Data protection statement / Privacy Policy

This privacy policy (data protection statement) clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within my online offer "www.rudis-kunstgeschichten.de" and my business activities as a city and museum guide. With regard to the terminology used, e.g. "processing" or "responsible party" I refer to the definitions in Article 4 of the EU General Data Protection Regulation (GDPR).

Responsible party for the data protection is the owner of the website: 

Rudolf Held 
c/o Block Services
Stuttgarter Str. 106  
70736 Fellbach 

Tel: +49- 931-78099529
 rudi.held (at) googlemail (dot) com

Link to the imprint: http://www.rudis-kunstgeschichten.de/aboutme.htm

Types of processed data:

- names, addresses
- contact information (e.g., e-mail, phone numbers).
- the service you requested or booked
You provide this data voluntarily by e-mail or telephone. My website does not contain forms for entering personal information. It does not set cookies on your computers. It does not use analytics services like Google Analytics. It does not give me your IP addresses. It also contains no plugins for Facebook, Twitter, Instagram or similar platforms. For the server logfiles see below.


In rare cases, customers send me photos they took during the tour of me and the group and give me permission to use them to illustrate my website. According to
GDPR photos with persons are personal data. Therefore, I use these photos only with the permission of the photographer and all persons depicted. This permission can be revoked by the depicted at any time. I myself do not take pictures of my clients.

Categories of affected persons

Visitors and users of my website or my services in general (in the following, I refer to the affected persons as "users").

Purpose of processing

- Answering inquiries
- Customer support
- Processing of orders
- Contact during my service
- Invoicing

Used terms

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A person is considered as identifiable, when can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this person.

"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data.

"Responsible party" means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.


Relevant legal bases

In accordance with Art. 13 GDPR (General Data Protection Regulation), I inform you abaout the legal basis of my data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of my services and the execution of contractual measures as well as the answer to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing in order to fulfill my legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard my legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.

Collaboration with processors and third parties

If, as part of my processing, I disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, such as to payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or on the basis of my legitimate interests (eg the use of agents, webhosters, etc.).

If I entrust third parties with the processing of data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR. Such an agreement currently exists between me and my web hoster "Domain Factory" (server location is European Union). This contract regulates the data protection of the logfiles and e-mail traffic via the address "info (ätt) rudis-kunstgeschichten.de". This e-mail traffic is encrypted to protect the content on the way between me and the servers of Domain Factory. Under no circumstances will personal data be leased or sold to third parties for advertising purposes.

Collecting Server Logfiles 

You can visit my website without telling me who you are. The IT service Domain Factory, on whose servers my website is hosted for retrieval on the Internet, collects on the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which this service is located (so-called server log files). These access data include name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. This log-file information is stored for security reasons (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident. An assignment of these statistical data to a person is therefore only performed for the investigation of abuse or fraud or the like by Domain Factory or the German authorities. As the operator of the website and responsible party, I am in no way receiving the IP addresses of the visitors of my website and therefore can not connect the statistical data with a specific person.


Access, use and storage of data

Only the responsible party Rudolf Held has access to personal data. He is informed about the legal regulations for the data protection and has committed himself according to the valid legal regulations (article 5 of the
GDPR) to comply with them. The collection, processing, use and transmission of the personal data collected are, according to Art. 6 (1) of the GDPR, executed only to the extent necessary to answer queries or to execute a contractual relationship between Rudolf Held as the responsible party and the user as a person affected. The data is stored either digitally on my password-protected computers or on paper in lockable filing cabinets. There is no sending of newsletters. Under no circumstances will personal data be leased or sold to third parties for advertising purposes.

Transfers to third countries

If I process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or when using third party services or disclosing or transmitting data to third parties, this will only be done if it is to fulfill my contractual obligations on the basis of your consent or on the basis of a legal obligation or on the basis of my legitimate interests. Subject to legal or contractual permissions, I process or let the data be processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. The processing is executed e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the USA through the Privacy Shield) or on the basis of officially recognized special contractual obligations (so-called "standard contractual clauses").

Rights of affected persons (data subjects)

You have the right to ask for confirmation as to whether the data in question is being processed. You have the right for information about this data as well as for further information and a copy of the the processed data in accordance with Art. 15 GDPR.

Accordingly Art. 16 GDPR you have  the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.

In accordance with Art. 17 GDPR you have the right to demand that the relevant data be deleted immediately or to require a restriction of the processing of data in accordance with Art. 18 GDPR.

You have the right to request that the data relating to you provided to me be obtained in accordance with Art. 20 GDPR and to request their transmission to other persons responsible.

In accordance with Art. 77 GDPR you have the right to file a complaint with the competent supervisory authority, which is the State data protection officer of the federal state Bavaria in Germany. 


You have the right to withdraw consent in accordance with. Art. 7 para. 3 GDPR with effect for the future

Right to objection

You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes. 


Deletion of data

The data processed by me will be deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored in my account will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. Then the data is blocked and not processed for other purposes. This applies for example for data that must be kept for commercial rules or tax reasons.
According to legal requirements in Germany the storage takes place in particular for 6 years pursuant to § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, business records, management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).

Possible changes to this Privacy Policy 

Technical progress or organizational and legal changes may necessitate a revision of this Privacy Policy. I reserve such rewriting. I therefore ask you to review this Privacy Policy from time to time. If you do not agree with the developments occurring over time, you may request in writing, pursuant to Art. 17 EU-GDPR, the deletion of data that is not stored on the basis of other legal requirements, such as commercial or fiscal retention requirements.

External links

For your information, you will find links on my pages that refer to the pages of third parties. As far as this is not obvious, I would point out that this is an external link. As a responsible party of my website and business I have no influence on the content and design of these pages of other vendors. The guarantees of my privacy policy therefore do not apply to other vendors.

Further information and contact

If you have further questions about privacy, please contact me at any time.


Text is adapted and translated by me. Source of text in german language is: Erstellt mit Datenschutz-Generator.de von RA Dr. Thomas Schwenke

About Me / Disclaimer / Imprint
Usefull Links





  Öffentl. Führungen          Stadtführungen          Museumsführungen         Residenzführungen            Burgführungen              Kinderführungen

   Fahrradführungen        Gartenführungen         Weinbergsführungen      Fränkisches Weinland      Romantische Strasse         Alle Führungen

            Archiv                Texte zu Stadt und Kunst         Kontakt                        Preisliste                    Links und Partner      Über mich/Impressum