Privacy Policy

Privacy Policy for Sweepstakes on Facebook & Instagram

 

1. Data Protection at a Glance

 

General Information

The following notes provide a simple overview of what happens to your personal data when you visit our website.
Personal data is any data that can be used to personally identify you.
Detailed information can be found in the full privacy policy below.

Data Collection on Our Website

Who is responsible for data collection on this website?
Data processing is carried out by the website operator. You can find the contact details in the imprint.

How do we collect your data?

  • Data you provide directly (e.g., via a contact form)

  • Technical data collected automatically (e.g., browser, operating system, time of visit)

What do we use your data for?
Some data is collected to ensure the proper functioning of the website.

What rights do you have regarding your data?

  • Right of access

  • Right to rectification

  • Right to blocking

  • Right to deletion

  • Right to restriction of processing

  • Right to lodge a complaint with the competent authority

2. General Notes and Mandatory Information

 

Data Protection

We treat your personal data confidentially and in accordance with legal data protection regulations.
Please note that data transmission over the internet (e.g., email communication) may have security vulnerabilities.

Responsible Party

TOPassau GmbH & Co. KG
Stefan Heusler
Hermann-Mayrhofer-Str. 15
94036 Passau
Telefon: +49 176 20801965
E-Mail: info@topassau.de

Revocation of Your Consent to Data Processing

You may revoke your consent at any time by sending us an informal email.
The legality of the data processing carried out until the revocation remains unaffected.

Right to Object (Art. 21 GDPR)

You have the right to object to data processing based on:

  • Article 6(1)(e) or (f) GDPR

  • Direct marketing, including profiling related to such marketing

Right to File Complaints with Supervisory Authorities

You have the right to lodge a complaint with a data protection authority.

Right to Data Portability

You can request that we hand over data you provided in a machine-readable format.

SSL/TLS Encryption

This site uses SSL or TLS encryption for security.
You can recognize this by the “https://” in the address bar and the lock icon in your browser.

Encrypted Payments

If we ask for payment details, they will be transmitted exclusively via encrypted connections.

Right of Access, Blocking, Deletion, Correction

You have the right to receive free information about your stored data and to request its correction, blocking or deletion.

Right to Restrict Processing

This applies if, for example:

  • You contest the accuracy of the data

  • Processing is unlawful

  • You have objected under Art. 21 GDPR

Right to Object to Promotional Emails

We hereby explicitly object to the use of our contact data for unsolicited advertising.

3. Data Collection on Our Website

Cookies

Our website uses cookies to:

  • Enable technical functionality (“session cookies”)

  • Recognize returning users

Legal basis:
Article 6(1)(f) GDPR (legitimate interest)

Server Log Files

Collected automatically:

  • Browser type and version

  • Operating system

  • Referrer URL

  • Time of server request

No merging of this data with other sources.

Contact Form

Data entered in the contact form will be stored to:

  • Process your request

  • Follow up if necessary

Legal basis:
Your consent (Art. 6(1)(a) GDPR) – can be withdrawn at any time

Contact by Email, Phone, or Fax

All inquiries may include personal data for processing.
Legal basis:

  • Art. 6(1)(b) GDPR (contract initiation)

  • Art. 6(1)(a) or (f) GDPR (consent / legitimate interest)

Customer and Contract Data Processing

We process personal data only when necessary to fulfill a contract.
Legal basis: Art. 6(1)(b) GDPR

Data Transfer upon Contract Conclusion

Data may be shared with:

  • Payment providers (e.g., banks)

No transfer of data for advertising without your consent.

4. AI-Powered Chat Assistant

On our website, we use an AI-powered chat assistant to respond to visitor inquiries and to facilitate access to information.

When using the chat assistant, the content entered by the user is processed and stored on the server in order to provide the chat history and to ensure the proper functioning of the system. Use of the chat assistant is voluntary.

Personal data is only processed if such data is voluntarily provided by the user within the chat. The content is not analyzed for our own purposes and is not used for marketing activities. There is no automated decision-making or profiling within the meaning of Article 22 of the GDPR.

Processing is carried out for the purpose of implementing pre-contractual measures and responding to inquiries pursuant to Article 6(1)(b) GDPR, or on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR.

For the technical implementation of the chat assistant, an external AI service is used via an application programming interface (API). The transmitted content is not used to train the AI with personal data.

Chat histories can be deleted upon request. Communication is encrypted (SSL/TLS).