Statistical analysis of the use of the website
Web analysis, monitoring and optimization

Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used, or invite visitors to reuse them. It also enables us to understand which areas require optimization.

In addition to web analysis, we may also use test procedures, for example to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and then read out. The information collected includes, in particular, websites visited and the elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, it is also possible to process location data.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective process.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g. page views and dwell time, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors). Profiles with user-related information (creation of user profiles).
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

• Matomo (without cookies): Matomo is a data protection-friendly web analysis software that is used without cookies and in which returning users are recognized with the help of a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours; With the "digital fingerprint", user movements within our online offer are recorded with the help of pseudonymized IP addresses in combination with user-side browser settings in such a way that it is not possible to draw conclusions about the identity of individual users. The user data collected through the use of Matomo is only processed by us and is not shared with third parties; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Website: https://matomo.org/.

Use of social plugins

We use social plugins ("plugins") from several social networks, Facebook and Instagram, on our websites to make our websites better known. Our legitimate interest lies in this advertising purpose in accordance with Art. 6 para. 1 lit. f GDPR. The plugins are marked with a logo, e.g. the Facebook plugin is marked with a Facebook logo.

In order to increase the protection of your data when you visit our website, the plugins are integrated into the page using an HTML link (so-called "Shariff solution"). This solution ensures that no personal data is initially passed on to the providers of the individual social plugins when you visit our website. Only when you click on one of the social plugins can data be transferred to the social network and stored there.

If you are already logged in to one or more social networks and then click on a plugin, the social networks receive the information that you have accessed the corresponding page of our website. This allows the respective social network to assign the visit to your account. You can avoid such data transmission by not clicking on the plugin.

If you interact with the plugins, for example by sharing an article on the website, the corresponding information is transmitted directly to the social network and stored there in accordance with the guidelines of the respective social network. The purpose and scope of the data collection and the further processing and use of the data by the respective social network as well as your setting options and rights in this regard to protect your privacy can be found in the data protection information of the respective social network.

Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Facebook Privacy Policy

Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Instagram privacy policy

Map services Google Maps link

Google Maps, a service provided by Google, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, is integrated on our website.

In order to increase the protection of your data when you visit our website, Google Maps is restricted and only integrated into the page using an HTML link. This ensures that no connection to Google's servers is established when you visit our website and that your data is not transmitted to Google. Only when you activate the plugins and thus give your consent to data transmission will your browser establish a direct connection to Google's servers so that you can plan your route to us. In functional terms, the integration of Google Maps thus corresponds to a hyperlink, so that neither we nor Google collect any data from you on our website.

The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information.

Contact by e-mail

When you contact us by e-mail, the data you provide (your e-mail address, if applicable your name and telephone number, your request) will be stored by us for the purpose of processing your inquiries and in the event of follow-up questions. We will not pass on this data without your consent. Therefore, the legal basis according to Art.6 para.1 a) GDPR: Consent of the data subject. You can revoke this consent at any time with effect for the future.

We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.

We process and store your personal data in accordance with the statutory retention obligations.

Social media

Presence in social media

As we are present on social media, we would like to draw your attention below to some aspects relevant to data protection law when using our pages on social media.

The data obtained from visitors to social media is generally processed for market research and advertising purposes. Based on the content accessed, user profiles can be created, which in turn are used for advertisements within and outside social media that are intended to match the interests of users. This process is usually made possible by cookies, small text files that are automatically created by the browser used and stored on the user's device.

The processing of users' personal data is carried out on the basis of Art. 6 para. 1 lit. f. GDPR. As the operator of a social media presence, we have a legitimate interest in providing users with effective information and communicating with users.

However, the data of social media users can also be stored by the provider in other ways, especially if these users are registered and logged into the social medium.

When visiting social media pages, user data may also be processed outside the European Union. German or European data protection law does not apply in these jurisdictions. This may make it more difficult to enforce your rights.

For competitions and promotions, the data protection information created for the respective promotion applies.

Further information on the data protection provisions of the respective social media as well as your rights and opt-out options can be obtained from the respective providers listed below:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Privacy Policy Facebook
Settings for advertisements/opt-out

For more information on data protection on Facebook, see the next section.

Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Privacy Policy Instagram
Settings for advertisements/opt-out

Facebook data protection notice

As the operator of a Facebook fan page, we would like to make it clear to you below what data is collected on our Facebook page, how it is processed and what rights you have in this regard.

Data protection officer

As the operator of the Facebook fan page, we are jointly responsible with the operator of the social network Facebook (within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR) or in accordance with Art. 26 GDPR)

Facebook Ireland Ltd (hereinafter "Facebook")
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

and

Leisure and Tourism Bad Liebenzell GmbH

represented by:

Johannes Schweizer - Managing Director
SinaGehring - Managing Director
Kurhausdamm 2 - 4
75378 Bad Liebenzell

Contact details of the data protection officer

Facebook's data protection officer can be contacted using the online form provided.

The data protection officer at Freizeit und Tourismus Bad Liebenzell GmbH can be contacted as follows: Email: datenschutz.fut@bad-liebenzell.de

Use of cookies and insights

In connection with the operation of the Facebook fan page, we use Facebook's Insights function to obtain anonymized statistical data on the users of our Facebook fan page. Facebook provides information on Insights and Facebook pages in its privacy policy.

For this purpose, Facebook stores a cookie on the end device of the user who visits our Facebook fan page. The cookie contains a unique user code and is active for a period of two years unless it is deleted beforehand. The user code can be linked to the data of users who are registered with Facebook.

The information stored in the cookies is received, recorded and processed by Facebook, in particular when the user visits the Facebook services, services provided by other members of the Facebook group of companies and services provided by other companies that use the Facebook services. In addition, other entities such as Facebook partners or even third parties may use cookies on Facebook services to provide services to companies advertising on Facebook. You can find more information on the use of cookies by Facebook in their cookie policy.

Statistical data

When you access and use our Facebook page, Facebook collects statistical data using the methods described above. You can find out exactly how this happens by clicking on the following link.

We can access this statistical data from various categories via the Facebook page's Insights. We only receive aggregated data sorted by group from Facebook. This means that we cannot identify a specific user who has visited our page at any time. These statistics are generated and provided by Facebook. We have no influence on the generation and presentation of this data and have no knowledge of the specific data collected at any time.

Facebook provides us with the following data relating to our Facebook page for a selectable period of time and for the categories fans, subscribers, people reached and interacting people:

• Total number of page views,
• "Like" information,
• Page activities,
• Range,
• Impressions,
• Post reach and interactions,
• Video views,
• Comments,
• Shared content,
• Answers,
• Percentage by gender and age group,
• Origin related to country and city,
• Language,
• Click on route planners and telephone numbers,
• Link clicks.

We use this data, which is provided in aggregated form, to make our posts and activities on our Facebook page more attractive to users. For example, we use the distribution by age and gender for a customized approach and the preferred visiting times of the users for a time-optimized planning of our posts. Information about the type of end devices used by visitors helps us to adapt the visual design of our posts accordingly.

These purposes also justify our legitimate interest in the processing required for this purpose. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

Purposes of the processing

One of the purposes of processing the information is to enable Facebook to improve its advertising system, which it distributes via its network. On the other hand, it should enable us as the operator of the Facebook fan page to obtain statistics that Facebook creates based on visits to our Facebook fan page. The purpose of this is to manage the marketing of our activities. For example, it enables us to gain knowledge of the profiles of visitors who like our Facebook fan page or use applications on the page in order to provide them with more relevant content and develop functions that may be of greater interest to them.

In order for us to better understand how we can achieve our goals more effectively with our Facebook fan page, demographic and geographical analyses are also created and made available to us based on the information collected. We can use this information to place targeted interest-based advertisements without gaining direct knowledge of the visitor's identity. If visitors use Facebook on multiple devices, the data can also be collected and analyzed across devices if the visitors are registered and logged into their own profile.

The visitor statistics compiled are only transmitted to us in anonymized form. We have no access to the underlying data.

Legal basis and legitimate interest

We operate a Facebook fan page to present ourselves to Facebook users and other interested parties who visit our Facebook fan page and to communicate with them. In accordance with Art. 6 para. 1 lit. f) GDPR, this serves to safeguard our predominantly legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties in the context of a balancing of interests.

