Notes on Data Protection

Privacy Policy

When you use our online services (called here "services"), you, as a user, agree that we - the Nuremberg Convention and Tourism Office /Verkehrsverein Nürnberg e.V. (called here "CTZ") - as the responsible party in terms of the German data protection law (BDSG), may collect, process and use the following data listed here in the manner described in this document. This privacy policy informs you about the type, scope and purpose of the collection and use of personal data by our services.

  1. Type, Scope and Purpose of the Collection, Processing and Use
  2. Processes to Optimize Our Services
  3. Additional Applications of Our Services (Third-Party & Social Media)
  4. Protection of Your Rights as a Concerned Party
  5. Contact for Further Questions or Suggestions for Data Protection

1. Type, Scope and Purpose of the Collection, Processing and Use

Personal data is information that allows the identification of a specific individual. This includes, for example, names, contact data, photos, information about interests and hobbies and memberships. We collect, process and use your personal data only within the scope of legal regulations or with your consent.

Data collected by our system and the protection of your privacy

When you use our services or view content, the CTZ (or our online- rovider) automatically collects data in the form of serverlog files. This includes the name, date and time of the viewed website, filenames, quantity of data transmitted, notification of successful request, browser type and version, user's operating system, the previously visited page (referrer URL), IP address and internet service provider.

When subscribing to our newsletter, we save the IP address and the date of the subscription. This serves as proof in case a third-party has misused your e-mail address and, for example, subscribes to our newsletter without your knowledge or permission.

CTZ uses all logged data only for its own analysis of operation, for security purposes and to optimize its services. We reserve the right to subsequently review the log files when there is tangible evidence or a justified suspicion of illegal use of our services.

Queries & Newsletter

Anytime you make contact with us, whether by order form, e-mail or by telephone, we collect and use your data within the framework of specified business activities or to process your query. At your request, we will send you information about our services and products. For this purpose, you many subscribe to various newsletters. For this purpose we require an e-mail address, which we will check for validity before the subscription order is binding. Other data, such as name or title, are optional and serve only to optimize our service for you (so that we may address you with the correct name, for example).

Bookings & Reviews (Customer Satisfaction)

Within the framework of your booking - wheter online, verbal, written or by telephone, fax or e-mail - we offer you the opportunity to evaluate the products and services you have used and our service. for that purpose, after your visit you will receive an e-mail with a link to a short questionnaire. Your review is voluntary and anonymous and supports quality assurance for our products and services.

Registration Function/Data Logging

When you use our web shop, our online booking system (or another application that is specially protected due to the use of sensitive data) requires - as sometimes required by law - mandatory data for registration and processing of your order. Mandatory data fields are identified accordingly and follow the principle of economy of data. When we require your consent to collect and use your data, you will be explicitly notified of that fact before you submit your data. Data transmission will take place encrypted according to current security standards.

Payment Function

For fee-based services, you can normally choose between various forms of payment. For payment by direct debit or credit card for e. g. a hotel reservation or package booking, our carefully chosen and certified Swiss Payment Partner "Datatrans AG" is responsible. You submit the relevant data for this purpose to this partner. A specialized payment platform is integrated into our services for this purpose.

For payment processing in the online shop of the CTZ, our chosen and certified Payment Partner "GiroSolution AG" is responsible. You submit the relevant data for this purpose to this partner. A specialized payment platform is integrated into our services for this purpose.

Data transmission will take place encrypted according to current security standards. In addition, both Payment Partners meet the requirements of the Payment Card Industry Data Security Standards (PCI DSS).

Transfer of Data

We process the collected data for the purpose of optimizing customer service in cooperation with all departments within our organization. By this means we can spare you unnecessary multiple queries and contacts and provide you with the appropriate contact person for your specific request, who can provide you with complete and expert advice. We do not transfer your data to third parties, nor do we sell your data.

