Preface
For the Bayerische Staatsbad Bad Brückenau compliance with data protection laws is not only a legal obligation, but a necessary element of trust. In the following we want to transparently inform you about the methods, scope and purpose of the processing of your personal data which might be collected from you while visiting this website. We will also inform you about your rights.
Controller
As operator of the website www.staatsbad.de the Bayerische Staatsbad Bad Brückenau, Heinrich-von-Bibra-Straße 25, 97769 Bad Brückenau, Germany (subsequently referred to as “we” and “us”) is the controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation (GDPR). You can contact us at info@staatsbad.de with any questions about this privacy policy.
Data protection officer
You can reach our DPO at:
E-Mail: datenschutz@staatsbad.de
Telefon: 09741 802-853
Rights of the data subject
Your rights as a data subject
As a data subject you have the following rights concerning your personal data. You have
- the right of access to information on – among others – the purposes of the processing, the categories of personal data concerned, the envisaged period for which the personal data will be stored as well as possible recipients, pursuant to and in accordance with the requirements of Art. 15 GDPR and § 34 BDSG
- the right to rectification and to erasure of incorrect or incomplete data pursuant to and in accordance with the requirements of Art. 16 and 17 GDPR and § 35 BDSG.
- the right to restriction of processing pursuant to and in accordance with the requirements of Art. 18 GDPR and § 35 (1) 2 BDSG.
- the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) pursuant to and in accordance with the requirements of Art. 21 (1) GDPR.
- the right to withdraw your given consent at any time, which does, however, not affect the lawfulness of processing based on consent before its withdrawal according to Art. 7 (3) GDPR.
- the right to data portability in a structured, commonly used and machine-readable format pursuant to and in accordance with the requirements of Art. 20 GDPR
- You have, pursuant to and in accordance with the requirements of Art. 22 GDPR, the right not to be subject to a decision based solely on automated processing, including profiling, which entails legal effects concerning you or significantly affects you in a similar way.
- Furthermore pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority about the processing of your personal data by us, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.
Procedure
When you claim your rights toward us according to the GDPR and the BDSG, we will process the data you thereby submit to fulfill your claims.
Subsequently we will store the data submitted by you and the data submitted by us to you in return for the purpose of documentation until the expiry of the regulatory offenses limitation period (3 years).
The lawfulness of processing and storing the data is based on Art. 6 (1) point (f) GDPR (legitimate interest of data processing). The legitimate interest results from our obligation to fulfill your requests and the need to exonerate ourselves in possible fine proceedings by proving that we have lawfully fulfilled your requests.
You can object to the processing of your personal data based on our legitimate interest at any time under the premises of Art. 21 GDPR. Please use the contact details provided in the imprint. We would like to note that the processing of your personal data is mandatory for the verification of compliance with data protection rights of the data subject according to Art. 21 (1) GDPR, as other methods of verification do not exist or are not equally suitable.
Data protection measures / arrangements
We secure our website and other systems — and thus your data — through technical and organizational measures against loss, destruction, access, change or dissemination through unauthorized persons. In particular your personal data will be transmitted encrypted through the internet. Therefore we operate with the coding system TLS (Transport Layer Security).
Having said this, the transmission of information via internet is never fully safe, which is why we cannot guarantee the safety of the data transmitted by our website to a 100%.
Data processing modalities
Sources and categories of personal data
We process your personal data insofar as it is necessary for the statement, content-related configuration or modification of a contractual relationship between you and us (inventory data). In particular the following can be inventory data: Name, form of address, contact details (postal address, telephone, email address), date of birth , etc.
Furthermore we process your usage data. Usage data is data that is collected when you interact with our web content and our services, in particular your IP address, start and end of your visit on our website and information on the contents you have viewed on our website.
We collect the data mentioned directly from you (e.g., through the visit of our website), or, provided that it is permitted by data protection laws, from third parties or respectively from publicly accessible sources (e.g., commercial or association register, the press, media, internet).
Data transfer to third party countries outside the EU
All information we acquire from or on you will generally be processed on servers located within the European Union. A transmission of your data or a processing of your data in third party countries will occur without your explicit consent solely if this is legally intended or permitted and if an appropriate data protection level is guaranteed in the third party country or if there are contractual obligations in place via the EU’s so-called standard contractual clauses.
