Legal information

Welcome to Bayerische Staatsbad Bad Kissingen GmbH and our internet presence, www.badkissingen.de


Thank you for your interest in our offers. The protection of your privacy and private data is very important to us. Therefore the collection and usage of your data will always comply with the General Data Protection Regulation (EU) 2016/679 (GDPR), Bundesdatenschutzgesetz (BDSG) and the Telemediengesetz (TMG). In the following document we will inform you about which data we will use and and the purposes it will serve.

1. Personal Data

In regards to the GDPR, personal data refers to all information that relates to an individual person; an individual person in this case is a person that can be identified via various means such as a name, reference number, location data or online reference number, all of which are a part of the physical, physiological, genetic, psychic, economic, cultural or social identity of the person. A collection of such data only occurs when it is necessary to do so for the completion of a service, compliance with federal regulations or the following purpose.

2. Anonymised data / Log files

You can visit our website without necessary collection of your data. However, with every visit we will collect certain anonymised data such as visited pages or viewed offers. This data is not personal and is therefore not covered by the regulations of the GDPR or BDSG.
The website host or service provider collects data concerning access to the site and saves this data as “server log files”. The following data is collected this way:

Visited pages, time of the visit, amount of data sent data in bytes, source/reference that led to the page, used browser, used operating system, used IP address.

The collected data is only used for research statistics and improvement of the website. The site host reserves the right to inspect the server log files if there is evidence of unlawful behaviour by the user.

The collection of anonymous data serves the purpose statistical research to improve our offers. Please refer to the section “Right to information / Power of revocation”.

3. Purpose of the collection of personal data

The collection of personal data is necessary when you are booking a hotel room or other services via our website, contacting us, subscribing to our newsletter or using other services of our website that require the collection of personal data. This includes the purchase of coupons or participation in price draws.

In compliance with federal regulations we will only collect data that is relevant to the requested service. If a form asks for additional data you have the right to refuse (optional data is marked as such).

It is neccesary for the system to temporarily save your IP address in order to display the website correctly. The IP address will be saved for the duration of your browsing session. Storage inside of log files serves to guarantee website functionality. Furthermore, we will use the stored data to improve the browsing experience of the website and security of our IT systems. This data will not be used for marketing purposes. All the above mentioned purposes fall under Article 6 Section 1 of the GDPR.

In the case of a booking for accommodations or other services the collected data will be used to complete the booking process, for marketing and statistical purposes.

Data collected after subscribing to the newsletter will only be used with consent from the user according to Article 6 Section 1 of the GDPR.

All personal data will only be used for customer relations, customer services (such as information regarding the stay), internal marketing (such as catalogues, other advertisements in accordance with regulations, enquiries regarding customer satisfaction) and for the completion of services.

4. Legal grounds for the usage of personal data

Article 6 Section 1a of the GDPR serves as legal grounds whenever we ask for consent in order to use personal data.
Article 6 Section 1b of the GDPR serves as legal grounds for the usage of data of a legal party for the completion of a contract. This also applies to the necessary usage of data to complete pre-contractual measures.
Article 6 Section 1c of the GDPR serves as legal grounds for necessary usage of personal data in order to complete our legal obligations.
Article 6 Section 1d of the GDPR serves as legal grounds if the usage of data is necessary due to factors that pertain to vital interests of the person concerned.
Article 6 Section 1f of the GDPR serves as legal grounds for the usage of personal data if that usage is necessary to fulfil the interests of our company or a third party and if the rights and freedoms of the person concerned don't interfere with these interests.

5. Disclosure of personal data to third parties

Personal data will only be disclosed in  accordance with data protection and competition law.
Personal data will also be disclosed subsidiaries or service providers if it is necessary to do so in order to fulfil our contractual obligations (such as mail and email correspondence, payments, customer service).
Furthermore, personal data will be disclosed to persons and companies, especially hotels, departments and tour operators etc.,  to complete the booking process.
Personal data will also be disclosed if we are obligated to do so to comply with local laws or court proceedings.
You have the right to request all of your saved personal data in a structured, contemporary and machine-readable format. Furthermore, you have the right to disclose this data to another third party without interference of the party that requested the data.

