Privacy Policy

In the following, we inform you about the processing of personal data when using our  website www.documenta-fifteen.de.

Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior or IP address. Person responsible pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR)

documenta und Museum Fridericianum gGmbH
Friedrichsplatz 18
34117 Kassel
T +49 561 707270
F +49 561 7072739

Imprint

You can contact our data protection officer as follows:

Mr. Stephan Blazy or his deputy Dr. jur. Kevin Marschall (https://gdpc.de/) by postal mail at the above address accompanied by the words “data protection officer”—or by e-mail at datenschutzbeauftragter@documenta.de or phone at: +49 561 83099165.

We are very pleased that you are visiting our Internet pages. It is generally possible to use our website without providing personal data. If the person concerned wants to use one of our company’s services or activities via our website, processing of personal data is probably necessary. If the processing of personal data is required and there is no legal basis for such processing, we will obtain the consent of the person concerned.

The processing of personal data, such as the name, IP address, postal address, e-mail address, or telephone number of the person in question shall always be in line with the country-specific data protection regulations applicable to us, in particular in compliance with the Hessian Data Protection and Freedom of Information Act (HDSIG).

Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, everyone concerned is free to transmit personal data to us by alternative means, for example by phone or postal mail.

1. Scope and purpose of the processing of personal data

1.1 Accessing and visiting the website

When this website is accessed, data is automatically sent to the server of this website by the Internet browser used by the visitor and stored for a limited period of time in a log file at our host and service provider for a maximum of two weeks. Until automatic deletion, the following data will be stored without further input by the visitor:

  • IP address of the visitor’s terminal device,
  • date and time of access by the visitor,
  • name and URL of the page accessed by the visitor,
  • the website from which the visitor accessed the website (so-called referrer URL),
  • the browser and operating system of the visitor’s terminal device and the name of the access provider used by the visitor.

The processing of this personal data is based on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f) General Data Protection Regulation (GDPR). We therefore have a legitimate interest in the processing of data for the purpose of:

  • establishing a connection to the website quickly,
  • enabling a user-friendly application of the website,
  • detecting and ensuring the security and stability of the systems and facilitating and improving the administration of the website.

The processing is expressly not carried out for the purpose of obtaining knowledge about the visitor to the website.

1.2 Contact via e-mail (e-mail client on your computer)

Visitors can send messages to us, in particular via e-mail, voluntarily providing personal data. In order to be able to receive a response from you, it is necessary for you to provide at least a valid e-mail address and your last name. All other information can be given voluntarily by the inquiring person but that person is not obligated to do so. By sending the e-mail, the visitor consents to the transmitted personal data being processed. The data is processed exclusively for the purpose of handling and responding to inquiries. This is done on the basis of the voluntarily consent provided purusant to Art. 6 para. 1 sentence 1 letter a) GDPR. The data received from you via this communication channel and processed by us will be automatically deleted as soon as the request is completed and there are no reasons for further storage (e.g. subsequent commissioning, a donation or the like).

In the framework of correspondence with us by e-mail, your personal data may also be transferred to service providers outside the European Union and the European Economic Area (EEA) through the e-mail service we use, Microsoft Office 365 in the USA. A transfer will only take place on the basis of EU standard contractual clauses as appropriate safeguards to protect your personal data in an insecure country. Information on the processing of your personal data by the controller “Microsoft Corporation” is provided by the latter under the following link: https://privacy.microsoft.com/de-de/privacystatement.

You can request detailed information on this and on the level of data protection at our service providers in third countries using the contact information above.

1.3 Newsletter

If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter (a so-called double opt-in). Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and for related analysis purposes. This processing, of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 sentence 1 letter a) GDPR). We always try to ensure that your information is up to date. You can therefore inform us at any time if your contact details change. To do so, you can contact us at the addresses listed above. You can revoke your consent to the storage of the data, the e-mail address, and their use for sending the newsletter at any time, for example via the “unsubscribe” link in each newsletter. The legality of the data processing operations that have already been carried out remains unaffected by the revocation. Data that has been stored by us for other purposes also remains unaffected by this.

Our dispatch service provider Sendinblue GmbH uses so-called web beacons or tracking pixels. Tracking pixels are extremely small image files, often only 1×1 pixels in size, which are integrated into the newsletter e-mail and thus allow log file recording and log file analysis.

If the user now opens the respective previously loaded email, the tracking pixel is loaded from the Sendinblue server and at the same time some information about the e-mail recipient is transmitted, such as:

  1. whether the e-mail was opened,
  2. the time of the call,
  3. the associated IP address.

We will store the data you provide for the purpose of receiving the newsletter until you unsubscribe from the newsletter, and it will be deleted from our servers and the servers of Sendinblue after you unsubscribe from the newsletter.
Detailed information on the functions of Sendinblue can be found at the following link: https://de.sendinblue.com/blog/email-tracking/.

