© Dieter Jacobi, KölnTourismus GmbH

Privacy policy

Part 2

Supplementary privacy policy for our website

Thank you for your interest in our website. Protecting your privacy is very important to us. The following section explains in detail how your personal data will be handled.

You can visit our page without entering any personal information. Without your explicit additional consent we store only access data without personal information — even when you use a newsletter link or a QR-Code to visit our sites. For example, we store:

  • the name of your Internet provider
  • the page you are connecting from
  • the name of the requested file

This information is evaluated solely for the purpose of improving our service and does not enable us to draw any conclusions about you personally.

We collect, store and handle your information in connection with the processing of your purchase orders, possible warranty service requirements and advertising purposes if necessary. Personal information is collected when you voluntarily provide it to us when you place an order for a purchase of goods or services, open a customer account or register for the newsletter.

Your personal information will be passed on to a service provider (transporter, shipper, bank) as part of the processing and delivery of an order (for example city guide, service provider, transporter, logistician, banks).

 

Server log files

The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us. These are Browser type and browser version Operating system used Referrer URL Host name of the accessing computer, time of the server request, IP address.

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

 

Use of cookies

We use cookies to make our webpages as user-friendly as possible. Cookies are small files that are stored on a visitor’s hard disk. They enable information to be held for a certain amount of time and the visitor’s computer to be identified. To a certain extent, this is also done with tracking pixels, which aren’t stored on the visitor’s hard disk, but can help to identify the visitor’s computer in the same way a cookie can. Hereinafter we use the term “cookie” to refer not only to cookies in the strict technical sense, but also to tracking pixels and similar technical methods.

We use cookies to create statistics and to incorporate external media. Among other things, cookies save you from having to enter data multiple times, make it easier for you to transfer specific content, and help us to identify especially popular areas of our online presentation. As a result, we can, for example, adapt the content of our webpages precisely to the user’s needs.

Insofar as individual cookies implemented by us also process personal data, the processing takes place pursuant to Article 6 (1) (b) GDPR for the implementation of a contract (e.g. registration), pursuant to Article 6 (1) (a) GDPR if you have given your permission (e.g. by clicking on a cookie banner to express your approval that the data be used for statistical purposes) or pursuant to Article 6 (1) (f) GDPR for the purposes of our legitimate interest in the best-possible functioning of the website (e.g. placement of the cookies in connection with a cookie banner to store any selections you may have made) and of a customer-friendly and effective structuring of your visit to the page.

If you wish, you can also deactivate the use of cookies in general by means of your browser settings at any time. Please click on the Help feature in your browser window to find out how you can change these settings. However, we would like to make you aware that changing these settings may prevent you from using some parts of our website.

If you are visiting our website for the first time, information will appear on your landing page regarding data protection and what settings you can make with regard to cookies. If you continue to use the webpages and do not object to the use of cookies, this approval is stored in your browser so that we do not have to display this information again on every page. If this data is not stored in your browser (e.g. you have deleted it in your browser history), this information will be displayed when you visit our webpages again.

 

Consent with Cookiebot
Our website uses Cookiebot's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection is established to Cookiebot's servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

We use the service of Cookiebot.

 

Data security

Technical and organizational measures ensure that our website and other systems are secured against the loss of, or damage to, your data. Similarly, such measures prevent access to, or the alteration and dissemination of, your data by any unauthorized person. You should always handle your access information confidentially and close the browser window when you have finished communicating with us, especially if you share a computer with other people.

 

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States. The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Use of Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a user ID. We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

 

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

 

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.