We, the city of Heidenheim an der Brenz (hereinafter "we / our") take the protection of your personal data very seriously and adhere strictly to all applicable laws and regulations on data protection, in particular to the General Data Protection Regulation (GDPR) , the State Data Protection Act (LDSG) and the Telemedia Act (TMG) The following explanations give you an overview of how we ensure this protection and which data we process for which purpose.
1. Usage data
Every time our website is accessed and every time a file is called up, general data about this process is automatically saved in a log file. The storage serves exclusively system-related and statistical purposes (on the basis of Art. 6 Para. 1 Letter b) GDPR), as well as in exceptional cases for reporting criminal offenses (based on Art. 6 Para. 1 Letter e) GDPR) The data will not be passed on to third parties or any other evaluation will take place, unless there is a legal obligation to do so (Art. 6 Para. 1 Letter e) GDPR). In detail, the following data set is stored for each retrieval:
- Name of the file accessed
- Date and time of the request
- amount of data transferred
- Message as to whether the retrieval was successful
- Description of the type of web browser used
- operating system used
- the previously visited page
- Your IP address
- Training data (intents, entities, dialogs) as the basic framework for the service until the end of the service (if the site has a chat function)
- Chat content such as questions and answers from the bot including timestamps up to one year (if the site has a chat function)
2. Personal data
We only process personal data if we are legally permitted to do so or if you have given us your consent.
- a. Contact
If you get in contact with us, we will save your data on the basis of Art. 6 Para. 1 Letter b) GDPR for the purpose of processing your request, as well as in the event that further correspondence should take place.
- b. Newsletter
We would be happy to inform you about our newsletter and our range of products. In order to send a newsletter, we need your name and email address. You can enter this information in the fields provided on our website. Your data will only be processed by us for the purpose of sending the newsletter. The legal basis for data processing is Article 6 (1) (a) GDPR. You can unsubscribe from the newsletter at any time and thus object to the further use of your data. You can unsubscribe from the mailing list at the end of each newsletter. Alternatively, you can send us an email to email@example.com.
- c. Comment function
You have the option of leaving individual comments on individual blog posts published on our website. If you leave such a comment, the content of the comment itself, including the time of comment entry, will be saved and published. Your IP will also be saved -Address logged. This is done for verification and documentation purposes in the event that we should be sued for a violation of the law based on your comment. Data processing is therefore necessary to safeguard our legitimate interests in accordance with Article 6 (1) (f) GDPR. Your personal data will only be passed on to third parties if we are legally obliged to do so (then on the basis of Article 6 (1) Letter e) GDPR), or this is necessary to safeguard the legitimate interests of the third party (then on the basis of Art. Art. 6 Paragraph 1 Letter f) GDPR).
- d. Chat function
By agreeing to the provisions of data protection law, you agree that the content of the chat function itself, including the time of the chat entry, is saved. Your IP address is also logged. This is done for verification and documentation purposes in the event that a legal violation should be brought against us due to your input in the chat. The data processing is therefore necessary to safeguard our legitimate interests in accordance with Art. 6 Para. 1 Letter f) GDPR. Your personal data will only be passed on to third parties if we are legally obliged to do so (then on the basis of Art. 6 Para. 1 Letter e) GDPR), or if this is necessary to safeguard the legitimate interests of the third party (then on the basis of Art. Art. 6 Paragraph 1 Letter f) GDPR). The chat function is based on an open source framework TensorFlow. By using the chat, you ensure that you do not write any confidential or personal information about yourself or other people or companies in the chat.
4. Use of the "Matomo" analysis tool
Our website uses Matomo (https://matomo.org/), an open source software for analyzing visitor access to our website. Matomo uses so-called cookies, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about the use of this website is stored on our servers in Germany and is not passed on to third parties. Your IP address is anonymized immediately after processing and before it is saved. You can prevent the installation of cookies by setting your browser accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also object to the use of your data by Matomo by making use of the following option: A cookie is saved on your browser that only contains the information that Matomo may not collect any data about you. Previously stored cookies will then be deleted. However, if you delete all cookies in your browser, you may have to object to the use of your data again. You can decide here whether a unique web analysis cookie may be stored in your browser in order to enable us to collect and analyze various statistical data. If you decide against it, you can save the Matomo deactivation cookie in your browser by clicking on the following link.
We base the use of the aforementioned analysis tool on Art. 6 Paragraph 1 Letter f) GDPR: processing is carried out to analyze user behavior and is therefore necessary to safeguard our legitimate interests.
5. Use of the social plugins from Facebook, Twitter, Google+ and Instagram
- a. Facebook
Plugins of the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA) are integrated on our site. You can recognize the Facebook plugins by the Facebook logo or the "Like" button on our website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/. The plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our platform to your Facebook account. This enables Facebook to assign the visit to our site to your account. We would like to point out that we, as the site operator, have no knowledge of the content of the transmitted data or their use by Facebook. You can find more information on this in Facebook's data protection declaration at https://de-de.facebook.com/policy.php. If you do not want Facebook to be able to assign your visit to our site to your Facebook account, please log out Your Facebook account or do not activate the social plugins.
