Privacy policy
Privacy Policy Information on the Processing of Personal Data pursuant to Art. 13 GDPR in connection with the Transparency Requirement pursuant to Art. 12ff GDPR: Download (PDF)
General
As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose, and on what legal basis we process your data.
Responsible for data processing on this website and in our company is:
Dresden Information GmbH
Prager Str. 2b
01069 Dresden
Phone: +49 351 50 150 200
Email: info@dresden.travel
General Information
SSL or TLS encryption
When you enter your data on websites, place online orders, or send emails over the internet, you must always expect unauthorized third parties to access your data. There is no complete protection against such access. However, we make every effort to protect your data as best as possible and to close security gaps as far as possible.
An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the padlock icon before the entered internet address in your browser and by the fact that our internet address starts with https:// and not with http://.
Encrypted payment transactions
Payment data, such as bank account or credit card numbers, are particularly sensitive. Therefore, payment transactions with the usual payment methods are carried out exclusively via an encrypted SSL or TLS connection.
How long do we store your data?
At some points in this privacy policy, we inform you about how long we or the companies processing your data on our behalf will store your data. If there is no such information, we store your data until the purpose of data processing ceases, you object to data processing, or you revoke your consent to data processing.
In the event of an objection or revocation, however, we may continue to process your data if at least one of the following conditions is met:
We have compelling legitimate grounds for the continuation of data processing that outweigh your interests, rights, and freedoms (only in the case of objection to data processing; if the objection is directed against direct marketing, we cannot provide compelling legitimate grounds).
The data processing is necessary to assert, exercise, or defend legal claims (does not apply if your objection is directed against direct marketing).
We are legally obliged to keep your data.
In this case, we delete your data as soon as the condition(s) ceases to apply.
Data transfer to the USA
We also use tools from companies on our website that transfer your data to the USA and store it there and, if necessary, process it further. This is particularly important for you because your data in the USA does not enjoy the same protection as within the EU, where the General Data Protection Regulation (GDPR) applies. For example, US companies are obliged to disclose personal data to security authorities without you as the data subject being able to challenge this in court. It is therefore possible that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
Data Protection Officer
We have appointed a data protection officer for our company:
Janz Consulting, Hermann J. Janz
Schevenstraße 18
01326 Dresden
Phone: +49 351 265 5472
Email: jc@jcdatenschutz.de
Your Rights
Objection to data processing
IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS FOR PROCESSING YOUR DATA AND THEREFORE BASE THIS ON ART. 6 PAR. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT UNDER ART. 21 GDPR TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING THAT IS BASED ON THE MENTIONED PROVISION. A PREREQUISITE IS THAT YOU PROVIDE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. A REASON IS NOT REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT MARKETING PURPOSES.
THE CONSEQUENCE OF THE OBJECTION IS THAT WE ARE NO LONGER ALLOWED TO PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS APPLIES:
- WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS.
- THE PROCESSING IS NECESSARY TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.
THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT MARKETING OR AGAINST PROFILING THAT IS CONNECTED TO IT.
Additional Rights
Revocation of Your Consent to Data Processing
Many data processing operations are based on your consent. You give this, for example, by checking a corresponding box on online forms before sending the form, or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 para. 3 GDPR). You will find all available settings for this in the Consent Banner for this website. From the time of revocation, we may no longer process your data. The only exception: We are legally obliged to keep the data for a certain period of time. Such retention periods exist, especially in tax and commercial law.
Right to Lodge a Complaint with the Supervisory Authority
If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. You can contact a supervisory authority in the member state of your residence, your place of work, or the place where the alleged infringement occurred. The right to lodge a complaint exists alongside administrative or judicial remedies.
Right to Data Portability
Data that we process automatically based on your consent or in fulfillment of a contract must be handed over to you or a third party in a commonly used machine-readable format if you request it. We can only transfer the data to another controller if this is technically feasible.
Right to Access, Erasure, and Rectification of Data
You have the right under Art. 15 GDPR to obtain free information about which personal data we have stored about you, where the data comes from, to whom we transmit the data, and for what purpose it is stored. If the data is incorrect, you have the right to correction (Art. 16 GDPR), and under the conditions of Art. 17 GDPR, you may demand that we delete the data.
Right to Restriction of Processing
In certain situations, you can demand under Art. 18 GDPR that we restrict the processing of your data. The data may then – apart from storage – only be processed as follows:
- with your consent
- to assert, exercise, or defend legal claims
- to protect the rights of another natural or legal person
- for reasons of important public interest of the European Union or a member state
The right to restrict processing exists in the following situations:
- You have disputed the accuracy of your personal data stored with us, and we need time to verify this. Here, the right exists for the duration of the review.
- The processing of your personal data is unlawful or was unlawful in the past. Here, the right exists alternatively to delete the data.
- We no longer need your personal data, but you need it to exercise, defend, or assert legal claims. Here, the right exists alternatively to delete the data.