6. Storage and deletion of data

Your personal data will be saved in accordance with the purposes outlined in section 3 “Purpose of the collection of personal data”. The data will be deleted when there is no longer a relevant use for it. Personal data will also be saved if there is an obligation to do so due to European or national laws , regulations or other guidelines that affect the other party. By law, there are several obligations and time frames for the storage of data. Data will only be deleted if the allotted time frame expires unless  it is still needed to complete the conditions of a contract.

7. Usage of cookies

We use cookies (small bits of data with text information that are sent to your browser via the web server) to improve the browsing experience of our website. For example, some hint boxes only appear once if you allow use to use cookies. Some cookies have an expiration date. Should you delete your cookies before the expiration date we will use a new one, unless you have blocked the usage of cookies.
Technical specifications let the server only use cookies that have been sent by that same server. We do not save personal data in cookies.
Without cookies, access to our site is unfortunately limited. Therefore we would advise you enable cookies for the duration of your browsing on our website. Most browsers accept cookies by default. However, you can setup your browser to not save cookies and notify you each time a website requests the exchange of cookies.
Article 6 Section 1f of the GDPR serves as legal grounds for the processing of personal data via cookies.
Article 6 Section 1a of the GDPR serves as legal grounds for the processing of personal data via cookies for analysis purposes with permission by the user.

8. Usage of Google Analytics

This website uses Google Analytics, a web analysis service by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google Analytics uses cookies, text data which is saved on your computer and allows analysis of your browsing session on the website. The information generated by the cookie (including your IP adress) is sent to a Google server in the USA and saved there. Google uses this information to analyse your usage of the website and compile reports about this activity for the website owners, as well as provide other services in relation to website and internet usage. Google may disclose this information to third parties due to laws or to have the third party process the data. In this case Google will not associate your IP adress with other Google-related data. You can prevent the usage of cookies by setting up your browser, however, you may not be able to access all functions of our website if you do so. By using this website you agree to the processing of collected data by Google.
The Google tracking codes of this website use the function “_anonymizelp()” to send IP addresses in a shortened format in order to prevent personal identification. The collection and storage of data can always be prevented with immediate effectiveness. By clicking the “Deactivate” button all tracking will be completely disabled. In order for this change to be permanent the browser needs to be able to use cookies. Alternatively, the collection of data can be prevented via the use of a Google browser plugin which stops cookies with collected information from being sent to, and used by, Google Inc. The following link contains this plugin: https://tools.google.com/dlpage/gaoptout?hl=de

9. Usage of Google Fonts

Our online presence employs Google Fonts and Google Fonts API to display text and symbols. Via Google Fonts data about the usage of font functions by page users can be collection, processed and used if this data is not saved on our local servers. You can read more about the usage of data by Google under http://www.google.com/privacypolicy.html. There, you can also change your settings inside the data protection center in order to protect and organise your data. The terms of conditions by Google Fonts can be found under https://fonts.google.com/about# and https://policies.google.com/terms?hl=en

10. Usage of Google Maps

Our online services use Google Maps and the Google Maps API to display maps and geographical information. When using Google Maps data about the usage of map functions by the user are collected, saved and processed. You can read more about the usage of data by Google under  http://www.google.com/privacypolicy.html.  There, you can also change your settings inside the data protection center in order to protect and organise your data. The terms of conditions by Google Maps can be found under https://www.google.com/intl/de_de/help/terms_maps.html

11. Usage of Matomo

This website uses Matomo, a open source software for the analysis of user access. Matomo uses cookies, text data which is saved on your computer and allows analysis of your browsing session on the website. The information generated by cookie is saved on the server of the service provider in Germany. After processing, your IP address is immediately anonymised before being saved in order to prevent personal identification.
Preventing tracking by Matomo:

Here you can decide whether a web analysis cookie may be saved in your browser in order to allow the collection and analysis of statistical data.
If you do not want to accept, you can use the following link for a Matomo deactivation cookie for your browser.

