Privacy Policy

1. Introduction

With the following information, we would like to provide you, as a "data subject," with an overview of how we process your personal data and your rights under data protection laws. In principle, you can use our website without providing any personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Potsdam Marketing und Service GmbH. This privacy policy is intended to inform you about the scope and purpose of the personal data we collect, use, and process.

As the person responsible for processing, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us in alternative ways, for example by telephone or post.

You too can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to give you some tips on how to handle your data securely:

Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
Only you should have access to the passwords.
Make sure you only ever use your passwords for one account (login, user or customer account).
Do not use the same password for different websites, applications, or online services.
Especially when using publicly accessible IT systems or systems shared with other people, it is essential that you log out after every login to a website, application or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or the names of relatives, but rather uppercase and lowercase letters, numbers, and special characters.

2. Responsible

The person responsible within the meaning of the GDPR is:

Potsdam Marketing and Service GmbH
Babelsberger Straße 26
14473 Potsdam, Germany

Phone: +49 (0) 331 27 55 88 99
Fax: + 49 (0) 331 275 58 59

Email: raimund.jennert@potsdamtourismus.de

Representatives of the responsible party: Raimund Jennert and Anne Robertshaw

3. Data Protection Officer

You can reach the data protection officer, Aslihan Kilic, as follows:

TÜV SÜD Akademie GmbH
Westendstrasse 160
80339 Munich
datenschutz@potsdam-marketing.de

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection. aslihan.kilic@tuvsud.com .

4. Definitions

The data protection declaration is based on the terminology used by the European directors and regulators when the General Data Protection Regulation (GDPR) was adopted. Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms in this privacy policy, including but not limited to:

Personal data: Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Affected person: A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
Processing: Processing means any process or series of operations related to personal data, such as collecting, recording, organizing, arranging, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
Restriction of processing: Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling: Profiling is any kind of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects regarding analysing or predicting job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
Pseudonymization: Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
Processor: The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the responsible party.
Recipient: Recipient is a natural or legal person, agency, institution or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.
Third: A third party is a natural or legal person, public authority, agency or institution other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent: Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal basis for processing

Article 6 paragraph 1 letter a) GDPR (in conjunction with Section 25 paragraph 1 TDDDG (formerly TTDSG)) serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, then the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services.

If our company is subject to a legal obligation which necessitates the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information had to be disclosed to a doctor, hospital, or other third party. In such a case, the processing would be based on Article 6(1)(d) GDPR.

Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator. The legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, second sentence, GDPR).

6. Transmission of data to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

You have given us your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR,
The transfer of your data is permitted under Article 6(1)(f) GDPR for the purposes of our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred.
in the event that there is a legal obligation to disclose the data pursuant to Article 6(1)(c) GDPR, as well as
This is legally permissible and necessary for the performance of a contract with you in accordance with Article 6(1)(b) GDPR.

As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this for the service providers concerned in the privacy policy. To protect your data in all other cases, we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 para. 1 lit. a) GDPR can serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

7. Technique

7.1 SSL/TLS encryption

This page uses for warranty For the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that "https://" appears in the browser's address bar instead of "http://" and by the padlock symbol in your browser's address bar.

We use this technology to protect your transmitted data.

7.2 Hosting by neusta destination.one GmbH

We host our website with neusta destination.one GmbH, Münchener Straße 1, 86899 Landsberg am Lech (hereinafter referred to as neusta destination.one).

When you visit our website, your personal data (e.g. IP addresses in log files) will be processed on the servers of neusta destination.one.

The use of neusta destination.one is based on Article 6 Paragraph 1 Letter f) GDPR. We have a legitimate interest in the most reliable possible presentation, provision, and security of our website.

We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with neusta destination.one. This is a legally required contract under data protection law, which ensures that Mittwald processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Further information on neusta destination.one's privacy policy can be found at: https://www.destination.one/datenschutz/

8. Cookies

8.1 General information about cookies

Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information related to the specific device being used. However, this does not mean that we thereby gain direct knowledge of your identity.

We use cookies to make your experience on our website more enjoyable. For example, we use session cookies to recognize that you have already visited certain pages of our website. These are automatically deleted when you leave our site.

