that is tailored to you. In the latter scenario, you have a general right to object which we will implement without the need to specify a particular situation.

In individual cases, we will process your personal data to engage in direct advertising. You have the right to object to the processing of personal data about you for the purposes of such advertising at any time. This will also apply to profiling where this is related to such direct marketing. If you object to processing for direct advertising purposes, we will no longer process your personal data for such purposes.

If you wish to assert your right to object, send us an email to datenschutz@tourismusniedersachsen.de or contact the controller (see 1) by some other means.

10. Data security
We have set up technical and organisational security measures to protect your data, in particular against loss, manipulation or unauthorised access. We regularly adapt our security measures to ongoing technical developments.

11. Statutory or contractual requirement to provide data
You are not obliged by law or contractually to provide us with your data. Please note, however, that provision of some data is necessary to provide you with our services offered on the website. For example, we need your IP address to display this website in your browser.

12. Automated decision making
We do not engage in automated decision making or profiling.

 

Further information about our website on exclusion of liability for route data, disclaimer, copyright and event database here.