Regarding data transfers to the U.S., the European Commission has issued an adequacy decision called the EU-U.S. Data Privacy Framework, which ensures an adequate level of protection for data transfers of personal data by companies participating in the EU-U.S. Data Privacy Framework. To the extent that we use services that transfer personal data to the U.S., the respective service states whether the company is certified by the EU-U.S. Data Privacy Framework.
Data disclosure, processing on behalf of the controller
We will never illicitly disclose your personal data to third parties. However, we may disclose your data to third parties, in particular if you have agreed to data disclosure, if the disclosure is necessary to fulfill our legal obligations or if we are obligated or authorized to disclose said data by law or administrative or judicial orders. In particular this may be the case for the purposes of criminal proceedings, averting of dangers or enforcement of intellectual property rights.
Under certain circumstances we may transmit your data to external service providers which process data on our behalf and in accordance with our instructions (data processor) to simplify and disburden our own data processing. Every data processor will be bound by contract according to Art. 28 GDPR. In particular this means that the data processor has to offer sufficient guarantees that appropriate technical and organizational measures are implemented so that data processing is compliant with the requirements of the GDPR and your rights as a data subject are ensured. Despite commissioning data processors we remain the responsible party for the processing of your personal data according to the GDPR.
Purpose / Objective of the data processing
In general we will use the data solely for the purpose for which the data was gathered. We may subsequently process the data for another, different purpose, provided that this other purpose is not incompatible with the original purpose (Art. 5 (1) point (c) GDPR).
Storage period
Unless specified otherwise, we will store data gathered from you only for as long as it is necessary for each respective purpose and unless there are legal retention obligations preventing deletion, for example from commercial law or tax law.
Individual processing activities / operations
In the following we want to outline as transparently as possible, which of your data we will process under which circumstances, on what basis and for what purpose.
Server log files
Each time our website is accessed, the following general information will be automatically sent to our servers by your browser (so called server log files): Your IP address, product and version information of the browser and operating system used (so called user agent), the webpage from which the access originated (so called referer), date and time of the request and possibly your internet service provider. Furthermore the status and the volume of data will be recorded.
Your computer’s IP address will be stored only for the duration of your visit to the website and subsequently will immediately be deleted or made partially unrecognizable through reduction. The rest of the data will be stored for a limited period of time (max. 7 days).The legal basis for the usage of these server log files is Art. 6 (1) point (f) GDPR (legitimate interest of data processing). The legitimate interest arises from the necessity to operate our website, especially to discover and remove website errors, to determine the utilization of the webpage, to make adjustments and improvements and to guarantee the security of the system. You can object to the processing of your personal data based on the legitimate interest at any time under the premises of Art. 21 GDPR. Please use the contact details provided in the imprint. We would like to point out that the processing of your server log files is mandatory in accordance with Art. 21 (1) GDPR, as otherwise the website cannot be operated at all.
Cookies
To improve user-friendliness we use so called “cookies” and the “web Storage” of your browser on our website.
What Cookies are
Simply put, a cookie is a small text file, that stores data about visited websites. Cookies can store a kind of “user profile”, including information like your preferred language or other page set-ups, that are required by our website to be able to offer you certain services. This file will be stored on your terminal device and also helps with recognizing you in the event of a new visit to our website.
Under certain circumstances we can gather information on your preferred activities on our webpage through these cookies, and thus align the webpage according to your individual interests and even increase the navigation speed on our website.
How you can avoid Cookies
You can manually delete the cookies in your browser’s security settings at any time.
Optionally you can prevent the storage of cookies by default via the respective settings of your browser. Please do note that in this case you possibly will not be able to use all functions of our website entirely or that errors may occur in the presentation or usage of the website.
Third party Cookies
It is possible that third party service providers, with the help of whom we develop and operate our website, independently store cookies on your terminal device, in particular through so called plugins (see section below “Third-party services”). Should you solely want to accept our own cookies, but not the cookies of these third parties, you can prevent these third party cookies by use of the respective browser setting “Block third-party cookies”.
Which Cookies are implemented
In detail our webpage places the following cookies
| Name | Description | Domain | Validity | Third party access |
| _lscache_vary | This cookie is used to provide users with varying content or versions of the website. The content depends on user preferences (e.g. language) and the device you are using (e.g. desktop or mobile device). | www.staatsbad.de | 2 days | No |
| real_cookie_banner-v:3_blog:1_path:—lang:de | This cookie is used to recognize whether you have already been shown the consent notice and whether you have fully accepted or rejected it, or which specific settings you have selected. | www.staatsbad.de | 1 year | No |
| wp-wpml_current_language | Saves the language version of a website selected by the user. | www.staatsbad.de | Session | No |
The legal basis for the use of cookies that are absolutely necessary for the function of the website (e.g. shopping cart cookie, session cookie) is Art. 6 para. 1 p. 1 letter f) GDPR (legitimate interest in data processing) as well as §25 para. 2 No. 2 TDDDG (absolute necessity for the provision of a digital service expressly requested by the user). The legitimate interest results from our need to be able to offer you a functioning website. Cookies are necessary for this because they are an integral part of current Internet technology and without cookies many functions of current websites would not be available. We therefore require cookies to provide you with the website in response to your request.