Furthermore, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific, predetermined period. When you revisit our site to use our services, it is automatically recognized that you have already been here and what entries and settings you have made, so you don't have to enter them again.

Secondly, we use cookies to statistically record the use of our website and to evaluate our services for optimization purposes. These cookies allow us to automatically recognize that you have already visited our website when you return. These cookies are automatically deleted after a defined period. The specific storage duration of the cookies can be found in the settings of the consent tool used.

8.2 Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR.

8.3 Instructions for avoiding cookies in common browsers

You can delete cookies, allow only selected cookies, or disable cookies completely at any time via your browser settings. Further information can be found on the support pages of the respective providers.

8.4 Usercentrics (Consent Management Tool)

We use the consent management tool "Usercentrics" from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service allows us to obtain and manage the consent of website users for data processing.

Usercentrics collects data generated by end users who use our website. When an end user gives their consent, the following data is automatically logged by Usercentrics:

Browser information.
Date and time of access.
Device information.
The URL of the visited page.
Geographic location.
Website page path.
The consent status of the end user, which serves as proof of consent.

The consent status is also stored in the end user's browser, allowing the website to automatically read and respect the end user's consent for all subsequent page requests and future user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. This retention period corresponds to the regular limitation period according to § 195 of the German Civil Code (BGB). The data is then deleted immediately or, upon request, provided to the responsible party in the form of a data export.

The functionality of the website cannot be guaranteed without the described processing. Users have no right to object as long as there is a legal obligation to obtain their consent for certain data processing operations (Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR).

Usercentrics is the recipient of your personal data and acts as a data processor for us.

Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy.

9. Content of our website

9.1 Data processing for order processing

The personal data we collect will be shared with the transport company commissioned with delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will share your payment data with the commissioned bank as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.

9.2 Contract conclusions at online shops, retailers and shipping companies

We only transfer personal data to third parties if this is necessary for processing your order, for example, to the companies entrusted with delivering the goods or the bank responsible for processing payments. Your data will not be transferred beyond this scope unless you have expressly consented to it. Your data will not be shared with third parties without your explicit consent, for example, for advertising purposes.

The legal basis for data processing is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

9.3 Contacting us / Contact form

When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is indicated on the form itself. This data is stored and used solely for the purpose of responding to your inquiry, contacting you, and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry, pursuant to Article 6(1)(f) of the GDPR. If your inquiry aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted after your inquiry has been fully processed. This is the case when it is clear from the circumstances that the matter has been resolved and no legal retention obligations prevent its deletion.

9.4 Services / Digital Goods

We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.

Your data will not be transmitted further, or only if you have expressly consented to such transmission. Your data will not be shared with third parties without your explicit consent, for example for advertising purposes.

The legal basis for data processing is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

10. Newsletter distribution

10.1 Promotional newsletter

Our website offers you the opportunity to subscribe to our company newsletter. The personal data transmitted to us when you subscribe to the newsletter is determined by the input form used for this purpose.

We regularly inform our customers and business partners about our offers via a newsletter. You can only receive our company's newsletter if you have subscribed to it.

You have a valid email address and
You have registered to receive the newsletter.

For legal reasons, a confirmation email will be sent to the email address you initially registered for newsletter distribution using the double opt-in procedure. This confirmation email serves to verify that you, as the owner of the email address, have authorized the receipt of the newsletter.

When you subscribe to our newsletter, we also store the IP address assigned to your IT system by your internet service provider (ISP) at the time of registration, as well as the date and time of registration. Collecting this data is necessary to be able to trace any (potential) misuse of your email address at a later date and therefore serves our legal protection.

The personal data collected during newsletter registration is used exclusively for sending our newsletter. Furthermore, newsletter subscribers may be contacted by email if this is necessary for the operation of the newsletter service or related registration, such as in the event of changes to the newsletter content or technical modifications. Personal data collected through the newsletter service will not be shared with third parties. You can unsubscribe from our newsletter at any time. You can also withdraw your consent to the storage of your personal data for newsletter distribution at any time. A corresponding link for withdrawing your consent is included in every newsletter. You can also unsubscribe directly on our website or notify us of your wish to unsubscribe in another way.