- You have objected under Art. 21 para. 1 GDPR, and now your and our interests must be weighed against each other. Here, the right exists until the result of the balancing is determined.
Hosting and Content Delivery Networks (CDN)
External Hosting
Our website is hosted on a server of the following provider of internet services (hoster):
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Has a data processing agreement been concluded with the hoster?
Yes
How do we process your data?
The hoster stores all data of our website. This also includes all personal data that is automatically or captured by your input. These can be in particular: your IP address, accessed pages, names, contact details and inquiries, as well as meta and communication data. In processing the data, Hetzner Online GmbH follows our instructions and processes the data only to the extent necessary to fulfill the contractual obligation towards us.
On what legal basis do we process your data?
Since we address potential customers via our website and maintain contacts with existing customers, the data processing by our hoster serves the initiation and fulfillment of contracts and is therefore based on Art. 6 para. 1 lit. b) GDPR. Furthermore, it is our legitimate interest as a company to provide a professional internet offering that meets the necessary requirements for security, speed, and efficiency. In this respect, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR.
Data Collection on this Website
Use of Cookies
Our website places cookies on your device. These are small text files that serve various purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to perform certain actions or functions on the site (functional cookies). For example, without cookies, it would not be possible to use the benefits of a shopping cart in an online shop. Still, other cookies are used to analyze user behavior or optimize advertising measures. If we use third-party services on our website, such as for processing payment transactions, these companies may also leave cookies on your device when you visit the website (so-called third-party cookies).
How do we process your data?
Session cookies are only stored on your device for the duration of a session. So they disappear by themselves as soon as you close the browser. Permanent cookies, on the other hand, remain on your device unless you delete them yourself. This can lead to your user behavior being analyzed permanently. You can influence how your browser handles cookies through the settings:
- Do you want to be informed when cookies are set?
- Do you want to exclude cookies in general or for certain cases?
- Do you want cookies to be automatically deleted when you close the browser?
If you disable or do not allow cookies, the functionality of the website may be limited.
If we use cookies from other companies or for analysis purposes, we will inform you about this as part of this privacy policy. We also obtain your consent for this when you visit our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical problems and that all desired functions are available to them. Therefore, the storage of necessary and functional cookies on your device is based on Art. 6 para. 1 lit. f) GDPR. We use all other cookies based on Art. 6 para. 1 lit. a) GDPR, provided you give us your consent. You can revoke this at any time with effect for the future. If you have consented to the placement of necessary and functional cookies, the storage of these cookies also takes place exclusively on the basis of your consent.
Server Log Files
Server log files log all requests and access to our website and record error messages. They also include personal data, especially your IP address. However, this is anonymized by the provider after a short time, so we cannot associate the data with your person. The data is automatically transmitted from your browser to our provider.
How do we process your data?
Our provider stores the server log files to track the activities on our website and to identify errors. The files contain the following data:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address (possibly anonymized)
We do not combine this data with other data but use it only for statistical evaluation and to improve our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our website runs smoothly. It is also our legitimate interest to obtain an anonymized overview of the accesses to our website. Therefore, data processing is lawful according to Art. 6 para. 1 lit. f) GDPR.
Contact Form
You can send us a message via the contact form on this website.
How do we process your data?
We store your message and the information from the form in order to process your request, including any follow-up questions. This also includes the provided contact details. Without your consent, we do not pass on the data to other persons.
How long do we store your data?
We delete your data as soon as one of the following points occurs:
- Your request has been finally processed.
- You request us to delete the data.
- You revoke your consent to the storage.
This does not apply if we are legally obligated to retain the data.
On what legal basis do we process your data?
If your request is related to our contractual relationship or serves the performance of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to efficiently process inquiries addressed to us. Therefore, the legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Inquiry via Email, Telephone, or Fax
You can send us a message via email or fax or call us.
How do we process your data?
We store your message as well as the contact details you provided or the transmitted phone number in order to process your request, including any follow-up questions. Without your consent, we do not pass on the data to other persons.
How long do we store your data?
We delete your data as soon as one of the following points occurs:
- Your request has been finally processed.
- You request us to delete the data.
- You revoke your consent to the storage.
This does not apply if we are legally obligated to retain the data.
On what legal basis do we process your data?
If your request is related to our contractual relationship or serves the performance of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to efficiently process inquiries addressed to us. Therefore, the legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Analysis Tools and Advertising
We use the following tools to analyze the behavior of our website visitors and show them advertisements.
Matomo Analytics (locally installed)
How do we process your data?
We are always interested in optimizing our website for users and placing advertisements effectively. Matomo Analytics helps us with this, an open-source tool that analyzes user behavior and provides us with the necessary data basis for adjustments. Matomo is configured by us not to store cookies and personal data that can be used to uniquely identify a visitor. Matomo records page views, their region of origin, IP address, referrer, browsers, and operating systems used. The tool can also measure whether our website visitors perform certain actions (e.g., clicking on links or making purchases). After anonymizing your IP address, the collected data is stored exclusively on our server.
