Privacy policy

Data Protection Information for the Processing of Personal Data in accordance with Article 13 GDPR in connection with the Transparency Requirement pursuant to Article 12ff GDPR:
Download (PDF)

Your Data Protection Settings

You can view and change all data protection settings you have made in this browser here.

General Information

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain how, for what purpose, and on what legal basis we process your data.

For data processing on this website and within our company, the responsible entity is:

Dresden Information GmbH
Prager Str. 2b
01069 Dresden

Phone: +49 351 50 150 200
Email: info@dresden.travel

General Notes

SSL or TLS Encryption

When you enter your data on websites, place online orders, or send emails over the internet, you must always assume that unauthorized third parties could access your data. There is no complete protection against such access. However, we make every effort to protect your data as best as possible and to close security gaps to the extent that it is within our power.

One important protective measure is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the entered internet address in your browser and by the fact that our internet address begins with https:// rather than http://.

Encrypted Payment Transactions

Payment data, such as account or credit card numbers, are particularly sensitive. Therefore, payment transactions using common payment methods on our site are conducted exclusively through encrypted SSL or TLS connections.

How Long Do We Store Your Data?

In certain sections of this privacy policy, we inform you about how long we or the companies processing your data on our behalf store your data. If no such information is provided, we store your data until the purpose of data processing no longer applies, you object to the data processing, or you revoke your consent to the data processing.

In the event of an objection or revocation, we may continue to process your data if at least one of the following conditions applies:

– We have compelling legitimate grounds for continuing the data processing that outweigh your interests, rights, and freedoms (this only applies to objections to data processing; if the objection is to direct marketing, we cannot assert any legitimate grounds).
– The data processing is necessary to assert, exercise, or defend legal claims (this does not apply if your objection is to direct marketing).
– We are legally obligated to retain your data.

In such cases, we will delete your data once the relevant condition(s) no longer apply.

Data Transfer to the USA

We also use tools on our website from companies that transmit your data to the USA, where it is stored and potentially further processed. This is particularly significant for you because your data in the USA does not enjoy the same level of protection as it does within the EU under the General Data Protection Regulation (GDPR). For example, US companies are required to provide personal data to security authorities without allowing you, as the affected person, to legally challenge this. As a result, US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data on US servers for surveillance purposes. We have no control over these processing activities.

Data Protection Officer

We have appointed a data protection officer for our company:

Steve Vetter, Vetter Consulting Datenschutzberatung
Oschatzer Str. 46
01127 Dresden

Phone: +49 173 8947506
Email: steve.vetter@vc-datenschutz.de

Your Rights

Objection to Data Processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS FOR PROCESSING YOUR DATA AND THEREFORE RELY ON ARTICLE 6(1)(1)(F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THIS UNDER ARTICLE 21 GDPR. THIS ALSO APPLIES TO PROFILING BASED ON THE AFOREMENTIONED PROVISION. THE CONDITION IS THAT YOU MUST PROVIDE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO REASON IS REQUIRED IF THE OBJECTION IS TO THE USE OF YOUR DATA FOR DIRECT MARKETING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS IS MET:

  • WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS.
  • THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS TO DIRECT MARKETING OR TO PROFILING ASSOCIATED WITH IT.

Additional Rights

Withdrawal of Your Consent to Data Processing

Many data processing operations are based on your consent. For example, you give this consent by ticking a box in online forms before submitting the form or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Article 7(3) GDPR). All available settings for this can be found in the consent banner on this website. From the time of withdrawal, we are no longer allowed to process your data. The only exception is if we are legally obligated to retain the data for a certain period. Such retention periods exist particularly in tax and commercial law.

Right to Lodge a Complaint with the Supervisory Authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority under Article 77 GDPR. You can contact a supervisory authority in the Member State of your residence, workplace, or the location of the alleged violation. The right to complain exists alongside any administrative or judicial remedies.

Right to Data Portability

Data that we process automatically based on your consent or in fulfillment of a contract must be provided to you or a third party in a commonly used, machine-readable format upon your request. We can only transfer data to another controller if it is technically feasible.

Right to Access, Deletion, and Rectification of Data

Under Article 15 GDPR, you have the right to obtain information free of charge about the personal data we have stored about you, where the data came from, who we have shared it with, and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Article 16 GDPR), and under the conditions of Article 17 GDPR, you can request that we delete the data.

