Status: October 2023
This data protection notice applies to the "Koblenz Wine Festival" app operated by Koblenz-Touristik GmbH (hereinafter referred to as "Koblenz Touristik").
1.iDENTITY OF THE CONTROLLER
The controller responsible for data processing within the meaning of Art. 4 No. 7 GDPR (EU General Data Protection Regulation) is
can be contacted at:
Tel: 0261 30388-0,
Fax: 0261 30388-11,
2. DATA PROTECTION OFFICER
Koblenz-Touristik has effectively appointed a data protection officer at
3rd Mind Business Consulting GmbH
Langer Weg 60
If you have any questions about data protection, please contact Mr. Frank Giebel at DSB-Service@3rd-mind.de
3. PROCESSING PURPOSES AND LEGAL BASES
If you provide us with your data, the use by us is regularly based on the agreement concluded with you on the basis of Art. 6 (1) lit. b GDPR (e.g. in the case of competitions (see below), creation of a user account). The processing of your inquiries is based on your voluntary consent in accordance with Art. 6 (1) lit. a GDPR; you can revoke this consent at any time with effect for the future (see "Rights of data subjects" below). In the event of revocation, your account and your associated data will be deleted immediately.
Furthermore, as a public body, we may process data on the basis of Art. 6 (1) lit. e GDPR in conjunction with Section 3 LDSG RP (Rhineland-Palatinate State Data Protection Act) if this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Creating your own user account
If you have created your own user account (see above), please enter the e-mail address and password you provided during registration to log in.
If you have entered the following data yourself, we will process it for the following purposes:
- List of events that you have marked as favorites,
- List of events that you have marked as "attended",
- List of wines that you have marked as "tasted" during the festival and date/time,
- Your votes for wine of the day and wine emperor wine
Competitions and online functions:
If you have created your own user account, you can participate in our competitions via the app on the basis of Art. 6 (1) lit. b GDPR (see "Conditions of participation in the Koblenz Wine Festival competition"). Your data regarding participation will only be processed for the duration of the competition and for sending the prizes. If you win, you will receive a "push message" on your input device via the app. A token from your input device is stored on our server to send these push messages. After logging out of your customer account, the token is automatically deleted. After the end of the competitions, the data of the winners will be stored in accordance with the tax regulations, the data of the non-winners will be deleted (but not their customer account).
Data processing on the basis of Art. 6 para. 1 lit. e GDPR in conjunction with § 3 LDSG RLP may also be necessary for the establishment, assertion or defense of legal claims in these contexts.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS
We operate our applications and your data exclusively in data centers in the EU or the EEA.
Your data will not be passed on, sold or otherwise transferred to third parties unless this is necessary and permitted for the purpose of processing a contract or providing a service, or you have expressly consented to this.
Otherwise, data is processed on our behalf on the basis of contracts in accordance with Art. 28 GDPR (order processing), e.g. for external services for the operation of our IT infrastructure.
In addition, data is only processed and transmitted to state institutions and authorities entitled to receive information within the framework of the relevant laws or if we have been obliged to do so by a court decision (see Art. 6 (1) lit. c GDPR).
5. AUTOMATED DECISION-MAKING / PROFILING
Automated decision-making / profiling or scoring does not take place.
6. CRITERIA FOR STORAGE DURATION AND DELETION
The storage period of your data depends on the processing purposes (see above) or the statutory retention / limitation and deletion periods. As a rule, it is stored for the duration of the business relationship (app use) with us. Longer (access-protected) storage only takes place in accordance with the relevant statutory retention obligations (e.g. for billing and tax purposes) or for the exercise / defense of legal claims.
If your data is no longer required for the aforementioned purposes, including statutory retention obligations, it will be deleted within the statutory periods.
For technical reasons, data may be duplicated in data backup files and mirror copies. Such copies may also only be deleted with a time delay for technical reasons.
7. ANALYSIS OF AUTOMATICALLY COLLECTED DATA
On the basis of Art. 6 (1) lit. e GDPR i.V.m. § Section 3 LDSG RLP, we record access and transactions in log files for the purposes of system security and evaluate them selectively or statistically. These anonymous log files are required for troubleshooting, statistics, analyses, quality improvements and the identification of security problems. This includes, for example, the connection data of the requesting device (IP address), device type, operating system and storage capacity of the device (RAM and memory) as well as the date and duration of app use.
No cookies are currently used when operating the applications.
9. GOOGLE FIREBASE
This app was developed on the Google Firebase development platform (Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland; see overview at: https://firebase.google.com/terms/). No tracking or analysis services are used. Personal data is only processed for the provision or authentication of the user account and for push notifications in connection with the app competitions (if you participate in them).
Use of Firebase Authentication
This is a login and authentication service that uses third-party identity services to simplify the process (here: existing Google or Apple account) and stores the information on its platform. Firebase Authentication thus acts as an intermediary for data collection, third parties and us. Firebase Authentication stores the collected data on our behalf so that your user account can be created and managed and your entries can be assigned in connection with the above-mentioned competitions. With regard to the order processing contract within the meaning of Art. 28 GDPR, we comply with the strict legal requirements for such a contract with Firebase Authentication.
The following personal data is processed: User name and e-mail address.
If you decide to participate in the competitions, these processing cases are based on your consent in accordance with Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR.
Registration via Google or Apple log-in.
