Privacy policy
Privacy policy
Therme Bad Wörishofen
Privacy policy
according to the GDPR
1 Name and address of the person responsible
Your contact within the meaning of the European General Data Protection Regulation (EU GDPR) and other national data protection laws of the member states as well as other data protection regulations is
THERME Bad Wörishofen GmbH
Thermenallee 1
86825 Bad Wörishofen
Telephone: +49 (0)8247 / 399 300
E-mail: info@therme-badwoerishofen.de
(hereinafter referred to as “we” or “our”)
2 Name and address of the data protection officer
The protection of your personal data is a high priority for us. To reflect this importance, we have commissioned a consultancy specialising in data protection and data security to take on these key issues. We are advised by:
actago GmbH
Weidenstraße 66
94405 Landau an der Isar
Internet: www.actago.de
E-mail: datenschutz@therme-badwoerishofen.de
3 General information on data processing
3.1 Scope of the processing of personal data
We only process your personal data to the extent necessary to provide our services. Your personal data is regularly processed only on the basis of your consent. An exception applies in cases where prior consent cannot be obtained for factual reasons or where the processing of your personal data is permitted by law.
3.2 Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a EU GDPR serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract between you and us, Art. 6 para. 1 lit. b EU GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c EU GDPR serves as the legal basis.
In the event that vital interests of you or another natural person require the processing of personal data, Art. 6 para. 1 lit. d EU GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and your interests, fundamental rights and freedoms do not override the former interest, Art. 6(1)(f) EU GDPR serves as the legal basis for processing.
3.3 Data erasure and storage duration
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4 Provision of the website and creation of log files
4.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
• Information about the browser type and version used
• The user’s operating system
• The user’s internet service provider
• The IP address of the user
• Date and time of access
• Time zone difference/HTTP status code
• Amount of data transferred in each case
• Websites from which the user’s system accesses our website
• Websites that are accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
4.2 Legal basis for data processing
The legal basis for the processing of your personal data in the context of the provision of the website and the creation of log files is Art. 6 para. 1 lit. f EU GDPR.
4.3 Purpose of data processing
The temporary storage of your personal data by us is necessary to enable delivery of the website to your computer. For this purpose, your personal data must be stored for the duration of the session.
Your personal data is stored in log files in order to ensure the functionality of the website. We also use your personal data to optimise the website and to ensure the security of our information technology systems. Your personal data is not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f EU GDPR.
4.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of your personal data for the provision of the website, this is the case as soon as the respective session has ended.
If your personal data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible. In this case, your personal data will be deleted or anonymised so that it is no longer possible to identify the accessing client
4.5 Objection and removal options
The collection of your personal data for the provision of the website and the storage of your personal data in log files is absolutely necessary for the operation of the website. Consequently, you have no option to object.
4.6 Secure data transmission
By accessing this information service, we offer a connection encrypted with HTTPS and Perfect Forward Secrecy, which is secured with at least the TLS 1.2 encryption protocol, so that your data is protected against unauthorised access by third parties during data transmission. We recommend that you keep your internet browser up to date in order to use this option.
5 Use of cookies
We use cookies to ensure the correct technical and functional provision of this information service. Cookies are small text files that are stored on the device you are using.
The legal basis for the storage of information and the processing of personal data using cookies is § 25 TDDDG.
The use of functional cookies is voluntary. If these cookies are blocked, the provision of certain functions may not be fully possible.
Technically necessary cookies are only valid for the current session and are automatically deleted as soon as you close your browser.
When you access this website, we store cookies (small files) on your device. These have a validity of:
Name: Storage duration:
• borlabs-cookie 1 year
• _ga 2 years
• _gat 2 years
• _gid 2 years
• NID (Google Maps) 6 months
• vuid 2 years
• NID (Youtube) 6 months
• pigeon_state End of the session
• _gcl_au 3 months
• PHPSESSID End of the session
• tradedesk 2 years
• _dc_gtm_UA-10455918-1 End of the session
• CONSENT 2 years
We use them to improve the use of the site and to be able to offer visitors more functions. Most browsers are set to accept the use of cookies, but you can disable this function for the current session or permanently by changing your browser settings.
