Data Protection

11.2 Cookie management - consent to non-functional cookies

Our website uses Usercentrics' cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

We have concluded an order processing agreement with Usercentrics, under which Usercentrics undertakes to ensure the necessary protection of your data and to process it in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions. The use of a cookie banner as well as the management and storage of your consent to the processing of your personal data is based on our legal obligation to provide a data protection-compliant website (Art. 6 para. 1 lit. c) GDPR in conjunction with § 26 TTDSG. The processing of data for the provision of a cookie banner is absolutely necessary for the operation of the website. The user has no right to object as long as there is a legal obligation to obtain the user's consent to certain data processing operations before loading the website.

When you enter our website, a Cookiebot cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is passed on to the provider of Cookiebot in anonymised form. Cookiebot processes the following data for provision and management:

• Your IP address anonymised during collection by Cookiebot (the last three digits are set to "0"),
• further information on the browser used and the browser version
• the date and time of your visit to our website or the settings you made via our cookie banner
• the URL of the website accessed,
• an anonymous, random and encrypted key (ID),
• your given consent or individual data protection settings.
  The cookie banner uses both the local memory (also called "local storage") on your end device and the setting of cookies to store this information locally in your browser. For this purpose, your individual settings and your ID are stored in a cookie so that the settings you have made are taken into account when you visit our website again.
  

Further information on data processing by Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/

11.3 Cookie management by means of "COOKIE GUIDE"

In the COOKIE GUIDE you can view your cookie settings and customise them to your needs at any time. You can also see what types of cookies there are and what purpose they serve.
Here is your cookie overview:

12. informative electronic messages (by e-mail) to business customers

We use CleverReach, with whom we have concluded an order processing contract, to send informative messages (by email) to business customers. CleverReach GmbH & Co. KG has its registered office at Mühlenstr. 43, 26180 Rastede. This service enables us to organise and analyse the sending of newsletters. Your data processed for the purpose of receiving the informative message, such as your email address, is stored on CleverReach's servers for this service. The servers are located in Germany and Ireland.

Sending newsletters with CleverReach allows us to analyse the behaviour of newsletter recipients. The analysis shows, among other things, how many recipients have opened their newsletter (informative message) and how often links in the newsletter were clicked. CleverReach supports conversion tracking in order to analyse whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details on data analysis by CleverReach can be found at: https://www.cleverreach.com/de-de/newsletter-tool/newsletter-reporting/.

Business customers have the option of registering for our newsletter on our website using the double opt-in procedure. This means that after registering you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to ensure that no-one can register with other people's e-mail addresses.

The legal basis for data processing is Section 7 (3) UWG and, in cases where a newsletter subscription is made via our website, consent pursuant to Art. 6 (1) (a) GDPR.

If you no longer wish to receive this information by e-mail in the future, please unsubscribe via the "Unsubscribe" link in the newsletter/informative message by e-mail. The legality of the data processing operations already carried out remains unaffected by the cancellation/unsubscription.

You can find details of CleverReach's privacy policy at: https://www.cleverreach.com/de-de/datenschutz/

13. your customer account

Business customers (B2B) have the option of creating a customer account with us. This means registering with us as the controller by providing personal data. The personal data that is transmitted to us is determined by the respective input screen used for registration. In some cases, individual fields are mandatory. This is because we cannot provide the services associated with registration without this information. The personal data you enter will only be processed for the intended purpose. For example, the customer account is used to process your orders and all associated services. In order to process your orders, we only pass on the data to other companies for the proper fulfilment of the contract and only to the extent necessary. For example, data is passed on to parcel service providers, payment service providers or other service providers involved in the application (e.g. cooperation partners). The service providers involved also use the personal data exclusively to process your order and only in accordance with our instructions. Your data will not be passed on to third parties without your express consent. Master data stored in the customer account remains stored until it is cancelled.

Please address any data subject rights in connection with your customer account to the contact address: info@alte-saline.de

If you have any general questions about data protection, please contact the address given in section 4 of this declaration.

14. data in the context of orders in the ticket shop as well as enquiries and reservations for individual offers and events

You can purchase tickets for guided tours, events and various group offers via our website. We also offer the opportunity to make enquiries or reservations for individual offers and events. This requires the provision of personal data to the extent necessary. Which personal data is transmitted to us is determined by the respective input mask used for the respective order/enquiry/reservation. In some cases, individual fields are mandatory. This is because processing is not possible without this information.