The legal basis for data processing for the purpose of sending newsletters is Art. 6 para. 1 lit. a) GDPR.

10.2 Newsletter tracking

Our newsletters contain tracking pixels. A tracking pixel is a miniature graphic embedded in HTML emails to enable log file recording and analysis. This allows for statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, the company can determine if and when you opened an email and which links within the email you clicked.

Personal data collected via tracking pixels in our newsletters is stored and analyzed by us to optimize newsletter distribution and better tailor the content of future newsletters to your interests. This personal data will not be shared with third parties. Data subjects have the right to revoke their separate consent, given via the double opt-in process, at any time. Upon revocation, this personal data will be deleted. Unsubscribing from the newsletter is automatically considered a revocation of consent.

Such evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interests in displaying personalized advertising, market research and/or designing our website to meet user needs.

10.3 Mailchimp

Our email newsletters are sent via the technical service provider Intuit Inc., The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to whom we transfer the data you provided when subscribing to the newsletter. This transfer takes place within the framework of order processing by MailChimp. Please note that your data is generally transferred to and stored on a MailChimp server in the USA.

MailChimp uses this information to send and statistically analyze newsletters on our behalf. For this analysis, the emails we send contain web beacons or tracking pixels, which are single-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also collected (e.g., the time of access, IP address, browser type, and operating system). This data is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of our recipients.

The use of the shipping service provider is based on Article 6(1)(f) GDPR and a data processing agreement pursuant to Article 28 GDPR. The legal basis for processing your personal data in connection with the newsletter is your consent given via the "double opt-in" procedure pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time.

Furthermore, MailChimp may use this data itself, in accordance with Article 6(1)(f) GDPR, based on its own legitimate interest in tailoring and optimizing the service to user needs and for market research purposes, such as determining the countries of origin of the recipients. However, MailChimp does not use the data of our newsletter recipients to contact them directly or to share it with third parties.

If you wish to object to the aforementioned data processing, you must unsubscribe from the newsletter.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Article 45 GDPR, meaning that personal data may be transferred without further safeguards or additional measures.

You can view the privacy policy of MailChimp here: https://mailchimp.com/legal/privacy.

11. Our activities on social networks

To enable us to communicate with you on social networks and inform you about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this visit, in accordance with Article 26 of the GDPR.

We are not the original provider of these pages, but merely use them within the framework of the possibilities offered to us by the respective providers.

Therefore, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Using these services may therefore involve data protection risks for you, as exercising your rights, e.g., to access, erasure, or objection, could be more difficult. Furthermore, processing on social networks is often carried out directly by the providers for advertising purposes or to analyze user behavior, without our being able to influence this. If the provider creates user profiles, cookies are frequently used, or your usage behavior is associated with your own social network member profile.

The processing of personal data described above is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a modern manner and/or to inform you about our services. If you are required to give your consent to data processing as a user to the respective providers, the legal basis is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.

Since we have no access to the providers' data, we advise you to assert your rights (e.g., to information, rectification, erasure, etc.) directly with the respective provider. Further information on the processing of your data on social networks is listed below for each of the social network providers we use:

11.1 Facebook

(Joint) controller for data processing in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

11.2 Instagram

(Joint) controller for data processing in Germany: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

11.3 LinkedIn

(Joint) controller for data processing in Europe: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Data protection statement: https://www.linkedin.com/legal/privacy-policy

11.4 Pinterest

(Joint) controller for data processing in Germany: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA.

Data protection statement: https://policy.pinterest.com/de/privacy-policy

11.5 YouTube

(Joint) controller for data processing in Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection statement: https://policies.google.com/privacy

12. Social media plugins

12.1 Facebook Plugin

We have integrated components from the company Facebook into this website. Facebook is a social network.

A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.

The operator of Facebook is Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the data controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time you access one of the individual pages of this website, which we operate and on which a Facebook component (Facebook plugin) has been integrated, the internet browser on your computer system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plugins can be found at [link to Facebook plugins overview]. https://developers.facebook.com/docs/plugins/?locale=de_DE This data can be accessed. As part of this technical process, Facebook receives information about which specific subpage of our website you are visiting.