Right to Restrict Data Processing

In certain situations, you can request that we restrict the processing of your data under Article 18 GDPR. Apart from storage, the data may then only be processed as follows:

  • with your consent
  • for the establishment, exercise, or defense of legal claims
  • to protect the rights of another natural or legal person
  • for reasons of important public interest of the European Union or a Member State

The right to restrict processing applies in the following situations:

  • You have disputed the accuracy of your personal data stored with us, and we need time to verify this. The right exists for the duration of the verification.
  • The processing of your personal data is unlawful, or was unlawful in the past. In this case, the right exists as an alternative to deletion of the data.
  • We no longer need your personal data, but you need it to establish, exercise, or defend legal claims. In this case, the right exists as an alternative to deletion of the data.
  • You have objected under Article 21(1) GDPR, and now your interests and ours must be weighed against each other. The right exists while the outcome of the weighing is pending.

Hosting and Content Delivery Networks (CDN)

External Hosting

Our website is hosted on a server provided by the following internet service provider (host):

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Was a Data Processing Agreement (DPA) signed with the host?
Yes

How Do We Process Your Data?

The host stores all data from our website. This includes all personal data that is automatically collected or entered by you. This may include, in particular: your IP address, visited pages, names, contact details and inquiries, as well as metadata and communication data. When processing data, Hetzner Online GmbH follows our instructions and processes the data only as necessary to fulfill their contractual obligations to us.

On What Legal Basis Do We Process Your Data?

As we use our website to reach potential customers and maintain contacts with existing customers, the data processing by our host serves the initiation and fulfillment of contracts and is therefore based on Article 6(1)(b) GDPR. Additionally, it is our legitimate interest as a company to provide a professional internet presence that meets necessary security, speed, and efficiency requirements. To this extent, we also process your data on the basis of Article 6(1)(f) GDPR.

Data Collection on This Website

Use of Cookies

Our website places cookies on your device. These are small text files used for various purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are required to perform certain actions or functions on the site (functional cookies). For example, without cookies, it would not be possible to use the benefits of a shopping cart in an online store. Other cookies are used to analyze user behavior or optimize advertising. When we use third-party services on our website, such as for processing payment transactions, these companies may also place cookies on your device when you access the website (so-called third-party cookies).

How Do We Process Your Data?

Session cookies are stored on your device only for the duration of a session. As soon as you close the browser, they disappear on their own. Permanent cookies, on the other hand, remain on your device until you delete them yourself. This can lead to your user behavior being analyzed on an ongoing basis. You can influence how your browser handles cookies through the settings:

  • Do you want to be informed when cookies are set?
  • Do you want to exclude cookies altogether or for specific cases?
  • Do you want cookies to be automatically deleted when you close the browser?

If you disable or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this within this privacy policy. We will also ask for your consent in this regard when you access our website.

On What Legal Basis Do We Process Your Data?

We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical issues and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore based on Art. 6 (1) lit. f) GDPR. All other cookies are set on the basis of Art. 6 (1) lit. a) GDPR, provided you give us your consent. You can withdraw this consent at any time with effect for the future. If you have consented to the setting of necessary and functional cookies during the consent query, these cookies will also be stored exclusively on the basis of your consent.

Server Log Files

Server log files log all requests and accesses to our website and record error messages. They also include personal data, especially your IP address. However, this is anonymized by the provider after a short time, so we cannot assign the data to your person. The data is automatically transmitted by your browser to our provider.

How Do We Process Your Data?

Our provider stores the server log files to track activities on our website and to identify errors. The files contain the following data:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address (possibly anonymized)

We do not combine this data with other data but use it solely for statistical evaluation and to improve our website.

On What Legal Basis Do We Process Your Data?

We have a legitimate interest in ensuring that our website runs smoothly. We also have a legitimate interest in obtaining an anonymized overview of access to our website. The data processing is therefore lawful under Art. 6 (1) lit. f) GDPR.

Contact Form

You can send us a message via the contact form on this website.

How Do We Process Your Data?

We store your message and the information provided in the form to process your inquiry, including any follow-up questions. This also applies to the contact details provided. We do not pass on the data to other parties without your consent.

How Long Do We Store Your Data?

We delete your data as soon as one of the following occurs:

  • Your request has been fully processed.
  • You request us to delete the data.
  • You revoke your consent to storage.

This does not apply if we are legally obliged to retain the data.

On What Legal Basis Do We Process Your Data?

