Privacy Policy

Last updated: February 28, 2026

1. Controller

The controller responsible for the processing of personal data on this website under the General Data Protection Regulation (GDPR) is:

StadtListe
Email: [email protected]

2. Collection and Processing of Personal Data

2.1 When Visiting the Website

When you access our website, technical information is automatically transmitted to our server and temporarily stored in server log files. The following data is collected:

  • IP address of the requesting device
  • Date and time of access
  • URL accessed and HTTP status code
  • Referrer URL (website from which access was made)
  • Browser type and operating system

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the secure and stable operation of the website.

Retention period: Server log files are deleted after a maximum of 30 days, unless retained for the investigation of a security incident.

2.2 When Using Our Contact Forms

When you contact us via our forms (general enquiries, advertising enquiries), we collect the information you enter — typically name, email address, phone number (optional), and your message. We also record your IP address to prevent abuse.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures or contract fulfilment) and Art. 6(1)(f) GDPR (legitimate interest in preventing abuse).

Retention period: Enquiries are stored for as long as necessary to process them, up to a maximum of 3 years after the last contact.

2.3 When Submitting a Business Listing

When you submit a business via our "Submit Business" form, we collect:

  • Business information (name, category, address, contact details)
  • Your email address (if submitting as the business owner)
  • IP address for abuse prevention

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest).

Retention period: Business data is retained for as long as the business remains listed in the directory. Rejected submissions are deleted after 6 months.

2.4 Page View Tracking

To measure the popularity of business pages, we record anonymised page views. A hash of your IP address is combined with the business ID to prevent duplicate counts within a one-hour window. Your IP address is not stored in plain text.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in statistical analysis.

Retention period: Tracking records are deleted after 30 days.

3. Cookies and Technical Storage

Our website uses only technically necessary cookies. We do not use tracking cookies, analytics cookies, or cookies for advertising or social media purposes.

The technical cookies we use serve website security (e.g. CSRF protection) and session management. These cookies are deleted automatically at the end of your browser session or after a short time.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the technical functionality of the website.

4. Sharing Data with Third Parties

We do not share your personal data with third parties for advertising or marketing purposes. Data is only transferred to third parties in the following cases:

  • Hosting provider: Our website is hosted on servers in Germany. The hosting provider processes technical data (log files, database access) as a data processor under Art. 28 GDPR.
  • Email service provider: For sending notification emails, we use a GDPR-compliant email service based in the EU.
  • Legal obligation: Where we are legally required to disclose data (e.g. by court order or regulatory authority).

Data processing agreements under Art. 28 GDPR are in place with all processors. No data is transferred to third countries outside the EU/EEA.

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You can request information about the data we process about you.
  • Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): You can request deletion of your data, unless legal retention obligations apply.
  • Right to restriction (Art. 18 GDPR): You can request restriction of processing.
  • Right to data portability (Art. 20 GDPR): You can receive your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests.

To exercise your rights, please contact [email protected].

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Germany is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) or the authority in your place of residence.

6. Data Security

We implement technical and organisational measures to protect your data against unauthorised access, loss, or misuse. All data transmitted between your browser and our website is encrypted via HTTPS/TLS. Our systems are regularly reviewed for security vulnerabilities.

7. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as needed to comply with legal requirements or to reflect changes to our platform. The date of the last update is always shown at the top of this page. We will notify you by email of any material changes.

8. Contact

For questions about the collection, processing, or use of your personal data, or to exercise your rights, please contact:

StadtListe
Email: [email protected]

Back to Home