If personal data is subject to retention periods under tax and commercial law, it will be stored for this period. Beyond this period, further processing of this data will only take place if you have expressly consented to further use of your data. In the case of individual events or offers in the organisation of which cooperation partners are involved, it is necessary to pass on your data to these cooperation partners to the extent required. In this case, the necessary data will be passed on exclusively for the purpose of contract fulfilment. Your data will not be passed on to third parties. Your data will be treated confidentially by us at all times. For the handling of the payment process, we refer to point 15 "Data in the context of payment processing (credit card, PayPal, instant bank transfer)" which you will also find within this privacy policy.

15. data in the context of payment processing (credit card, PayPal, instant bank transfer)

Three payment methods (credit card payment, PayPal, instant bank transfer) are offered for processing orders for the products and services offered via this website. All payment methods are processed via the all-in-one payment service provider Unzer (Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany) and an order processing contract is concluded with the service provider for this purpose. Depending on the payment method (credit card, PayPal, instant bank transfer), the payment-relevant data required by the respective payment service to carry out the payment process is entered. For all payment methods, Unzer guarantees maximum security during data transmission. Due to the processing of credit card data, Unzer is bound by the globally valid PCI DSS IT standard (Payment Card Industry Date Security Standard). Further information on data protection can be found at: https://www.unzer.com/de/datenschutz/.

The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.
We offer the following payment methods on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Instant bank transfer

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as "Sofort GmbH"), which is a company of the Klarna Group. With the help of the "Instant bank transfer" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations. If you have decided in favour of the "Sofortüberweisung" payment method, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you have entered and your personal data are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempts at fraud.

A company that integrates the services of Sofort GmbH as a payment method on its website does not have access to your personal online banking access data (such as PIN) and TAN, which you enter in the encrypted payment form, at any time. For details on payment with Sofortüberweisung, please refer to the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").

Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de en/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").
The United Kingdom is considered a secure third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union.

VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

16. deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be blocked or erased in accordance with the statutory provisions.

17. Legal bases for the processing of personal data

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.
Furthermore, processing operations may be based on Art. 6 I lit. f GDPR. This is the case if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller or is employed by the controller. (Recital 47 sentence 2 GDPR). Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business activities for the benefit of our shareholders, taking into account the legitimate interests of the data subjects. When weighing up this interest, the focus is always on an appropriate relationship between the data subject and us as a company.

18. duration for which the personal data is stored

The criterion for the duration of the storage of personal data are statutory retention periods, which may result from tax or commercial law as well as other applicable legal provisions, whenever these legal provisions are applicable to your personal data. After the period has expired, the corresponding data will be deleted if it is no longer required to fulfill the contract, initiate the contract or maintain the business relationship. If no retention periods are applicable and you have given us your consent to store and use your personal data, the data will be stored and used for the purpose specified in the consent or until you revoke your consent for future use.

19. legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.

20. Data protection provisions about the application and use of Google Analytics

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). In accordance with Art. 28 GDPR, we have concluded an order processing contract with Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Scope of processing

Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

• Page views
• First visit to the website
• Start of the session
• Your "click path", interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%)
• Clicks on external links 
• Internal search queries
• Interaction with videos
• file downloads
• Viewed / clicked ads
• language setting
  

Also recorded:

• Your approximate location (data on country, region, city)
• Your IP address (in abbreviated form [anonymized form])
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your internet provider
• the referrer URL (via which website/advertising medium you came to this website)

  
  

  
  

Purposes of the processing

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Receiver

Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (as a processor in accordance with Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities will access the data stored by Google.

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Storage period

The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Withdrawal of consent

You can withdraw your consent at any time with effect for the future by accessing the cookie settings via the COOKIE GUIDE and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by not giving your consent to the setting of the cookie.

Nähere Informationen zu Nutzungsbedingungen von Google Analytics und zum Datenschutz bei Google finden Sie unter https://marketingplatform.google.com/intl/de/about/analytics/ and https://policies.google.com/privacy?hl=en

21. Google Tag Manager

We use the Tag Manager service offered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") to manage our website and to integrate cookie-based technologies. For this purpose, your anonymized IP address is transmitted to a Google server, which may also be located in the USA, each time you visit one of our websites. The IP address is not stored by Google as part of the Tag Manager service and is only used to integrate the technologies managed via the Tag Manager. The Tag Manager itself does not set any cookies. The Google Tag Manager is only loaded with your consent.