6 Newsletter
6.1 Description and scope of data processing
Our website offers you a newsletter in which we inform about current events and offers . If you would like to subscribe to the newsletter, you must provide a valid e-mail address. By subscribing to the newsletter, you agree to receive the newsletter and to the procedures explained.
The newsletter is sent by CleverReach, a dispatch platform of CleverReach GmbH & Co KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany. Information on the data protection provisions of the shipping service provider can be found at
https://www.cleverreach.com/de/datenschutz/
CleverReach was commissioned by us for the purpose of sending the newsletter; a contract for the order processing of personal data (in accordance with the GDPR) exists between CleverReach and THERME Bad Wörishofen GmbH. The recipient data (e-mail address, IP data and time of registration and confirmation) will be processed and stored by the mailing service provider exclusively for the aforementioned purpose and will not be passed on to third parties.
6.2 Legal basis for data processing
The legal basis for the processing of your personal data in the context of sending the newsletter is Art. 6 para. 1 lit. a EU GDPR if consent has been given or, as a result of the sale of goods or services, the legal authorisation of § 7 para. 3 UWG.
6.3 Purpose of data processing
The purpose of collecting your personal data is to send you the newsletter. The purpose of processing your personal data in the context of sending the newsletter is to promote the sale of goods or services.
6.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Your personal data will therefore be stored for as long as the subscription to the newsletter is active.
6.5 Objection and removal option
You can cancel your subscription to the newsletter at any time. There is a corresponding link for this purpose in every newsletter. Cancelling your subscription also enables you to withdraw your consent.
7 Registration
7.1 Description and scope of data processing
You can register on our website to speed up the conclusion of the contract. The processing of your personal data therefore contributes to the fulfilment of the contract or the implementation of pre-contractual measures.
The following data is stored during registration:
• e-mail*
• Please repeat e-mail *
• Salutation*
• First name*
• Surname*
• Street*
• No*
• Address suffix
• POSTCODE*
• Place*
• VAT ID no.
• Telephone
• Country
• Password*
• Please repeat password*
*Mandatory field
For the processing of data, reference is made to this data protection declaration as part of the registration process.
7.2 Legal basis for data processing
The legal basis for the processing of your personal data in the context of registration is Art. 6 para. 1 lit. b EU GDPR.
7.3 Purpose of data processing
Your registration facilitates the conclusion of contracts between you and us. The processing of your personal data as part of the registration is therefore necessary for the fulfilment of a contract between you and us or for the implementation of pre-contractual measures.
7.4 Duration of storage
Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if your personal data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
7.5 Possibility of objection and removal
You have the option of cancelling your registration at any time. You can have the personal data stored about you amended at any time. If your personal data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of your personal data is only possible insofar as contractual or legal obligations do not prevent deletion.
8 Contact by e-mail
8.1 Description and scope of data processing
You can contact us via the e-mail address provided. In this case, your personal data transmitted with the e-mail will be stored. No data will be passed on to third parties in this context. The data will be used exclusively for processing the conversation.
8.2 Legal basis
The legal basis for the processing of your personal data that is transmitted when you contact us by email is Art. 6 para. 1 lit. f EU GDPR. If contact is made via the contact form or by e-mail with the aim of concluding a contract, Art. 6 para. 1 lit. b EU GDPR is an additional legal basis for the processing.
8.3 Purpose of data processing
The processing of your personal data when you contact us by e-mail is solely for the purpose of processing the contact.
8.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
For personal data sent by email, this is the case when the conversation has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
8.5 Objection and removal options
You have the option at any time to object to the processing of your personal data in the context of contacting us by e-mail for the future. In such a case, the conversation between you and us cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
9 Web tracking and web analysis by Google Analytics
9.1 Dealing with the processing
This website uses Google Analytics, the web analysis service of Google Inc (hereinafter “Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the available browser plug-in.
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=de
You can find more information under Google Terms of Use and Google Privacy Policy.
9.2 Legal basis for data processing
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a GDPR.
