1. General information
Social media have become an integral part of the Internet and of modern communication. In order to stay in contact with our customers and potential customers, we have also set up our own fan page on Facebook. Facebook is a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and is certified under the EU/US Privacy Shield. With Implementing Directive (EU) 2016/1250 of the EU Commission dated 12 July 2016, the level of protection provided under the EU/US Privacy Shield is deemed of an equal standard to the level of protection within the European Union.
We hereby emphasise that Facebook saves and uses its user data (such as IP address, preferences and personal interests, browsing habits on Facebook, any personal information saved on Facebook) for commercial purposes.
The processing and subsequent use of this data is outside of our control because Facebook alone governs the data processing. The extent to which what data is saved, where and for how long, the extent to which the data is linked and analysed, and with whom the data is shared, is currently unknown to us. We also have no insight or influence with regard to deletion dates, i.e. whether and how accurately deletion dates are observed.
If you are a member of Facebook and have logged in to your account, Facebook can attribute your visit to our site to your user account. If you would like to prevent Facebook from linking your visit to our fan page with the data saved about you in your Facebook account, you must:
- Log out of Facebook before each visit to our fan page
- Delete existing cookies on your device
- Close your browser and reopen it
In this way, Facebook states, all information by which Facebook could identify you has been deleted.
2. Extent of data collection and storage
You do not need to be signed up to Facebook in order to view the content of our Facebook fan page. However, Facebook collects, stores and uses data for each visit to our site.
When you call up our fan page, your browser established a connection with a Facebook server. In doing so, data may be transmitted to countries outside of the European Union. In any case, your IP address will be transmitted and cookies are saved on your device, whether you are signed up to Facebook or not. If you are a member of Facebook and have logged in to your account, Facebook can attribute your visit to our site to your user account.
Some of the cookies saved are session cookies, which are deleted when the browser is closed, and permanent cookies, which remain on the device until they expire or until they are deleted by the user. A cookie is a tiny text file that enables a website to recognise a browser. Cookies are saved on the computer when it accesses a website and are called up and read the next time the server is accessed. Via your browser settings, you can decide whether you want to allow cookies, and which ones you want to permit, block or delete. You can find instructions for various browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can install ad blockers, such as Ghostery.
According to Facebook, the cookies it employs are used for authentication, security, website and product integrity, advertising and measurement, website functions and services, performance and analysis and research. For details of the cookies used by Facebook (e.g. name of the cookies, functional duration, content recorded and purpose), please see: https://www.facebook.com/policies/cookies/, by following the relevant links.
For settings relating to which adverts you see on Facebook, or that you no longer want to see, please see https://www.facebook.com/about/basics/advertising and http://www.youronlinechoices.com and make the relevant adjustments.
Under the above link, you can manage your preferences regarding usage-based online advertising. If you object to receiving usage-based online advertising from a specific advertiser with the aid of the preference manager, this only applies to collection of specific commercial data via the web browser currently in use. Preference management is cookie-based. Deleting all browser cookies also leads to the removal of all preferences set up with the preference manager.
- User communication: User interactions (posts, likes, etc.): Art. 6, Para. 1(f) GDPR
- Targeted advertising:
- Facebook cookies: Art. 6, Para. 1(f) GDPR
- Demographic data (e.g. based on age, place of residence, language or gender): Art. 6, Para. 1(f) GDPR
- Statistical data on user interactions in aggregated form, i.e. without direct personal references for us (e.g. Page activities, page impressions, page previews, likes, recommendations, posts, videos, page subscriptions, including origin, time of day): Art. 6, Para. 1(f) GDPR
Automatic decision making and profiling as described in Art. 22 GDPR does not take place.
We only save personal data for as long as is necessary to fulfil the purpose for which the data was collected. Within a business relationship with you, we save your personal data for as long as the business relationship exists. This includes the run-up to and implementation of the contract, as well as the regular statute of limitations. We also save the data as mandated if we are subject to statutory data storage requirements. Such requirements may arise from the German Commercial Code (HGB) or German Fiscal Code (AO).
If you have consented to a processing step, the data associated with the consent given shall be stored until the consent is revoked or, at the latest, for the duration of the processing step and according to the post-processing statute of limitations.
3. Facebook Insights
4. Sharing and using personal data
Recipients or categories of recipients:
If you interact with Facebook, Facebook of course has access to your data. It is specifically possible that Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA, has access to your data. Facebook is based in an insecure third country, where the level of data protection is lower. Facebook is subject to the EU/US Privacy Shield, which requires it to implement an appropriate – by European standards – level of data security.
Existing EU/US Privacy Shield certificates may be viewed at https://www.privacyshield.gov/list. With Implementing Directive (EU) 2016/1250 of the EU Commission dated 12 July 2016, the level of protection provided under the EU/US Privacy Shield is deemed of an equal standard to the level of protection within the European Union.
5. Legal basis
If data processing is necessary in order to protect a legitimate interest of our company or of a third party and if this interest is not superseded by the interests or fundamental rights and freedoms of the data subject, Art. 6, Para. 1(f) GDPR serves as the legal basis. We understand our legitimate interest in data processing as the presentation of our company, its products and services for your information and, specifically, as the provision of modern communication options for you.
6. Your rights
If the legal criteria are fulfilled, you have the following rights:
According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data relating to you where the processing is done in accordance with Art. 6, Para. 1(e, f) GDPR for reasons resulting from your particular situation; this also applies to any profiling based on these provisions. If personal data is processed in order to offer direct advertising, you also have the right to object at any time to the processing of personal data relating to you for the purposes of such advertising; this also applies to any profiling, provided that it is connected with this kind of direct advertising.
7. Contact details for the data controller and Data Protection Officer; shared responsibility under Art. 26 GDPR
Hamburg Tourisms GmbH
Facebook Ireland, Ltd.
4 Grand Canal Square, Grand Canal Harbour,
In the view of the European Court of Justice (ECJ), we share the responsibility for the processing of your personal data with Facebook. The decision of the ECJ dated 05/06/2018 can be found here.
As a result of our shared responsibility, we hereby inform you under Art. 26 GDPR of the key details of our existing agreement with Facebook governing our shared responsibility:https://www.facebook.com/legal/terms/page_controller_addendum
If you have any other questions regarding data privacy, please contact us. If you have any questions about the collection, processing or use of your personal data, or if you wish to request information, correct, block or delete data or revoke any consent you may have granted, please contact Ms Rammo (see below for contact details). Exercising your rights as above is free of charge.
8. For more information
For more information about the safe use of social networks, please see the website of the German Federal Office for Information Security at: https://www.bsi-fuer-buerger.de/BSIFB/DE/DigitaleGesellschaft/SozialeNetze/sozialeNetze_node.html