If you are logged into Facebook at the same time, Facebook recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your visit. This information is collected by the Facebook component and assigned to your Facebook account. If you click one of the Facebook buttons integrated into our website, such as the "Like" button, or leave a comment, Facebook assigns this information to your personal Facebook user account and stores this personal data.

Facebook receives information that you have visited our website via the Facebook component whenever you are logged into Facebook at the same time as accessing our website; this occurs regardless of whether you have clicked on the Facebook component or not. If you do not want this information to be transmitted to Facebook, you can prevent this by logging out of your Facebook account before accessing our website.

Personal data is processed using the social media buttons only after you have given your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The data policy published by Facebook, which can be found under https://de-de.facebook.com/about/privacy The information available on Facebook's privacy policy explains how Facebook collects, processes, and uses personal data. It also details the privacy settings Facebook offers. Furthermore, various applications are available that allow you to prevent data from being transmitted to Facebook. You can use these applications to block data from being sent to Facebook.

12.2 instagram plugin

We have integrated components of the Instagram service into this website. Instagram is an audiovisual platform that allows users to share photos and videos and to further distribute this data on other social networks.

The operating company of Instagram's services is Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

Each time you access one of the individual pages of this website, which we operate and on which an Instagram component (Instagram button) is integrated, the respective Instagram component automatically prompts your web browser to download a representation of the corresponding Instagram component. As part of this technical process, Instagram receives information about which specific subpage of our website you are visiting.

If you are logged into Instagram at the same time, Instagram recognizes which specific subpage you are visiting each time you access our website and for the entire duration of your visit. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you click one of the Instagram buttons integrated into our website, the data and information transmitted will be assigned to your personal Instagram user account and stored and processed by Instagram.

Instagram receives information that you have visited our website via the Instagram component whenever you are logged into Instagram at the same time as accessing our website; this occurs regardless of whether you have clicked on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent this by logging out of your Instagram account before accessing our website.

Personal data is processed using the social media buttons only after you have given your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy be accessed.

12.3 Pinterest Plugin

We have integrated components from Pinterest Inc. into this website. Pinterest is a social network. A social network is an online social meeting place, an online community that typically allows users to communicate and interact with each other in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or allow the online community to provide personal or business-related information. Among other things, Pinterest allows its users to publish image collections and individual images, as well as descriptions, on virtual pinboards (known as "pinning"), which can then be shared (known as "repinning") or commented on by other users.

Pinterest's operating company is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA.

Each time you access one of the individual pages of this website, which we operate and on which a Pinterest component (Pinterest plugin) has been integrated, the internet browser on your computer system is automatically prompted by the respective Pinterest component to download a representation of the corresponding Pinterest component from Pinterest. More information about Pinterest can be found at [link to Pinterest information]. https://pinterest.com This information is available. Through this technical process, Pinterest receives information about which specific subpage of our website you are visiting.

If you are logged into Pinterest at the same time, Pinterest recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your visit. This information is collected by the Pinterest component and assigned to your Pinterest account. If you click a Pinterest button integrated into our website, Pinterest assigns this information to your personal Pinterest user account and stores this personal data.

Pinterest receives information that you are visiting our website via the Pinterest component whenever you are logged into Pinterest at the same time; this occurs regardless of whether you click on the Pinterest component or not. If you do not want this information to be transmitted to Pinterest, you can prevent this by logging out of your Pinterest account before visiting our website.

Personal data is processed using the social media buttons only after you have given your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The privacy policy published by Pinterest, located at https://about.pinterest.com/privacy-policy is available, provides information about the collection, processing and use of personal data by Pinterest.

12.4 YouTube Plugin

We have integrated components from YouTube into this website. YouTube is an internet video portal that allows video publishers to upload video clips free of charge and other users to view, rate, and comment on them, also free of charge. YouTube permits the publication of all types of videos, which is why complete films and television programs, as well as music videos, trailers, and user-generated videos, are available via the internet portal.

