Data protection

Data protection declaration for this online offering and further information about the duty to provide information according to Art. 13 GDPR on the collection of personal data from the data subject

This data protection declaration (Version: GDPR 1.0 from 27.06.2018) was produced by:
Deutsche Datenschutzkanzlei Datenschutz-Office Munich –

Data protection
We, the Schwabinger Weihnachtsmarkt e. V, are responsible for this online offering and, as the provider of a teleservice, must inform you at the beginning of your visit to our website, about the type, scope and purpose of the collection and use of personal data in a precise, transparent, understandable and easily accessible way in clear and simple language. The contents of the information must be accessible to you at all times. We are therefore obliged to inform you of which personal data will be collected or used. Any information relating to an identified or identifiable natural person is described as personal data.

We place great value on the security of your data and compliance with the data protection regulations. The collection, processing and use of personal data is subject to the regulations of the European and national laws currently in force

In the following data protection declaration, we would like to show you how we handle your personal data and how you can make contact with us:

Schwabinger Weihnachtsmarkt e.V.
C/O Atelier – KLEINA
St. Anna Str.14
80538 München

Association register Nr.: VR 7520
Manager: Stephanie Schmitz
Telephone: +49 89


For the sake of easier reading, no gender-specific distinction is made in our data protection declaration. The terms used apply, in the context of equal treatment, to both genders.

The meaning of the terminology used, for example ‘personal data’ or its ‘processing’ can be taken from Article 4 of the EU-General Data Protection Regulation (GDPR).

The users’ personal data processed in the context of this online offering, includes inventory data (e.g. customers’ names and addresses), contract data (e.g. services used, name of person responsible, payment information), usage data (e.g. Websites of our online offering visited, interest in our products) and content data (e.g. input into the contact form).

‘User’ includes all categories of persons affected by the data processing. These include, for example, our business partners, customers, interested parties and other visitors to our online offering.


Data protection declaration
We guarantee that we only collect, process, store and use your incoming data in connection with the processing of your request, as well as for internal purposes and providing the services that you have requested or to make content available.

Basis of data processing
We process the user’s personal data only in compliance with the relevant data protection regulations. The user’s data are only processed when the following statutory permission exists:

  • in order to deliver our contractual performance (e.g. Processing orders) and online services
  • processing is required by law
  • your consent is given
  • on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation and security of our online offering in the sense of Art. 6 para. 1 lit. f. GDPR, in particular range measurement, production of profiles for advertising and marketing purposes, as well as the collection of access data and the use of services from third party providers)

We would like to show you where the main legal grounds are regulated in the GDPR:

  • Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR
  • Processing to deliver our contractual performance and carrying out contractual measures: Art. 6 para. 1 lit. b. GDPR
  • Processing to safeguard our legitimate interests: Art. 6 para. 1 lit. f. GDPR

Data transfer to third parties
We would like to point out that a data transfer takes place when using our online offering due to the use of Google Analytics.

Data transfers to third countries or an international organization
Third countries are countries in which the GDPR is not a directly applicable law. This basically includes all countries outside the EU, respectively, the European Economic Area.

A data transfer to a third party or an international organization takes place. Hereby is taken into consideration that relevant suitable/appropriate guarantees are present, and your enforceable rights and effective judicial remedies are available.

A copy of the appropriate guarantees can be obtained under the following links:

Length of storage of your personal data
We adhere to the principles of data economy and data avoidance. This means the data made available to us is only retained for as long as it is needed to fulfil the previously named purposes or as laid down by the manifold storage periods provided for by the legislator. If the relevant purpose no longer exists, respectively after expiry of the appropriate period, your data is routinely blocked, respectively erased, in accordance with the statutory provisions.

We have developed a company-internal concept to guarantee this procedure

Making contact
If you make contact with us by email, telephone, fax etc., you consent to electronic communication. Personal data will be collected in the context of contacting us. Your data are transmitted with SSL encryption. The information which you provide will be stored exclusively for the purpose of processing your inquiry and for possible follow-up questions.

We would like to tell you the legal grounds:

  • Processing to fulfil our performance and carry out contractual measures: Art. 6 para. 1 lit. b. GDPR
  • Processing to safeguard our legitimate interests: Art. 6 para. 1 lit. f. GDPR

We would like to advise you that emails can be read or changed, unnoticed and without authorization, during transmission. We would also like to bring to your attention that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if they are wrongly identified as spam due to the presence of certain characteristics

What rights do you have?
a) Right to information
You have the right to obtain information about your stored data without charge. Upon request, we will tell you in writing, in accordance with current law, what personal data we have stored about you. This also includes the origin and recipient of your data as well as the purpose of the data processing.

b) Right to rectification
You have the right to have your data which is stored by us, corrected, if it is incorrect. You can demand a limitation to the processing of your personal data, e.g. if the accuracy of your personal data is contested

c) Right to blocking
Furthermore, you can have your data blocked. So that a blocking of your data can be taken into account at any time, the data must be held in a lock file for control purposes.

d) Right to erasure
You can also demand the erasure of your personal data, so long as no legal storage obligation exists. If such an obligation exists, we will block your data on request. If appropriate statutory requirements are present, we will also erase your personal data without a request from yourself

e) Right to data transferability
You are entitled to demand that the personal data transferred to us, is made available in a format which enables it to be transferred to another location

f) Right to complain to a supervisory authority
You have the option of approaching a data protection supervisory authority with a complaint.

