Privacy Policy
Note: Draft tailored to the actual tech stack – have it reviewed legally before launch and confirm the data-processing agreement with the host.
This policy explains how personal data is processed when you visit travemuende-heute.de. The site is an independent information service and not an official site of the City of Lübeck or the resort administration.
Controller
The controller under the GDPR is: Christian Fizia, Lindwurmstraße 9, 23570 Travemünde, Germany, e-mail kontakt@travemuende-heute.de.
Principle: data minimisation
The website is static. It uses no cookies and no personal tracking and creates no user profiles. No consent banner is required, because no consent-relevant services load without your active interaction.
Hosting and server log files (Vercel)
The website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. On access, the host processes technically necessary connection data in server log files – in particular the IP address, date and time, the requested resource and the transmitted browser/device type (user agent).
This processing serves solely the secure, stable delivery of the site and IT security; no analysis of individuals or merging with other data takes place. The legal basis is the legitimate interest in secure, efficient provision (Art. 6(1)(f) GDPR).
A data-processing agreement under Art. 28 GDPR exists with or will be concluded with the host before launch. As a US provider, a transfer to the USA may occur, based on appropriate safeguards (EU Standard Contractual Clauses or the EU-US Data Privacy Framework adequacy decision).
Domain and name resolution (Cloudflare)
Domain name resolution is handled via Cloudflare (DNS service). Cloudflare is not interposed as a proxy; page content is delivered directly by the host.
Embedded external content (two-click)
Certain interactive content is not embedded automatically but loads only after you explicitly click it. Only with that click is data – including your IP address – transferred to the respective provider. The legal basis is your consent through the active click (Art. 6(1)(a) GDPR), which you can withdraw for the future by no longer opening the content.
This concerns: Google Maps map views (Google Ireland Ltd., Dublin, Ireland; policies.google.com/privacy); the MyShipTracking live ship map (myshiptracking.com); and Komoot tour maps (komoot GmbH, Germany; komoot.com/privacy).
Place ratings (Google Places)
For individual places we display the average rating and rating count as a number (source: Google). These aggregate values are fetched server-side at build time via the official Google Places API; merely viewing the page transfers no personal data of yours to Google.
Visitor statistics (Cloudflare Web Analytics)
Where enabled, we use Cloudflare Web Analytics – a cookie-free, aggregated measurement without personal profiles and without cross-device recognition. No cookies are set; no consent banner is required. The legal basis is the legitimate interest in privacy-friendly reach measurement (Art. 6(1)(f) GDPR).
Content data sources
Weather, water, gauge, warning, traffic, transit, event and place data are fetched at build time on the build server and delivered as static content. Visiting the site triggers no requests from your browser to these sources, and no personal data of yours is processed.
Your rights
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and to object to processing based on legitimate interests (Art. 21 GDPR). You may withdraw any consent at any time with effect for the future (Art. 7(3) GDPR).
You also have the right to lodge a complaint with a supervisory authority, e.g. the Independent State Centre for Data Protection Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, Germany.
Contact and status
For information and to exercise your rights, please use the contact address stated in the imprint. This privacy policy will be updated as technology or the legal situation changes.