Privacy Policy

1. Data privacy at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is any data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on our website

Wer ist verantwortlich für die Datenerfassung auf dieser Website? Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. General and mandatory information

Data protection 

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.

Note on the responsible entity

The responsible party for data processing on this website is:

Gemeinde Schwangau 
Münchener Straße 2
87645 Schwangau
Telefone: +49 8362 / 81980
E-Mail: poststelle@schwangau.bayern.de 

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. (OBJECTION UNDER ART. 21 ABS. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION UNDER ART. 21 ABS. 2 GDPR).

Right of appeal to the competent supervisory authority

In the case of violations of data protection law, the person concerned has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company is based. A list of the data protection officers and their contact details can be found at the following link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after the conclusion of a contract with costs, there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization), this data will be required for payment processing.

Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Objection to advertising e-mails

The use of contact data published within the framework of the imprint obligation to send advertising and information materials not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

3. Data Protection Officer

Data protection officer required by law

We have appointed a data protection officer for our company.
Data protection officer of the municipality of Schwangau
Münchener Straße 2
87645 Schwangau
Telefone: +49 8362 / 819822
E-Mail: datenschutzbeauftragter@schwangau.bayern.de

4. Data collection on our website

Cookies

The Internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately in this privacy policy.

 

Consent with Cookiebot

Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").

When you enter our website, a connection is established to the servers of Cookiebot in order to obtain your consents and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

The access logs of the web servers record which page requests have taken place at what time. They contain the following data: IP, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed hostname.

The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymized IP addresses are stored for 60 days.

Information about the directory protection user used is anonymized after one day. Error logs, which record erroneous page requests, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.

Contact form

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Processing of data (customer and contract data)

We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our websites (usage data) only to the extent necessary to enable the user to use the service or to bill the user.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transfer upon conclusion of a contract for services and digital content

We transmit personal data to third parties only if this is necessary for the processing of the contract, for example, to the credit institution entrusted with the processing of payments.

A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Mediation and booking of accommodation

When you request or book accommodation via our booking system, you must provide the data required to establish the contractual relationship or to prepare the contract. The data is collected on the basis of Art. 6 para. 1 p. 1 lit. b GDPR. A use of the data for further purposes does not take place.

The data is transferred to our service provider feratel media technologies AG, which technically operates the booking and brokerage portal for us, as part of order processing pursuant to Art. 28 DSGVO. We have concluded an agreement on commissioned processing with the service provider.

After the purpose has been fulfilled, the data is removed from our system, unless there are retention periods or the data is still required in individual cases (for example, in the case of outstanding receivables for collection of the receivables).

Brochure and catalog order

We store and use your personal data that you transmit to us in the course of an order process on the basis of Art. 6 para. 1 p. 1 lit. b GDPR exclusively for the processing of your orders. We use your e-mail address for messages regarding the status of your order.

We transfer your data to our service provider feratel media technologies AG, which operates the technical ordering system for us, as part of order processing pursuant to Art. 28 GDPR. We have concluded an order processing agreement with the service provider.

5. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.

Rapidmail

This website uses rapidmail for sending newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.

Rapidmail is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Rapidmail's servers in Germany.

If you do not want any analysis by Rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.

Data analysis by Rapidmail

 

For the purpose of analysis, the emails sent with Rapidmail contain a so-called "tracking pixel", which connects to Rapidmail's servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened.

Furthermore, with the help of Rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, which can be used to count your clicks.

For more information about Rapidmail's analytics features, please see the following link: de.rapidmail.wiki/kategorien/statistiken/.

 

Legal basis

The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage duration

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.

For more details, please refer to Rapidmail's data security notices at: https://www.rapidmail.de/datensicherheit.

Conclusion of a contract for commissioned data processing

We have concluded a contract with Rapidmail in which we oblige Rapidmail to protect our customers' data and not to pass it on to third parties. This contract can be viewed at the following link: https://de.rapidmail.wiki/files/adv/muster-auftragsdatenverarbeitung.pdf.

6. Plugins and Tools

YouTube with enhanced privacy

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the map service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Outdooractive

This website uses the map and tourism service Outdooractive via an API. Provider is Outdooractive GmbH, Missener Straße 18, 87509 Immenstadt, Germany

When you call up a page, your browser loads the required scripts and possibly other data into its browser cache in order to display the maps and data correctly.

For this purpose, the browser you use must connect to the servers of Outdooractive GmbH. Through this, Outdooractive GmbH obtains knowledge that our website was accessed via your IP address. Outdooractive GmbH uses this information to inform our visitors and to advertise for our landlords. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find more information on the handling of user data in Outdooractive's privacy policy: https://www.outdooractive.com/de/privacy.html.

Our social media presences

Data processing through social networks

We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.

Social networks such as Facebook, Google+, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook (https://www.facebook.com/schwangau and https://www.facebook.com/theroyalcastles

We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in accordance with the EU-US Privacy Shield.

We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies the data processing operations for which we or Facebook is responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

For details, see Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Twitter (https://www.twitter.com/schwangau)

We use the short message service Twitter. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter has been certified in accordance with the EU-US Privacy Shield.

You can adjust your Twitter privacy settings independently in your user account. To do so, click on the following link and log in: https://twitter.com/personalization.

For details, see Twitter's privacy policy: https://twitter.com/de/privacy.

Instagram (https://www.instagram.com/schwangau.de

 

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram's privacy policy: help.instagram.com/519522125107875.

 

Feratel Webcams

 

This page has integrated webcams of Feratel AG. Provider is feratel media technologies AG, Maria-Theresien-Straße 8, A-6020 Innsbruck

When you call up a page, your browser loads the required images and, if necessary, scripts into its browser cache in order to display the images correctly.

For this purpose, the browser you use must establish a connection to the servers of feratel media technologies AG. Through this, feratel media technologies AG obtains knowledge that our website was accessed via your IP address. The feratel webcams are used to inform our visitors. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For details, see Feratel's privacy policy: www.feratel.de/datenschutzerklaerung/.

 

Webcam Player / Live Stream / wetter.com

 

On the subpage (https://www.schwangau.de/aktuelles/webcams/weitere-webcams/), a live stream of the webcam located at the site (Münchener Str. 2, 87645 Schwangau, Germany) is made available in a player. Responsible for this is wetter.com GmbH, Reichenaustr. 19a, 78467 Konstanz (wetter.com). When you call up the aforementioned sub-page or use the player, information about your use of the website, including your IP address, is transmitted to wetter.com. This is done to display the desired live cam view in the form of providing the start image and the live stream.

The data processing is carried out for the desired technical provision of the player and in the interest of a useful experience for you of our online offer and thus for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR) or on the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find wetter.com's privacy policy at www.wetter.com/datenschutz/adsb/ .

 

7. Analysis tools and advertising

Matomo (formerly Piwik)

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Hosting

We host Matomo exclusively on our own servers, so all analytics data remains with us and is not shared.