Name and Address of the Controller

This website’s responsible controller, in accordance with the European Union’s General Data Protection Regulation, further federal data protection laws enacted by the European member states and with other data protection regulations is:

Stadt Tegernsee
(The Municipality of Tegernsee)
Rathausplatz 1
83684 Tegernsee
Germany
Phone: +49 8022-1801 – 0
Email: rathaus@tegernsee.de

Name and Address of the Data Protection Officer

Please direct any questions regarding data protection and data security towards our data protection officer:

actago GmbH
Maximilian Nuss
Straubinger Straße 7
94405 Landau a. d. Isar
Germany
Phone: +49 (0)9951 99990-20
E-Mail: datenschutz@actago.de

General Information

Purpose and legal basis for the processing of personal data

The purpose of data processing is the fulfilment of public functions assigned to us by the German legislator, specifically the conveyance of information to the public.

The legal basis for data processing, unless otherwise stated, constitutes itself from Article 4 Paragraph 1 of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 Paragraph 1 Sub-Paragraph 1 Point e of the GDPR. Accordingly, we are entitled to process the data required to fulfil any of our assigned functions.

Recipients of personal data

The technical operation of our data processing systems is managed by:
Rematec Datentechnik GmbH and by 0und1 IT-Dienste GmbH

When necessary, your data is transmitted to the responsible supervisory and auditing authorities, so they may exercise their respective supervisory rights.

In order to safeguard against threats to IT security, electronically transmitted data might be forwarded to the Bavarian State Office for Secure Information Technology (Landesamt für Sicherheit in der Informationstechnik LSI) and processed there on the basis of Article 12 ff of the Bavarian E-Government Act (BayEGovG).

Duration of personal data storage

We only store your data for as long as this is necessary for the fulfilment of our functions, in accordance with statutory retention periods. 

Your rights

If and when we process your personal data, your rights encompass the following:

  • You have the right to information about your personal data stored by us (Article 15 GDPR).
  • If incorrect personal data is processed, you have the right to rectification (Article 16 GDPR).
  • If legal requirements apply, you can request the erasure or restriction of data processing (Articles 17 and 18 GDPR).
  • If you have consented to data processing or if a contractual basis for data processing exists, and processing is also automated, you may have a right to data portability (Article 20 GDPR).
  • If you have consented to data processing and the processing is executed on the basis of this consent, you can revoke your consent at any time for the future.
  • The legitimacy of data processing carried out on the basis of your initial consent up until its revocation remains unaffected by this.

You have the right to object to the processing of your data at any time for reasons that arise from your particular situation, if the processing is carried out exclusively on the basis of Article 6 Paragraph 1 Point e or f GDPR (Article 21 Paragraph 1 Sentence 1 GDPR).

Right to appeal to the supervisory authority

You are furthermore entitled to appeal to the Bavarian State Commissioner for Data Protection (Bayerischer Landesbeauftragter für den Datenschutz). You can reach this officer at the following address:

Post office box: Postfach 22 12 19, 80502 München, Germany
Office address: Wagmüllerstraße 18, 80538 München, Germany
Phone: +49 (0) 89 212672-0
Fax: +49 (0) 89 212672-50

Email: poststelle@datenschutz-bayern.de
Website: https://www.datenschutz-bayern.de/

Further information

For more detailed information regarding the processing of your data and your rights, you can reach us at the abovementioned contact (at the beginning of section 1).

Information Regarding our Internet Presence

Technical operation

Our web server is operated by Rematec Datentchnik GmbH and by 0und1 IT-Dienste GmbH. Personal data transmitted when you visit our website is therefore processed on our account by the following service providers:

Rematec Datentechnik GmbH (system solutions, hosting, technology, programming, design)
Address:
Heuweg 9
83684 Tegernsee
Germany
info@reamtec.de

0und1 IT-Dienste GmbH (leased line, firewall, hosting)
Address:
Am Sonnenhang 18
83174 Miesbach
Germany
info@0und1.de

Data logging

When you visit this or other web pages, you transmit data to our web server via your Internet browser. The following data is recorded during an active online connection in order to facilitate communication between your Internet browser and our web server:

  • date and time of request
  • name of requested file
  • web page whence the file was requested
  • access status (file transmitted, file not found, etc.)
  • web browsers and operating system that were used
  • complete IP address of requesting computer
  • amount of data transmitted

We log this data for reasons of technical security, particularly to ward off attempted attacks on our web server. After seven days at the latest, we anonymise this data by shortening the IP address at domain level so that it becomes impossible to trace back to the individual user.