A processing of personal data outside the European Union (EU) and European Economic Area (EEA) does not take place and is also not planned, unless expressly stated in an individual case hereinafter.

Mobile Use

Please note that when using our services on mobile end devices (such as cell phones, smart phones and tablets) that, depending on the technology used, precise location data may be collected, used and shared, including the geographic location of your device. In addition, within the framework of the terms of use of your respective telecommunications provider, further data may be collected, processed and used.

2. Processes to Optimize Our Services

The use of our internet websites is, in principle, possible without disclosing personal data. All of the following elements described here work with a pseudonymized form of your data, as usage data is not linked with user data. In this manner, even the IP Address remains a pseudonym.

Cookies

Our publicly accessible services can be used, in principle, without cookies.

On various websites of our services, cookies of various types are used. Cookies are small text files which are saved on your computer. They do no damage and contain no personal data. The device-related data in the cookies allow us to analyze your use of our services without reference to you as an individual and to recognize your end device if you visit our sites again. This makes the use of our websites easier for you (user-friendliness) and gives us the opportunity to optimize our services for you. You can set your browser to warn you that you are about to receive a cookie, allowing you to decide on a case-by-case basis when to accept a cookie or you may exclude all incoming cookies. You can find more details at http://www.aboutcookies.org.

Canvas

For optimal operability without cookies and for analysis of the attractiveness of our services, we use the Canvas element. Through its use, device-related characteristics can be taken into consideration, making use of our services more comfortable. Conventional browsers unfortunately offer no means to shut off this element. If you wish to do so, we recommend the use of the necessary plug-ins or a browser that offers an advanced user more control possibilities (for example, the Tor Browser, available at https://www.torproject.org/).

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google") in the scope of hotel bookings, package bookings and brochure orders. Google Analytics uses so-called "cookies", text files which are saved on the user's computer which permit an analysis of the use of the website. The information created by the cookie about the user's use of the website is normally transferred to a Google server in the US and saved there. On this website, IP anonymization is enabled, so the IP-addresses of users of google within the member states of the European Union or in other states which are signatories to the Agreement on the European Economic Area are shortened. Only in certain exceptional cases will the full IP-address be transferred to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to analyze the use of the website by the user, to create reports about website activity and to provide additional services linked with website usage and internet usag for the operator of this website. The IP-addresses transferred from your browser within the framework of Google Analytics will not be merged with other data from Google.

You may prevent the installation of cookies by selecting the appropriate settings on your browser; however, we point out that in this case you may not be able to use all the functions of this website to their full extent. The user can also prevent the transfer of the data that has been created by the cookie concerning the use of the website (including IP-addresses) to Google and also prevent Google from analyzing the data by downloading and installing the browser plug-in available tht the link listed below. the current link is:

http://tools.google.com/dlpage/gaoptout?hl=de<http://tools.google.com/dlpage/gaoptout?hl=de.“

Piwik

Our service to collect and save data for marketing and optimization purposes is Piwik, a web analysis service that is particularly data-privacy friendly, for the statistical analysis of user access (market range analysis) for marketing and optimization purposes. Piwik uses cookies (For details, see above).

The data collected through cookies about the use of our services will be stored on the server of the provider in Germany. IP Addresses will be immediately made anonymous (shortened by the last octet). The collected data will not be linked to the personal data of the bearer of a pseudonym. The data will not be transferred to third parties. As a user, you can block the acceptance of cookies by changing the appropriate setting of your internet browser; in this case, you may not be able to fully use all of the offered functions of the website. You can bar the collection and use of your data for the purposes of Piwik at any time, now and for the future. You can find more details about Piwik at piwik.org.