The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Each time you access one of the individual pages of this website, which we operate and on which a YouTube component (YouTube plugin) has been integrated, the internet browser on your computer system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at [link to YouTube's privacy policy]. https://www.youtube.com/yt/about/de This data can be accessed. As part of this technical process, YouTube and Google receive information about which specific subpage of our website you are visiting.

If you are logged into YouTube at the same time, YouTube recognizes which specific page of our website you are visiting when you access a page containing a YouTube plugin. This information is collected by YouTube and Google and associated with your YouTube account.

YouTube and Google receive information that you have visited our website via the YouTube component whenever you are logged into YouTube at the time of your visit; this occurs regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent this by logging out of your YouTube account before visiting our website.

The use of YouTube is in the interest of providing a convenient and user-friendly experience on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

Personal data is processed using the social media buttons only after you have given your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The data protection regulations published by YouTube, which can be found under www.google.de/intl/de/policies/privacy/ are available, provide information about the collection, processing and use of personal data by YouTube and Google.

13. Web Analysis

13.1 Google Analytics 4 (GA4)

On our websites we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized user profiles are created and cookies are used (see section "Cookies"). The information generated by the cookie about your use of this website may include, among other things:

a temporary recording of the IP address without permanent storage
location data
Browser type/version
The used operating system
Referrer URL (previously visited page)
The time of the server inquiry

The pseudonymized data may be transferred by Google to a server in the USA and stored there.

The information is used to evaluate website usage, compile reports on website activity, and provide other services related to website and internet usage for market research and to tailor these web pages to user needs. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf.

These processing operations are carried out exclusively with the express consent given in accordance with Art. 6 para. 1 lit. a) GDPR.

Google's default data retention period is 14 months. Beyond this, personal data is stored only as long as necessary to fulfill the processing purpose. The data is deleted as soon as it is no longer required for this purpose.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. This constitutes an adequacy decision pursuant to Article 45 of the GDPR, meaning that the transfer of personal data is permitted without further safeguards or additional measures.

Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=de.

14. Plugins and other services

14.1 Google reCAPTCHA

This website uses the reCAPTCHA function. The operator of Google reCAPTCHA is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The reCAPTCHA function primarily serves to distinguish whether an entry is made by a natural person or is being misused through automated processing. The service also involves sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy.

14.2 Google Tag Manager

This website uses the Google Tag Manager service. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows you to implement and manage "website tags" (i.e., keywords embedded in HTML elements) via a single interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked and thus determine which content on our website is of particular interest to you.

The tool also triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If you have deactivated tracking at the domain or cookie level, this deactivation will remain in effect for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Further information about Google Tag Manager and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy.

14.3 Google Web Fonts

Our website uses web fonts for the consistent display of fonts. Google Web Fonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Further information about Google Web Fonts and Google's privacy policy can be found at: https://developers.google.com/fonts/faq; https://www.google.com/policies/privacy.

14.4 OpenStreetMap

We have integrated map excerpts from the online mapping tool "OpenStreetMap" into our website. This is an open-source mapping service that we access via an API (interface). This functionality is provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. Using this service allows us, for example, to show you our location and make it easier for you to find us.

When you access the subpages that integrate OpenStreetMap, information about your use of our website (such as your IP address, data about your browser, device type, operating system) will be transmitted to OpenStreetMap and stored there.

OpenStreetMap uses the Content Delivery Network (CDN) of Fastly, Inc., PO Box 78266, San Francisco, CA 94107, USA (fastly) to speed up the service. A CDN is a service that helps deliver the content of our online offering, especially large media files such as graphics or scripts, more quickly using regionally distributed servers connected via the internet. Your data is processed exclusively for the aforementioned purposes and to maintain the security and functionality of the CDN.

Fastly, as a US company, is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Article 45 of the GDPR, meaning that personal data may be transferred without further safeguards or additional measures.

Fastly transfers personal data from log files (e.g., IP addresses) to the USA for each data processing activity, as certain servers used for processing the log files are located exclusively in the USA. Fastly is therefore committed to complying with the standards and regulations of European data protection law. You can find Fastly's current Privacy Policy at: www.fastly.com/de/privacy/.