Bavarian State Office for Supervision of Data Protection(BayLDA)
Promenade 27, 91522 Ansbach, Deutschland
Telephone: +49 981 53-1300
Fax: +49 981 53-981300

The Bavarian State Office for Supervision of Data Protection’s complaint form can be accessed over the following link:

g) Right to object
You have the right to object at any time to the use of your data for internal purposes with future effect. For this, it is sufficient to send an appropriate email to However, such an objection does not affect the legality of processing procedures which we have already carried out. This does not affect data processing in respect of other legal bases, for example, such as contract initiation (see above).

Protection of your personal data
We take state of the art contractual, organizational and technical security measures to ensure compliance with the provisions of the data protection laws and therefore, to protect the data which we process against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons
In particular, our security measures include the encrypted transfer of data between your browser and our server. 256-bit-SSL (AES 256) encryption technology is used for this.

Thereby your personal data is protected in the context of the following points (extract):
a) Ensuring the confidentiality of your personal data
To ensure the confidentiality of the personal data which we store, we have taken various measures to control access.

b) Ensure the integrity of your personal data
To ensure the integrity of the personal data which we store, we have taken various measures to control transfer and input.

c) Ensure availability of your personal data
To ensure the availability of the personal data which we store, we have taken various measures to control orders and availability.

The security measures employed are continually improved in accordance with technical development. Despite these precautions, because of the insecure nature of the internet, we are unable to guarantee the security of your data transfers to our online offering. For this reason, all data transfers from you to our online offering are made at your own risk.

Protection of minors
Persons who are under 16, are not allowed to provide us with their personal information without the express consent of the person having parental responsibility. These data will be processed in accordance with our data protection declaration.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which are automatically transferred to us by your browser. These are:

  • Browser type and browser version
  • operating system used
  • Referrer URL
  • Host name of the accessing computer
  • time of the server request
  • IP address

These data are not combined with other data sources.

The basis for the data processing is Art. 6 para. 1 lit. f. GDPR, which allows data processing to safeguard our legitimate interests

We use cookies. Cookies are small text files which are stored locally in the internet browser’s cache. Cookies enable the internet browser to be recognized. The files are used to help the browser navigate through the internet offering and use all functions to their full extent.

Our internet offering uses: Browser cookies

Control of cookies by the user
Browser cookies: All browsers can be set so that cookies are only accepted upon request. Also, per settings, cookies can only be accepted for sites which are currently being visited. All browsers offer functions which make the selective deletion of cookies possible. The acceptance of cookies can also be deactivated generally, however in that case, possible limitations in the online offering’s user friendliness must be accepted.

Use of first party cookies (Google Analytics Cookie)
Google Analytics Cookies record:

  • Unique user– Google Analytics Cookies collect and group your data. All activities during a visit are collected together. A distinction between users and unique users is made by using Google Analytics Cookies.
  • User’s activities– Google Analytics Cookies also store data about the beginning and end times of your visit to the online offering and how many pages you have looked at. The user session is ended by closing the browser or after long user inactivity (Standard 30 minutes), and the cookie records that the visit has ended. Furthermore, the date and time of the first visit is recorded. The total number of visits per unique user is also recorded. External link:
    You can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address), by Google and the processing of the data by Google, by downloading and installing the following browser plugin:
    External link:

Further information can be found under the point “Web analysis service Google Analytics / Universal Analytics”

Use of third-party cookies
Third party providers use (further) cookies over the import of editorial texts or advertising (Third-Party-Cookies) in our online offering. Third party providers are also subject to strict data protection requirements on the application of personal data.

Lifespan of the cookies employed
Cookies are managed by our internet offer’s website. The internet offering uses:

Transient cookies/session cookies (single use process).
Life span: Until closure of the online-offering.

Persistent cookies (permanent browser recognition)
Life span:30 days

Deactivate or remove cookies (Opt-Out)
Every browser offers options for limiting and deleting cookies. Further information about this can be obtained from the following websites:

Web analysis service Google Analytics / Universal Analytics
We use Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses “Cookies”, text files that are stored on your computer and allow the use of the online offering to be analysed. The information produced by the cookie about the use of the online offering, is normally transmitted to a server in the USA belonging to Google and stored there. Therefore, data is transmitted to a third country. It is considered that relevant suitable/appropriate guarantees are present and enforceable rights and effective legal remedies are available to you.