External Services

Shortened Links - go.nuernberg.de

On this website and on Twitter and Facebook we use links with the format "http://go.nuernberg.de/[...]" in order to shorten long internet addresses. These links are generated by the URL shortening service of the city of Nuremberg. When you click on a link, it will be decrypted on the city's server and the request will be forwarded to the underlying target address. The target address may lie outside our and the city's internet services. If you wish to know which target address will be called up, you can view it on the website http://go.nuernberg.de.
No IP-Addresses or personal data are logged on the website of the city of Nuremberg. The following listed data are collected anonymously and used for marketing- and service optimization.
The following data from your visit to out internet site are automatically saved: Date and time of the request, the requesting computer's desired access method or function, the input data received from the requesting computer, name of the requested file, URL created by the file request or desired function, information about the browser and operating system used, anonymized IP-Address.

3. Additional Applications of Our Services (Third-Party & Social Media)

In some cases, we round out our services for you through links to carefully selected third parties. CTZ accepts no responsibility for their contents or privacy policies. Based on the technology, third parties may sometimes receive your IP Address. In your interest, we strive to only offer links for which the providers use IP Addresses for delivery of content only. However, we have no influence on whether or not third-party providers store your IP Address for statistical purposes. If we are aware that this is the case, we will inform you.

Use of Social Plug-Ins: Measures to Protect Your Privacy

We offer you the opportunity to show your interest in our services on social media platforms which you use. For this purpose, we have built in the popular "like" buttons at the end of each webpage. To protect your privacy, we use the so-called "two-click procedure", that is, the buttons from Facebook, Google+, Twitter and Pinterest must first be actively clicked on by you, before you can transfer your data.

If you do not want data collected through our services to be directly assigned to your profile, please log out of the respective social network before you visit our services. You can control or block the loading of plug-ins with the corresponding add-on applications for your internet browser, for example with a script-blocker such as "NoScript" (http://noscript.net). You could also use a browser that offers an advanced user more control possibilities (See Section 2).

Here follows provider-specific details for the social media services we provide.

Use of Facebook Social Plug-Ins

This service uses Social Plug-Ins ("plug-ins") of the facebook.com social network, operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA ("Facebook"). The "Like" and "Share" plug-ins can be recognized by the Facebook logo (white "f" on a blue tile or a "thumbs-up" sign) or are marked with "Facebook Social Plug-In". A list and description of the Facebook Social Plug-Ins can be seen at: https://developers.facebook.com/docs/plugins/. When you, as user, open a webpage of our services that contains such a plug-in, your browser will create a direct link to the Facebook server. The content of the plug-in will be transferred from Facebook directly to your browser and tied into the webpage. We have no influence over the amount of data that Facebook collects with this plug-in and therefore we here inform you based on the information available at the time of publication.

Through the integration of plug-ins ("Like" button, etc.), Facebook receives notice that a user has called up the respective webpage of the service. If the user is logged in to Facebook, Facebook can assign the visit to the Facebook account of the user. When the user interacts with the plug-ins, for example by clicking on the "Like" button or writing a comment, the respective data will be directly transferred to Facebook from your browser and stored there. If a user is not a member of Facebook, it is still possible that Facebook receives his or her IP Address and stores it. According to Facebook, in Germany only anonymized IP Addresses are stored. The purpose and amount of data collection and the further processing and use of the data by Facebook as well as the respective rights and configuration options for privacy protection of the user can be read in the privacy policy of Facebook: https://www.facebook.com/about/privacy/.

+1 Buttons from Google & YouTube

Our online services use the button from YouTube and the "+1″ button of the social network Google Plus, which are operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The button from YouTube is a grey base with the two-line black-and-red "You Tube" lettering; the button from Google+ can be recognized by a "+1″ symbol on a white or colored background. If you open one of the webpages of our services which contain one or more such buttons, your browser will create a direct link to the Google servers. The content of the button will be transferred from Google directly to the browser and tied into the webpage. We have no influence over the amount of data that Google collects with this button. According to Google, no personal data will be collected without a previous click on the button. Only in the case of logged-in members will data, including the IP Address, be collected and processed. The purpose and amount of data collection and the further processing and use of the data by Google as well as the respective rights and configuration options for privacy protection of the user can be read in the privacy policy of the "+1" button from Google: www.google.com/intl/de/+/policy/+1button.html. Answers to FAQs can be read at www.google.com/intl/de/ +1/button/.