9.3 Purpose of data processing
The processing of your personal data enables us to analyse your surfing behaviour. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in the processing of your personal data in accordance with Art. 6 para. 1 lit. f EU GDPR. By anonymising your IP address, your interest in the protection of personal data is adequately taken into account.
9.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required for our aforementioned purposes.
9.5 Possibility of objection and removal
Users of this website who do not want their data to be collected by Google Analytics can install the browser add-on to deactivate Google Analytics. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js and dc.js) running on websites not to allow information to be sent to Google Analytics.
If you wish to deactivate Google Analytics, go to this page and install the add-on to deactivate Google Analytics for your browser. Detailed information on installing and uninstalling the add-on can be found in the relevant help resources for your browser.
Browser and operating system updates may result in the deactivation add-on no longer working as intended. Further information on managing add-ons for Chrome can be found here. If you do not use Chrome, check directly with the manufacturer of your browser whether add-ons work properly in the browser version you are using.
The latest versions of Internet Explorer occasionally load the add-on to deactivate Google Analytics after data has been sent to Google Analytics. Therefore, if you are using Internet Explorer, the add-on will install cookies on your computer. These cookies ensure that any data collected is immediately deleted from the server that collected the data. Make sure that third-party cookies are not disabled for Internet Explorer. If you delete your cookies, these cookies will be reset within a short time by the add-on to ensure that your Google Analytics browser add-on continues to work without restriction.
The browser add-on for deactivating Google Analytics does not prevent data from being sent to the website or to other web analysis services.
You can find more information on terms of use and data protection at
www.google.com/analytics/terms/de.html or at
support.google.com/analytics/answer/6004245
IP anonymisation is activated on this website.
10 Use of 360 degree team
We use the 360 Grad Team application on the website, which is provided by 360 Grad Team GmbH, August-Bebel-Straße 16, 09376 Oelsnitz/Erzgeb.
The application offers the possibility of providing 360-degree images of different areas of the thermal spa on the website to give users of the website a better insight into the different areas of the thermal spa.
Personal data such as the IP address is transmitted to 360 Grad GmbH.
The legal basis for the use of 360 Grad Team is the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR.
11 Google Tag Manager
We use “Google Tag Manager” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Tag Manager enables us as marketers to manage website tags via an interface. The Google Tag Manager tool, which implements the tags, is a cookie-free domain and does not itself collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
Further information on data protection can be found on the following Google websites:
• Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
• FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
• Google Tag Manager Terms of Use: https://www.google.com/intl/de/tagmanager/use-policy.html
12 Doubleclick by Google
This website contains components of DoubleClick by Google. DoubleClick is a trademark of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are marketed to advertising agencies and publishers.
DoubleClick by Google transmits data to the DoubleClick server with every impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick places a cookie on your IT system. The purpose of the cookie is to optimise and display advertising. The cookie is used, among other things, to place and display user-relevant adverts and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid multiple displays of the same adverts.
DoubleClick uses a cookie ID that is required for the technical process. The cookie ID is required, for example, to display an advert in a browser. DoubleClick can also use the cookie ID to record which adverts have already been displayed in a browser in order to avoid duplication. The cookie ID also enables DoubleClick to record conversions.
A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign IDs. A campaign ID is used to identify the campaigns with which you have already been in contact.
Each time you access one of the individual pages of this website, which is operated by us and on which a DoubleClick component has been integrated, the Internet browser on your IT system is prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. As part of this technical process, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google can track that you have clicked on certain links on our website.
You can prevent the setting of cookies by DoubleClick and our website at any time by adjusting your Internet browser settings accordingly. In addition, cookies that have already been set can be deleted at any time via the Internet browser or other software programmes.
You have given your consent to this via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a GDPR.
Further information and the applicable data protection provisions of DoubleClick by Google can be
found at www.google.com/intl/de/policies/
13 Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website.
Google Maps is only used on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR
You can find more information on the handling of user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
14 Facebook Pixels
If you have given us your express consent by clicking on a button provided for this purpose, we use the “Facebook pixel” of Meta Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) within our website. This allows the behaviour of users to be tracked after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The data collected is anonymous to us and does not allow us to identify users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/).
