Data protection declaration of BäderBetriebe Frankfurt GmbH

This data protection declaration clarifies the type, scope and purpose of the collection and use of data from visitors* and users** (hereinafter collectively referred to as "users") when visiting and using the websites of BäderBetriebe Frankfurt GmbH (hereinafter "BBF" or those responsible ) as the responsible body.

responsible within the meaning of Art. 4 GDPR for the processing of personal data on this website is:

Badebetriebe Frankfurt GmbH
At the main station 16
60329 Frankfurt am Main
E-mail: info@frankfurter-baeder.de
Website: www.frankfurter-baeder.de

Privacy officer

Baeder Betriebs Frankfurt GmbH has appointed a data protection officer. You can reach our company data protection team and our data protection officer Ms. Caroline Böhm at:

Badebetriebe Frankfurt GmbH
To the data protection officer
At the main station 16
60329 Frankfurt am Main
E-mail: datenschutz@frankfurter-baeder.de

BBF collects data about every access to our online offer (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider . The BBF uses the log data without assignment to the person of the user or other profiling in accordance with the legal provisions only for statistical evaluations for the purpose of operation, security and optimization of the online offer. However, BBF reserves the right to subsequently check the log data if there is a justified suspicion of illegal use based on specific indications.

Personal data is only collected and used by BBF if this is permitted by law or if the user agrees to the data collection. As a rule, when using the service, the user can see which data is stored, such as name, e-mail address and message when using the contact and/or order form.

The personal data (e.g. name, e-mail address, address, payment data) provided for the purpose of ordering goods or services, such as course bookings, vouchers, junior baths cards, advantage cards, etc. will be processed by the BBF as Processed and stored by the provider for the fulfillment and processing of the order or contract. This data is treated confidentially, transmitted in encrypted form and not passed on to third parties who are not involved in the ordering, delivery and payment process. When contacting BBF (via contact form or e-mail), the information provided by the user is saved for the purpose of processing the request and in the event that follow-up questions arise. BBF has taken organizational, contractual and technical security measures to ensure that the provisions of the data protection laws are observed and accidental or intentional manipulation, loss, destruction or access by unauthorized persons is prevented.

The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.

4.1 Types of data processed

• Inventory data (e.g. names, addresses)
• Content data (e.g. text input)
• Contact information (e.g. email, telephone numbers)
• Meta/communication data (e.g. device information, IP addresses)
• Usage data (e.g. websites visited, interest in content, access times)
• Contract data (e.g. subject matter, term, customer category)
• Payment data (e.g. bank details, orders, payment history)
• Dates of birth (e.g. to verify the age limit for junior baths card applications)
• Categories of affected persons

4.2. Purposes of processing

• Providing our online offer and user-friendliness.
• Contact requests and communication.
• (Virtual) security measures of the website
• Contractual Benefits and Service

4.3. Relevant legal bases

In the following we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data.

• Consent (Art. 6 para. 1 S. 1 lit. a DSGVO)

The person concerned has given their consent to the processing of their personal data for a specific purpose or several specific purposes (e.g. when applying for a junior baths card).

• Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b DSGVO)

The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are taken at the request of the data subject (e.g. course bookings, purchases in the shop).

• Legal obligation (Art. 6 para. 1 S. 1 lit. c DSGVO)

The processing is necessary to fulfill a legal obligation to which the person responsible is subject (e.g. tax reasons for payment transactions).

• Justified interests (Art. 6 para. 1 S. 1 lit. f.DSGVO)

Processing is necessary to protect the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail (e.g. functionality of the website).

The users' personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Unless storage must be longer or longer if this is required by law or other regulations to which the BBF is subject as the responsible party.

User data will only be forwarded to third parties if this is permitted by law or if a user has consented to the forwarding. This is the case, for example, if the forwarding of the data serves to fulfill contractual obligations towards the user and the postal address is handed over to a service provider for the delivery of goods after a shop order. The personal data of the users are in no way sold or passed on to third parties for advertising purposes or for the purpose of creating user profiles.

When you visit our website, every access is stored in a log file, the so-called server log. Each record consists of information about:

• the page from which a page of our website was requested
• the page called up within our website
• Date and time of the call
• the amount of data transferred
• the access status (whether the call was successful or not)
• the browser used, e.g. B. Mozilla Firefox, Google Chrome, Apple Safari etc.)

The legal basis for this collection is Article 6 Paragraph 1 Letter f) GDPR (legitimate interest). We cannot offer you an opportunity to object to this survey, as the server protocol is essential to ensure the availability of this website and in the event of attacks on the website. The data from the server log is automatically deleted after seven days.

If you register for our newsletter, this is done on the legal basis that you have given us your consent (Article 6 (1) (a) GDPR).
You can object to the further delivery of the newsletter at any time by clicking on the unsubscribe link displayed at the end of each newsletter or by sending us an informal e-mail with the subject "Unsubscribe from newsletter". newsletter@frankfurter-baeder.de .

If you contact us using the contact form provided on the website, this is done on the basis of your consent (Art. 6 Para. 1 lit. a)). We only use the data transmitted via the contact form to answer your request. Further use of this data by us or third parties does not take place at any time.

For the operation of this website, we use service providers that we have carefully selected and with whom we have concluded appropriate contracts for order processing in order to comply with the provisions of the GDPR and the BDSG. In addition, we do not pass on your data to third parties, whether for a fee or free of charge, without your permission.

11.1. Our website uses cookies. Cookies are data sets that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
Detailed information on the cookies used on the BBF website can also be found on the bottom right of the website under 'Information' under 'Cookie settings'.