If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR.

Detailed information about OpenStreetMap can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

14.5 SoundCloud

Our website integrates plugins from the social network SoundCloud. The operating company is SoundCloud Global Limited & Co. KG, Rheinsberger Straße 76/77, 10115 Berlin, Germany. You can recognize the SoundCloud plugins by the SoundCloud logo on the relevant pages.

When you visit our pages, a direct connection is established between your browser and the SoundCloud server after the plugin is activated. SoundCloud then receives the information that you have visited our site with your IP address. If you click the "Like" or "Share" button while logged into your SoundCloud user account, you can link and/or share the content of our pages with your SoundCloud profile. This allows SoundCloud to associate your visit to our pages with your user account. Please note that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by SoundCloud.

If you do not want SoundCloud to associate your visit to our pages with your SoundCloud user account, please log out of your SoundCloud user account before activating any SoundCloud plugin content.

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

14.6 YouTube (Videos)

We have integrated components from YouTube into this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an internet video portal that allows video publishers to upload video clips free of charge and other users to view, rate, and comment on them, also free of charge. YouTube permits the publication of all types of videos, which is why complete films and television programs, as well as music videos, trailers, and user-generated videos, are available via the portal. Each time you access one of the individual pages of this website, which we operate and on which a YouTube component (YouTube video) is integrated, your internet browser is automatically prompted by the respective YouTube component to download a representation of that component from YouTube. The services Google Web Fonts, Google Video, and Google Photos may also be loaded from YouTube. Further information about YouTube can be found at [link to YouTube website]. www.youtube.com/yt/about/de/ This data can be accessed. As part of this technical process, YouTube and Google receive information about which specific subpage of our website you are visiting.

If you are logged into YouTube at the same time, YouTube recognizes which specific page of our website you are visiting when you access a page containing a YouTube video. This information is collected by YouTube and Google and associated with your YouTube account.

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy.

14.7 Zoom - Video conferencing

We use the video conferencing software "Zoom" to conduct our communications in the form of telephone conferences, online meetings, video conferences, and webinars (hereinafter referred to as "online meetings"). The software provider is Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, USA.

When using Zoom, various types of data are processed. The scope of the data also depends on the information you provide before or during your participation in an online meeting. The following personal data may be processed:

User information such as first name, last name, phone number (optional), email address (optional), password (if "Single Sign-On" is not used), profile picture (optional).
Meeting metadata such as topic, description (optional), participant IP addresses, device/hardware information.
For recordings (optional), all video, audio and presentation recordings and text files from the online meeting chat can be processed.
When dialing in by telephone, information about the incoming and outgoing phone number, country name, and start and end time is processed. Additional connection data, such as the device's IP address, may also be stored.
You may have the option (optionally) to use the chat, question, or polling functions in an online meeting. The text you enter will be processed to display it in the online meeting and, if necessary, to record it. To enable video display and audio playback, data from your device's microphone and any webcam will be processed for the duration of the meeting. You can disable or mute your camera or microphone at any time using the Zoom application.

If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR. In the context of an employment relationship, corresponding data processing is based on Section 26 of the German Federal Data Protection Act (BDSG). The legal basis for the use of "Zoom" within the context of existing or prospective contractual relationships is Article 6(1)(b) GDPR. In all other cases, the legal basis for processing your personal data is Article 6(1)(f) GDPR. Here, our legitimate interest lies in the effective conduct of online meetings.

If we record online meetings, we will inform you before they begin and, if necessary, ask for your consent to the recording. If you do not wish to be recorded, you can leave the online meeting.

The provider of "Zoom" necessarily receives the aforementioned data to the extent provided for in our data processing agreement (Art. 28 GDPR) with "Zoom". This includes, in particular, the purpose of providing, optimizing, and securing the service. Your provided participation information will be used for identification purposes in the online meeting. "Zoom" is a service provided by a US-based company. Therefore, personal data is also processed in a third country (outside the EU and the EEA). As safeguards, we have concluded the EU Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR) and configured our Zoom system so that only data centers in the EU or in other secure third countries (e.g., through an adequacy decision pursuant to Art. 45 GDPR) are used for conducting online meetings. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU/EEA, which may be the case, in particular, if participants in online meetings are located in a third country. The data is encrypted during transmission over the internet and is therefore protected against unauthorized access by third parties.

