1. An overview of data protection
Data recording on this website
Who is responsible for recording data on this website (i.e. the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under the legal notice on this website.
How do we record your data?
We collect your data, for example when you share it with us. This can be, for instance, information you enter into our contact form.
Other data is recorded by our IT systems automat¬ically or after you consent to it being recorded during your website visit. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automat¬ically when you access this website.
For what purposes do we use your data?
A portion of the information is generated to guarantee that the website is provided error-free. Other data may be used to analyse your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which will affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circum¬stances. Furthermore, you have the right to lodge a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time under the address disclosed in the section “Information Required by Law” on this website if you have questions about this or any other data protection-related issues.
General information on the legal basis for the data processing on this website
Analysis tools and tools provided by third parties
There is a possibility that your browsing patterns will be statistically analysed when you visit this website. Such analyses are performed primarily using cookies and with so-called analysis programmes.
Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If you are under an obligation to share your payment information (e.g. account number if you give us the authority to debit your bank account) with us after you have entered into a fee-based contract with us, this information is required to process payments.
Payment transactions using common modes of paying (Visa/MasterCard, debit to your bank account) are processed exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the communication with us is encrypted, third parties will not be able to read the payment information you share with us.
This website is hosted externally. Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
We are using the following host(s):
Hetzner Online GmbH
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
3. General and mandatory information
We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
im Johanneum am Neumarkt
01067 Dresden Telefon +49 (351) 8644-0
Fax +49 (351) 8644-110
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).
Designation of a data protection officer as mandated by law
We have appointed a data protection officer for our company.
Institut für Datenschutz und Datensicherheit
Dresdner Str. 58a
Phone: +49 351 - 27579057
Revocation of your consent to the processing of data
A wide range of data processing transactions are only possible if you give them your express consent. You can also revoke your consent you have given at any time. To do so, all you are required to do is to send us an informal notification via e-mail. This will not affect the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Right to lodge a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to lodge a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to lodge a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to demand that any data we automatically process based on your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
Information about, rectification and erasure of data
Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time at the address provided in the legal notice.
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time at the address provided in the legal notice. The right to demand processing restrictions applies in the following cases:
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the erasure of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its erasure.
- If you have raised an objection pursuant to Art. 21 para. 1 GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – with the exception of their storage – may be processed only subject to your consent or in order to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important reasons of public interest cited by the European Union or a member state of the EU.
Rejection of unsolicited e-mails
We herewith object to the use of the contact information published in conjunction with our duty to publish information in the legal notice to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.
4. Recording of data on this website
Our websites use so-called cookies. Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently stored on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain stored on your device until you actively delete them or they are automatically eradicated by your web browser.
In some cases, third-party cookies may be stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).
Cookies have various functions. Many cookies are technically essential since certain website functions would not work without them (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be to analyze user patterns or display promotional messages.
Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g. for the shopping cart function) or those that are necessary for the optimization of the website (e.g. cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 para. 1 lit. f GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in storing cookies to ensure that its services are provided error-free and in an optimum way. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6 para. 1 lit. a GDPR); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic erasure of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The operating system used
- The referrer’s URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6 para. 1 lit. f GDPR. The operator of the website has a legitimate interest in their website being displayed without technical errors and in an optimum way. In order to achieve this, server log files must be recorded.
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The information you have entered into the contact form shall remain with us until you ask us to erase the data, revoke your consent to the storage of data or if the purpose for which the information is being stored no longer exists (e.g. after we have concluded our response to your inquiry). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
The comment function on this website
When you use the comment function on this website, information on the time the comment was generated and your e-mail-address and, if you are not posting anonymously, the username you have selected will be archived in addition to your comments.
Subscribing to comments
As a user of this website, you have the option to subscribe to comments after you have registered. You will receive a confirmation e-mail, the purpose of which is to verify whether you are the actual holder of the provided e-mail address. You can deactivate this function at any time by following a respective link in the information e-mails. The data entered in conjunction with subscriptions to comments will be deleted in this case. However, if you have communicated this information to us for other purposes and from a different location (e.g., when subscribing to the newsletter), the data shall remain in our possession.
Storage period for comments
Comments and any affiliated information shall be stored by us and remain on this website until the content the comment pertained to has been deleted in its entirety or if the comments had to be deleted for legal reasons (e.g., insulting comments).
Comments are stored on the basis of your consent (Art. 6(1)(a) GDPR). You have the right to revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an informal notification via e-mail. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6 para. 1 lit. f GDPR) or on the basis of your consent (Art. 6 para. 1 lit. a GDPR) if it has been obtained.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
5. Analysis tools
This website uses the open-source web analysis service Matomo.
Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
VG Wort Zählpixel
We have implemented texts on our website, in which a so-called tracking pixel (METIS tracking pixel) is embedded. The provider is the Verwertungsgesellschaft WORT - VG WORT (association with legal capacity by virtue of conferral), Untere Weidenstraße 5, 81543 Munich (hereinafter “VG Wort”).
The pixel counts the views of texts, forwards them anonymously to the VG Wort, in order to determine the distributions for the authors. The use of the VG Wort pixel is based on our legitimate interest in receiving remuneration for the texts published on our website for our authors or for ourselves (Art. 6(1)(f) GDPR). Conflicting interests of website visitors are not apparent, as the data is transmitted to VG Wort in anonymized form.
IIf you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.
The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address, and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.
