Town hall

How can we help?

Stay

Privacy policy

Privacy policy

1. Name and contact details of the controller and the company data protection officer
This privacy policy applies to data processing by
Responsible:   
Hildesheim Marketing GmbH
Rathausstrasse 15
31134 Hildesheim
Place of jurisdiction: Hildesheim District Court, HRB 200977
Managing Director: Fritz S. Ahrberg
Email:
Phone: 05121 1798-100
Fax: 05121 1798-111
 
The data protection officer for Hildesheim Marketing GmbH:
Thimo Plaumann
Email:
 
2. Collection and storage of personal data as well as the nature and purpose of their use
a) When visiting the website   
When calling our website www.hildesheim-tourismus.de Information is automatically sent to our website's server by the browser used on your device. This information is stored for a maximum of three months and then deleted. The following information is collected without your intervention and stored until its automatic deletion:
 
• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• References
• Search terms
• Website from which access is made (referrer URL)
• HTTP status and page size
• browser used and, if applicable, the operating system of your computer as well as the name of your access provider


The data mentioned are processed by us for the following purposes:   
• Ensuring a smooth connection to the website
• Ensuring a comfortable user experience on our website
• Evaluation of system security and stability
• statistical evaluation in anonymized form as well as
• for other administrative purposes
 
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes of data collection listed above. Under no circumstances will we use the collected data to draw conclusions about your identity.
 
Furthermore, we use cookies and analytics services when you visit our website. You can find more detailed explanations in sections 6 and 7 of this privacy policy.

b) When you subscribe to our travel newsletter
If you wish to subscribe to the travel newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter.
To ensure that newsletter subscriptions are only received with the subscriber's consent, we use the so-called double opt-in procedure. This allows potential recipients to subscribe to a mailing list. The user then receives a confirmation email, giving them the opportunity to legally confirm their subscription. Only after this confirmation is the address actively added to the mailing list. We use this data exclusively for sending the requested information and offers.
 
As a newsletter software will Sendinblue Your data will be transmitted to Sendinblue GmbH. Sendinblue is prohibited from selling your data or using it for any purpose other than sending newsletters. Sendinblue is a German, certified provider, selected in accordance with the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
You can find more information here.
You can revoke your consent to the storage of your data, email address and its use for sending the newsletter at any time, for example via the "Unsubscribe" link in the newsletter.
Data protection measures are constantly evolving due to technological advancements. Therefore, we ask that you regularly review our privacy policy to stay informed about our data protection practices.


c) By using our contact form
For any questions, you can contact us using the form provided on our website. A valid email address, title, and last name are required so we know who is contacting us and can respond. Providing additional personal information is optional.
The data processing for the purpose of contacting us takes place in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO based on your voluntarily granted consent.   
The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request made by you.  


d) When using forms
When you fill out and submit online forms on www.hildesheim-tourismus.de, the data you provide will be used exclusively for the purposes stated in the form.  
The data processing for the purpose of contacting us takes place in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO based on your voluntarily granted consent.   
If you download and complete electronic forms (e.g., PDF files) from www.hildesheim-tourismus.de, these files remain exclusively within your sphere of influence. No data is transmitted electronically.


e) When using our booking portal   
For bookings in the areas of accommodation, package holidays, city tours & excursions, and our online shop, we use the following service providers. These providers store and transmit your personal data to us for the purpose of processing your bookings. Your data will not be shared with any other third parties. Data processing for the purpose of online booking with us is carried out in accordance with Art. 6 Para. 1 Sentence 1 lit. a+b GDPR based on your freely given consent.

My.IRS GmbH
Dornierstr. 4, D-82178 Puchheim/GERMANY
Email: info(at)tomas-travel.com
Website: www.tomas-travel.com
Telephone: +49 89 84102045, fax: +49 89 84102047
My.IRS GmbH headquarters: D-82178 Puchheim
Munich Local Court, HRB 157049, Legal form: Limited Liability Company (GmbH)

Payment methods via My.IRS GmbH
• Datatrans (Mastercard, Visacard)

Datatrans AG
Kreuzbühlstrasse 26, CH-8008 Zurich/SWITZERLAND
Commercial Register: Canton of Zurich, CH-400.3.008.700-8
VAT number: CHE-100.847.043 VAT
Management: Hanspeter Maurer, Bettina Reimers, Urs Kisling
Phone: +41 44 256 81 91, Fax: +41 44 256 81 98
Email: General inquiries: info@datatrans.ch  