Forwarding of data

We ourselves do not store personal data outside of Facebook. How long the personal data is stored by Facebook is therefore based on the general principles as explained in the Facebook privacy policy.

When you visit our Facebook page, data is also transmitted by Facebook Ireland Ltd. to Facebook Inc, the US parent company of Facebook Ireland Ltd. Facebook Inc. is certified under the EU-U.S. Privacy Shield and therefore fulfills the EU Commission's requirements for an adequate level of data protection. Find out more about Facebook's Privacy Shield status here.

Furthermore, we do not transfer your personal data to third parties.

Possibilities of objection

Facebook users can use the settings for advertising preferences to influence the extent to which their user behavior may be recorded when they visit our Facebook fan page. Further options are offered by the Facebook settings or the form for the right to object.

Facebook is also a member of the European Interactive Digital Advertising Alliance (EDAA). This means that you can also make the corresponding settings at http://www.youronlinechoices.com.

If you wish to object to data processing in connection with the "Like this page" and/or "Subscribe to this page" functions, you can mark our page as "No longer like" or unsubscribe at any time, thereby removing the link between your user profile and our page.

The processing of information by means of the cookies used by Facebook can also be prevented by not allowing third-party cookies or cookies from Facebook in your browser settings.

The essence of shared responsibility

In order to protect your rights as a data subject, Facebook has published an agreement that sets out the respective responsibilities of Facebook and us for the processing described. This agreement is publicly accessible and you can view it at any time to obtain all the information relevant to you.

Facebook's agreement on joint responsibility essentially means that requests for information and the assertion of other data subject rights should be made directly to Facebook. As the provider of the social network and the possibility of integrating Facebook pages there, Facebook alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. Should our support nevertheless be required, we can be contacted at any time.

Information on contact options and other data subject rights

The applicable data protection law grants you comprehensive data subject rights vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

• Right to information pursuant to Art. 15 GDPR,
• Right to rectification pursuant to Art. 16 GDPR,
• Right to erasure pursuant to Art. 17 GDPR,
• Right to restriction of processing pursuant to Art. 18 GDPR,
• Right to information pursuant to Art. 19 GDPR,
• Right to data portability pursuant to Art. 20 GDPR,
• Right to withdraw consent granted pursuant to Art. 7 (3) GDPR,
• Right to lodge a complaint pursuant to Art. 77 GDPR.

Inquiries about data subject rights should be addressed directly to Facebook. Please use the form provided by Facebook for inquiries.

If you make inquiries to us, these will be transmitted to Facebook as the primary data controller.
Further information on our contact details, the rights of data subjects vis-à-vis us and how we process personal data can be found in our privacy policy. Information on the handling of personal data by Facebook can be found in their privacy policy.

Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers.

1. we use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

2. the only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

3. you can revoke your consent to the sending of the newsletter at any time with effect for the future and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a message to info@bad-liebenzell.de.

Newsletter dispatch service provider

This website uses the services of Cleverreach to send newsletters.

CleverReach GmbH & Co. KG
//CRASH Building
Schafjückenweg 2
26180 Rastede

Cleverreach is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this data is stored on Cleverreach's servers.

With the help of Cleverreach, we can analyze our newsletter campaigns. When you open an email sent with Cleverreach, a file contained in the email (known as a web beacon) connects to the servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not wish to be analyzed, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and Cleverreach's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. You can find more details in Cleverreach's privacy policy at: https://www.cleverreach.com/de/datenschutz/

Conclusion of a data processing agreement
We have concluded a so-called "data processing agreement" with Cleverreach, in which we oblige Cleverreach to protect our customers' data and not to pass it on to third parties.

Use of the Google service reCaptcha

We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer IP address of the end device used, the website that you visit on our site and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks in which you have to identify images. The legal basis for the data processing described is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in this data processing to ensure the security of our website and to protect us from automated entries (attacks).

Cooperation partner

Some sections of our website contain links to the websites of cooperation partners. These websites are subject to their own data protection principles. We are not responsible for their operation, including data handling. If you send information to or via such websites of cooperation partners, you should check the data protection declarations of these websites before sending them information that can be assigned to you personally.