Instead of registering directly by entering your user name and email address, you can also use your existing Google or Apple account. If the button is activated accordingly, a link is established with Google or Apple, the authentication process then runs in the background with the data you have stored with Google or Apple, which you then use to log in (possibly also using 2-factor authentication if you have set it up there). At the same time, you consent to the processing of the following data by us. This will link your Google or Apple profile to our app. Through this link, we receive the following information from Google or Apple: User ID, first name, last name, username, e-mail address.
We only process your user ID, first name, surname and email address as mandatory inventory data for identification purposes. The processing takes place on the basis of your consent expressly given during registration in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future.
We do not learn your Google or Apple access data at any point, Google or Apple only serve as "IdP" (identity provider). Conversely, neither Google nor Apple track the use of this app.
You can find out how Google handles privacy settings at https://policies.google.com/privacy and https://policies.google.com/terms. The valid provisions for the above-mentioned option of logging in and registering are also shown there.
You can find more information about the Apple login at: https://support.apple.com/de-de/HT210318.
If data were to be transferred to the USA (which is not planned but cannot be ruled out), such a data transfer would be legitimized by an adequacy decision of the EU Commission in conjunction with the EU-US Data Privacy Framework (DPF), both US companies are certified accordingly according to the US Department of Commerce, see https://www.dataprivacyframework.gov/s/data-protection-authorities.
Dieser Dienst wird dazu benutzt, um Ihnen Push-Nachrichten oder In-App-Messages zusenden zu können. A pseudonymized push reference is assigned to your end device, which serves as the destination for the push messages or in-app messages. You can deactivate or reactivate the push messages at any time in the settings of your end device.
10. CHILDREN & ADOLESCENTS
Persons under the age of 18 should only transmit their personal data online with the consent of their parents or legal guardians. We do not request such information from children and young people, nor do we collect it, let alone pass it on to third parties without authorization.
11. TECHNICAL DATA PROTECTION
We have taken technical and organizational measures to protect your data from loss, destruction, manipulation and unauthorized access and in particular to protect confidentiality, availability and (data) integrity, e.g. by storing it in data centers only in Germany or the EU/EEA. All employees and all persons involved in data processing (including contracted service providers) have been obliged by us to maintain confidentiality, to comply with data protection regulations and to handle personal data with care.
To protect security during transmission, we encrypt your data using Secure Socket Layer (SSL) where possible to prevent misuse by third parties.
Our security measures are continuously adapted in line with technological developments.
12. YOUR RIGHTS AS A DATA SUBJECT
As a data subject, authorized or otherwise entitled person, you have the possibility to assert the following rights against us at any time in writing, by fax or by e-mail, provided that there are no contractual or legal provisions to the contrary or the processing is necessary for other reasons.
To do so, please use the contact options at the beginning of this document. You can also terminate your account in conjunction with the deletion of your associated data directly via the "App settings".
Right to information: You can obtain information about your personal data stored by us at any time. Please only submit requests for information in writing (letter) or in text form (e-mail). For data protection reasons and due to a lack of qualified identification options, no information will be provided by telephone.
Right to correction: If we process your personal data directly and you discover incorrect information or a need to update it, you are welcome to inform us of this for correction purposes. In the event of significant changes, please enclose appropriate evidence with your application (e.g. in the case of name changes due to marriage: a copy of the marriage certificate or similar).
Right to erasure: You have the right to request that we erase your personal data at any time. Please note that we may be legally obliged to retain certain data in accordance with statutory retention obligations. We will then inform you of these data categories.
Right to restriction: You can request that we restrict the processing of your personal data at any time.
Right to data portability (data export): As you can generally use our applications without providing personal data, we do not offer a classic data export function for this purpose. In any case, we will examine your request in accordance with the legal provisions and technical feasibility and will contact you immediately regarding implementation.
Right of objection / revocation: You can object to the processing of your personal data by us at any time or revoke any consent you have given with effect for the future.
Right to lodge a complaint with the supervisory authorities: You have the right to lodge a complaint with your competent state data protection supervisory authority if you believe that our processing of personal data concerning you is in breach of the GDPR. You can find the address on the website of the Federal Commissioner for Data Protection and Freedom of Information in Berlin.
13. RESPONSIBLE DATA PROTECTION SUPERVISORY AUTHORITY
The following supervisory authority is responsible for Koblenz-Touristik GmbH
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
14. LINKS TO OTHER ONLINE PRESENCES
If you use links to external online presences (e.g. websites) that are offered as part of our app, this data protection information does not extend to these external presences.
At the time the links were created, we were able to satisfy ourselves of the correctness of the linked online presences with regard to content and security and we check this regularly. However, we have no influence on the continued compliance with data protection and security regulations of other providers or changes to content.
If you click on links to external online presences that are displayed in our app, these external online presences may collect user data if you click on these links or otherwise follow the instructions of these external online presences, especially if you are logged in to other platforms or similar. We have no control over the data that is collected voluntarily or involuntarily via external online presences of third parties. Therefore, for your own security, please also inform yourself about the data protection notices provided by the online presences of other providers.
If you become aware of an "unsafe" link from our app, please inform us immediately so that we can investigate the matter. Thank you very much.
15. CHANGES TO OUR DATA PROTECTION INFORMATION
If this becomes necessary due to the legal situation and technical developments, we will adapt our security and data protection measures and thus our data protection information accordingly. Please therefore note the current version at the beginning of this document.
16. FURTHER INFORMATION
If you would like further information that is not provided in this data protection notice or if you require further information on a specific point, please contact our data protection officer directly at DSB-Service@3rd-mind.de.