If your inquiry is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data based on Art. 6 (1) lit. b) GDPR. In all other cases, it is our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Request by Email, Telephone, or Fax

You can send us a message via email or fax, or call us.

How Do We Process Your Data?

We store your message and the contact information you provided or the transmitted phone number to process your inquiry, including any follow-up questions. We do not pass on the data to other parties without your consent.

How Long Do We Store Your Data?

We delete your data as soon as one of the following occurs:

  • Your request has been fully processed.
  • You request us to delete the data.
  • You revoke your consent to storage.

This does not apply if we are legally obliged to retain the data.

On What Legal Basis Do We Process Your Data?

If your inquiry is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data based on Art. 6 (1) lit. b) GDPR. In all other cases, it is our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Analysis Tools and Advertising

Matomo Analytics (locally installed)

How Do We Process Your Data?

We are always interested in optimizing our web offering for users and placing advertisements optimally. Matomo Analytics, an open-source tool that analyzes user behavior, helps us achieve this by providing the necessary data for adjustments. We have configured Matomo so that it does not store any cookies or personal data that can be used to uniquely identify a visitor. Matomo captures page views, the region they come from, the IP address, referrer, browsers used, and operating systems. The tool can also measure whether our website visitors perform certain actions (e.g., clicking on links or making purchases). After anonymizing your IP address, the collected data is stored exclusively on our server.

On What Legal Basis Do We Process Your Data?

As a website operator, we have a legitimate interest in the anonymized analysis of user behavior to optimize our web offering and the advertising placed there. Data processing is therefore lawful under Art. 6 (1) lit. f) GDPR.

Newsletters and Postal Advertising

Rapidmail

What is Rapidmail?
Service for sending newsletters and analyzing recipient behavior.

Who Processes Your Data?
rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., Germany.

Has a Data Processing Agreement Been Concluded with Rapidmail?
Yes.

Where Can I Find More Information About Data Protection at Rapidmail?
https://www.rapidmail.de/datenschutz

How Do We Process Your Data?

We use Rapidmail for our newsletter distribution. The service manages the data of newsletter subscribers for us, sends out our newsletter, and analyzes our newsletter campaigns.

If you wish to receive our newsletter, we need your email address. We will also verify through a confirmation email (double opt-in procedure) that you are indeed the owner of this email address. We do not collect any other data or only on a voluntary basis. We use your data exclusively for sending the newsletter.

If we send a newsletter via Rapidmail and you open it, a file included in the newsletter automatically connects to Rapidmail’s servers. This allows the service to know that the newsletter has been opened and registers all clicks on the links contained therein. Rapidmail also collects technical information, such as the time of retrieval, IP address, browser type, and operating system.

You can unsubscribe from the newsletter at any time.

How long do we store your data?

We store your data until our legal relationship ends, unless we are legally required to retain the data for a longer period.

On what legal basis do we process your data?

We store your data to fulfill the contract with you or to carry out pre-contractual measures. The legal basis for data processing is therefore Art. 6 (1) lit. b) GDPR.

Data transfer when using services and digital content

How do we process your data?

To process the payment, we transfer your data to a payment service provider or the bank responsible for the payment processing. We only share the data that is strictly necessary for the payment process. If we intend to share additional data, we will obtain your consent.

On what legal basis do we process your data?

We transfer your data to fulfill the contract we have with you. The legal basis for data processing is therefore Art. 6 (1) lit. b) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 (1) lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Payment services

To make your purchases on our website convenient, we use the services of payment providers, i.e., external companies that process the payments for us. You can find out which providers we use at the end of this section.

How do we process your data?

To complete the payment process, you need to provide certain personal information, such as your name, bank details, or credit card number. We forward this data to the respective payment service. The specific contractual and data protection provisions of the respective services apply to the transaction itself.

On what legal basis do we process your data?

We forward your data to fulfill the contract we have with you. The legal basis for data processing is therefore Art. 6 (1) lit. b) GDPR. We also have a legitimate interest in processing purchases as quickly, conveniently, and securely as possible. The legal basis in this case is also Art. 6 (1) lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 (1) lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Which payment services do we use?

PayPal

What is PayPal?
Online payment service

Who processes your data?
PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg

Where can you find more information about PayPal’s data protection?
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

On what basis do we transfer your data to the USA?
PayPal adheres to the European Commission’s Standard Contractual Clauses (see https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full)