Right now your page activity is being tracked by Matomo web analysis. Click here to disable tracking. [1]

12. Usage of Econda

In order to optimise the website we use solutions and technology by econda (www.econda.de) which collects anonymised data and creates user profile that use pseudonyms. This may neccesitate the usage of cookies that allow the recognition of an internet browser. Without express permission these pseudonyms will not be associated with data concerning the pseudonym of the user. Most importantly, IP adresses are immediately encrypted. Visitors of the website can always contest this collection and storage of data under the following link: www.econda.de/widerruf-zur-datenspeicherung/.

13. Usage of WordPress.com-Stats (Jetpack)

Our online presence employs WordPress.com-Stats, a tool for statistical analysis of user requests, which is operated by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA by using tracking technology by Quantcast Inc. 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA. WordPress.com-Stats uses cookies, text data which is saved on your computer to allow for the analysis of your access to the website.
The information generated by the cookie will be saved on a server in the USA. The IP address will be anonymised prior to being stored. You can prevent the installation of cookies via the respective settings inside your internet browser, however, be advised that you may not be able to access all features of the website in this case.
You can prevent the collection and usage of your data by Quantcast by placing an Opt-Out-Cookie in your browser by using the link “Click here to opt-out” on this webpage: http://www.quantcast.com/opt-out.
Should you clear out your cookie cache you will have to place another Opt-Out-Cookie.

14. Ratings via Trusted Shops

If you gave us your permission during or after your order by ticking the respective checkbox or using the respective button (“Rate later”) we will submit your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Köln (www.trustedshops.de) which will send you an e-mail to remind you to give your rating of our services. This permission can always be revoked by sending a message to the contact found at the end of the document or by contacting Trusted Shops directly.

15. Facebook Social Plugins

Our online presence employs Social Plugins of the social network facebook.com which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. These plugins can be identified via the Facebook logo (a white F on a blue background or a thumbs up symbol) or the affix “Facebook Social Plugin”. The list and appearances of Facebook Social Plugins are listed here: https://developers.facebook.com/docs/plugins/?locale=de_DE

When you access a page on this website that contains such a plugin your browser will establish a direct connection to Facebooks servers. The contents of the plugin will be transmitted by Facebook to your browser which will incorporate it into the page. Therefore we do not have any influence on the amount of data that Facebook collects with this plugin and can give you an estimate based on our knowledge of the subject at this time: Facebook tracks that the page that the plugin is embedded in has been opened by a user. If you are logged into Facebook the plugin can associate your account with the page. Should you interact with the plugin (for example by leaving a like or commenting), this information will be transmitted to Facebook and stored on their servers. Even if you do not have a Facebook account your IP adress might still be tracked and associated with the page by Facebook. You can find out more about the purpose and scope of the collected data and the processing and storage of that data by Facebook as well as the rights and settings for the protection of your privacy by reading Facebook's data protection policy: http://www.facebook.com/policy.php

If you are a Facebook user and do not want Facebook to collect this data and associate it with your account you will have to log out of Facebook prior to visiting our website. You can also block the Facebook Social Plugin with certain addons for your browser such as “Facebook Blocker”.

16. Facebook-Conversion-Pixel

Our internet presence employs “Facebook Pixel” by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This allows Facebook to track internet activity of a user for statistical and marketing purposes after they interact with an ad hosted by Facebook, this helps optimise future ad displays.
The collected data is anonymised and does not lead back to the identity of the user. However, the data is saved by Facebook and processed for their own marketing purposes in accordance with their terms of data usage (https://www.facebook.com/about/privacy/) which entails a connection to the respective user profile. The user can enable Facebook and its partners to display personalised ads on Facebook itself and on other pages and to place a cookie that serves the same purpose. By visiting our website and Facebook page you agree to this. In order to disable cookies on your computer you can set up your browser to not accept any cookies and to delete any cookies that are already present. However, disabling cookies may disable some of the functions of our webpage. The user can also disable cookies by third parties such as Facebook by visiting the website of the Digital Advertising Alliance: http://www.aboutads.info/choices/

