Data protection is an important concern for the city of Kelheim. We therefore also attach great importance to data-saving and citizen-friendly data processing when processing personal data in connection with the fulfillment of our tasks.
This data protection declaration also refers to the processing of personal data and information within the meaning of § 25 TDDDG in the context of this website, including the services offered there.
City of Kelheim
Ludwigsplatz 16
93309 Kelheim
09441 701 – 0
info@kelheim.de
Data Protection Officer of the City of Kelheim
datenschutz@kelheim.de.
The purpose of the processing is to fulfill the public tasks assigned to us by law.
Unless otherwise stated, the legal basis for the processing of your data results from Art. 4 para. 1 of the Bavarian Data Protection Act (BayDSG) in conjunction with Art. 6 para. 1 subpara. 1 letter e of the General Data Protection Regulation (GDPR). Accordingly, we are permitted to process the data required to fulfill a task incumbent upon us.
Insofar as you have consented to processing, the data processing is based on Art. 6 para. 1 subpara. 1 letter a GDPR.
Insofar as your data is processed electronically, the technical operation of our data processing systems is carried out by BYTS Tech GmbH.
BYTS Tech GmbH
Stadtbadstrasse 5
85368 Moosburg
If necessary, your data will be transmitted to the responsible supervisory and auditing authorities to exercise the respective control rights.
The State Office for Information Security may collect and automatically analyze log data on the basis of Art. 44 BayDiG in order to prevent threats to information technology security (for more details, see "Logging").
We store your data as long as this is necessary for the fulfillment of the task, for documentation obligations or due to legal retention periods.
If we process your personal data, you have the following rights as a data subject:
Further restrictions, modifications and, where applicable, exclusions of the aforementioned rights may result from the General Data Protection Regulation or national legislation.
More detailed information on these rights can also be obtained from our data protection officer.
You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can reach him under the following contact details:
Postal address: P.O. Box 22 12 19, 80502 Munich
Address: Wagmüllerstraße 18, 80538 Munich
Phone: 089 212672-0
Fax: 089 212672-50
Online message https://www.datenschutz-bayern.de/service/complaint.html
Our web server is operated by BYTS Tech GmbH. The personal data transmitted by you during your visit to our website is therefore processed by BYTS Tech GmbH on our behalf:
Name and contact details of the position:
BYTS Tech GmbH
Stadtbadstrasse 5
85368 Moosburg
When you access this or other Internet pages, you transmit data to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:
We store this data for reasons of technical security, in particular to defend against attempted attacks on our web server. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a link to individual users.
The State Office for Information Security can collect and automatically analyze this data on the basis of 44 BayDiG in order to prevent threats to information technology security.
By calling up this information service, we offer a connection encrypted with HTTPS and Perfect Forward Secrecy using the TLS 1.2 encryption protocolso that your data is protected against unauthorized access by third parties during data transmission. We recommend that you keep your Internet browser up to date in order to use this option.
We use cookies to ensure the correct technical and functional provision of this information service. Cookies are small text files that are stored on the device you are using.
The legal basis for the storage of information and the processing of personal data using cookies is § 25 TDDDG.
The use of functional cookies is voluntary. If these cookies are blocked, the provision of certain functions may not be fully possible.
Technically necessary cookies are only valid for the current session and are automatically deleted as soon as you close your browser.
The following data is stored and processed in the cookies:
Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of Borlabs Cookie.
The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Active components such as Javascript, Java applets or Active-X controls are used in the information provided. You can disable this function by changing the settings in your Internet browser.
When you visit our website, additional services from YouTube and social plugins (e.g. X and Facebook) are offered via a so-called two-click solution. No data is transmitted to the operators the first time you visit the website. Data (including the URL of the current page and your IP address) will only be transmitted to the respective operator once you as a user have consented to the opt-in procedure by clicking on the relevant button. As a user, you can therefore decide for yourself whether you consent to the activation of these offers and the transfer of data. You can revoke this consent at any time and prevent further data transmission to the operators by clicking on the corresponding button on the homepage.