In order to avert threats to IT security, data is transmitted to the Bavarian State Office for Secure Information Technology (Landesamt für Sicherheit in der Informationstechnik LSI) and processed there on the basis of Article 12 ff of the Bavarian E-Government Act (BayEGovG).

Cookies

When you access this website, we store cookies (small files) on your device, which are valid for the duration of your visit to our Internet page (“session cookies”). We use these exclusively during your visit to our Internet page. Most default browser settings accept the use of cookies. However, you have the option of changing the setting of your Internet browser to reject cookies for the duration of the active session or permanently. After your visit, your browser will automatically delete these cookies.

Contact Form and Contact Requests via Email

Description and scope of data processing

A contact form is available on our website, which you can use to get in touch electronically. Should you avail of this option, the data entered in the input mask will be transmitted to us and stored. This data includes your:

  • surname
  • first name
  • email address
  • question or message

During transmission of this contact form, you will be asked for your consent to data processing and you will also be directed to this Privacy Policy.

Alternatively, you can contact us using the email address provided. In this case, we will store personal data transmitted with your email. In this context, no data will be shared with third parties.

We will solely use your data to process our conversation.

Legal basis for data processing

If user consent has been given, the legal basis for the processing of your personal data is Article 6 Paragraph 1 Point a GDPR.

Legal basis for the processing of personal data transmitted via email is Article 6 Paragraph 1 Point f GDPR. If an email contact request aims at the conclusion of a contract, Article 6 Paragraph 1 Point b GDPR additionally applies as legal basis.

Purpose of data processing  

Processing of your personal data from the contact form solely serves the purpose of responding to your contact request. In case of an emailed contact request, the same justified purpose for data processing applies.
Other personal data processed during transmission of the contact form is used to prevent its misuse and to ensure the security of our IT systems.

Duration of storage

We delete your personal data as soon as it is no longer required to achieve the purpose of its collection. This applies for personal data sent through the contact form or via email, when the respective conversation with you has ended. A conversation counts as completed when it transpires from circumstances that the matter in question has been exhaustively clarified.

Additional personal data collected during transmission is deleted after a period of seven days at the latest.

Right to objection and erasure

You have the option at any time to object to future processing of your data in connection with a contact request through the contact form or via email. In such a case, the conversation between you and us cannot be continued and all personal data collected in the course of contacting us will be deleted.

Email Security

You agree to electronic communication by proactively establishing electronic contact with the Municipality of Tegernsee.

You are advised that emails can be read or altered during transmission without your authorisation or detection.

The Municipality of Tegernsee uses software to filter unwanted emails (spam filter). This spam filter might reject emails, if due to certain characteristics these are incorrectly identified as spam.

Email contents are not automatically protected unless you have undertaken your own encryption measures. Your personal data contained in non-encrypted emails is not protected. Should you have concerns about the transmission of personal data or other sensitive contents, you can agree on adequate encryption with the email’s recipient (our employees) before transmission or use a fax or postal service.

Newsletter

Description and scope of data processing

Our website offers you a newsletter, which informs you about current events and offers. To subscribe to the newsletter, you need to submit a valid email address. When subscribing to the newsletter, you automatically agree to receiving the newsletter and to the outlined newsletter-related processes.

Legal basis for data processing

Legal basis for the processing of your personal data in the context of sending the newsletter is the existence of your consent, see Article 6 Paragraph 1 Point a GDPR.

Purpose of data processing

The purpose of collecting your personal data is to send the newsletter to you. Processing of your personal data in connection with a newsletter subscription happens in order to inform you about current events and offers.

Duration of storage

We delete your personal data as soon as it is no longer required to achieve the purpose of its collection. This means that your personal data is stored for as long as the newsletter subscription is active.

Right to objection and erasure

You can cancel your newsletter subscription at any time. For this purpose, each newsletter contains a corresponding link. After cancellation, your personal data will be deleted. Cancellation of your subscription also enables withdrawal of your consent to data processing.

Web Analytics via Matomo (formerly PIWIK)

Scope of personal data processing

On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. This software places a cookie on the user’s computer (see further information on cookies above). When you access any individual page of our website, the following data is collected:

  • two bytes of the visiting user system’s IP address
  • the web page accessed
  • any previous website which referred the user to the accessed web page (referrer)
  • sub-pages accessed from the respective web page
  • duration of the visit to the respective web page
  • frequency of visits to the web page

This software runs exclusively on the servers of our website. The user’s personal data is only stored there. No transmission to third parties takes place. 

The software is set up so that IP addresses are not saved in full, but two bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the accessing computer.

Legal basis for personal data processing

Legal basis for personal data processing is Article 6 Paragraph 1 Point f GDPR.