17. Usage of the Google +1 button

This internet presence employs the “+1” button of the social network Google Plus which is operated by  Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This button can be identified “+1” symbol on either a white or coloured background. Any page on our website that contains this button will have the browser establish a connection with Google servers. The contents of the “+1” button will be transmitted to the browser by Google and injected into the page. The site owner has no influence over the amount of data that Google collects via this button but it is assumed that the IP adress is also tracked. The purpose and scope of the collected data and further processing and usage of the data by Google, as well all associated rights and settings for privacy protection, are explained further in Google's terms of data protection regarding the “+1” button: http://www.google.com/intl/de/+/policy/+1button.html
Any user that is a Google Plus member and does want Google to collect data about their browsing session and link that data with their profile will have to log out of Google Plus prior to browsing our website.

18. Usage of the Tweet button by Twitter

This internet presence employs the Tweet button by social network Twitter which is operated by  Twitter Inc., 750 Folsom Street, Suite 600, San Francisco, CA 94107, United States (“Twitter”). This button can be recognised via a dark blue bird and the word “Tweet” on light blue background. Any page that contains such a button will establish a connection to the Twitter servers through the browser. The contents of the “Tweet” button will be transmitted to the browser by Twitter and incorporated into the Twitter message. The site owner has no influence over the amount of data collected by Twitter via the button but it is assumed that  the IP address is also tracked. The purpose and amount of data that Twitter collects, as well as associated rights and setting for the protection of privacy, are specified in Twitter's terms of data protection:  http://twitter.com/privacy
Any user that is a Twitter member and does not wish for Twitter to collect data about their browsing session of this page and associate this data with their account will have to log out of Twitter prior to visiting our website.

19. Usage of the Xing-Social plugins

This internet presence emloyes social media plugins of the social network Xing which is operated by Xing AG, Dammtorstraße 29 - 32, 20354 Hamburg, Germany. Plugins by Xing can be identified by the respective logo, a stilized "X" of opposite arrows in green. When visiting our website your browser will establish a connection with the Xing servers, which are used for the "Xing Share-Button" function. Xing does not save ane personal data and especially no IP-adresses from the users. There no evaluations made about the usage of cookies regarding the "Xing Share-Button". 
More details about privacy for the "Xing Share-Button" and more general information can be found at: https://www.xing.com/app/share?

20. Usage of the LinkedIn plugin

This internet presence employs plugins of the social network LinkedIn which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA („LinkedIn“). Plugins by LinkedIn can be identified by the respective logo or the “recommend” button. When visiting our website your browser will establish a connection with the LinkedIn servers. That way LinkedIn can track that your IP address visited the page. When you interact with the “Recommend” button while being logged into LinkedIn you have the option of linking the page's contents to your LinkedIn profile. At the same time you allow LinkedIn to associate your visit of the page with your account. We have no information on the contents and amount of data collected by LinkedIn.
More details about the collection of data and your rights and setting options can be found at: http://www.linkedin.com/

21. Usage of the wize.life button

This internet presence used social media plugins of the social network wize.life which is operated by wize.life GmbH, Herzogspitalstraße 8, 80331 Munich. These “Social Plugins” can be identified via the wize.life logo, a mirrored Z on a blue background. When visiting this website your will temporarily establish a connection to the wize.life servers which enable the function of the “Recommend wize.life” button. wize.life does not save any personal data about the usage of these functions. wize.life also does not save any IP adresses. Your browsing habits regarding “wize.life Recommend” button will also not be analysed. The current terms of data protection regarding the “wize.life Recommend” button and further information can be read under: https://www.wize.life/inhalt/datenschutzhinweise

