Privacy Statement

We are pleased about your visit to our website and your interest in our enterprise. Protection of your personal data is very important to us. Graf Zeppelin Haus (in the following either named GZH, »we«, or »us«). We attach great value to the security   of user data and compliance with the data protection regulations.

The GZH websites may contain links to other providers which are not covered by this privacy statement. We do not know which data the operators of such sites might possibly collect as this is beyond our control. For such information please see the privacy statements of the respective sites.

In the following we will comprehensively inform you about how we handle your data.



The privacy statement is based on the terminology of the General Data Protection Regulation (GDPR).

  • »Personal data« is any information relating to an identified or identifiable natural person (»data subject« in the following) (Article 4 no. 1 of GDPR). Information such as your master data (name and surname, address, and date of birth), your contact data (phone number, e-mail address), your invoice data (bank account information), and much more are part of your personal data.
  • »Processing« means any operation or set of operations which is performed on personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • »Person concerned« is any identified or identifiable natural person whose personal data are processed by the controller in charge of processing.
  • »Controller« means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • »Processor« means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • »Recipient« means a natural or legal person, public authority, agency or other body, to which personal data is disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  • »Third party« means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data.
  • »Consent« of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, either by statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Collection and processing of personal data

Collection and processing of personal data

As a matter of principle the use of our website is possible without provision of any personal data. Provided that you would like to make use of our enterprise’s special services, processing of personal data might be necessary, however. If processing of personal data is required and if there is no legal basis for such processing we generally collect consent of the person concerned.

Anonymous data collection

You can visit our website without actively providing information about yourself. However, we automatically store access data each time our internet site is called (server log files) such as e.g. the name of your internet service provider, the operating system used, the website from which you visit us, date and duration of your visit, or the name of the requested file, as well as, for security reasons, e.g. for the detection of attacks to our websites, the IP address of the computer used, for a period of 7 days. These data are exclusively analysed for the purpose of improving our services and cannot be traced back to specific individuals. None of these data will be merged with other sources of data. Article 6, paragraph 1 GDPR is the legal basis for processing the data. We process and use the data for the following purposes: 1. Provision of the GZH pages, 2. Improvement of our pages and 3. Avoidance and detection of errors/malfunctions, as well as of abuse of our pages. Data processing of this kind is made either to fulfil the contract on the use of the GZH pages, or we have a legitimate interest in ensuring the functionality and smooth operation of our GZH pages, as well as to adapt these pages to the users‘ requirements.

Use of cookies

To make a visit to our website more attractive and to enable you to use certain functions we use so-called cookies for our pages. This is a standard internet technology to store and call login and other usage information of all users of the GZH pages. Cookies are small text files stored on your terminal device that enable us to store user settings, among other things, so that our pages can be displayed in a format customised for your device. Some of the cookies we use are deleted as soon as the browser session has been ended (so-called session cookies). Other cookies remain on your terminal device and allow us and our partners to recognize your browser the next time you are visiting (so-called permanent cookies).

You can set your browser to be informed about the setting of cookies so that you can individually decide whether to accept cookies for specific cases, or to exclude them in general. Furthermore cookies can be deleted afterwards so that data the pages have stored on your computer are removed. You can easily find respective instructions on the internet. Deactivating cookies may result in restrictions of the functions of the GZH pages, however.

Use of Google Analytics

This website uses functions of the web analysing service Google Analytics. Provider of this service is Google Inc.,1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called »cookies«, text files that are stored on your computer to allow an analysis of your use of the website. The information about your use of the website created by these cookies (incl. your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to analyse your use of the website to create reports about the website activities for the website operators and to provide other services related to the website and internet use. If need be, Google will provide this information to third parties in so far as this is statutory or in so far as third parties will process this data on behalf of Google.

Prevent the use of cookies

You can prevent the use of cookies by setting your browser software accordingly. We would like to point out, however, that in such a case you might not be able to use all functions of this website to the full extent. By using this website you agree to the processing of the collected data by Google in the aforementioned manner and for aforementioned purpose.

IP anonymization

We have activated the IP anonymization function on this website. Within the European Union or other states which are party to the Agreement on the European Economic Area your IP address will be shortened that way by Google prior to the transmission to the USA.

Objection to the collection of data

If you do not want Google receiving data from your browser when calling the pages, please click on this link for the Google Analytics opt-out solution: This plug-in prevents your browser from requesting the Analytics code so that Google does not get any data when you call the page. This plug-in is only available for Internet Explorers 7 and 8, Firefox 3.x, as well as for Chrome. According to Google the browser blocks the Google Analytics script after the installation process. For further information on the terms of use and data protection please see or

Use of Google Maps

We use Google Maps to present maps and to create directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using this website you agree to the collection, processing and use of the automatically collected, and inserted data by Google, one of its representatives, or a third party provider.