On what legal basis do we process your data?
As website operators, we have a legitimate interest in anonymously analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Therefore, data processing is lawful according to Art. 6 para. 1 lit. f) GDPR.
Newsletter and Postal Advertising
Rapidmail
What is Rapidmail?
Service for sending newsletters and analyzing recipient behavior
Who processes your data?
rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., Germany
Has a data processing agreement been concluded with Rapidmail?
Yes
Where can I find more information about data protection at Rapidmail?
https://www.rapidmail.de/datenschutz
How do we process your data?
For our newsletter distribution, we use Rapidmail. The service manages the data of newsletter subscribers for us, sends out our newsletter, and analyzes our newsletter campaigns.
To receive our newsletter, we need your email address. We will also verify whether you are really the owner of this email address using a confirmation email (double opt-in procedure). We do not collect any further data or only on a voluntary basis. We use your data exclusively for newsletter distribution.
When we send a newsletter via Rapidmail and you open it, a file contained in the newsletter automatically connects to the servers of Rapidmail. This allows the service to know that the newsletter has been opened and records all clicks on the links contained therein. In addition, Rapidmail collects technical information such as the time of access, IP address, browser type, and operating system.
You can unsubscribe from the newsletter at any time.
How long do we store your data?
After you have unsubscribed, the data will be deleted from the newsletter distribution list. In some cases, we may also add your email address to a blacklist; this is necessary, for example, if we receive an objection to advertising from you. The storage is then based on Art. 6 para. 1 lit. f) GDPR.
Otherwise, we reserve the right to delete the data at any time after the purpose of collection has ceased or at our discretion.
On what legal basis do we process your data?
By subscribing to the mailing list, you consent to the data processing by Rapidmail. This is therefore lawful based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal notification. From that point on, we are not allowed to send you newsletters anymore.
Plugins and Tools
OpenStreetMap
What is OpenStreetMap?
Mapping service of the OpenStreetMap Foundation
Who processes your data?
OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom
Where can you find more information about data protection at OpenStreetMap?
https://wiki.osmfoundation.org/wiki/Privacy_Policy
How do we process your data?
On our website, we use maps from the OpenStreetMap Foundation. This means that when you visit our website, your IP address and information about your surfing behavior are forwarded to the foundation and stored there. For this purpose, the foundation places cookies on your device or uses comparable recognition technologies. If you have allowed your device to determine your location in the settings, OpenStreetMap also stores this data.
On what legal basis do we process your data?
The maps from OpenStreetMap ensure that the locations specified on our website are easier to find for visitors. As a company, we have a legitimate interest in this. Therefore, data processing is lawful according to Art. 6 para. 1 lit. f) GDPR.
If you have consented to the data processing, we process your data exclusively based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time. From the time of revocation, we are not allowed to process your data anymore.
eCommerce and Payment Providers
Customer and Contract Data
How do we process your data?
When we enter into a contract with you, we need certain personal data from you. We collect, process, and use this data only to the extent necessary to establish, shape, or change our legal relationship with you. If you can only use our services via our website or if the services are billed via the website, we also collect usage data, if necessary, to enable you to use our services or to invoice the services used.
How long do we store your data?
We store your data until our legal relationship ends, unless we are legally obliged to keep the data for a longer period.
On what legal basis do we process your data?
We store your data to fulfill the contract with you or to carry out pre-contractual measures. The legal basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR.
Data Transfer When Using Services and Digital Content
How do we process your data?
For the processing of payments, we transfer your data to a payment service provider or the credit institution commissioned with the payment processing. We only pass on data that is absolutely necessary for the payment process. If we want to pass on data beyond this, we will obtain your consent.
On what legal basis do we process your data?
We pass on your data to fulfill the contract we have concluded with you. The legal basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.
Payment Services
To make your purchases on our website conveniently, we use the services of payment service providers, i.e., external companies that process the payments for us. You can find out which ones specifically from the list at the end of this section.
How do we process your data?
For the payment process, you must provide certain personal data, such as your name, bank details, or credit card number. We pass on this data to the respective payment service. For the transaction itself, the respective contractual and data protection provisions of the respective services apply.
On what legal basis do we process your data?
We pass on your data to fulfill the contract we have concluded with you. The legal basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR. Furthermore, we have a legitimate interest in processing purchases as quickly, conveniently, and securely as possible. Therefore, the legal basis is also Art. 6 para. 1 lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.
Which payment services do we use?
PayPal
What is PayPal?
Online payment service
Who processes your data?
PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg
Where can you find more information about data protection at PayPal?
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
On what basis do we transfer your data to the USA?
PayPal adheres to the standard contractual clauses of the European Commission (cf. https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full)