22. social media presence in social networks and platforms (Facebook, Instagram, YouTube)

We maintain the following channels and fan pages on social media platforms:

• Facebook: Alte Saline
• Instagram: altesaline_badreichenhall
• YouTube: Alte Saline Bad Reichenhall 

with the aim of communicating with the customers, interested parties and users active there and informing them about our services.

The icons displayed for this purpose in the footer area of our website are static links. This means that no automatic connection to these social networks is established when our website is loaded. Only when you click on the icon will you be taken to the website of the corresponding social network. Please note the explanations in subsection 23 - Facebook Custom Audiences (for websites) / Conversion - Facebook Pixel.
If you have consented to the use of cookies requiring consent, your browser automatically establishes a direct connection to the Facebook server based on the marketing tool used ("Facebook Pixel").

22.1 Facebook and Instagram

Principle

As the operator of the above-mentioned Facebook and Instagram accounts, we (Südwestdeutsche Salzwerke AG) are jointly responsible with the operator of the social network Facebook and Instagram (Meta Platforms Ireland Ltd.) within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). There is joint responsibility pursuant to Art. 26 GDPR.

Contact details of the joint controllers

Südwestdeutsche Salzwerke AG: Contact details of the controller and its data protection officer can be found in subsections 3 and 4 of this privacy policy.

Meta Platforms Ireland Ltd:

Contact details: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, IrelandAuthorized representative: Richard Kelley, registered in Ireland (Companies Registration Office), commercial register number 462932

You can contact the data protection officer for the Facebook and Instagram products via this link: https://www.facebook.com/help/contact/540977946302970

The Facebook terms of use and the other conditions and guidelines listed at the end of this document apply. https://www.facebook.com/legal/terms

Information on the scope of data processing

Information on the scope of data processing by our company can be found in this privacy policy.

Information on the scope of data processing and the associated handling of personal data by Facebook can be found here:

https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Information on the scope of data processing and the associated handling of personal data by Facebook for the Instagram service can be found here:

https://www.facebook.com/privacy/policy/?entry_point=facebook_help_center_ig_data_policy_redirect

Agreement on joint responsibility

You can access the agreement between us and Facebook on joint responsibility for data processing in accordance with Art. 26 GDPR here:

https://www.facebook.com/legal/controller_addendum

https://www.facebook.com/legal/terms/page_controller_addendum

This agreement was created for Facebook fan pages and, in our opinion, is also applicable to the use of Instagram Insights due to the identical Insights function and identical parties involved:

https://www.facebook.com/legal/controller_addendum

https://www.facebook.com/legal/terms/page_controller_addendum

Use of insights and cookies in connection with the above-mentioned Facebook and Instagram accounts

In connection with the operation of the above-mentioned Facebook and Instagram accounts, we use Facebook's Insights function to obtain anonymized statistical data on the users of our Facebook and Instagram accounts. For this purpose, Facebook stores a cookie on the end device of the user who visits our Facebook or Instagram account. The cookie contains a unique user code and is active for a period of two years unless it is deleted beforehand. The user code can be linked to the data of users who are registered with Facebook.

The information stored in the cookies is received, recorded and processed by Facebook, in particular when the user visits the Facebook services, services provided by other members of the Facebook group of companies and services provided by other companies that use the Facebook services. In addition, other entities such as Facebook partners or even third parties may use cookies on the Facebook services to provide services to companies advertising on Facebook.

You can find more information on the use of cookies by Facebook in their cookie policy.

https://www.facebook.com/privacy/policies/cookies/?entry_point=cookie_policy_redirect&entry=0

The Instagram Data Policy contains all information on data processing by Facebook when using Instagram:

https://help.instagram.com/519522125107875

We ourselves have no influence on how and to what extent Facebook and Instagram process this data.

Legal basis and legitimate interests

We operate the Facebook and Instagram accounts in order to present ourselves to and communicate with Facebook and Instagram users and other interested parties who visit our Facebook and Instagram accounts. The processing of users' personal data is based on our legitimate interests in an optimized social media presence (Art. 6 (1) (f) GDPR).

Transfer of data

It is conceivable that personal data may be processed outside the European Union by Meta Platforms, Inc. based in the USA. However, our contractual partner is Meta Platforms Ireland Ltd. based in Ireland and therefore within the European Union.

