Data Protection Information
On the basis of the data protection regulations, we would like to draw your attention to the following with respect to our handling of your personal data and at the same time inform you of the rights to which you are entitled.
1. Who is responsible for the data processing and whom can you contact?
Draiflessen Collection gGmbH
(hereinafter referred to as “we”) are the operators of the website www.draiflessen.com and are responsible for the personal data of the users of our website (hereinafter referred to as “you”).
2. What types of personal data do we process and where does this data come from?
We process personal data that we receive from you primarily through contact forms on our website, www.draiflessen.com, or upon express request, by other means, e.g. email inquiries, appeals in our museum. Relevant personal data includes personal details (name, address, and other contact details). It may also include image data (e.g. from photo coverage of events), media data in connection with press accreditation (publisher affiliation, associated title, professional status), and advertising data (e.g. visit to a specific exhibition). In addition, there is registration and usage data during your access to our website (e.g. time you accessed our web pages, your IP address, the internet page from which you accessed our website, the pages you click on, the date and duration of your visit, the retrieval of our newsletter, the pages or posts you clicked on), and other comparable data. Your registration and usage data is recorded during your visit to and use of our website. This is done without user profiles being created that contain personally identifiable information. There is also no transmission to third parties. Only anonymised usage data is collected, stored, and transferred into usage profiles with pseudonyms.
3. For what purpose and on what legal grounds do we process your personal data?
The processing of your personal data is either on the basis of your consent (Art. 6 (1) (a) European General Data Protection Regulation (GDPR)) or according to the provision of Section 15 (3) German Telemedia Act (TMG).
If you have given us consent to process your personal data for specific purposes (e.g. registration for a guided tour, subscription to our newsletter), this processing is lawful on the basis of your consent. Consent that has been given can be withdrawn at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the withdrawal will only take effect for the future. The withdrawal of consent shall therefore not affect the lawfulness of the processing of your personal data based on your consent before its withdrawal.
Your registration and usage data is recorded via so-called cookies. Cookies are small text files that are sent from the web server to your PC and are stored on your hard drive. They serve to increase security and user convenience and are automatically deleted from your PC when they expire. If necessary, you can disable the storing of cookies in the corresponding “third-party cookies” settings of your web browser.
According to Section 15 TMG, you have the right to object to the storing of your registration and usage data at any time.
4. Who receives your personal data?
The personal data collected for the purpose stated under No. 3 above is processed exclusively on the server of the website www.draiflessen.com and is viewed by us only by those authorities who need this data to fulfil the requested service. Processors (Art. 28 GDPR) appointed by us may also receive data for the aforementioned purposes. These are companies in the categories of IT services, telecommunications, and sales and marketing. When transferring data to external recipients, we are aware that we may only pass on information about you if this is required by law, if you have given your consent, or if we are authorised to transfer the data. Under these conditions, recipients of personal data may be, for example: public authorities and institutions where a legal or official obligation exists. We use for our website the web analysis service Matomo which evaluates anonymised registration and usage data on a contractual basis. You can object to the collection and processing of your registration and usage data at any time. For general information on this and on the handling of your registration and usage data, please visit: matomo.org.
5. Which buttons do we use for linking to social networks?
So-called sharing buttons are available on our website which enable you to link specific content from our website to your social media account. We use Shariff buttons, which provide reliable data protection, for this purpose. Shariff was developed to enable greater online privacy and to take the place of the usual share buttons of social networks. More information about the Shariff project can be found here: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
We use the “Recommend button” of the social network Facebook on our website. This is only a link and not a so-called “social plugin”. If you do not use the button, no information is transmitted to Facebook and no Facebook cookie is placed on your computer. As soon as you click the Recommend button without being logged in to Facebook, the Facebook login screen opens in a new window. At the same time, Facebook places a cookie on your hard drive. If you click the button as an already logged in Facebook user, the information that you would like to recommend the article in question is transmitted to Facebook. Visitors to your Facebook page can then – depending on your privacy settings on Facebook – see that you are recommending the article. Pages within Facebook are operated exclusively by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). What data Facebook collects on these pages is beyond our knowledge and potential influence. For general information on this, please visit: http://www.facebook.com/about/privacy/your-info-on-other#applications.
We use the “social bookmark” of the social network Twitter on our website. This is only a link and not a so-called “social plugin”. If you do not use the button, no information is transmitted to Twitter and no Twitter cookie is placed on your computer. As soon as you click the button without being logged in to Twitter, the Twitter login screen opens in a new window. At the same time, Twitter places a cookie on your hard drive. If you click the button as an already logged in Twitter user, Twitter is able to associate your visit with your Twitter account. Pages within Twitter are operated exclusively by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (Twitter). What data Twitter collects on these pages is therefore beyond our knowledge and potential influence. For general information on this, please visit: http://twitter.com/privacy. You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settings.
6. Other links to external offers
Furthermore, insofar as links are provided to websites of other providers, this data protection statement does not apply to their contents. What data the operators of these websites may collect is beyond our knowledge and influence. For information on this, please refer to the data protection notice of the respective website.
7. Is any data transferred to a third country or to an international organisation?
Data is only transferred to third countries (countries outside the European Economic Area (EEA)) if this is necessary for the execution of the requested service, if it is required by law, or if you have given us your consent. Details will be provided to you separately if required by law.
8. How long will your personal data be stored?
If necessary, we process and store your personal data for the duration of the requested service, as long as the specific service is offered, or until the withdrawal of your consent.
9. What data protection rights do you have?
Every affected user has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, and the right to data portability according to Art. 20 GDPR. With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 of the German Federal Data Protection Act (BDSG) shall apply. Furthermore, there is a right to lodge a complaint with a data protection supervisory authority according to Art. 77 GDPR in combination with Section 19 BDSG.
10. Do you have an obligation to provide personal data?
In the context of the services offered and retrievable through our website www.draiflessen.com, you only have to provide the personal data that is necessary for the receiving of the service. Without this data, we will usually not be able to perform the service. In the contact forms provided by us you will find that certain fields are marked “optional”. Data that is marked “optional” is not required by us for the performance of the requested service.
11. Is there automated individual decision-making?
In principle, we do not use automated decision-making procedures according to Art. 22 GDPR.
Information about your right to object according to Art. 21 GDPR
Right to object relating to individual case
You have the right to object at any time to the processing of personal data concerning you for the purposes of advertising. If you object to the processing for advertising purposes, we shall no longer process your personal data for such purposes. The objection need not follow a particular form and, where possible, should be sent to:
Draiflessen Collection gGmbH