- b. Twitter
Functions of the Twitter service are then integrated into our website. These functions are offered by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the pages you visit are linked to your Twitter account and announced to other users. In doing so, data is also transmitted to Twitter. We would like to point out that, as the website operator, we have no knowledge of the content of the transmitted data or its use by Twitter. You can find more information on this in Twitter's data protection declaration at http://twitter.com/privacy. You can change your data protection settings on Twitter in the account settings at http://twitter.com/account/settings.
- c. Google +1
Functions of the Google+ service are then integrated on our site. These functions are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By using Google+ and the "+1" button, the browser establishes a direct connection with the Google servers. The content of the "+1" button is transmitted directly from Google to its browser and integrated into the website. We have no influence on the scope of the data that Google collects with the button. Purpose and scope of data collection and the rest Processing and use of the data by Google as well as your related rights and setting options to protect your privacy can be found in Google's data protection information on the "+1" button: http://www.google.com/intl/de/+/policy/+ 1button.html and the FAQ: http://www.google.com/intl/de/+1/button/.
- d. Instagram
6. Use of the social plugins from YouTube
Our website also uses links to refer to the page of the social network YouTube. We also operate a social media page here. If you click on a link to YouTube, you will be redirected to the respective external page on YouTube. If you are also logged in as a member of YouTube, the operator, YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 USA, can assign your visit to our site to your respective user account. We would like to point out that YouTube LLC belongs to the group of companies belonging to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you do not want YouTube to collect and store data about your visit to our website, you must Log out of your YouTube account before clicking the link. For the purpose and scope of the data collection and the further processing and use of your data by YouTube, please refer to the corresponding data protection declaration, which you can find here: http://www.google.de/ intl / de / policies / privacy / We base the use of YouTube on Art. 6 Para. 1 Letter a) GDPR. By clicking on the link and simultaneously registering with YouTube, you give us your consent to data processing. In any case, data processing is permitted in accordance with Art. 6 Para. 1 Letter f) GDPR; By activating the link and simultaneously registering in the respective social network, the data is processed for advertising purposes and is therefore in our legitimate interest.
7. Use of Google Web Fonts, Google Maps
External fonts, so-called Google web fonts, are used on some of our websites. We also use Google Maps to show you how to get to our company and to make it easier for you to plan your journey. We also use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Call up our page your browser the required information from the Google server in Ireland in your browser cache. This is necessary so that your browser can also display an optically improved representation of our texts or the map is displayed on our website. This transmits to the Google server which of our websites you have visited. Your IP address is also stored by Google. You can find more information about Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html You can find general information on data protection at Google at www.google. com / policies / privacy / We base the use of the aforementioned tools on Art. 6 Para. 1 Letter f) GDPR: the data processing takes place to improve the user-friendliness on our website and is therefore in our legitimate interest.
8. Duration of storage
Your data will be stored by us for as long as the final processing of your request requires. If there are statutory or otherwise prescribed retention requirements, your data will be stored for this period and then deleted. The statistical data collected via the "Matomo" analysis tool is anonymized when it is collected and the results are stored for a maximum of 2 years. The log data, i.e. the chat content of the user and the bot's responses including the time stamp, are saved for up to a year Data center stored by Komm.ONE in Karlsruhe.
9. Rights of data subjects
Your data will be stored by us for as long as the final processing of your request requires. If there are statutory or otherwise prescribed retention requirements, your data will be stored for this period and then deleted. The statistical data collected by the "Matomo" analysis tool is anonymized when it is collected and the results are stored for a maximum of 2 years.
- a. Right to information
You have the right to request confirmation from us as to whether personal data relating to you is being processed. You can contact firstname.lastname@example.org.
- b. Correction / deletion / restriction of processing
Furthermore, you have the right to demand that
• inaccurate personal data concerning you be corrected immediately (right to correction);
• personal data concerning you are immediately deleted (right to deletion) and
• the processing is restricted (right to restriction of processing).
You have the option to contact email@example.com.
- c. Right of withdrawal
You have the right to withdraw your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation. You can contact firstname.lastname@example.org.
- d. Right of objection
Is the processing of your personal data for the performance of a task that is in the public interest (Art. 6 Paragraph 1 Letter e) GDPR) or to safeguard our legitimate interests (Art. 6 Paragraph 1 Letter f) GDPR), you have a right of objection. You can contact email@example.com.
- e. Right to lodge a complaint
If you are of the opinion that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to other legal remedies.
10. Our data protection officer
You have the possibility to contact firstname.lastname@example.org.
We use the most modern internet technologies for the security of your data. During the online inquiry process, your details are secured with SSL encryption. For the secure storage of your data, our systems are protected by firewalls, which prevent unauthorized access from outside. The data is stored in an IBM data center in Frankfurt am Main. If you trigger an e-mail to yourself from a form (receive a copy (cc)), the data you entered in the form may be transmitted unencrypted. This depends on your mail domain. They could then possibly be read by unauthorized persons.