1. Data privacy at a glance
Data collection on our website
Wer ist verantwortlich für die Datenerfassung auf dieser Website? Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter our website.
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
2. General and mandatory information
We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.
Note on the responsible entity
The responsible party for data processing on this website is:
Münchener Straße 2
Telefone: +49 8362 / 81980
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION UNDER ART. 21 ABS. 2 GDPR).
Right of appeal to the competent supervisory authority
In the case of violations of data protection law, the person concerned has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company is based. A list of the data protection officers and their contact details can be found at the following link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after the conclusion of a contract with costs, there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization), this data will be required for payment processing.
Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Objection to advertising e-mails
The use of contact data published within the framework of the imprint obligation to send advertising and information materials not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
3. Data Protection Officer
Data protection officer required by law
We have appointed a data protection officer for our company.
Data protection officer of the municipality of Schwangau
Münchener Straße 2
Telefone: +49 8362 / 819822
4. Data collection on our website
The Internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Consent with Cookiebot
Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
The access logs of the web servers record which page requests have taken place at what time. They contain the following data: IP, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed hostname.
The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymized IP addresses are stored for 60 days.
Information about the directory protection user used is anonymized after one day. Error logs, which record erroneous page requests, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.
This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our websites (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer upon conclusion of a contract for services and digital content
We transmit personal data to third parties only if this is necessary for the processing of the contract, for example, to the credit institution entrusted with the processing of payments.
A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Mediation and booking of accommodation
When you request or book accommodation via our booking system, you must provide the data required to establish the contractual relationship or to prepare the contract. The data is collected on the basis of Art. 6 para. 1 p. 1 lit. b GDPR. A use of the data for further purposes does not take place.
The data is transferred to our service provider feratel media technologies AG, which technically operates the booking and brokerage portal for us, as part of order processing pursuant to Art. 28 DSGVO. We have concluded an agreement on commissioned processing with the service provider.
After the purpose has been fulfilled, the data is removed from our system, unless there are retention periods or the data is still required in individual cases (for example, in the case of outstanding receivables for collection of the receivables).
Brochure and catalog order
We store and use your personal data that you transmit to us in the course of an order process on the basis of Art. 6 para. 1 p. 1 lit. b GDPR exclusively for the processing of your orders. We use your e-mail address for messages regarding the status of your order.
We transfer your data to our service provider feratel media technologies AG, which operates the technical ordering system for us, as part of order processing pursuant to Art. 28 GDPR. We have concluded an order processing agreement with the service provider.
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.
This website uses rapidmail for sending newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.
Rapidmail is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Rapidmail's servers in Germany.
If you do not want any analysis by Rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.
Data analysis by Rapidmail
For the purpose of analysis, the emails sent with Rapidmail contain a so-called "tracking pixel", which connects to Rapidmail's servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened.
Furthermore, with the help of Rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, which can be used to count your clicks.
For more information about Rapidmail's analytics features, please see the following link: de.rapidmail.wiki/kategorien/statistiken/.
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
For more details, please refer to Rapidmail's data security notices at: https://www.rapidmail.de/datensicherheit.
Conclusion of a contract for commissioned data processing
We have concluded a contract with Rapidmail in which we oblige Rapidmail to protect our customers' data and not to pass it on to third parties. This contract can be viewed at the following link: https://de.rapidmail.wiki/files/adv/muster-auftragsdatenverarbeitung.pdf.
6. Plugins and Tools
YouTube with enhanced privacy
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.
This site uses the map service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.
This website uses the map and tourism service Outdooractive via an API. Provider is Outdooractive GmbH, Missener Straße 18, 87509 Immenstadt, Germany
When you call up a page, your browser loads the required scripts and possibly other data into its browser cache in order to display the maps and data correctly.
For this purpose, the browser you use must connect to the servers of Outdooractive GmbH. Through this, Outdooractive GmbH obtains knowledge that our website was accessed via your IP address. Outdooractive GmbH uses this information to inform our visitors and to advertise for our landlords. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Our social media presences
Data processing through social networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, Google+, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Responsible person and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
Social networks in detail
Facebook (https://www.facebook.com/schwangau and https://www.facebook.com/theroyalcastles)
We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in accordance with the EU-US Privacy Shield.
We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies the data processing operations for which we or Facebook is responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
We use the short message service Twitter. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter has been certified in accordance with the EU-US Privacy Shield.
You can adjust your Twitter privacy settings independently in your user account. To do so, click on the following link and log in: https://twitter.com/personalization.
This page has integrated webcams of Feratel AG. Provider is feratel media technologies AG, Maria-Theresien-Straße 8, A-6020 Innsbruck
When you call up a page, your browser loads the required images and, if necessary, scripts into its browser cache in order to display the images correctly.
For this purpose, the browser you use must establish a connection to the servers of feratel media technologies AG. Through this, feratel media technologies AG obtains knowledge that our website was accessed via your IP address. The feratel webcams are used to inform our visitors. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Webcam Player / Live Stream / wetter.com
On the subpage (https://www.schwangau.de/aktuelles/webcams/weitere-webcams/), a live stream of the webcam located at the site (Münchener Str. 2, 87645 Schwangau, Germany) is made available in a player. Responsible for this is wetter.com GmbH, Reichenaustr. 19a, 78467 Konstanz (wetter.com). When you call up the aforementioned sub-page or use the player, information about your use of the website, including your IP address, is transmitted to wetter.com. This is done to display the desired live cam view in the form of providing the start image and the live stream.
The data processing is carried out for the desired technical provision of the player and in the interest of a useful experience for you of our online offer and thus for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR) or on the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.
7. Analysis tools and advertising
Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
We host Matomo exclusively on our own servers, so all analytics data remains with us and is not shared.