Purpose of data processing

The processing of your personal user data enables us to analyse your surfing behaviour. By evaluating the data obtained, we are able to compile information about the use of the various components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes legitimise our interest in the processing of your personal data in accordance with Article 6 Paragraph 1 Point f GDPR. Anonymising your IP address takes your interest in the protection of your personal data adequately into account.

Duration of storage

We delete your personal data as soon as it is no longer required for our compilation purposes. For us, this is the case after 180 days.

Right to objection and erasure

Cookies are stored on your computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. By changing the settings in your Internet browser you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If you deactivate the use of cookies for our website, its various functions might no longer be usable by you to their full extent.
Our website allows you to opt out of the analysis process. To do this, you need to follow the respective link. In this case, a further cookie is saved to your system which signals our system not to save your data. If you delete this cookie from your own system between visits, you will have to reset the opt-out cookie.

How to deactivate Matomo:

It is up to you to decide whether a distinct web analytics cookie may be deposited in your browser, allowing the host of the website to collect and analyse various statistical data. If you opt against this, please click on the following link to install the Matomo deactivation cookie in your browser:

Please find further information regarding the Matomo software’s privacy settings at this link: https://matomo.org/docs/privacy/

Google Web Fonts

This website might use so-called Google Web Fonts for the uniform representation of fonts. To use these, your browser downloads the required fonts from our website system. They are then temporarily stored in your so-called browser cache in order to display the fonts correctly. During this process, your browser will not connect to the Google servers. This ensures that Google has no knowledge of your visit to our website or of your IP address.

Facebook Presence

To expand our online presence, we offer access to a Facebook page. The social media provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that safe usage of this Facebook page and its functions is your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

When you visit our Facebook page, Facebook Ltd. records, among other things, your IP address as well as further information available in the form of cookies on your PC. This information is used to provide us, as the Facebook page’s operator, with statistical information about usage of said Facebook page. Facebook Ltd. provides further information at the following link:
http://de-de.facebook.com/help/pages/insights

Your personal data collected in this context is processed by Facebook Ltd. and possibly transferred to countries outside the European Union. What kind of information Facebook collects and its further use is broadly described in Facebook’s data usage guidelines. There, you will also find information about contacting Facebook and your options for advertisement settings. Data privacy guidelines are available at the following link:

http://de-de.facebook.com/about/privacy

Facebook’s complete data use policy can be found here:

https://de-de.facebook.com/full_data_use_policy

How Facebook uses data resulting from your visit to a Facebook page for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a Facebook page visit is passed on to third parties is not stated conclusively and clearly by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to information from Facebook, this IP address is anonymised (in the case of “German” IP addresses) and deleted after 90 days. Facebook also stores information about its users’ end devices (e.g. as part of the “registration notification” function); therefore, if necessary, Facebook is able to assign IP addresses to individual users.

If you are currently logged into Facebook as a user, a cookie is active on your device with your Facebook ID. This enables Facebook to understand that you have visited our Facebook page and how you have used it. This also applies for all other Facebook pages. Facebook buttons integrated into websites enable Facebook to record your visits to these web pages and to assign them to your Facebook profile. This data can be used to offer contents or advertising tailored to you.

If you wish to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, Facebook information that can be used to directly identify you as a user is deleted. This allows you to use our Facebook page without revealing your Facebook ID. If you access the interactive functions of the site (like, comment, share, news, etc.), a Facebook login screen appears. If you do log in, you are again recognisable for Facebook as a specific user.

Please find information on how to manage or delete existing information about you on the following Facebook support pages:

https://de-de.facebook.com/about/privacy#

As the provider of this information service, we furthermore collect and process the following data from your use of our Facebook service:

Publicly viewable data from the user profile of the person concerned.

This includes, for example, the username, the profile picture, and the content of comments made in response to our posts.

Further information on Facebook and other social media networks and how you can protect your data is available at youngdata.de.

Guideline for this Privacy Policy

Unless otherwise regulated, our use of all and any information we collect about you is subject to this Privacy Policy.

The Municipality of Tegernsee reserves the right to continuously adapt this Privacy Policy to reflect necessary security measures in accordance with technological developments and will announce any changes here.

As of: December 2020

Further Guidelines

Technical and organisational measures

The Municipality of Tegernsee has put in place technical and organisational measures to protect your data from loss, destruction or unauthorised access.

In addition, its employees as well as any affiliated service providers are sworn to secrecy and obliged to comply with data protection regulations.

SSL and TLS encryption

For security reasons and to protect the transmission of confidential contents that you send to us as the website operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” web address and by the lock symbol in the browser’s title or address bar.