For the terms of use for Google Maps please go to

Detailed information is available in the data protection center of Transparency and options, as well as data protection regulations

Use of YouTube

Our website uses functions of the YouTube site operated by Google. Operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our sites provided with a YouTube function a connection to the YouTube servers is made and the YouTube server is informed about which of our sites you visited.

If you are logged in to your YouTube account you enable YouTube to directly allocate your surfing behaviour to your personal profile. You can avoid this by logging out from your YouTube account, however.

For further information about the handling of user data please see the privacy policy of YouTube

Use of Facebook

We also communicate with our users via Facebook. You will find the link to our Facebook page in the header of this page. Therefore this declaration also applies for our Facebook page.

If you use Facebook for contacting us and commenting, for example, on our postings or contributions on our page, we can see both the name you entered and your profile picture. To answer your request it might be necessary to pass your request on to third parties, e.g. to the staff of the municipality or a municipal company. There will not be any further transmission of data by us, though.

We do not mark private Facebook users in our contributions and do not tag them neither in photos nor in videos. We do not use any targeting functions that might exclude or identify users.

General information about data protection for visitors to our Facebook page that are not registered with or logged in to Facebook

When calling our page on your computer Facebook stores a cookie with which your current IP address and your behaviour on the internet might be tracked. Storing of cookies is beyond our influence and is exclusively controlled by Facebook. Should you not agree to the storing of cookies delete the cookies stored in your browser whenever you have left a Facebook page. The most common browsers provide setting options to refuse all cookies in general, or to inform the user whenever cookies occur. Please use the help function of your browser to get information about how to change these settings.

General information about data protection for visitors who are registered with and logged in to Facebook

If you log in to Facebook a cookie is stored on your computer through which you can be unambiguously identified, and also your current IP address is transmitted. That way Facebook is able to track your activities on Facebook and your behaviour on the internet. If you do not want Facebook tracking your surfing behaviour log out after each Facebook session and delete the cookies stored on your computer. Moreover, the most common browsers provide a setting option to refuse all cookies in general, or to inform the user whenever cookies occur. Please use the help function of your browser to get information about how to change these settings.

You are entitled to be informed about the data Facebook stores about you. For further information please see the data policies of Facebook:

Contact form / Enquiries

On our website you have the option to send us enquiries via a contact form. For the purpose of processing your enquiry and in case of follow-up questions we store the information given in the contact form (depending on the form and the content of your enquiry/request for proposal/ticket order, subject of your request, and the date) including the contact data you entered (depending on the form: name, company name, address, phone, and e-mail address). We do not transmit these data without your consent. The legal basis for the collection and processing of data is Article 6 paragraph 1 of GDPR.

The data you entered in the contact form will remain with us until you ask us to delete them, revoke your consent to the storage, or the purpose for data storage has become inapplicable (e.g. after completion of your enquiry). Mandatory statutory provisions – record retention periods in particular – remain unaffected.

E-mail contact

If you send us enquiries or information by e-mail   we store your information (e-mail address, content of your e-mail, subject of your e-mail, and the date) including the contact data you provided therein (name, phone number, if need be, and address) for the purpose of processing your enquiry and in case of follow-up questions. We do not transmit these data without your consent. The legal basis for collection and processing of data is Article 6 paragraph 1 of GDPR.

The user is informed that e-mails may be read or changed during transmission without authorization and without being noticed.

The data entered by you will remain with us until you ask us to delete them, revoke your consent to the storage, or the purpose for data storage has become inapplicable (e.g. after completion of your enquiry). Mandatory statutory provisions – record retention periods in particular – remain unaffected.

Data transmission

Internal transmission, within GZH

We transmit your data internally to the administration to meet our contractual or legal obligations. Your data will only be transmitted or disclosed to the extent necessary for this purpose and in compliance with the relevant data protection regulations.

Transmission to third parties

We transmit your data to specific third parties to be able to provide corresponding applications and services (so-called »processors«) which render external services for us. For example newsletter service providers, IT providers, tax office, etc. A transmission to other third parties might occur if need be to meet our obligations (public authorities, banks, social insurance agencies, etc.). Third parties only process data according to our instructions; moreover they are forbidden to use these data for their own commercial purposes  that do not correspond to agreed purposes.

We have to disclose personal data if we are obliged to do so by law or due to effective law within the scope of an ongoing lawsuit, or due to a decree (Article 6 paragraph 1 lit. f of GDPR).

We only transmit your data to third parties if:

  • you have given your explicit consent as per Article 6 paragraph 1 S.1 lit. a of GDPR,
  • transmission according to Article 6 paragraph 1 S. 1 lit. f of DGPR is necessary to assert, exercise or defend legal claims, and if there is no reason to assume you have an overriding interest in the non-transmission of your data,
  • in case there is a legal obligation for transmission as per Article 6 paragraph 1 S. 1 lit. c of GDPR, as well as
  • permitted by law as per Article 6 paragraph 1 S. 1 lit. b of GDPR for the processing of contractual relationships with you.