You can object to the processing of your data based on our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint.
However, we would like to point out that the processing of your data in certain cookies is mandatory in the sense of Art. 21 (1) GDPR, as otherwise the website cannot be operated at all and we do not have the technical possibility to prevent the setting of cookies on certain individual end devices. However, you may be able to do this yourself in your browser. For more information on this, please look at the instructions for your browser.
The legal basis for the use of cookies that are not absolutely necessary for the function of the website is Art. 6 para. 1 p. 1 letter a) GDPR (consent of the person concerned). We ask you for your consent to the use of cookies that are not necessary when you first access the website via a displayed notice text. You can revoke your consent at any time with effect for the future by calling up the cookie banner again and changing the settings made.
Web Storage
What is Web Storage
Web storage is a technology for web applications that store data in a web browser. Web storage can be seen as a further development of cookies but differs from them in some respects.
In contrast to cookies, which can be accessed by both server and client, the web storage is completely controlled by the client. This means that data is not transferred to the server every time the website is accessed. Access is only possible locally via scripts on the website. Specifically, this means that third parties cannot access the information stored on the website. Only you and we can access the locally stored data.
Legal basis
The legal basis for the use of web storage, which is absolutely necessary for the function of the website, is Art. 6 para. 1 p. 1 letter f) GDPR (legitimate interest in data processing) and §25 para. 2 No. 2 TDDDG (absolute necessity for the provision of a digital service expressly requested by the user). The legitimate interest results from our need to be able to offer you a functioning website. The Web Storage is necessary for this because it is an integral part of current Internet technology and without it many functions of current websites would not be available. We therefore require the Web Storage in order to provide you with the website in response to your request.
You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint.
However, we would like to point out that the processing of your data in web storage may be compulsory within the meaning of Art. 21 (1) GDPR, since otherwise the website cannot be operated at all and we do not have the technical option to prevent the usage on certain end devices. However, you may be able to do this yourself in your browser. For more information, please look at the instructions for your browser.
The legal basis for the use of the web storage, which is not absolutely necessary for the function of the website, is Art. 6 para. 1 p.1 letter a) GDPR (consent of the data subject). We ask you for your consent to the use of this data when you first access the website by means of a message text that appears. You can revoke your consent at any time with effect for the future by calling up the cookie banner again and changing the settings made.
Contacting us
Our website offers options for contacting us directly.
We process the data you send us exclusively until the purpose of your contact has been achieved, unless there are legal retention periods to the contrary. If the purpose of your contact is to assert data subject rights, what has been said in the section “Your rights as a data subject” applies.
The following data is processed within the framework of the contact form:
Last name, e-mail address, and if applicable, the title, first name, street, postal code, city, telephone number and the content of the message.
The following data is also processed in the contact form for journalist accreditation:
Editorial office, department / function and country.
The legal basis for the use of the data you provide to us by contacting us in the context of contractual or pre-contractual relations or for responding to (pre)contractual inquiries is Art. 6 para. 1 p. 1 letter b) GDPR (data processing for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract).
The legal basis for processing the data you provide to us by contacting us in cases other than for contractual or pre-contractual purposes or inquiries is Art. 6 para. 1 p. 1 letter f) GDPR (Legitimate Interest in Data Processing). Our legitimate interest in processing arises from our interest in responding to requests and maintaining user relationships.
You can object to the processing of your data based on our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint.
The data transmitted to us by you will be processed solely up until the point in which the purpose of your request is reached, unless contradicting legal retention periods exist. If the purpose of your contact is assertion of the rights of the data subject the section “your rights as a data subject” applies.
Newsletter
We offer to keep you up to date and regularly inform you about special offers through our newsletter service. To subscribe to the newsletter you can enter your email address into our distribution list. Following this you will have to confirm your registration (Double-Opt-In-Procedure). We use the data transmitted by you to us solely in regard to the newsletter service and do not distribute it to third parties for other purposes.