Videos from the external video platform YouTube are embedded on our website. By default, only deactivated images from the YouTube channel are embedded, which do not establish an automated connection with the YouTube servers. This means that the operator does not receive any data from the user when the web pages are accessed.
You can decide for yourself whether the YouTube videos should be activated. Only when you allow the videos to be played by clicking on "Permanent activation" do you give your consent for the necessary data (including the Internet address of the current page and your IP address) to be transmitted to the operator.
In order to save your desired setting, we set a cookie that saves the parameters. When these cookies are set, however, we do not store any personal data; they only contain anonymized data for browser customization. The videos are then active and can be played by the user. If you would like to deactivate the automatic loading of YouTube videos again, you can uncheck the consent box under the data protection symbol. This will also update the cookie settings.
YouTube is a service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA. Further information on the purpose and scope of data processing (including outside the European Union and outside the USA) and information on setting options to protect your privacy can be found in the privacy policy: https://policies.google.com/privacy?hl=de&gl=de. Google processes your personal data in the USA, among other places.
By default, only deactivated buttons are displayed, which do not yet establish contact with the Facebook servers. Only when you give your consent with a second click will the connection be established and your "Like" transmitted to Facebook. Only if you are already logged in to Facebook will your "Like" be transmitted without another window.
Facebook's privacy policy can be found at https://www.facebook.com/help/568137493302217. Facebook explains the processing of your data by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and the processing of your data outside the European Union and the USA at: https://www.facebook.com/privacy/explanation. Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, also processes your personal data in the USA.
If you enter personal or business data (e-mail addresses, names, addresses, etc.) on our website, these will be used exclusively for sending the requested information or for the purposes stated in the form. Your data is encrypted in transit using software (SSL) and is protected against access by third parties. The data will not be passed on to third parties. The use of the services offered there is on a voluntary basis.
Information that you send to us unencrypted by electronic mail (e-mail) may be read by third parties during transmission. As a rule, we are also unable to verify your identity and do not know who is behind an e-mail address. Legally secure communication by simple e-mail is therefore not guaranteed. Like many e-mail providers, we use filters against unwanted advertising ("SPAM filters"), which in rare cases automatically classify normal e-mails as unwanted advertising and delete them. E-mails containing harmful programs ("viruses") are automatically deleted by us in all cases.
If you want to send us sensitive messages, we recommend that you use our secure contact form.
The personal data sent by applicants is processed for the purpose of handling the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example via a secure contact form. If an employment relationship is established with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment relationship is established, the application documents will be deleted after notification of the rejection decision in accordance with the relevant regulations, provided that no other legitimate interests prevent deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
We use chatbots to communicate with you. Chatbots are able to respond to your questions and other input without human assistance. In addition to your input, the chatbots analyze other data to provide suitable answers (e.g. names, email addresses and other contact details, customer numbers and other identifiers, orders and chat histories). Your IP address, log files, location information and other metadata may also be collected via the chatbot. This data is stored on the chatbot provider's servers.
User profiles can be created on the basis of the data collected. The data can also be used to display interest-based advertising, provided that the other legal requirements (in particular consent) are met. For this purpose, the chatbots can be linked to analysis and advertising tools.
The data collected can also be used to improve our chatbots and their response behavior (machine learning).
The data entered by you in the course of communication will remain with us or the chatbot operator until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
The legal basis for the use of chatbots is Art. 6 para. 1 lit. b GDPR, insofar as the chatbot is used to initiate a contract or in the context of contract fulfillment. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. In all other cases, the use is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).
Our chatbots use artificial intelligence (AI) for customer communication. The AI we use analyzes the content of your message in order to autonomously generate a suitable response. In this context, the AI processes all the content of your message, including names, email addresses, communication content or technical information (e.g. IP addresses, device information).
The use of the AI software used is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer communication possible using modern technical solutions. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize surfing on YouTube. Ads that are played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.
After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. There is no connection to Google servers.
You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
We use the OpenStreetMap (OSM) map service.
We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John's Innovation Center, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a safe third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. Among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies.
The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
We have integrated SolidWP on this website. The provider is iThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (hereinafter "SolidWP").