You can enable Facebook and its partners to place adverts on and off Facebook. A cookie may also be stored on your computer for these purposes. Consent to the use of the Facebook pixel may only be given by users over the age of 16. If you are younger, we ask you to ask your legal guardian for permission. To generally object to the use of cookies on your computer, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, switching off all cookies may mean that some functions on our website can no longer be carried out. You can also deactivate the use of cookies by third-party providers such as Facebook on the following website of the Digital Advertising Alliance: http://www.aboutads.info/choices/
15 The Trade Desk
This website uses the technology of The Trade Desk (TheTrade Desk Ltd, 1 Bartholomew Close, London EC1A 7BL, United Kingdom, https://www.thetradedesk.com/) data is collected and stored for marketing and optimisation purposes. Among other things, pseudonymised user profiles can be created from this data. Browser cookies can be used for this purpose. The data collected using The Trade Desk technology is not used by The Trade Desk to personally identify visitors to this website. The collection and storage of data can be cancelled at any time with effect for the future (https://www.adsrvr.org/?AspxAutoDetectCookieSupport=1). Further information on data protection at The Trade Desk can be found at: https://www.thetradedesk.com/us/privacy
16 Google Ads
We use “Google Ads” (formerly Google AdWords) and Extended Conversions for Google Ads, services of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”) on our website.
Google Ads enables us to draw attention to our attractive offers with the help of advertising material on external websites. This allows us to determine how successful individual advertising measures are. These adverts are delivered by Google via so-called “AdServers”. We use so-called AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of adverts or clicks by users, can be measured. If you access our website via a Google advert, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical analyses from Google. These analyses enable us to recognise which of the advertising measures used are particularly effective.
We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have accessed the relevant part of our website or clicked on one of our adverts. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will find out your IP address and save it. The data collected in connection with extended conversions in Google Ads is hashed before it is transmitted to Google. The one-way hash algorithm SHA256 is used for this purpose.
We use Google Ads for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. Google Ads is only used on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. You can also deactivate interest-based adverts via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.
Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites:
• Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
• Google website statistics: https://services.google.com/sitestats/de.html
17 Presence on Facebook
We offer a Facebook page to expand our website. This is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this at the following link: https://de-de.facebook.com/help/pages/insights .
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. What information Facebook receives and how it is used is described by Facebook in general terms in its data usage guidelines. There you will also find information on how to contact Facebook and the settings options for adverts. The data usage guidelines are available at the following link:
https://de-de.facebook.com/about/privacy
You can find Facebook’s complete data policy here:
https://de-de.facebook.com/help/568137493302217
How Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.
When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the “login notification” function); Facebook may thus be able to assign IP addresses to individual users.
If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This enables Facebook to recognise that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer you customised content or advertising.
If you want to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, Facebook information that can be used to directly identify you will be deleted. This allows you to use our Facebook page without revealing your Facebook ID. If you access interactive functions on the page (like, comment, share, message, etc.), a Facebook login screen will appear. After logging in, you will once again be recognisable to Facebook as a specific user.
Information on how you can manage or delete information about you can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy#
As the provider of the information service, we also collect and process the following data from your use of our service: publicly viewable data from the user profile of the data subject. This includes, for example, the user name, the profile picture and the content of comments written on our posts.
Further information on Facebook and other social networks and how you can protect your data can also be found at www.youngdata.de.
18 Presence on Instagram
We offer an Instagram page as an extension of our website. This is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
We would like to point out that you use the functions of this Instagram page on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this at the following link: https://help.instagram.com/1896641480634370?ref=ig.
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Instagram describes in general terms what information Instagram receives and how it is used in its data usage guidelines. There you will also find information on how to contact Instagram and the settings options for adverts. The data policy is available at the following link:
https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Privatsph%C3%A4re%20und%20Sicherheit
In what way Instagram uses the data from visits to Instagram pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Instagram page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.