• PayPal
On our platform, we offer payment via PayPal, among other options. The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). If you select payment via PayPal, the payment details you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on Article 6 Paragraph 1 Letter a GDPR (consent) and Article 6 Paragraph 1 Letter b GDPR (processing necessary for the performance of a contract). You have the right to withdraw your consent to data processing at any time. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

3. Video surveillance

a) Tourist Information Hildesheim
We operate video surveillance in the public areas and sales area of ​​our tourist information center. The video recordings are stored and, in cases of suspected theft, reviewed and evaluated by the responsible party or one of their branch managers. This video surveillance is based on Article 6 Paragraph 1 Letter f of the GDPR, in order to protect ourselves against repeated thefts and to investigate and prosecute them under criminal and civil law. The video recordings are deleted immediately after review. If a theft or other criminal offense is recorded, this footage will be handed over to law enforcement authorities and will only be deleted once our legal claims have been concluded.

b) Ascent to St. Andrew's Church tower
We operate video surveillance in the St. Andrew's Church tower. However, no video recordings are made, as this is video surveillance without a recording device. The video surveillance is based on our right to control access to our property and Article 6 Paragraph 1 Letter f of the GDPR and serves to protect employees and visitors, as well as to prevent and investigate theft and vandalism.   


4. Disclosure of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place.   
We only share your personal information with third parties if:   

  • You have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
  • The transfer of your data is necessary for the establishment, exercise or defense of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred.
  • In the event that there is a legal obligation to disclose the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR.
  • This is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. 

5. Cookies  
We use temporary cookies on our website and persistent cookies in the cookie notice. Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, nor do they contain viruses, Trojans, or other malware. Information is stored in the cookie that relates to the specific device used. However, this does not mean that we gain direct knowledge of your identity.   
We use temporary cookies (so-called session cookies) to optimize user-friendliness; these are stored on your device for a specific, predetermined period and deleted after you close your browser.
 
In connection with the "Cookie Notice" function, a persistent cookie is set to store the fact that the visitor has seen the cookie notice. This cookie is deleted after one week, and the visitor must then confirm the cookie notice again.   
We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 7b).   
The data processed by cookies are for the purposes mentioned for the protection of our legitimate interests as well as the third party according to Art. 6 para. 1 S. 1 lit. f DSGVO required.
 Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or always a hint appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.


6. Analysis Tools
 a) Tracking Tools
The tracking measures listed below and used by us are carried out on the basis of Article 6(1)(f) GDPR. We use these tracking measures to ensure, firstly, the needs-based design and continuous optimization of our website. Secondly, we use them to statistically record the use of our website and to evaluate it for the purpose of optimizing our services for you. These interests are considered legitimate within the meaning of the aforementioned regulations.
 b) Matomo
We use the open-source software Matomo to analyze and statistically evaluate the use of our website. Cookies are used for this purpose (see section 6). The information generated by the cookie about website usage is transmitted to our servers and aggregated into anonymized user profiles. This information is used to evaluate the use of our website and to enable us to tailor our website to user needs. The information is not shared with third parties.
 
Under no circumstances will the IP address be associated with other data relating to the user. The IP addresses are anonymized so that an assignment is not possible (IP masking).


7. Social Media Plug-ins
We focus on www.hildesheim-tourismus.de No social media plugins. 

 
8. Data subject rights  
You have the right:   

  • In accordance with Article 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected from you, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.
  • In accordance with Article 16 of the GDPR, you have the right to request the immediate rectification of inaccurate personal data or the completion of incomplete personal data stored by us.
  • In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
  • Pursuant to Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
  • In accordance with Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
  • In accordance with Article 7(3) of the GDPR, you have the right to withdraw your consent at any time. This means that we will no longer be permitted to process your data based on this consent in the future.
  • According to Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority for Lower Saxony: The State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hannover, +49 511 120 45 00, poststelle(at)lfd.niedersachsen.de


9. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided there are grounds relating to your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without requiring you to specify a particular situation.
 
If you wish to exercise your right of withdrawal or objection, simply send an email to info(at)hildesheim-marketing.de


10. Data security  
We use the widely used TLS (Transport Layer Security) protocol 1.0, 1.1 and 1.2 throughout the entire website in conjunction with the highest encryption level supported by your browser.

We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
 
11. Updating and changing this privacy policy
This privacy policy is currently valid and has the status of Mai 2020.

As a result of the further development of our website and offers thereof or due to changed legal or official requirements, it may be necessary to change this privacy policy. The latest privacy policy may be posted at any time on the website www.hildesheim-tourismus.de/datenschutz be retrieved and printed by you.