SolidWP serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, SolidWP records your IP address, the time and source of login attempts and log data (e.g. the browser used), among other things. SolidWP is installed locally on our servers.
SolidWP transmits IP addresses of recurring attackers to a central SolidWP database in the USA (Network Brute Force Protection) in order to prevent such attacks in the future.
The use of SolidWP is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
We have integrated Ninja Firewall on this website. The provider is NinTechNet Limited, Unit 1603, 16th Floor, The L. Plaza 367 - 375 Queen's Road Central Sheung Wan, Hong Kong (hereinafter referred to as Ninja Firewall).
Ninja Firewall is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, Ninja Firewall records the IP address, request, referrer and time of page access. Ninja Firewall is integrated on our own servers and does not transmit any personal data to the provider of the tool or other third parties.
We have activated IP anonymization in Ninja Firewall so that the tool only records the IP address in abbreviated form.
The use of Ninja Firewall is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks.
We manage this website with the help of the ManageWP tool. The provider is GoDaddy.com WP Europe, Trg republike 5, 11000 Belgrade, Serbia (hereinafter ManageWP).
With ManageWP, we can monitor the security and performance of our website and create automatic backups, among other things. ManageWP therefore has access to all website content, including our databases. ManageWP is hosted on the provider's servers.
The use of ManageWP is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective and secure operation of its website(s). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4957.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Stadt Kelheim is the organizer or co-organizer of events. For this purpose, we process personal data (name, contact details, etc.) of the participants on the basis of Art. 4 para. 1 BayDSG in conjunction with Art. 6 para. 1 subpara. 1 letter e GDPR.
We collect the data from generally accessible sources (e.g. newspapers or publications on the Internet), directly from the participants of the events (e.g. by providing a form, by e-mail or by telephone) or receive it from other public or non-public sources.
The data is processed for the preparation and implementation of the respective events (e.g. creation of guest lists and enabling access controls).
Depending on the type of event, the City of Kelheim may act as co-organizer alongside another cooperation partner. In these cases, the data collected will be transmitted to this cooperation partner or, if applicable, to an external service provider, who may also only use the data for the proper execution of the event.
The data is deleted when it is no longer required to fulfill the tasks of the City of Kelheim, but at the latest after 30 years.
Photos and possibly videos are taken at our events, which are used for the public relations work of the city of Kelheim. Media representatives are also present at some events.
You are entitled to the rights described above (see "Rights of the data subject").
However, if you object to the processing of your data, you may not be able to participate in the event.
Irrespective of this, you have the right to object to the publication of photos or videos in which you are recognizable. To object, please contact the inviting body.
The City of Kelheim is the organizer or co-organizer of events at which people are awarded or presented with awards or honors for special services. We are also involved in reviewing proposals for awards and honors from other government bodies.
For this purpose, we process personal data of the persons to be honored (name, contact details, reason for the award, etc.) on the basis of Art. 27 BayDSG.
We receive the data from other public or non-public bodies or persons or collect it from publicly accessible sources (e.g. from newspapers or publications on the internet). We also collect some data directly from the persons to be honored (e.g. by providing a form, by e-mail or by telephone).
The data is processed for the purpose of reviewing award proposals and for the preparation and implementation of the respective events.
Depending on the award or honor, the data may also be transmitted to members of the state government, members of parliament, local elected officials, cooperation partners and external service providers.
As part of the public relations work, data of the honored persons and the respective award or honor may be published on the website of the City of Kelheim and transmitted to the media for publication.
The data is deleted when it is no longer required to fulfill the tasks of the City of Kelheim.
Photos and possibly videos are taken at our events, which are used for the public relations work of the City of Kelheim and, if applicable, by co-organizers. Media representatives are usually also present at the events.
If you do not wish your personal data to be processed, please let us know. In this case, however, participation in the event may not be possible.
Regardless of this, you have the right,
the publication of your award or honor as part of the public relations work of the City of Kelheim and, if applicable, of co-organizers,
to object to the publication of photos or videos in which you are recognizable. To object, please contact the inviting body.
We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements.
Copyright 2025 © All rights Reserved.
