Privacy

Welcome to Tourismus Service Bergstrasse e.V. and our website www.diebergstrasse.de

We are pleased to have roused your interest in our region and the services we offer. We place great importance on the protection of your privacy and personal data. When collecting and using your data, we therefore always act in compliance with the provisions of the General Data Protection Regulation of the European Union (EU GDPR) 2016/679, the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). As those responsible for processing your data, we will go on to inform you which data we collect and how we process them.

1. Personal data
   The General Data Protection Regulation of the European Union (EU GDPR) defines personal data as ‘… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4 (1) GDPR)’. We only save personal data if this is necessary in order to provide the booked service, to comply with statutory provisions or for one of the purposes named below.
2. Anonymised data/log files
   You can visit our website without there being any need for us to collect personal data. However, each time you visit our website, some anonymised data are stored, e.g. which page or service was consulted. These data are not personal and do not therefore come under the statutory provisions of EU GDPR or the German Federal Data Protection Act (BDSG).
   The website operator or site provider collects data about accesses to the site and saves these as “server log files”. The following data are logged:
   Visited website, time at the time of access, amount of data sent in bytes, source/reference from which you came to the page, used browser, operating system used, used IP address.
   The data collected are used solely for statistical evaluation and to improve the website. However, the website operator reserves the right to subsequently examine the server log files if there are specific grounds for suspecting illegal use.
   Anonymous data are collected solely for statistical evaluation and to improve the services we offer. Please take note of the section “Right to information/right to revocation”.
3. Purpose of collecting personal data
   The collection of personal data is essential if you book a stay or any other service via our portal, contact us, subscribe to our newsletter or would like to make use of other services offered on our website for which it is essential to process personal data. This includes the purchase of vouchers and participation in competitions.
   In accordance with statutory provisions and in the interests of data minimisation, we usually only collect data that are required to provide the specific service in question. If we ask you for more information in our forms, the provision of such data is always voluntary and is marked as such.
   Temporary storage by our system of the user’s IP address is required to enable the user’s computer to access the website. This requires the user’s IP address to be stored for the duration of the browsing session. These data are stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. Data are not evaluated for marketing purposes in this context. These purposes also account for our legitimate interest in data processing under Article 6 paragraph 1 (f) of the GDPR.
   If you book a stay or any other service, the collected data are used to process the booking in line with the statutory provisions on advertising purposes and for statistical purposes.
   We use the personal data we have stored only to maintain relationships with the customer, to liaise with customers (e.g. provide information on your stay), to carry out our own advertising and marketing measures (e.g. to send off catalogues or other advertising material within the scope permitted by law, to enquire about customer satisfaction) and to handle orders.
4. Statutory basis for the processing of personal data
   The statutory basis for obtaining the consent of the data subject to the processing of their personal data is Article 6 paragraph 1 (a) of the EU’s General Data Protection Regulation (GDPR).
   The statutory basis for processing personal data for performance of a contract to which the data subject is party is Article 6 paragraph 1 (b) of the GDPR. This applies also to data processing required to take steps prior to entering into a contract.
   The statutory basis for processing personal data for the purpose of compliance with a legal obligation to which our association is subject is Article 6 paragraph 1 (c) of the GDPR.
   The statutory basis for processing personal data to protect the vital interests of the data subject or another natural person is Article 6 paragraph 1 (d) of the GDPR.
   The statutory basis for processing personal data to protect the legitimate interests pursued by our association (!!!) or a third party, where the interests or fundamental rights and freedoms of the data subject do not override these legitimate interests, is Article 6 paragraph 1 (f) of the GDPR.
5. Transfer of personal data to third parties
   Your personal data are solely passed on under the pertinent statutory provisions, in particular those relating to data protection law and competition law.
   Where this is necessary in order to provide the service we are contractually obliged to perform, or to comply with legal obligations, your data are also passed on to sub-contractors or service providers in order to provide the service on our behalf or on our orders (e.g. technical handling of posting or emailing, processing of payments, customer care).
   In addition, your data are passed on to individuals or companies in order to handle your booking, in particular to airlines, tour operators, hotels, travel agencies, car rental companies, cruise lines, authorities, etc. Please note that the data protection provisions at the registered seat of these individuals and companies may be different to those in Germany.
   We also disclose and transfer your data to third parties if we are obliged to do so by law or because of court proceedings that have been finally disposed of.
   You are entitled to receive the personal data you have provided us with in a structured, customary and machine-readable format. You furthermore have the right to transfer these data to another data controller without obstruction by the data controller to whom the personal data have already been transferred.
6. Data storage and deletion
   Your personal data are stored within the scope of the purposes named in the section “Purpose of collecting personal data”. The personal data of the data subject will be erased or restricted as soon as the purpose for which they were stored no longer applies. Data may continue to be retained beyond this time when the data controller is required under European Union or national legislation, regulations or other legal instruments to do so. The legislator has issued a large number of different retention obligations and periods. Data may also be restricted or erased when a storage period set under one of the above-named provisions expires, except where further retention of the data is necessary in order to conclude or fulfil a contract.
7. Security, questions and suggestions, data controller
   Security depends not least on your own system. You should always keep your access data confidential, never let internet browsers save your passwords and close the internet browser window when you have finished your visit to our website. This makes it more difficult for third parties to access your personal data.
   Use an operating system that can administer user rights. Set up several users for your system also within your family and never use the internet under administrator rights. Use security software such as virus scans and firewalls, and install regular updates to your system.
   Under the EU’s General Data Protection Regulation (GDPR) and other national data protection regulations and instruments of individual EU Member States, the data controller for this website is:
   Tourismus Service Bergstrasse e.V.
   Marktplatz 1
   64653 Lorsch, Germany
   Tel: +49 (0)6251 26-15
   info(at)diebergstrasse.de
   www.diebergstrasse.de
   