The legal basis for the usage of your email address is Art. 6 (1) point (a) GDPR (consent of the data subject). You can revoke your consent with effect for the future at any time. Please use the link included in every newsletter email or the contact details stated in the imprint.
Hosting services
Our website is hosted on servers of external providers to ensure the efficient and secure provision of the website.
Each time you visit the website, general information is automatically transmitted from your browser to the server (so-called server log files). For more information, see “Server log files” above.
The legal basis for the use of hosting service and the associated processing of your data is Art. 6 para. 1 p. 1 letter f) GDPR (Legitimate Interest in Data Processing). The legitimate interest arises from our need for a technically flawless presentation of our website without requiring in-depth knowledge of website programming and maintenance of IT systems. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint. However, we would like to point out that the processing of your data in this context may be mandatory within the meaning of Art. 21 para. 1 GDPR, as otherwise the website cannot be operated at all without disproportionate effort.
Third party services
For simplification of our data processing and to extend the functionality of our website we use third party services and resources, for example plugins, external content, software or other external service providers (services). In doing so the possibility exists that personal data will be transmitted to the service provider. If required, to protect your data, we have contractually obligated the service provider according to Art. 28 GDPR to solely process the data according to our instructions. We would like to explicitly point out that we are regularly only responsible for the data acquisition and transmission by the service according to the GDPR, but not for a possible subsequential processing by the respective service provider.
In detail we use the following services:
Google services
Our webpage uses services from the company Google Ireland Limited (“Google EU”), Gordon House, Barrow Street, Dublin 4, Irland. This company represents the company Google LLC (“Google US”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA in the EU.
By using the services data will be transmitted to Google EU and possibly from Google EU to Google US. Google as a whole can use the transmitted data to create anonymized user profiles for statistical purposes. In addition, if you possess a Google-account and are logged into it, Google can associate the transmitted data with your account, even across multiple devices. In general we do not have any influence regarding this data processing. Controller of this data processing is therefore Google EU.
The company Google LLC complies with the requirements of the “EU-U.S. Data Privacy Framework”. The Privacy Framework Agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.
You can find more information about the handling of user data in the privacy policy of Google: https://policies.google.com/privacy.
The details of the concluded standard contractual clauses (ensuring the level of data protection in third countries) can be found here: https://support.google.com/adspolicy/answer/10042247?hl=de
You can change your individual Google ad-settings on the following website: https://adssettings.google.com/?hl=de (Please note: The settings made are deleted when you delete the cookies in your browser)
We use:
Google Maps with Google Fonts and Google Developers
Our website uses the external map service “Google Maps” by Google. Google Maps serves our ability to offer an interactive map on our website, that shows you how you can find and reach us. This service allows us to present out website in an appealing way by loading maps from an external server. The required data is generally requested from a Google server in the USA. Through this request the following information, amongst others, will be transmitted to the Google servers and stored there: Your IP address, product- and version information about the used browser and operating system (so called user agent), the webpage from which your access took place (so called referrer), date and time of your request and possibly your internet-service-provider. In addition to this cookies (see above under “cookies”) will be set through the service on your terminal and analyzed by Google.
Google Maps uses the external font-service “Google Fonts” by Google. This service allows Google Maps to present the service in a unified and appealing way even for variously configured user terminals by loading fonts from an external server instead of the user terminal. For this purpose the required fonts will generally be requested from a Google server in the USA.
Google Maps also establishes a connection to Google for Developers to supplement the map image with graphics.
This service uses your browser’s web storage. For more information, see the Web Storage section above.
The legal basis for the use of Google Maps is Art. 6 para. 1 p. 1 letter a) DSGVO (consent of the data subject). We ask you for your consent to the use of the service when you first access the website via a displayed notice text. You can revoke your consent at any time with effect for the future by calling up the cookie banner again and changing the settings made.
Media services
We use certain services to fill and supplement our website with digital content. For this we generally use the integration functions of external platforms. By requesting content from the server of the service provider certain data will be generally transmitted to the service provider and stored there, for example your IP address, product- and version information about the used browser and operating system (so called user agent), the webpage from which your access took place (so called referrer), date and time of your request and possibly your internet-service-provider.
We use:
Livespotting
Our website uses the webcam service “Livespotting” provided by the company FOSS GmbH, Ruggernstrasse 8, CH-8113 Boppelsen, Switzerland.