When you access an Instagram page, the IP address assigned to your end device is transmitted to Instagram. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (e.g. as part of the “login notification” function); this may enable Facebook to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Instagram to recognise that you have visited this page and how you have used it. This also applies to all other Instagram pages.
If you want to avoid this, you should log out of Instagram or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. This will delete Instagram information that can be used to directly identify you. This allows you to use our Instagram page without revealing your Instagram ID. If you access interactive functions on the site (like, comment, share, message, etc.), an Instagram login screen will appear. After logging in, you will once again be recognisable to Instagram as a specific user.
Information on how you can manage or delete information about you can be found on the following Facebook support pages: https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram help area&bc[1]=Privacy%C3%A4re%20and%20Security
As the provider of the information service, we also collect and process the following data from your use of our service: publicly viewable data from the user profile of the data subject. This includes, for example, the user name, the profile picture and the content of comments written on our posts.
Further information on Instagram and other social networks and how you can protect your data can also be found at www.youngdata.de
19 Use of Pinterest plugins
Our website uses plugins from the Pinterest network, which is operated by Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA (“Pinterest”).
By visiting our website with the integrated “Pin it” button, Pinterest receives the information that you have accessed the corresponding page of our website. If you are logged in to Pinterest during your visit to our website, Pinterest can assign your visit to your Pinterest account. If you click on the “Pin it” button, the data transmitted will be stored by Pinterest. If you do not want this to happen, you must log out of Pinterest before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Pinterest as well as your rights in this regard and setting options for protecting your privacy can be found in Pinterest’s data protection information: https://about.pinterest.com/de/privacy-policy-0
20 Data processing when using our online shop
20.1 Description and scope of data processing
Purchase in the online shop
When you make a purchase in the online shop, the following personal data may be collected, processed and used by us in order to process your order:
• Name
• First name
• Title
• Billing and delivery address
• E-mail address
• Telephone (optional)
• Customer number
• Payment method
(“Customer master data”).
When your data is transmitted to us, it is encrypted using the latest technical security standards, so-called SSL 256-bit encryption (SSL = Secure Socket Layer). The security certificate used is issued by one of the world market leaders, COMODO CA Limited or Thawthe.
In order to ensure the best possible support for our customers, we pass on your personal data to other companies, which we have used as processors, within the scope of what is legally permissible, exclusively for the proper fulfilment of the contract and only to the extent necessary for this and ensure that your data is only processed in accordance with our instructions.
Credit assessment
Credit checks help us to prevent problems in payment transactions. They ensure that our company is protected against financial risks, which can also have an impact on sales prices in the medium to long term. A credit check is always carried out if we are to dispatch goods without receiving the purchase price at the same time, e.g. in the case of a purchase on account. Without carrying out a credit check, only the prepayment payment option is possible (instant bank transfer, PayPal, credit card).
For the credit check, we transmit your name and address to the following service providers, for example:
SCHUFA Holding AG
Kormoranweg 5
65201 Wiesbaden
Infoscore Consumer Data GmbH
Rheinstraße 99
76532 Baden-Baden
CRIF Bürgel GmbH
Postfach 500 166
22701 Hamburg
The data is forwarded to the above-mentioned credit agencies exclusively to the extent permitted by law and to analyse your previous payment behaviour and to assess the risk of non-payment on the basis of mathematical-statistical procedures using address data and to verify your address (verification of deliverability). Depending on the result of the credit check, we may no longer be able to offer you individual payment methods, such as purchase on account.
Prevention of abuse
When you visit our online shop, we automatically check whether there are any indications of misuse of our online shop. This is done using the data for processing the purchase contract (e.g. object of purchase, name, postal address, e-mail address, delivery address, payment method). If there is a suspicion of misuse, a member of our team will check the underlying indications. If the conclusion of a contract is rejected, we will inform you of this on request. In this case, you can assert your point of view at info@therme-badwoerishofen.de. The decision will then be reviewed again by a member of our team.
Payment methods
As part of the payment process in our online shop, we collect certain personal data from you in order to process the payment transaction.
In addition to purchase on account, where we send an invoice to the contact address you provide, we also offer various other payment methods to make shopping in our online shop as convenient as possible for you. These include the following services:
Paypal:
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), as part of the payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full is required for the provision of certain content and services on our website.