To the extent that Zoom processes personal data in connection with its legitimate business operations, Zoom is the independent data controller for this use and, as such, responsible for complying with applicable laws and data controller obligations. When you visit the provider's other websites or install the provider's application on your device, the processing of personal data is governed solely by the provider's privacy policy.

Further information about "Zoom" can be found at: https://explore.zoom.us/de/privacy.

14.8 Chatbase - Chatbot

On our homepage, we use an interactive chatbot based on artificial intelligence (AI). This chatbot helps visitors quickly obtain information about sights, events, offers, and other tourist-related content in Potsdam.

The chatbot is provided via the Chatbase service (Chatbase.co Inc., 4700 Keele Street, 215 Bergeron Centre, Toronto, ON, Canada). Chat responses are generated automatically using AI. While we have adapted the content to our region, we cannot guarantee its completeness or accuracy. Of course, we are also available by phone or email for personal assistance.

When using the chatbot, the following data is processed, among others:

your chat entries (questions, text entries),
IP address,
Time and duration of use,
Device and browser information.

Data processing is carried out for the purpose of providing the service, analyzing usage, and preventing misuse. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in a digital information offering). If you voluntarily provide personal data in the chat, it will be processed based on your consent in accordance with Art. 6 (1) (a) GDPR.

Data processing takes place on servers in the United States. Chatbase ensures data protection in accordance with Article 46 of the GDPR by concluding standard contractual clauses and implementing additional technical safeguards such as encryption and access controls. Chatbase uses the data exclusively for providing and improving the chatbot service and does not use any personal data for training AI models.

For more information about privacy at Chatbase, please visit: https://www.chatbase.co/legal/privacy

14.9 Use of GTranslate (automatic translation)

This website uses the GTranslate service provided by GTranslate Inc. to automatically translate content into different languages. In doing so, personal data, in particular the IP address, may be transmitted to GTranslate servers and, if applicable, to other technical service providers.

The processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in providing our content in the most accessible and international way possible.

Multilingual content can already be provided via language-specific domains or subpages. However, the interactive translation widget from GTranslate and its associated technical functions are only loaded and activated after appropriate consent has been obtained via the Usercentrics consent management tool.

The use of this service may involve the transfer of data to third countries, particularly the USA. Data transfers to the USA carry the risk that a level of data protection equivalent to EU standards cannot be guaranteed.

Using the translation function is voluntary. Once activated, the language can be changed at any time via the language selection on the website.

We do not combine the collected data with other data sources. The data is stored only as long as necessary for the stated purposes or as required by law.

Further information on data processing can be found in GTranslate's privacy policy at: https://gtranslate.io/privacy-policy

15. Your rights as a data subject

15.1 Right of access Art. 15 GDPR

You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this data in accordance with the legal provisions.

15.2 Right to rectification Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

15.3 Deletion Art. 17 GDPR

You have the right to request that we delete your personal data without undue delay, provided that one of the legally stipulated grounds applies and insofar as the processing or storage is not necessary.

15.4 Restriction of processing Art. 18 GDPR

You have the right to request that we restrict the processing of your data if one of the legal requirements is met.

15.5 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

15.6 Right to object pursuant to Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) of Article 6(1) (processing in the public interest) or point (f) of Article 6(1) (processing based on legitimate interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

In certain cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for such marketing at any time. This also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free, in connection with the use of information society services and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

15.7 Revocation of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

15.8 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

16. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal regulations to which our company is subject.

If the purpose for which the data was stored ceases to exist or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

17. Duration of storage of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.

18. Updates and changes to the privacy policy

This privacy policy is currently valid and was last updated in August 2024.

Due to the ongoing development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be viewed at any time on the website at [website address]. https://potsdamtourismus.de/datenschutz be retrieved and printed by you.

This privacy policy was created with the support of the data protection software: audatis MANAGER.