Twitter

Our services use the Tweet button of the Twitter service. This button is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. It can be recognized by terms such as "Twitter", "Tweet" or "Follow", in combination with a stylized blue bird. With the aid of this button, it is possible to share a message or a webpage of our services via Twitter or to follow us at Twitter. When you open a webpage of our services that contains such a button, your browser will create a direct link to the Twitter servers. The content of the Twitter button will be transferred from Twitter directly to your browser. We have no influence over the amount of data that Twitter collects with this plug-in. According to Twitter, only the IP Address of the user will be sent to the URL of the website when clicking on the button, but will not be used for purposes other than the depiction of the button. More information is available in the Privacy Policy of Twitter at twitter.com/privacy.

Pinterest

You can use the Pinterest Social Plug-In in our online services. this is provided by Pinterest Inc., 808 Brannan Street, San Fransisco, CA 94301, USA ("Pinterest"). The Pinterest Plug-In can be recognized by a white letter "P" on a red background. If you open one of the webpages of our services which contains this symbol, your browser will create a direct link to the Pinterest servers. Log date will be transferred directly to the server of Pinterest in the USA. This log data may contain your IP address, the address of websites you have visited which contain Pinterest functions, the type and settings of your browser, the date and time of your inquiry, your manner of use of the Pinterest and cookies. You dan vind more information about the data privacy policy of Pinterest at https://about.pinterest.com/de/privacy-policy.

Instagram

Our online services use the Instagram Social Plug-In. This button is offered by Instagram Inc., a subsidiary company of Facebook Inc. , 1601 Will Road, Menlo Park, CA 94025, USA. The Instagram button can be recognized as a sepia or brown colored stylized camera. When you activate the Instagram button while you are logged in to your Instagram account, you can link the content of our services to your Instagram profile. By this means, Instagram can assign the visit to our services to your user account. We have no influence over the amount of data that Instagram collects with this plug-in, nor its use. More information is available in the Privacy Policy of Instagram at https://help.instagram.com/155833707900388/

 

4. Protection of Your Rights as a Concerned Party

We have taken wide-ranging technical and organizational steps to protect your data when it is processed. If you would like to see a copy of our public procedure directory, you can send an informal e-mail to the contact listed below.

The evaluation of logged data takes place by authorized employees, who are required to protect your privacy and are continually receiving training on the best methods to do so. Access to our data processing systems takes place via a pre-determined authorization procedure.

Your permission to log data, your e-mail address and its use to send you a newsletter for which you have subscribed can be revoked at any time. This revocation can take place via a link at the end of each newsletter e-mail or by informal notification to the contact listed in Section 5 of this document.

As a user, you have the right to receive free-of-charge information about the personal data we have logged. You have the right to correct inaccurate data, delete or block the use of your personal data, as long as it is not required to fulfill a contract and when deletion does not violate a legal obligation to retain data.

When within our services you call up webpages and data from third parties and thereby transfer data about yourself, please note that this data transfer takes place unencrypted over the internet and the data may therefore be accessed by unauthorized persons.

Please note that we have no influence on the collection and use of your data when you visit or use our services with third-party providers, for example, our Profile on Facebook, YouTube, Instagram or Twitter. This applies to all related interaction options such as posting pictures and audio material or commentaries, unless these are transferred to our company in a clearly recognizable form such as e-mail. The responsible party in each case is the operator of the platform that you have visited and used.

5. Contact for Further Questions or Suggestions for Data Protection

Our Privacy Policy Administrator Ms. Blossey is happy to address any other issues concerning data protection at datenschutz(at)ctz-nuernberg.de. This privacy policy will be updated as necessary. For maximum transparency we therefore recommend that you visit this document often.

Last modified: 06 March 2018