Should processing of your data take place outside of Europe transmission is made in compliance with all effective data protection acts, Article 44 f. of GDPR in particular.

Automated decision making including profiling

As a socially responsible enterprise we do without techniques for  automatic decision making or profiling.

Duration of retention / Security / Legal Basis

Duration of retention

In general, we store your data for the duration required to supply our online service and related services, or if provided by the European directives committee and regulators or another legislator by laws or regulations which the controller of  the processing is subject to. In any other cases we delete your personal data upon completion of the purpose except such data we have to store because of legal obligations (e.g. owing to fiscal and commercial retention periods we are obliged to provide documents such as e.g. contracts and invoices for a certain period).

Technical security

GZH  makes use of technical and organisational security measures to protect your data managed by us against accidental or deliberate manipulation, loss, destruction, or access by unauthorized people. We continuously improve our security measures in accordance with technological development. 

For reasons of security and to protect transmission of confidential content like e.g. enquiries you sent to us as the operator of the website, this website uses SSL encryption (Secure Socket Layer) in conjunction with the highest level of encryption that is supported by your browser. It usually is a 256-Bit encryption. Should your browser not support a 256-Bit encryption, we will fall back on the 128-Bit-v3 technology. If a page is transmitted in encrypted form you can see by the address field of the browser changing from »http://« to »https://« showing a padlock symbol in your browser line.

All pages of our website are automatically encrypted. That way data you transmit to us cannot be read by third parties.

We point out that data transmission on the internet (e.g. when communicating by e-mail) may have security gaps. Complete data protection against access by third parties will not be possible, however.

Legal basis of processing

Article 6 I lit. a of GDPR serves as the legal basis for our enterprise regarding processing procedures for which we obtain consent for a certain purpose of processing. If processing of personal data is required to meet a contract to which the contractual party is the data subject, as is the case for processing procedures, for example, necessary to supply goods or provide other services or a service in return, processing is based on Article 6 I lit. b of GDPR. The same applies for such processing procedures required to carry out pre-contractual measures, e.g. in case of enquiries about our products or services. If our enterprise is subject to a legal obligation requiring processing of personal data, like e.g. to fulfil fiscal obligations, processing is based on Article 6 I lit. c of GDPR. In rare cases processing of personal data might be required to protect vital interests of the data subject or any other natural person. This would be the case, for example, if a visitor were injured in our enterprise and his name, age, health insurance data, or other vital information had to be passed on to a physician, a hospital or other third parties. In such a case processing would be based on Article 6 I lit. d of GDPR. Ultimately, processing procedures might be based on Article 6 I lit. f of GDPR. This is the legal basis for processing procedures that are not covered by any of the aforementioned legal bases if processing to safeguard a legitimate interest of our enterprise or a third party is required, provided the interests, fundamental rights and freedoms of the data subject do not prevail. If processing of personal data is based on Article 6 I lit. f of GDPR our legitimate interest is to conduct our business in favour of the well-being of all of our employees and customers.

Legal or contractual regulations for the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences in case of non-provision

We inform you that the provision of personal data is legally mandatory to some extent (e.g. tax regulations) or can arise from contractual regulations (e.g. information about the contractual partner). For the conclusion of a contract it may be necessary sometimes that a data subject provides us with personal data that have to be subsequently processed by us. The data subject is obliged, for example, to provide us with personal data if our enterprise concludes a contract with him or her. As a result of non-provision of personal data the contract could not be concluded with the data subject. Prior to the provision of personal data by the data subject the data subject shall get in contact with one of our employees. Our employee informs the data subject in a case-by-case approach whether the provision of personal data is legally or contractually mandatory or necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and which consequences a non-provision of personal data would have.

Rights / Obligations / Objection

Notice for minors

This online service is not intended for children under the age of 16. People who have not yet completed their 16th year must not submit any personal data to  GZH  without parental consent.

Rights of data subjects

You are entitled to receive information about data stored by us, and about the duration, purpose, and the legal basis for storage, as well as about the origin and recipients of transmissions. Incorrect data shall be corrected, illegally stored data or data that are no longer required shall be deleted. Furthermore the data subject has the right to objection, the right to limiting processing, as well as the right to data portability.

This information will be created on your request and free of charge.

Furthermore you are entitled to hand in a complaint directly with a supervisory body.

Revocation of the permission to data processing

Some data processing procedures can only be implemented with your explicit permission. You have the option to revoke a permission you have given at any time. For this purpose an informal e-mail notification to would be sufficient. Legality of data processing until revocation remains unaffected by the revocation.

Responsible body and data security officer

Responsible body:

Olgastr. 20
D-88045 Friedrichshafen / Germany

Phone: +49 (0) 7541 288-0
Fax: +49 (0) 7541 288-150

Contact for data protection and data storage

External official data protection officer of the city of Friedrichshafen 

Krailenshaldenstraße 44, 70469 Stuttgart
Phone: +49 711 8108-11472