11.2. Legal basis for data processing

The legal basis for the processing of personal data using necessary cookies for the functionality of the website is Article 6 Paragraph 1 Letter f GDPR. Furthermore, cookies can be used for analysis based on the consent of the website visitor. You can revoke your consent to the use of non-functional, necessary cookies for analysis or third-party cookies at any time. For this purpose, you will find a corresponding field at the bottom of every BBF website with detailed information on the cookies used on the BBF website at the bottom right of the website under 'Information' under 'Cookie settings'.

11.3 User analysis using Matomo

Our websites are analyzed using the Matomo tool to determine how the individual pages are visited (frequency of visits, duration of visits, bounce rate). Matomo is configured in such a way that your IP address is shortened (pseudonymised), which means that no reference to your person can be made. Since Matomo is installed on our web server, no data is transmitted to third parties as part of the user analysis. For the above reasons, the legal basis for these surveys is Article 6 Paragraph 1 Letter f) (legitimate interest of the person responsible). You can decide at any time whether a unique web analysis cookie may be stored in your browser to enable the operator of the website to collect and analyze various statistical data.

11.4 Google Maps

For the individual pools, we include maps from the “Google Maps” service from the provider Google to provide directions. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (this is usually done as part of the settings on their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; site: https://cloud.google.com/maps-platform; Data protection: https://policies.google.com/privacy; Opposition possibility (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of commercials: https://adssettings.google.com/authenticated.

11.5 Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles.

 11.6 Duration of storage, objection and removal option

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. In addition, we offer a selection option for cookie settings at the bottom of every BBF website.

Since BäderBetriebe Frankfurt GmbH is represented with content on third-party platforms such as YouTube, Instagram and Facebook, we are providing information here about data processing in connection with third-party platforms, to the extent that BäderBetriebe Frankfurt GmbH is aware of these and can be influenced by them.

If a user visits a profile (Instagram, Facebook) or channel (YouTube channel) of BäderBetriebe Frankfurt GmbH on a third-party platform, the third-party platform operator uses cookies (data sets). The operators of the third-party platforms use cookies to collect personal data from users to evaluate user behavior. This applies in particular if the user is already registered on these third-party platforms. You can find more detailed information on this in the respective data protection information of the third-party platforms (see below). Baeder Betriebse Frankfurt GmbH does not know what personal data the operators of the third-party platforms (e.g. YouTube) collect overall and for what other purposes the operators process user data. Baeder Betriebse Frankfurt GmbH has no influence on the data protection regulations of a third-party platform or the collection, analysis and use of user data. Baeder Betriebse Frankfurt GmbH does not process any of your personal data as a user when you visit one of our social media profiles or our YouTube channel.

We advise using and regularly checking the various data protection and security settings on the respective third-party platform. In its data guidelines, the respective platform operator explains which data is collected during use:

12.1. YouTube

YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA. We therefore point out that there is a possibility that user data will be processed outside the European Union, in particular in the USA. This can result in increased risks for the user in that, for example, later access to the user data can be made more difficult. We also have no access to this user data. The access possibility lies exclusively with YouTube.
More information and privacy notices on YouTube:
https://policies.google.com/privacy
Any YouTube user has the option to request a copy of their recorded data: https://takeout.google.com/

12.2. Facebook

Baeder Betriebse Frankfurt GmbH presents social media content via the information service offered by Facebook on the technical platform and via the services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that users use this Facebook page of the BBF and its functions at their own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, information offered via this BBF Facebook page can also be accessed on our website. When you visit our Facebook page, Facebook records, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this under the following link:
http://de-de.facebook.com/help/pages/insights

The data collected about you in this context is used by Facebook Ltd. processed and possibly transferred to countries outside the European Union. What information Facebook receives and how it is used is described in general terms by Facebook in its data usage guidelines. There you will also find information about contact options for Facebook and the setting options for advertisements. The data usage guidelines are available at the following link:
http://de-de.facebook.com/about/privacy
You can find Facebook's full data policy here:
https://de-de.facebook.com/full_data_use_policy

How Facebook uses the data from visiting Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties are passed on is not finally and clearly named by Facebook and is not known to us. When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to information from Facebook, this IP address is anonymized (in the case of "German" IP addresses). Facebook also stores information about its users' end devices (e.g. as part of the "registration notification" function); it may be possible for Facebook to assign IP addresses to individual users.

• the right to information (Article 15 GDPR)
• the right to rectification (Art. 16 GDPR)
• the right to erasure (Art. 17 GDPR)
• the right to restriction of processing (Art. 18 GDPR)
• the right to an obligation to notify processors (Art. 19 GDPR)
• the right to object (Art. 21 GDPR)
• the right to data portability (Art. 20 GDPR)

To exercise your rights, you can contact us using the contact details given above.

13.1. Right to complain

If you believe that data protection-related processing is taking place on our website, you can also contact the data protection supervisory authority responsible for you. The data protection supervisory authority responsible for us is:
Hessian Commissioner for Data Protection and Freedom of Information
Gustav Stresemann Ring 1
65189 Wiesbaden

If you have any questions about data protection or inquiries, please contact our data protection team and data protection officer at datenschutz@frankfurter-baeder.de.

** Note:
For reasons of better legibility, the masculine form is used for personal designations and personal nouns on this website. Corresponding terms generally apply to all genders in terms of equal treatment. The shortened language form is for editorial reasons only and does not imply any evaluation or preference.