The US parent company Meta Platforms, Inc. 1 Meta Way, Menlo Park, California 94025-1453, USA is also certified under the EU-U.S. Data Privacy Framework (PDF), so that the data transfer there is permitted via the European Commission's adequacy decision regarding the USA.

We do not pass on any personal data ourselves.

Options to object

Under the settings for advertising preferences, Facebook users can influence the extent to which their user behavior may be recorded when visiting or using Facebook services and thus also our Instagram account.

Further options are offered by the Facebook settings or the form for the right to object.

The processing of information by means of the cookies used by Facebook and Instagram can be prevented by not allowing third-party cookies or cookies from Facebook in your browser settings.

22.2 YouTube

Principle for the use of this website

Our website uses plugins from the YouTube service. 

The company providing the service in the European Economic Area and Switzerland is Google Ireland Limited, a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.

The use of YouTube, and thus the viewing of embedded videos on this website, is only possible after your consent to the so-called marketing cookies. If you have not consented to the setting of these cookies, you will not be able to watch the embedded videos.

Once you have given your consent, a connection to the YouTube servers will be established. The YouTube server will be informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your end device until you delete them. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

22.3 YouTube channels

Principle

As the operator of the above YouTube channels on YouTube, we (Südwestdeutsche Salzwerke AG) are jointly responsible with the operator of the YouTube service (Google Ireland Limited; hereinafter also referred to as "Google") within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR).

When you visit the YouTube channels as described in section 22, personal data is processed by the controller.

In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

Contact details of the joint controllers

Südwestdeutsche Salzwerke AG: Contact details of the controller and its data protection officer can be found in sections 3 and 4 of this privacy policy.

Contact details: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

You can contact Google's data protection officer via this link: https://www.youtube.com/t/contact_us

Joint responsibility

We as the operator of the YouTube channel and Google as the platform operator of YouTube are jointly responsible for the data processing of the personal data of subscribers, visitors and users that takes place on or via the channel.

Information on data processing by our company can be found in this privacy policy.

Information on the handling of personal data by Google for the YouTube service can be found in their https://policies.google.com/privacy?hl=de.

Use of insights and cookies in connection with the above YouTube accounts

In connection with the operation of the YouTube channel, Google offers an analysis function that we use to obtain anonymized statistical data on the users and the interactions of our channel. For this purpose, Google stores a cookie on the end device of the user who visits our channel. The cookie contains a unique user code. The user code can be linked to the data of users who are registered with YouTube.

The information stored in the cookies is received, recorded and processed by Google. In addition, other entities such as Google partners may use cookies to provide services to companies advertising on YouTube or other Google services. You can find out more about the use and application of cookies by Google here: https://policies.google.com/technologies/cookies?hl=de

Legal basis and legitimate interests

We operate this YouTube channel to present ourselves to YouTube users and other interested parties who visit our YouTube channel and to communicate with them. The processing of users' personal data is based on our legitimate interests in an optimized presentation of SSG (Art. 6 (1) (f) GDPR).

Transfer of data

It is conceivable that some personal data may also be processed outside the European Union or the European Economic Area by the parent company of Google Ireland Ltd, Google LLC. based in the USA. You can find the exact information provided by Google in Google's privacy policy. However, our contractual partner is Google Ireland Limited, a company based in Ireland and therefore within the European Union.

The US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA is also certified under the EU-U.S. Data Privacy Framework (PDF), so that the transfer of data there is permitted via the European Commission's adequacy decision regarding the USA.

We do not pass on any personal data ourselves.

Options to object

In their account settings, YouTube users can influence the extent to which their user behavior may be recorded when visiting or using Google services and thus also our YouTube channel.

23. Facebook Custom Audiences (for Websites) / Conversion – Facebook Pixel

This website uses the so-called "Facebook Pixel" of the social network "Facebook" of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes: 

We use the Facebook pixel for remarketing purposes in order to be able to address you again within 180 days. This allows users of the website to be shown interest-based advertisements ("Facebook ads") when they visit the social network "Facebook" or other websites that also use the process. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our website or offers more interesting for you.

Facebook Conversion

With the help of Facebook Pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Due to the marketing tools used (Facebook Pixel), your browser automatically establishes a direct connection with the Facebook server as soon as you have consented to the use of cookies requiring consent. By integrating the Facebook pixel, Facebook receives the information that you have accessed the corresponding website of our Internet presence or have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.