22. Usage of the Pinterest button

This internet presence employs the “Pin-it” button of the social network Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA („Pinterest“). The Pinterest plugin can be identified via the “Pin-it” button in white writing on a red background or in red writing on a white background or alternatively by a red-white “P” on a white background.
When you click the “Pin-it” button while being logged into Pinterest you can link the contents of a page with your Pinterest account. This allows Pinterest to associate your visit of our website with your account. We do not have any information about transferred data or its purpose. You can find more information on this topic in the privacy policy of Pinterest: http://pinterest.com/about/privacy

23. Usage of the Instagram button

This internet presence employs the social media plugin of the social network Instagram which is operated by Instagram Inc., 1601 Willow Road, Menlo Park, California, 94025, USA. The Instagram plugin can be identified by the “Instagram” button on our homepage.
When you interact with the button while being logged into Instagram you link the contents of the page with your Instagram account. This allows Instagram to associate your visit of the page with your account.
We do not have any information about the contents and purpose of the transferred data. You can find more information on this topic in the privacy policy of Instagram: http://instagram.com/about/legal/privacy

24. Usage of etracker

Our website employs technology by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg (www.etracker.com) to collect and store date for the purposes of marketing and optimisation. With this data we can create anonymous user profiles. Cookies can be used to help with this process. Cookies are small bits of text data which are saved in a temporary storage of the browser. These cookies allow the browser to be recognised. Without express permission we will not use etracker technology to identify the user of the website and associate their personal data with the corresponding anonymous profile.
The right for the collection and storage of data can be revoked by the user at any time. In order to do so you can use the following link to place an Opt-Out-Cookie by etracker in your browser which will keep etracker from collecting user data via your browser: http://www.etracker.de/privacy?et=V23Jbb
The Opt-Out-Cookie etracker is called “cntcookie”. Please do not delete it as long as you do not want etracker to collect user data. More information can be found in the terms and conditions of etracker: http://www.etracker.com/de/datenschutz.html

25. Youtube

This website uses shortcuts to YouTube by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When embedding we use the expanded data protection mode so that user information is only transmitted when playing a video. In this case YouTube collects data about the specific page that the video is embedded in and about the video itself. When you are logged into YouTube at the same time the video can be associated with your account. You can more information about the collection and precessing of your data by YouTube in the data protection policy of www.youtube.com.
If you do not want YouTube to collect data about your visit please do not interact with any videos on the site.

26. Usage of Hotjar

This internet presence employs the software Hotjar (http://www.hotjar.com , 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe. Via Hotjar we can track and analyse user behaviour (mouse movements, clicks, scrolling distance, etc.) on our website. In order to do so Hotjar uses cookies on user devices to collect anonymised data such as the used browser, operating software, duration of the browsing session. You can prevent this by turning off cookies in your browser setting and deleting all active cookies. You can more information about Hotjar's data usage under https://www.hotjar.com/privacy

27. Usage of Optimizely

This website uses Optimizely, a web analysis service by Optimizely, Inc. ("Optimizely"). Optimizely uses cookies, text data that is saved on your computer allows analysis of your browsing session on this website. The information generated by the cookie is normally saved on an Optimizely-owned server in the USA and saved there.
When IP anonymisation is activated on this website however, your IP address will be shortened inside an EU member state or member state of the EU economic area. Your full IP address will only be sent to Optimizely in an exception to be shortened inside the USA. Optimizely uses this data on behalf of the site owners in order to analyse your usage of the website and to compile reports about website activity.
The transmitted IP addresses will not be associated with other data collected by Optimizely. You can veto the usage of a cookie via the corresponding setting inside your browser settings. However, in this case some of the functions of this website will not be available to you any more. Furthermore, you can always deactivate Optimizely tracking (as well as the creation of a cookie, collection of your user data, including IP address, and processing of data by Optimizely) by following the instructions on: http://www.optimizely.com/opt_out

28. Usage of Olark

This website employs the live chat service Olark by Olark Inc. 76 South Park St, San Francisco, CA 94107, which allows us to contact website users directly for the purposes of customer support. During the chat session your location, IP address, browser and visited page are visible to us. After the session concludes we will not have access anymore. You can find more information regarding Olark live chat in the data protection policy of Olark under: https://www.olark.com/tos
Olark places cookies on your PC which allow for an improved browsing experience on our website. You can always veto the usage of cookies via the corresponding settings inside your browser. However, should you do so you may not be able to access all functions of the website.

