of Bremer Touristik-Zentrale Gesellschaft für Marketing und Service mbH for its website at www.bremen-tourism.de
1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide them to us. This could, for example, be data you enter on a contact form or in the booking form when booking a service online (such as hotel accommodation).
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Some of the data are collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site. We will only use the data you provide to make your booking or process your request. Where necessary, we make your data available to other organisations involved in processing your booking/request – such as the hotel, restaurant, museum etc.
What rights do you have regarding your data?
Under Art. 15 GDPR you always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
BTZ Bremer Touristik-Zentrale
Gesellschaft für Marketing und Service mbH
Telephone: +49 (0) 421 30 800-10
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. Under Article 21 GDPR, you may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the state data protection officer for Bremen. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Any credit card data provided to us in connection with booking requests will be transmitted in encrypted form using SSL technology and stored on external systems of a certified software service provider in accordance with the PSI-DSS security requirements of the major credit card issuers (Visa/MasterCard). Such data is not stored on our systems.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements for the purpose of sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
BTZ Bremer Touristik-Zentrale
Gesellschaft für Marketing und Service mbH
Telephone: +49 (0) 421 30800-10
4. Data collection on our website
Most of the cookies we use are so-called "session cookies”. They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. This does not affect the lawfulness of the processing carried out before we received your request.
We will retain the data you provide on the contact form until you request its deletion or revoke your consent for its storage, or until the purpose for its storage no longer pertains (e.g. after your request has been fulfilled). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract. We collect, process and use your personal data relating to use of our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Transmission of data in connection with contracts for services and digital content
We send personal data to third parties only if this is necessary in connection with the processing of contracts. Such third parties may include the bank that processes payments or the provider of the service you have booked, such as the hotel.
We do not transmit data for any other purpose, unless you have given your explicit consent. We will not forward your personal data to any third party, for example for marketing purposes, without your explicit consent.
Data is processed on the basis of Art. 6 (1) (b) GDPR, which permits processing that is necessary for the performance of a contract or in order to take steps prior to entering into a contract.
5. Analytics and advertising
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can easily opt-out of this by disabling the Google Conversion Tracking cookie in your browser settings. You will then not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. We use the 'double opt-in' process for this. When you tick the box on the relevant page on our website to confirm that you wish to subscribe to our newsletter, we will send a confirmation email containing an activation link to the email address provided in the contact form. The newsletter subscription is not activated until you click on the confirmation link in the email. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. This does not affect the lawfulness of the processing carried out before we received your request.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription, at which point it will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
7. Plug-Ins and tools
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/>.
We store personal data relating to competitions that we occasionally feature on our website. This enables us to contact the winners and let them have their prizes. The entrants' names, postal addresses, email addresses and, where applicable, telephone numbers are stored for this purpose. The winners' names – together with their postcodes and the towns or cities where they live – are published on our website. All these data are deleted one month after the closing date of the competition and are not used again.
9. Images and other content
Images and text that we show on our website have either been created by BTZ Bremer Touristik-Zentrale itself or have been bought together with the pertinent rights, or supplied by partners. We also incorporate third-party content such as videos and webcams. If, despite our best efforts, you spot any errors (for example if you recognise yourself on a picture for which you have not given your consent), we would be grateful if you could report any such errors to us, giving us as detailed an account as possible of your concerns. Please use our contact form to notify the Advertising department.
10. Amendments to this policy
Bremen, May 2018
BTZ Bremer Touristik-Zentrale
Gesellschaft für Marketing und Service mbH
Information hotline: +49 421 308 0010
Chairman of the Supervisory Board: Michael Göbel, Managing Director: Peter Siemering
Registered office: Bremen, commercial register: HRB Bremen 15792