You can obtain a copy of the suitable guarantees under the following links:

In the event that the IP anonymization is activated in our online offering, your IP address will be shortened inside the European Union member states or in other contracting states to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a server belonging to Google in the USA and shortened there. Google will use this information on our behalf to evaluate the use of the online offering and compile reports about the online offering’s activities and in order to provide us with other services connected to the use of the online offering and the internet use. The IP address transmitted by your browser in the context of Google Analytics, is not combined with other data by Google. You can prevent the storing of cookies by using an appropriate setting in your browser software. However, we point out that in this case, it is possible that not all the functions of the online offering can be used to the full extent.
We point out that this online offering uses Google Analytics with the “_anonymizeIp()” extension and IP addresses are therefore only further processed in a shortened form to exclude a direct personal reference.

We also use Google Analytics reports for the collection of demographic characteristics and interests .
The data sent by us and linked to cookies, user recognition (e.g. User-ID) or advertising IDs, is automatically erased after 14 months. The erasure of data which has reached the end of its retention period, is carried out automatically once a month. More detailed information about conditions of use and data protection, can be found under or under

In addition, you can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address) by Google and the processing of the data by Google, by downloading and installing the following browser plugin:

As an alternative to the browser plugin or in browsers on mobile devices, the following link can be used to set an opt-out cookie which will prevent the collection by Google Analytics inside this online offering in future (this opt-out cookie only works in this browser and only for this domain, delete the cookies in this browser and click the link again)::

Deactivate Google Analytics

Use of Google Custom Search
We use Google Custom Search. The integrated search allows a full-text search for contents of the department’s internet offering. The search field on this website (search field) is provided by Google Inc (“Google”). You acknowledge and agree that Google’s data protection policy (under ) apply to your use of the search field and that you thereby oblige Google to use your personal data in accordance with the data protection policy.

If you do not wish to give your consent, please refrain from using the search field. Data will only be transmitted when an inquiry is sent over the search field.

Use of Google Maps
We use Google Maps to show maps and create route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you declare your acceptance of acquisition, processing and use of the automatically collected data and the data you input (including the IP address) by Google, one of its representatives or third party providers. You can find the terms of use for Google Maps at the following link:
You can find more details about the transparency, options and data protection provisions at the Data Protection Center of

Use of YouTube
Functions of the service YouTube are integrated into our online offering for displaying and replaying videos. These functions are offered by YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA. Further information can be found in YouTube’s data protection guidelines.
Hereby, the extended data protection mode is used which, according to the service provider, only stores user information after the video replay has been begun.
If the replay of embedded YouTube videos is started, YouTube uses cookies to collect information about user behaviour. According to notes from YouTube, this serves to, among other things, collect video statistics, improve user friendliness, and prevent misuse. Independently from the replay of embedded videos, a connection to the Google network “DoubleClick” is made each time our online offering is accessed, which can lead to further data processing procedures, without any influence from us.
Further details about the use of cookies by YouTube can be found in YouTube’s data protection declaration under:

Personal data will be collected if you register for our email newsletter. We will use these data for our own advertising purposes in the form of your email newsletter, if you have expressly consented in the following way:
“Yes, I would like to subscribe to the newsletter! I accept the data protection declaration”
You can unsubscribe from the newsletter at any time over the link intended for this purpose in the newsletter or by sending an appropriate message to us, email: After a successful cancelation, your email address will immediately be removed from our email circulation list and added to a block file to guarantee the revocation.

Use of RSS Feeds
We use RSS feeds to keep you continuously informed about current topics.
RSS stands for “Really Simple Syndication”. It is an electronic message format. A so-called “RSS reader” is needed to use the feed. Various RSS readers are offered for all operating systems. Some browsers enable RSS feeds to be used without having to install a further program.

Amendments to our data protection policy
We reserve the right to adapt our data protection declaration on occasions, so that it always meets the current legal requirements or to implement changes in our services in the data protection declaration. This could apply e.g. to the introduction of new services. The new data protection declaration would then apply to your return visit.

Brand protection
Each firm or trade mark named here is the property of the respective firm. The naming of brands and names is purely for informative purposes.

C. Specific provisions for Russia

The following applies to users who are residents of the Russian Federation:
The services of our online offer listed above, are not intended for citizens of the Russian Federation who are resident in Russia.
If you are a Russian citizen resident in Russia, you are expressly informed that all personal data that you make available to us over our internet offering, is exclusively at your own risk and on your own responsibility. You further agree that you will not hold us responsible for a possible breach of Russian Federation law.

D. Further information

Alongside this online offering, we also maintain presences in various social media which you can reach by using the appropriate button on our website. If you visit such a presence, it is possible that personal date will be transmitted to the provider of the social network . It is possible that, as well as storing the concrete information that you have input in the social medium, further information will also be processed by the social network provider. Moreover, the social network provider may process the most important data about the computer system from which you are visiting – for example, your IP address, the processor type and browser version used, including plug-ins. If you are logged into your personal user account with the respective network at the time of your visit to such a presence, this contract can attribute the visit to this account. For the purpose and scope of the data collection by the respective medium, as well as the further processing of your data there and your rights in this respect, please consult the respective policies of the respective controllers, E.g. under:
We also advise you that our website contains links to external, third-party websites, whereby we have no influence over the processing of data on these external websites.