The service stores data on its servers, including the entire session duration, timestamps of all requests, the IP address, the protocol, the data volume transferred, the total connection time, which camera was accessed, and the user agent. These details are essential for the technical implementation of the service.
In connection with the live webcam, we use the service “Cloudflare Insights” provided by the company Cloudflare Inc. (“Cloudflare”), 101 Townsend St., San Francisco, California 94107, USA. Cloudflare Insights is employed for statistical analysis and monitoring of technical performance of data traffic as well as the security of our website.
For this purpose, data is collected, including information on web application firewall events, rate-limited requests, the performance of Smart Routing, bandwidth savings, DNS queries, the duration of specific database queries, server availability and response time, as well as the geographical location of visitors. Additionally, your IP address, product and version details about your browser and operating system in use (so-called user agent), the website from which your access originated (so-called referrer), the date and time of the request, and potentially your internet service provider are recorded. The collected data is transmitted to Cloudflare’s servers, where it is stored and analyzed. For the collection and storage of this data, Cloudflare Insights uses a cookie. More information about this can be found above under “Cookies.”
Cloudflare, Inc. meets the requirements of the “EU-U.S. Data Privacy Framework.” This Privacy Framework agreement governs the protection of personal data transferred from a member state of the European Union to the United States. It ensures that the transferred data is subject to a level of data protection comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.
More information about the handling of user data can be found in Cloudflare’s Privacy Policy: https://www.cloudflare.com/security-policy/.
More information about the handling of user data by Livespotting can be found in Livespotting’s Privacy Policy: https://livespotting.com/de/datenschutzerklaerung.
The legal basis for the use of Livespotting is Article 6(1)(a) of the GDPR (consent of the data subject). Upon first accessing the website, we ask for your consent to use the service via a displayed notification. You can revoke your consent at any time with effect for the future by reopening the cookie banner and changing the settings.
Google Maps with Google Fonts and Google Developers
Our website uses the external map service “Google Maps” by Google. Please note the privacy policy statement above regarding Google Maps.
Social media fan pages
In addition to our website we maintain an online presence on social platforms in order to communicate with our active customers, interested parties and users, and to inform them about our services.
When you visit our presence on a social platform, your data will generally be gathered and processed by the respective platform provider for our market research and advertisement purposes. The provider can also process the data for their own purposes. From your user behavior and your interest resulting from this behavior user profiles can be made. These user profiles can in turn be used to, for example, show advertisements within and outside of the platform, that presumably corresponds with your interests. For these purposes cookies (see above) are generally stored on your terminal device, in which your user behavior and your interests will be recorded. Especially if you are a member of the respective platform and are logged in, further data may be stored independently in the user profiles. For a detailed presentation of each respective data processing and the possible contradiction possibilities we point to the following linked details of the service providers, as only they fully know the exact procedures of their data processing.
We point out, that your data may also be processed outside of the European Union. This can yield risks, as for example the enforcement of your rights may be more difficult.
The legal basis for the usage of online presences and the data procession related to it is generally Art. 6 (1) point (f) GDPR (legitimate interest of data processing). The legitimate interest results from our need to be able to present ourselves to visitors in social media as well as having the ability to introduce statements of all sorts into the media- and opinion market. You can object to the processing of your personal data based on the legitimate interest at any time under the premises of Art. 21 GDPR. Please use the contact details provided in the imprint.
The legal basis for the usage of statistical data of all visitors on our social media sites, that is gathered, prepared and made available to us by the respective platform providers is Art. 6 (1) point (f) GDPR (legitimate interest of data processing). The legitimate interest results from our need for user-oriented improvements of our online services and design and the optimization of the communication with interested parties by analysing anonymised visitor- and user behaviour. You can object to the processing of your personal data based on the legitimate interest at any time under the premises of Art. 21 GDPR. Please use the contact details provided in the imprint.
If you are asked for consent regarding data processing by the respective service provider, the legal basis for data processing is Art. 6 (1) point (a) GDPR (consent of the data subject). You can revoke your consent with effect for the future at any time. Please contact the service provider that asked for your consent regarding this.
In the event that you would like to assert your rights, we note that these rights, regardless of a possible joint responsibility and control, are most effectively enforced against the respective service provider. As a rule only the service providers have direct access to your data and can take appropriate measures directly or provide information. Should you need help nonetheless, you can contact us at any time and we will support you in the scope of our possibilities.
We are represented on:
Xing is a professional network of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Further information on data protection at Xing can be found at: https://privacy.xing.com/de/datenschutzerklaerung.
Effective: 31.03.2025