Your data is important to usPrivacy policy

1 Responsible Party

Tourismus Marketing GmbH Baden-Württemberg
Marktstraße 2
70173 Stuttgart, Germany
Email: info@tourismus-bw.de
As of: 4 February 2025

2 Data Protection Officer

Achim Barth – Barth Datenschutz GmbH
Email: info@barth-datenschutz.de

3 Overview of Data Processing

We process your personal data when you visit our website, contact us, or use functions such as appointment booking, newsletters, analysis, or marketing tools, depending on the configuration.

Typical data categories include:

Access data (e.g., IP address, date/time, page accessed, referrer URL, browser/device information);

Communication data (e.g., email content, contact details);

Content and form data (information entered into fields); and

Consent and cookie data (consent status, cookie identifiers).

4 Basic Processing

4.1 Website and Server Logs
Purpose: Website delivery, stability and security assurance, misuse and attack detection, and error analysis.
Data: IP address, timestamp, accessed content, technical information (e.g., browser/operating system), referrer URL, and log data.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and functional operation).
Recipients: Technical service providers (e.g., hosting and IT) within the scope of order processing.
Storage period: Log data is stored only for as long as is necessary for security and error analysis (typically a few days to a few weeks) and is then deleted or anonymized.

4.2 Use of Service Providers and Order Processing
We use service providers for website operation and maintenance (e.g., hosting, IT, support, and web development). Where necessary, we have concluded a contract for order processing in accordance with Art. 28 GDPR has been concluded with these service providers.

4.3 Cookies and Consent Management
We use cookies and similar technologies, such as local storage, to operate the website, provide functions, and, with your consent, measure reach and enable marketing.
If cookies or other consent-requiring technologies are used, we will obtain your consent beforehand.
Legal basis: Art. 6(1)(a) GDPR (consent) for cookies and tools requiring consent, and Art. 6(1)(f) GDPR for operating and logging consent status.
Change or revoke consent: [Link to "Cookie settings"]

4.4 Contact
Purpose: Processing your request and communicating with you.
Data: Contact details, message content, and metadata, if applicable.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures or contract), or Art. 6(1)(f) GDPR (legitimate interest in efficient communication), depending on the content of the request.
Storage period: Until final processing. Beyond that, only if necessary (e.g., for proof or follow-up questions) or due to legal retention obligations.

5 Processing in Detail

Newsletter
Purpose: To send information, news, and offers.
Data: Email address and name, if applicable, as well as log data for registration (double opt-in: time and IP address).
Legal basis: Art. 6(1)(a) GDPR (consent).
Revocation: You may revoke your consent at any time via the unsubscribe link in the newsletter or by sending us a message.
Recipients: Newsletter service provider (order processing in accordance with Art. 28 GDPR).
Storage period: Until consent is revoked. Log data is stored for as long as necessary for verification purposes.

Analysis and Reach Measurement
Purpose: Measurement of usage, optimization of the website with Google Analytics 4 (European headquarters in Dublin, Ireland)
Data: Usage data, device and browser data, interactions, and cookie IDs, if applicable.
Legal basis: Art. 6(1)(a) GDPR (consent).
Revocation: Via the cookie settings.
Recipients: Analysis service providers (possibly involving order processing in accordance with Art. 28 GDPR).
Third country: Depending on the provider (see section 6), possible.
Storage period: Depends on the tool settings; deletion or anonymization according to configuration.

Tag management
Purpose: Technical management and display of website tags (analysis, marketing) with Google Tag Manager (European headquarters in Dublin, Ireland)
Data: For technical reasons: IP address, device information; otherwise depending on the tags loaded via it.
Legal basis: If tags requiring consent are loaded: Art. 6 (1) (a) GDPR.
Note: Tag management is not a neutral component – the tags that are activated via it are decisive.

Marketing, Conversion, and Retargeting
Purpose: Advertising, performance measurement, retargeting with Google Analytics 4 (European headquarters in Dublin, Ireland)
Data: Interactions, visit and conversion events, cookie IDs, campaign allocation if applicable.
Legal basis: Art. 6 (1) lit. a GDPR (consent).
Revocation: Via the cookie settings.
Recipients: Marketing and advertising service providers; joint responsibility depending on the tool design (to be checked in individual cases).
Third country: Possible, depending on the provider.

Embedded content
Purpose: Display of external content (video, audio, maps, widgets) with YouTube (European headquarters in Dublin, Ireland) and mein.toubiz (headquartered in Freiburg, Germany)
Data: IP address, device information if applicable; cookies or tracking depending on the provider.
Legal basis: Art. 6 (1) (a) GDPR (consent) if the provider uses cookies or tracking; otherwise Art. 6 (1) (f) GDPR (legitimate interest in user-friendly presentation) for purely technical integration without tracking.
Recipients: Respective provider of the embedded content.
Third country: Possible, depending on the provider.

Social Media Links
Purpose: Linking to external social media profiles on Facebook, Instagram, Pinterest, LinkedIn, and YouTube.
Data: In the case of pure links, we do not transfer any data to social media providers; you only leave our website when you click on the link.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in information and communication).

6 Recipients

Depending on the functions used, data may be transferred to the following categories of recipients:

IT and hosting service providers (order processing) with Vercel and AWS

Analysis and marketing service providers (only if activated)

Providers of embedded content (video, audio, widgets)

7 Third Country Transfers

Depending on the service providers used, personal data may be processed outside the EU or the EEA. In such cases, we rely on appropriate safeguards (e.g., standard contractual clauses) where necessary and take measures to minimize risk.
Note: When transferring data to third countries, a residual risk (e.g., government access) cannot be completely ruled out.

8 Storage Period

We only store personal data for as long as is necessary for the respective purposes. The data is then deleted or anonymized, provided that there are no legal retention obligations to the contrary.

9 Your Rights

You have the following rights:

Information about your stored data (Art. 15 GDPR)

Correction of inaccurate data (Art. 16 GDPR)

Deletion of your data (Art. 17 GDPR)

Restriction of processing (Art. 18 GDPR)

Data portability (Art. 20 GDPR)

Objection to processing based on Art. 6 (1) lit. f GDPR (Art. 21 GDPR)

Withdrawal of consent with effect for the future (Art. 7 (3) GDPR)

Enforcement: Via the contact details of the controller or the data protection officer (info@barth-datenschutz.de).

10 Right to lodge a complaint

You have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

11 Obligation to Provide Data

The provision of certain data is technically necessary for the mere use of the website (e.g., IP address). If you contact us or request services, certain information is required in order to process your request.

12 Automated Decision-Making and Profiling

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place as a matter of principle. If individual marketing or analysis modules can create profiles, this is done exclusively with prior consent (Art. 6 (1) (a) GDPR).