Instant bank transfer:
On our website we offer, among other things, payment via “Sofortüberweisung”. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as “Sofort GmbH”).
With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations.
If you have decided in favour of the “Sofortüberweisung” payment method, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked.
In addition to the PIN and the TAN, the payment data entered by you and your personal data will also be transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), email address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempts at fraud.
The transmission of your data to Sofort GmbH is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). You have the option to withdraw your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.
For details on payment by instant bank transfer, please see the following link: https://www.sofort.de/datenschutz.html.
Mastercard:
When paying by credit card (Mastercard), we pass on your payment data to Mastercard Inc. as part of the payment processing. Mastercard Europe SA (Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium) is responsible for the European region.
Mastercard also processes data in the USA, among other places.
You can find out more about the data processed through the use of Mastercard in the privacy policy at: https://www.mastercard.de/de-de/datenschutz.html.
Visa:
When paying by credit card (Visa), we pass on your payment data to Visa Inc. as part of the payment processing. Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, United Kingdom) is responsible for the European region.
Visa also processes data in the USA, among other places.
You can find out more about the data processed through the use of Visa in the privacy policy at: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Amazon Payment:
When paying via amazon pay, we pass on your payment data primarily to Amazon Payments Europe s.c.a., and secondarily to Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three based at 5, Rue Plaetis L 2338 Luxembourg (hereinafter “Amazon Payments”), as part of payment processing.
Amazon Payments reserves the right to carry out a credit check. Amazon Payments uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values.
In addition, Amazon Payments is authorised to pass on your data to unnamed third parties (banks, e-service providers, service partners, but also auditors, analysis services, credit agencies, marketing partners, cloud service providers, retargeting providers, affiliated companies), among others.
For further data protection information, including information on the credit agencies used, please refer to the Amazon Payments privacy policy: https://pay.amazon.com/de/help/201751600
Consignment tracking
After placing an order via our online shop, you will receive status notifications from the respective shipping company regarding your delivery for the purpose of parcel notification. For this purpose, we pass on your e-mail address – depending on the shipping method you have selected – to DPD Deutschland GmbH, SalesServiceCenter, Gutenstetter Str. 8b, 90449 Nuremberg or TNT Express GmbH, Einsteinring 24-26, 86368 Gersthofen, which are legally obliged to protect your data. If you do not agree to this, simply send an e-mail to the following address: info@therme-badwoerishofen.de
20.2 Legal basis for data processing
The legal basis for the processing of your data as part of the purchase and purchase initiation in our online shop is Art. 6 para. 1 lit. b GDPR.
The legal basis for the transmission of your data for the credit check is Art. 6 para. 1 lit. b and f GDPR. Data may only be transferred on the basis of these provisions if this is necessary to safeguard the legitimate interests of our company or third parties and does not outweigh the interests of the fundamental rights and freedoms of the data subjects, which require the protection of personal data. Detailed information on Infoscore Consumer Data GmbH within the meaning of Art. Art. 14 GDPR, i.e. information on the business purpose, the purposes of data storage, the data recipients, the right of self-disclosure, the right to erasure and rectification, etc. can be found at the following link: https://finance.arvato.com/icdinfoblatt.
The legal basis for the detection and prevention of misuse is also Art. 6 para. 1 lit. b and f GDPR.
The legal basis for the transfer of your data to external payment service providers is
Art. 6 para. 1 lit. a and b GDPR.
The legal basis for shipment tracking is Art. 6 para. 1 lit. b GDPR.
20.3 Purpose of data processing
We use your personal data, which we receive when you use our online shop, to initiate and process purchase contracts concluded via the online shop and for customer service and advice. In addition, we also use your personal data to assert rights arising from the purchase contracts concluded or initiated with you.
The purpose of the credit check is to avoid and minimise payment defaults and corresponding risks. Since credit checks are only carried out if we make advance payments for the dispatch of goods without receiving a corresponding means of security (e.g. when purchasing on account), we have a legitimate interest in data processing.