Data stored for other purposes with us remain unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
7. Plug-ins and tools
YouTube with expanded data protection integration
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google Fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
“Voice Reader Web” text-to-speech function
We use the text-to-speech function Voice Reader Web provided by Linguatec Sprachtechnologien GmbH on our website. Voice Reader Web is a text-to-speech service for public internet content. Visitors to the website can activate this function by clicking on the “Read” icon. This prompts your browser to transfer the highlighted content of the page or the requested document along with your complete IP address to Linguatec Sprachtechnologien GmbH in order to generate the voice output. Linguatec receives the website text directly from the visitor’s browser and generates an audio file, which is sent back to the IP address of the user in streaming mode. Apart from the user’s IP address, no other personal data is recorded, according to Linguatec Sprachtechnologien GmbH. The audio file cannot be generated without transferring this data. Processing of your IP address is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.
We have no control over how Linguatec Sprachtechnologien GmbH uses the data for its own purposes, to what extent it can match activities to individual users, how long Linguatec Sprachtechnologien GmbH stores these data for and whether data are passed on to third parties.
As long as the respective requirements are met, you also have the right to rectification of your data in accordance with Art. 16 GDPR, to erasure in accordance with Art. 17 GDPR, to restrict processing in accordance with Art. 18 GDPR, to object to processing in accordance with Art. 21 GDPR and to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Please note that the operator of Voice Reader Web is responsible for data processed by Linguatec Sprachtechnologien GmbH.
Name and address of responsible party:
Linguatec Sprachtechnologien GmbH
Represented by: Dr. Reinhard Busch
Phone: +49 89 896664-0
Revoking your consent to the transfer of data
8. eCommerce and payment service providers
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary to establish, design the content of or change the legal relationship (data inventory). These actions are taken on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data concerning the use of this website (usage data) only to the extent that this is necessary to make it possible for users to utilize or be invoiced for the services.
The collected customer data will be erased upon completion of the order or the termination of the business relationship. This will not affect any statutory retention provisions.
Data transfer on conclusion of contracts
We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.
No further data will be processed, or only if you have given your express consent to the transfer. Your data will not be shared with third parties in the absence of your express consent, for instance for advertising purposes.
The basis for the processing of data is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual measures.
Ticketcounter online ticket service
To ensure that you can buy tickets online, we use the services of Ticketcounter B.V. and its subsidiaries (e.g. Ticketcounter OS GmbH, Düsseldorf) on our website, grouped under “Ticketcounter” in the following.
When you visit the subpage https://www.verkehrsmuseum-dresden.de/en/your-visit/tickets/online-tickets, your complete IP address will be transferred to Ticketcounter. Processing of your IP address is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Revoking your consent to the transfer of data
Without your consent, resulting in the transfer of your data, we cannot offer you any online ticket services.
Concluding the contract with Ticketcounter
When you buy entrance tickets via our website (online booking), you enter into a contract directly with Ticketcounter. The handling of contract data between you and Ticketcounter is based on Art. 6 para. 1 lit. b GDPR (processing of data for the fulfilment of a contract or for pre-contractual measures) and is beyond our control.
As long as the respective requirements are met, you also have the right to rectification of your data in accordance with Art. 16 GDPR, to erasure in accordance with Art. 17 GDPR, to restrict processing in accordance with Art. 18 GDPR, to object to processing in accordance with Art. 21 GDPR and to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Please note that the operator of the ticketing services is responsible for data processed by Ticketcounter.
Name and address of responsible party:
Ticketcounter OS GmbH
Phone: +49 (0)211 – 93670280
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Instant Transfer Sofort
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method “Sofortüberweisung”, please send the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. Sofort GmbH automatically checks your account balance after logging in and carries out the transfer to us with the help of the TAN you have transmitted.
Afterwards, it immediately sends us a transaction confirmation. After you log in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also checked automatically. In addition to the PIN and the TAN, the payment data entered by you as well as personal data will be transmitted to Sofort GmbH. The data about your person are first and last name, address, telephone number(s), email address, IP address and possibly other data required for payment processing. The transmission of this data is necessary to determine your identity beyond doubt and to prevent fraud attempts.
For details on payment with immediate bank transfer, please refer to the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
The provider of this payment service is the Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the US. The data transfer to the US is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
The provider of this payment service is the Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).
Great Britain is considered a secure non-EU country as far as data protection legislation is concerned. This means that the data protection level in Great Britain is equivalent to the data protection level of the European Union.
VISA may transfer data to its parent company in the US. The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
9. Custom services
Handling applicant data
We offer website visitors the opportunity to submit job applications to us (e.g. via e-mail, via postal services on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.
Scope and purpose of the collection of data
If you submit a job application to us, we will process any affiliated personal data (e.g. contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment of an employment relationship. The legal grounds for this are § 26 New GDPR according to German Law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract negotiations) and – provided you have given us your consent – Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.
If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 New GDPR and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship in our data processing system.
Data Archiving Period
If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your agreement (Article 6(1)(a) GDPR) or if statutory data retention requirements preclude the deletion.
10. Our social media presence
Data processing by social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. They are described in detail in the following:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, the data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This means that interest-based advertising may be shown to you within and outside of the respective social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are or have logged into.
We want our social media sites to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, rectification, erasure, restricting processing, data portability and lodging a complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite sharing responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Duration of storage
The data collected directly from us via our social media presence will be deleted from our systems as soon as the purpose for their storage expires, if you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
Individual social networks
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customise your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter is certified under the EU-US Privacy Shield.
You can customise your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.
You can customise your YouTube privacy settings in your user account. Click on the following link and log in: https://adssettings.google.com/authenticated.