Facebook processes the data in accordance with Facebook's data usage policy. Specific information and details about the Facebook pixel and how it works can also be found in Facebook's help section.

We (Südwestdeutsche Salzwerke AG) are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transmission of data as part of this process. This applies for the following purposes:

The creation of individualized or suitable ads, as well as for their optimization Delivery of commercial and transactional messages (e.g. via Messenger) The following processing operations are therefore not covered by joint processing:

The processing that takes place after collection and transmission is the sole responsibility of Meta.

We have concluded a corresponding agreement with Facebook for joint responsibility, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint responsibility.

The contact details of the responsible company, as well as the data protection officer of Facebook, can be found here: https://www.facebook.com/about/privacy. We have agreed with Meta that Meta can be contacted for the exercise of data subject rights. Nevertheless, the jurisdiction of data subject rights is not restricted.

Further information on how Meta processes personal data, including their legal basis, and additional details about data subject rights can be found here: https://www.facebook.com/about/privacy. We transmit the data as part of joint responsibility based on the legitimate interest according to Art. 6 (1) f GDPR.

Information about data security terms can be found here: https://www.facebook.com/legal/terms/data_security_terms, and information about processing based on standard contract clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

You can deactivate the tool through the cookie settings, which you can control via the COOKIE GUIDE, here: https://www.facebook.com/settings/?tab=ads#.

The lifespan of the cookies is up to 180 days after the last interaction. This applies only to cookies that were set through this website.

24.4 Right to Rectification according to Art. 16 GDPR                             

A data subject has the right to request the correction of inaccurate personal data concerning them from the controller without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

24.5 Right to Erasure according to Art. 17 GDPR                                       

A data subject has the right to request the erasure of personal data concerning them without undue delay, and the controller is obligated to erase personal data without undue delay if the conditions listed in Art. 17 GDPR are met.

24.6 Right to Restriction of Processing according to Art. 18 GDPR   

The data subject has the right to request the restriction of processing from the controller if the conditions specified in Art. 18 GDPR are met.

24.7 Right to Data Portability according to Art. 20 GDPR

A data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and have the right to transmit this data to another controller, as described in Art. 20 GDPR, provided the conditions specified in Art. 20 GDPR are met.

24.8 Right to Object according to Art. 21 GDPR

A data subject has the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them based on Art. 6(1)(e) GDPR (processing is carried out in the public interest or in the exercise of official authority) or Art. 6(1)(f) GDPR (processing is based on legitimate interests pursued by the controller or a third party). In such cases, the controller shall no longer process the personal data unless compelling legitimate grounds for the processing override the interests, rights, and freedoms of the data subject or the processing serves the establishment, exercise, or defense of legal claims.

24.9 Right to Object according to Art. 13(2)(c) GDPR

If the processing of personal data of a data subject by the controller is based on Art. 6(1)(a) GDPR (the data subject has given consent to the processing of their personal data for one or more specific purposes) or Art. 9(2)(a) GDPR (the data subject has given consent to the processing of their special categories of personal data for one or more specific purposes), the data subject has the right to withdraw their consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

You can declare your withdrawal by mail or email. The contact address can be found in section 4 of this statement. For all requests under Articles 15-21 of the GDPR related to your customer account, please address them directly to: info@alte-saline.de.

25. Right to Lodge a Complaint with a Supervisory Authority according to Art. 77 GDPR

Any data subject has the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data concerning them violates the GDPR. Typically, you can contact the supervisory authority of your habitual residence, place of work, or the location of the alleged infringement.

The supervisory authority to which the complaint has been submitted shall inform the complainant about the progress and the outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

The supervisory authority responsible for Südwestdeutsche Salzwerke AG is: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Physical Address:                                                                Mailing Address:

Lautenschlagerstraße 20                                                    Postfach 10 29 32

70173 Stuttgart                                                                    70025 Stuttgart

Deutschland                                                                         Deutschland

For more information, you can visit www.baden-wuerttemberg.datenschutz.de.

26. Up-to-dateness of this Privacy Policy

For legal or technical reasons, adjustments to our privacy policy may be necessary. We reserve the right to make such changes at any time and therefore encourage you to check this privacy policy regularly for the latest updates.

As of: November 2023