The same purposes also apply to the detection and prevention of abuse.
Your data is processed as part of the payment process in order to carry out the payment method you have selected.
The purpose of providing your e-mail address to postal service providers is to inform you about the status of your consignment so that you can plan when the parcel will arrive at the dispatch address.
20.4 Duration of storage
In principle, we process and store your data for the duration of our contractual relationship. This also includes the initiation of a contract (pre-contractual legal relationship).
In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others.
The retention and documentation periods specified there are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship.
Furthermore, special statutory provisions may require a longer retention period, e.g. the preservation of evidence within the scope of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years, but limitation periods of up to 30 years may also be applicable.
If the data are no longer required for the fulfilment of contractual or legal obligations and rights, they are regularly deleted unless their – temporary – further processing is necessary for the fulfilment of the above-mentioned purposes due to an overriding legitimate interest of the employer.
In the context of payment by credit card, we store the following data for the specified periods if you have consented to the storage when selecting the payment method “credit card”:
• PKN pseudo card number: This ID remains stored for 36 months
• Name of the cardholder: We store this value for 12 months
• Validity period: Stored for 12 months
21 Direct marketing
21.1 Description and scope of data processing
Our company processes personal data such as address and name in order to send you advertising by post and thereby increase sales of goods or services.
21.2 Legal basis for data processing
The legal basis for the processing of your personal data in the context of direct marketing by post is Art. 6 para. 1 lit. f EU GDPR.
21.3 Purpose of data processing
The purpose of processing your personal data in the context of direct marketing by post is to promote the sale of goods or services. This purpose constitutes our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f EU GDPR.
21.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected; this is the case in particular upon receipt of the objection.
21.5 Objection and removal options
You can object to the processing of your personal data in the context of direct marketing by post at any time for the future.
22 Legal defence and enforcement
22.1 Description and scope of data processing
Our company aims to protect itself against unjustified claims through legal defence. We also enforce claims and rights to which we are entitled.
For this purpose, it is necessary to process personal data.
These consist of the legally relevant data of the data subjects.
22.2 Purpose of data processing
The purpose of processing your personal data in the context of legal defence and enforcement is the defence against unjustified claims and the legal enforcement of claims and rights. This purpose constitutes our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f EU GDPR.
22.3 Duration of storage
Your personal data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
22.4 Objection and cancellation options
The processing of your personal data in the context of legal defence and law enforcement is absolutely necessary for legal defence and law enforcement. Consequently, you do not have the option to object.
23 Recipient categories
Within our company, those offices and departments receive personal data that need it to fulfil the aforementioned purposes. In addition, we sometimes use different service providers and transfer your personal data to other trustworthy recipients. These can be, for example
– banks
– scanning service
– printers
– lettershops
– IT service providers
– Lawyers and courts
24 Rights of the data subjects
24.1 Right to information
In accordance with Art. 15 EU GDPR, you can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing has taken place, you can request the following information from the controller in accordance with Art. 15 (1) GDPR:
• the purposes for which the personal data are processed
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
• the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• all available information on the origin of the data if the personal data are not collected from the data subject
• the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you. You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 EU GDPR in connection with the transfer
If this data is transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 EU GDPR in connection with the transfer in accordance with Art. 15 (2) EU GDPR
24.2 Right to rectification
Under Art. 16 EU GDPR, you have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. We must make the correction without delay
24.3 Right to restriction of processing
As set out in Art. 18 (1) GDPR, you may request the restriction of the processing of personal data concerning you under the following conditions:
• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data (Art. 18 (1) (a) EU GDPR)
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead (Art. 18 (1) (b) EU GDPR)
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims (Art. 18 para. 1 lit. c EU GDPR)
• if you have objected to the processing pursuant to Art. 21 para. 1 EU GDPR and it is not yet certain whether our legitimate reasons outweigh yours. (Art. 18 para. 1 lit. d EU GDPR)
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
(Art. 18 para. 2 EU GDPR)
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
(Art. 18 para. 3 EU GDPR)
24.4 Right to cancellation
a) Cancellation obligation
In accordance with Art. 17 para. 1 EU GDPR, you can demand that we delete the personal data concerning you immediately. We are also obliged to delete this data immediately if one of the following reasons applies:
• The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(Art. 17 para. 1 lit. a EU GDPR)
• You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a EU GDPR and there is no other legal basis for the processing. (Art. 17 para. 1 lit. b EU GDPR)
• You object to the processing pursuant to Art. 21 para. 1 EU GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 EU GDPR.