29. Security, questions and feedback, responsible parties

Your security is also dependent on your own system. Always treat your data as strictly confidential, do not let your browser save passwords for you and close your browser window when you are done browsing our website. This makes it harder for third parties to get a hold of your personal data.
Use an operating system that can manage user permissions. Set up multiple users on your system for each family member and never run your browser in administrator mode. Use security software like a virus scanner and firewalls and always keep your system updated.
The responsible parties of our internet presence in regards to the basic data protection regulations and other national data protection laws of member states and other data protection measures are:

Bayer. Staatsbad Bad Kissingen GmbH
Im Luitpoldpark 1
97688 Bad Kissingen
Telefon: +49 (0) 971 8048-444
Telefax: +49 (0) 971 8048-445
E-Mail: tourismus@badkissingen.de

www.badkissingen.de

and

Stadt Bad Kissingen
Rathausplatz 1
97688 Bad Kissingen
Telefon: +49 (0) 971 807-0
Fax: +49 (0) 971 807-4444
E-Mail: info@stadt.badkissingen.de

30. Right to information / right to cancel; other rights

You have the right to:

–   request information about your personal data that is collected by us under Art. 15 of the GDPR. In particular you can request information about the purpose of data, category of personal data, category of the recipients of the data, duration of storage of data, possible rights for correction of data, deletion of data, limitations and vetoing of the processing of data, possible rights for complaints, origin of your data (as long as it was not collected by us) as well as any automated scope of decision including profiling and meaningful information regarding its details;
–   request the immediate correction of false data or completion of your personal data under Art. 16 of the GDPR;
–   request the deletion of your personal data under Art. 17 of the GDPR as long as this data is not needed to guarantee the right of free speech, completion of a legal obligation, for purposes of public interest or for the assertion, execution or defence of legal claims;
–   requests limited processing of your data under Art. 18 of the GDPR if the validity of the data is in jeopardy, the processing of the data is unlawful but you forbid the deletion of the data and if we do not need the data anymore but you do for the assertion, execution or defence of legal claims or when you have filed an objection against the processing of data under Art. 21 of the GDPR;
–   request your personal data to be given to you or a third party in a structured, contemporary and machine-readable format under Art. 20 of the GDPR;
–   always revoke your permissions under Art. 7 Section 3 of the GDPR. This means that we can not continue using data that you have permitted us to use in the past;
–   complain to a supervisory authority according to Art. 77 of the GDPR. Usually you can contact the supervisory authority of your residency or workplace or our head office.

You are given these rights free of charge. In order to revoke your permission of data usage, request information or the correction, blocking or deletion of data or in order to invoke your other rights regarding data please contact:

Bayer. Staatsbad Bad Kissingen GmbH
Im Luitpoldpark 1
97688 Bad Kissingen
Telefon: +49 (0) 971 8048-444
Telefax: +49 (0) 971 8048-445
E-Mail: tourismus@badkissingen.de

and

Stadt Bad Kissingen
Rathausplatz 1
97688 Bad Kissingen
Telefon: +49 (0) 971 807-0
Fax: +49 (0) 971 807-4444
E-Mail: info@stadt.badkissingen.de

What follows is the contact of our controller for data protection:

Hans-Jürgen Bühner
Rathausplatz 1
97688 Bad Kissingen
Telefon: +49 (0) 971 807-2400
E-Mail: datenschutz@stadt.badkissingen.de

In order to invoke your rights regarding information, correction, blocking or deletion of personal data, please first contact the previously mentioned division of the controller for data protection instead of the controller themselves.

31. Unsubscribe from the newsletter

In case you don't want to receve our newsletter or advertisement mails anymore you can just click on the link "newsletter abmelden" which is included in every email we send.