Third country transfer

Information on data transfers to the USA

If personal data is transferred to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. the agreement of EU standard contractual clauses) are in place. Nevertheless, due to the laws of non-EU countries (e.g. within the framework of the so-called Cloud Act in the USA), even if these agreements and regulations are concluded, there is a possibility that government agencies in particular may access your personal data without us being able to prevent, stop or control this. For these reasons, your consent to the use of cookies, for example, also includes the purpose of data transfer to countries outside the EU. You can also request this information using the contact information provided at the beginning.

With your consent, we transfer personal data to the following companies based outside the EU/EEA:

Name: Google Analytics

Headquarters in the USA: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043

Type of data collection: Google Analytics uses cookies, which are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. Both Google and government authorities may have access to this data.

Purpose of data processing: Statistics

Name: Facebook Pixel with remarketing function

Headquarters in the USA: Facebook, Inc, 1601 S. California Ave, Palo Alto, CA 94304

Type of data collection: With the help of the visitor action pixel, we can track your actions after you have seen or clicked on a Facebook ad. This allows us to track the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see any personal data of individual users. However, this data is stored and processed by Facebook, and we will inform you of this to the best of our knowledge.

Using the remarketing or custom audience function, we can target users of our website with advertising by displaying personalized, interest-based ads to users of our website when they visit Facebook. Facebook uses cookies to analyze website usage, which forms the basis for the creation of interest-based advertisements. For this purpose, Facebook stores a small file with a sequence of numbers in the browsers of the users of our website. This number is used to record visits to the website and anonymized data about the use of the website. No personal data of the users of our website is stored. You are merely marked as a user of our website. If you are later logged in to Facebook, a non-reversible and therefore non-personal checksum (profile) from your usage data is transferred to Facebook for marketing and analysis purposes. This makes it possible to show you advertisements that are highly likely to take into account previously accessed product and information areas.

Purpose of data processing: Social media

Disclosure of data to third parties

We only pass on your personal data to third parties if:

• you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
• in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
• the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

Competitions

In the case of competitions, we collect the data that is necessary for the purpose of distributing/raffling or determining the prize, such as name, address and other contact details for prize transfer.

You agree that your data for participation in the campaign will be collected and stored by us electronically or in writing. Your data will be deleted after completion of the campaign, will not be passed on to third parties and will not be used for advertising purposes. Further information on your rights as a data subject can be found in this privacy policy.

Rights of data subjects

Your rights as a data subject

You are entitled to the following rights as a data subject under the legal requirements, which you can assert against us:

Information: You are entitled to request confirmation from us at any time within the scope of Art. 15 GDPR as to whether we process personal data concerning you; if this is the case, you are also entitled to receive information about this personal data within the scope of Art. 15 GDPR.

Rectification: In accordance with Art. 16 GDPR, you are entitled to demand that we rectify the personal data stored about you if it is inaccurate or incorrect.

Erasure: You are entitled, under the conditions of Art. 17 GDPR, to demand that we erase personal data concerning you without undue delay. The right to erasure does not exist, among other things, if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) for the establishment, exercise or defense of legal claims.

Restriction of processing: You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.

Data portability: You are entitled, under the conditions of Art. 20 GDPR, to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or that we transmit it to a third party.

Revocation: You have the right to revoke your consent to the processing of personal data at any time with effect for the future (Art. 7 para. 3 GDPR).

Objection: You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection.

Complaint to a data protection supervisory authority:

You have the right to lodge a complaint with the supervisory authority under the conditions of Art. 77 GDPR, in particular in the Member State of your habitual residence or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart

Lautenschlagerstraße 20, 70173 Stuttgart|

Phone: +49 (0)711 6155-410

E-mail: poststelle@lfdt.bwl.de

Internet: https://www.baden-wuerttemberg.datenschutz.de/

However, we recommend that you always contact our data protection officer at the following e-mail address with your request first: dsb.freizeit-tourismus-bl@gade-eu.com

Payment service provider

We use the services of Gurado GmbH to process our voucher payments. You can find Gurado's privacy policy here: https://site.gurado.de/ueber-uns/datenschutz