Hamburg 8°C, cloudy
DE|EN
Back to homepage

Privacy Policy

1. Data Controller

Stadtrundfahrt Hamburg – Die Gelben Doppeldecker GmbH
Friedensallee 77a
22926 Ahrensburg, Germany

Represented by Managing Directors Christa Rduch and Ina Rduch

Phone: +49 (0) 4102 44339
Email: info@stadtrundfahrthamburg.de

2. Server Log Files

Each time you access this website, the hosting provider automatically collects the following data (server log files):

Purpose: Ensuring a smooth connection, system security, and technical administration

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure provision of the website)

Retention period: max. 90 days, then automatically deleted.

3. Hosting and Infrastructure

The following hosting and infrastructure services are used to operate this website and the online ticket shop:

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in reliable and secure operation of the website and online ticket shop)

Reach Measurement (Vercel Web Analytics)

To statistically analyse the usage of our website, we use Vercel Web Analytics, a service provided by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Anonymous usage data is collected (e.g. visited pages, referrer, browser type, device type, approximate region at country/city level).

Vercel Web Analytics operates without cookies and without fingerprint-based recognition. Instead of a cookie, a daily rotating hash is generated from the IP address and user-agent, which allows a returning visitor to be recognised within the same day; identification of individual persons is not possible.

Purpose: Statistical analysis of usage to improve our service

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in privacy-friendly reach measurement without cookies and without personal identification)

Data transfers to the USA are based on EU Standard Contractual Clauses. Privacy information: https://vercel.com/legal/privacy-policy

4. Cookies

This website uses cookies — small text files stored on your device. You can manage or delete cookies via your browser settings.

Cookies in Use

Service Cookie Name Purpose Lifetime
Cookie Consent cb-enabled Storing cookie consent preference 1 year

Legal basis: § 25 (2) no. 2 TDDDG (strictly necessary cookie for storing your consent decision) in conjunction with Art. 6 (1) (c) GDPR (compliance with a legal obligation to document consent).

No further cookies requiring consent are currently used. Should this change in the future, storage will take place on the basis of your consent (Art. 6 (1) (a) GDPR), which you grant via the cookie banner and which you can withdraw at any time with effect for the future.

5. Online Ticket Shop

Order Process

You can purchase tickets for our services through our online ticket shop. The following personal data is collected during the order process:

Purpose: Processing of the ticket order, issuance of the ticket, communication related to the booking

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures)

Providing this data is necessary for the performance of the contract. Without this data, the order cannot be processed.

Payment Processing (Stripe)

Payment processing is handled by the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Your payment data (e.g. credit card number, Apple Pay, Google Pay) is transmitted directly to Stripe for processing. Neither we nor SIMA Software Solutions GmbH, as the technical operator of the shop, have access to complete payment data.

Data transfers to the USA are possible. Stripe has committed to compliance with EU Standard Contractual Clauses.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract)

Privacy information: https://stripe.com/en-gb/privacy

Email Service (Resend)

For sending transactional emails (e.g. order confirmations, booking information), we use the service Resend (Plus Five Five, Inc., San Francisco, USA). Your email address and the email content are transmitted to Resend for this purpose.

Data transfers to the USA are based on EU Standard Contractual Clauses.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract)

Privacy information: https://resend.com/legal/privacy-policy

6. Integrated Services

OpenStreetMap / Leaflet (CARTO)

To display interactive maps, we use Leaflet.js with map data from OpenStreetMap via the tile service CARTO (CARTO, Inc., New York, USA). When the map is loaded, map tiles are fetched from basemaps.cartocdn.com. Your IP address is transmitted to CARTO in the process; a transfer to the USA is possible.

To avoid this, the map is not loaded automatically. Instead, you will initially see a placeholder. Map tiles are only fetched once you actively click the „Load map" button.

Legal basis: Art. 6 (1) (a) GDPR (consent given by actively clicking the „Load map" button). You can withdraw your consent at any time with effect for the future by clearing your browser's local storage for this website.

Privacy information: https://carto.com/privacy/

Bluesky (Service Announcements)

Our website displays current service announcements published on our Bluesky profile. For this purpose, public posts from our profile are retrieved via the public Bluesky API (public.api.bsky.app, operated by Bluesky Social, PBC, USA) when the page is loaded. Your IP address is transmitted to Bluesky in the process.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in displaying current operational and service announcements to our passengers). Data transfers to the USA are based on EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR).

Privacy information: https://bsky.social/about/support/privacy-policy

Social Media Links

Where our website contains links to social media profiles (e.g. Bluesky), these are simple hyperlinks without plugins. Data is only transmitted to the respective platform when you click the link and visit the external page. The privacy policy of the respective provider then applies.

7. SSL/TLS Encryption

For security reasons, this website uses SSL/TLS encryption via HTTPS. You can recognise an encrypted connection by the padlock icon in your browser's address bar. This protects data you transmit to us from third-party access.

8. Data Processing Agreement

The technical operation of the online ticket shop is carried out by SIMA Software Solutions GmbH, August-Schmieder-Straße 48, 94377 Steinach, Germany, as a data processor pursuant to Art. 28 GDPR. A data processing agreement has been concluded.

9. Data Transfers to Third Countries

In connection with the services described in sections 3, 5 and 6, personal data may be transferred to third countries outside the EU/EEA (in particular the USA). Such transfers are based on EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) or an adequacy decision by the European Commission.

Please note that, despite these safeguards, it cannot be fully excluded under current law (in particular the CJEU ruling of 16 July 2020, „Schrems II") that US authorities may access transferred personal data on the basis of US laws such as FISA 702 or the CLOUD Act. A level of protection comparable to that of the GDPR therefore cannot be guaranteed in every case.

10. Data Retention

Personal data is only stored for as long as necessary for the respective processing purpose or as required by statutory retention periods:

After the respective retention period expires, data will be deleted unless further statutory retention obligations apply.

11. Your Rights as a Data Subject

You have the following rights:

Where processing is based on consent, you have the right to withdraw that consent at any time with effect for the future (Art. 7 (3) GDPR). The lawfulness of processing carried out before the withdrawal remains unaffected.

To exercise your rights, please contact: info@stadtrundfahrthamburg.de

Right to Object pursuant to Art. 21 GDPR

Where we process personal data on the basis of a legitimate interest (Art. 6 (1) (f) GDPR), you may object at any time for reasons arising from your particular situation. We will then cease processing the data concerned unless we can demonstrate compelling legitimate grounds that override your interests.

Please address your objection to:
Stadtrundfahrt Hamburg – Die Gelben Doppeldecker GmbH
Friedensallee 77a, 22926 Ahrensburg
Email: info@stadtrundfahrthamburg.de

12. Automated Decision-Making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

13. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of personal data. The competent supervisory authority is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98
24103 Kiel, Germany
https://www.datenschutzzentrum.de

14. Changes to this Privacy Policy

We reserve the right to update this privacy policy as needed to reflect changes in legal requirements or our services and data processing activities. The version currently published on this website applies.

Last updated: 26 April 2026