(Art. 17 para. 1 lit. c EU GDPR)
• The personal data concerning you has been processed unlawfully.
(Art. 17 para. 1 lit. d EU GDPR)
• The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject. (Art. 17 para. 1 lit. e EU GDPR)
• The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 para. 1 EU GDPR.
(Art. 17 para. 1 lit. f EU GDPR)
b) Information to third parties
If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17 para. 1 EU GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data. (Art. 17 para. 2 EU GDPR)
c) Exceptions
The right to erasure does not exist if processing is necessary for one of the following reasons:
• to exercise the right to freedom of expression and information
(Art. 17 para. 3 lit. a EU GDPR)
• for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
(Art. 17 para. 3 lit. b GDPR)
• for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 EU GDPR
(Art. 17 para. 3 lit. c EU GDPR)
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 EU GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or (Art. 17 para. 3 lit. d EU GDPR)
• for the establishment, exercise or defence of legal claims.
(Art. 17 para. 3 lit. e EU GDPR)
24.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged in accordance with Art. 19 EU GDPR to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis us to be informed about these recipients.
24.6 Right to data portability
Under Art. 20 (1) GDPR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this personal data to another controller without hindrance from us, provided that
• the processing is based on consent pursuant to Art. 6 para. 1 lit. a EU-GDPR or Art. 9 para. 2 lit. a EU-GDPR or on a contract pursuant to Art. 6 para. 1 lit. b EU-GDPR and (Art. 20 para. 1 lit. a EU-GDPR)
• the processing is carried out using automated procedures
(Art. 20 para. 1 lit. b EU GDPR)
Pursuant to Art. 20 (2) GDPR, you also have the right to obtain that the personal data concerning you be transferred directly by us to another controller, insofar as this is technically feasible.
The exercise of the right under Art. 20 (1) EU GDPR does not affect the right to erasure under Art. 17 EU GDPR. This does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of delegated public authority. This results from Art. 20 para. 3 EU GDPR
According to Art. 20 para. 4 GDPR, the freedoms and rights of other persons must not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
24.7 Right of objection
In accordance with Art. 21 para. 1 EU GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f EU GDPR; this also applies to profiling based on these provisions.
We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.
(Art. 21 para. 2 EU GDPR)
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
(Art. 21 para. 3 EU GDPR)
You have the option of exercising your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures that use technical specifications. (Art. 21 para. 5 EU GDPR)
You also have the right to object, on grounds relating to your particular situation, to the processing of your personal data for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) EU GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest
(Art. 21 (6) EU GDPR)
24.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time in accordance with Art. 7 para. 3 EU GDPR. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You will be informed of this before giving your consent.
24.9 Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
1. is necessary for the conclusion or fulfilment of a contract between you and us
2. is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. with your express consent.
This results from Art. 22 para. 1, 2 EU GDPR.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in (1) and (3), we take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state his or her own position and to challenge the decision.
(Art. 21 para. 3, 4 EU GDPR)
24.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement pursuant to Art. 77 GDPR if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
(Art. 77 EU GDPR)
The competent supervisory authority for us is
The Bavarian State Office for Data Protection Supervision (BayLDA):
https://www.datenschutz-bayern.de, poststelle@datenschutz-bayern.de
The supervisory authority with which you have lodged a complaint will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. Our data protection officer will be happy to answer any questions you may have at any time.
25 Note on the privacy policy
Unless otherwise regulated, the use of all information we have about you is subject to this privacy policy.
The company reserves the right to continuously adapt this privacy policy to the necessary security measures in line with technological developments and will announce any changes here.
Status: April 2024