8. Right to information/right to revocation: other rights of data subjects
   In accordance with Article 15 GDPR, you have the right

• to demand information about the personal data we have processed. In particular, you can demand information about the purposes for which your data are processed, the category of personal data used, the category of recipients to whom your data were or will be disclosed, the planned duration for which they will be stored, the existence of a right to the correction, deletion, limitation of processing or objection, the existence of the right to complain, the origin of your data if these were not collected by us, and about the existence of automated decision-making including profiling and possibly reliable information on the pertinent details;
• in accordance with Article 16 GDPR, to immediately demand the rectification of incorrect or completion of personal data we have stored;
• in accordance with Article 17 GDPR, to demand the deletion of personal data we have stored unless the processing of these data are required to exercise the right to freedom of expression and information, to meet a legal obligation, for reasons of public interest or to claim, assert or defend legal rights;
• in accordance with Article 18 GDPR, to demand the limitation of the processing of your personal data if you contest the correctness of the data, the processing is illegal but you refuse to have them deleted; we no longer require the data but you require them in order to claim, assert or defend legal rights, or you have lodged an objection to processing in accordance with Article 21 GDPR;
• in accordance with Article 20 GDPR, to demand that you receive the personal data you have already provided to us in a structured, customary and machine-readable format or demand that they be transferred to another data controller;
• in accordance with Article 7 Item 3 GDPR, to revoke your previous consent towards us at any time. The consequence is that we are not allowed to continue processing the data based on this consent in future and,
• in accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule you can apply in this case to the supervisory authority at your habitual place of residence or workplace or the registered seat of our association.
  It goes without saying that this right is free of charge. If you wish to revoke your consent to the use of your data, apply for information or for the rectification, blocking or deletion of your data or to exercise other rights as a data subject, please contact:
  Tourismus Service Bergstrasse e.V.
  Marktplatz 1
  64653 Lorsch, Germany
  Tel: +49 (0)6251 26-15
  info(at)diebergstrasse.de
  www.diebergstrasse.de