2. Cookies

The website uses so-called cookies. These are data packets that are exchanged between the server of our website and the visitor’s browser. They are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when the website is visited. Thus, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in each case in connection with the specific terminal device used. We can therefore in no way obtain direct knowledge of the identity of the visitor(s) to the website.
Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are either not accepted on the devices used, or that a special notice is provided in each case before a new cookie is created. However, it should be noted that the deactivation of cookies may mean that not all functions of the website can be used in the best possible way. The use of cookies serves to make the use of our website more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.
Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a temporary period of time. When the website is visited again, it is automatically recognized that the visitor has already called up the page at an earlier point in time and which entries and settings were made in the process. As a result, these do not have to be repeated.
Please refer to the list below for the different types of cookies (e.g. cookies that are technically necessary for displaying the website, or cookies that serve statistical and marketing purposes) that are set on your terminal device when you visit our website, as well as further information on these cookies (e.g. provider, purpose, storage period, etc.).
For cookies that are not technically mandatory, we obtain your consent (via the information window that opens at the beginning of your visit to our website) in accordance with Art. 6 Para. 1 lit. a GDPR. The processing associated with the setting of technically mandatory cookies is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

3. Web analysis by Matomo (formerly PIWIK)

3.1 Scope of the processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software stores a cookie on the user’s computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:

  • two bytes of the IP address of the calling system of the user(s),
  • the website called up,
  • the website from which the user has reached the website called up (referrer),
  • the subpages called up from the website that has been called up,
  • the time spent on the website,
  • the frequency with which the website is called up.

The software runs on the servers of our website. Personal data of the users is stored only there. The data is not passed on to third parties.
The software is set so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign a shortened IP address to the calling computer.

3.2 Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is the consent of each user pursuant to Art. 6 para. 1 lit. a GDPR. The consent is realized and stored by means of a cookie banner (information window at the beginning of the visit to the website).

3.3 Purpose of data processing

The processing of our users’ personal data enables us to analyze their surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymizing the IP address, the interest of users to protect their personal data is adequately taken into account.

3.4 Duration of storage

The data is deleted immediately as soon as it is no longer required for our recording purposes.

3.5 Removal option

Cookies are stored on the user’s computer and transmitted by it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings via the link at the end of this privacy policy, you can revoke the placing of cookies.

4. Links to other websites

On our website, we link to the online offerings of the social networks Instagram, Facebook, Twitter, YouTube, Soundcloud, Xing and LinkedIn, on which documenta und Museum Fridericianum gGmbH maintains its online presence (see 5. presence and offerings on social networks and online platforms).
On our website, we also link to the online services of Deutsche Bahn, Google Maps, and Kasseler Verkehrs-Gesellschaft (KVG). documenta und Museum Fridericianum gGmbH does not pass on any personal data to the respective site operators. The respective site operators are responsible for the processing of your personal data.

5. Appearances and offers on social networks and online platforms

In order to make our cultural offerings and related information accessible to a large number of people, we are active on social networks. We would like to point out that the social media we use operate on a global scale and therefore it cannot be ruled out that your personal data will also be processed outside the EU. To ensure that your data protection rights are also protected in the event of a transfer to third countries, a transfer will only take place in accordance with Art. 44 et seq. GDPR and Art. 49 GDPR. Furthermore, we would like to draw your attention to the fact that the respective platform operators may in part independently process personal data from you and merge it into user profiles. This may also occur in part if you do not maintain a user account with the respective social network. If you are registered as a user with one of the networks, the deployment of the content provided by us will be evaluated and assigned to your profile. This happens regardless of the terminal devices with which you use the media. The tracking and profiling is done for the purpose of offering you an optimal user experience and to provide you with tailored advertising—both within and outside the network. You can find out which techniques the respective operator uses to process your personal data and which opt-out options you have in this regard in the corresponding data protection declarations of the social network as well as in the further information (see below). If you wish to exercise your data subject rights, we recommend that you contact the respective operator of the social network directly. As a rule, documenta und Museum Fridericianum gGmbH does not have access to the personal data processed by the respective operators. documenta und Museum Fridericianum gGmbH receives personal data from the operators of social networks to the extent that you permit this through the settings you have made with the network. The social network operator may provide us with information such as your name, user ID, profile picture, network, gender, username, age or age group, language, country, friends list, followers list, and any other information that you have consented to provide to us or that the social network provides to us (e.g., reports on interactions with our website, etc.). documenta und Museum Fridericianum gGmbH processes the personal data you provide in order to share your opinions with your friends, followers or contacts on the associated social network and to optimize its presence and reach in social media. The processing is thus based on our legitimate interests in reporting on our cultural work and carrying out public relations / PR in general.

Types of data you process when visiting social networks (depending on the setting and network):

  • master data (e.g. user name, name),
  • contact data (e.g. e-mail address),
  • usage data (e.g. usage times, activities),
  • content data (e.g. data provided by you, such as comments, images or videos),
  • metadata (device ID, network and connection, cookie data).

Persons affected by data processing:
The respective user of the social network or the device owner with whose device the service is used.

Purposes:

  • reporting,
  • public relations / PR in general,
  • tracking (e.g. provision of measurements, analyses of surfing and user behavior),
  • reach measurement (e.g. access figures, calls).

5.1 Legal basis (depending on how you relate to the respective operator of the social network):

Our legitimate interests or the legitimate interests of third parties (e.g., the platform providers) (see above) (Art. 6 para. 1 p. 1 lit. f. GDPR). If you have a user account with a social network and have consented to the transfer of your data to third parties as part of your data protection settings, the legal basis for this is the consent to tracking (Art. 6 para. 1 lit. a GDPR).

5.2 Services used and service providers (recipients of your personal data):

Within the scope of our online presence and for the dissemination of our offer and our content, we consequently also make use of external services and service providers, including online platforms. Below you will find important information on the processing of your personal data within the scope of these services and service providers. The specific processing of personal data within the scope of the respective services below depends on several factors (e.g. provider, users’ own privacy settings and activities). If you have any questions about the processing in a specific individual case, you are welcome to contact us or our company data protection officer.

5.2.1 Instagram (social network)

Responsible party: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; Website: https://www.instagram.com; The privacy policy of the provider can be found at: https://de-de.facebook.com/help/instagram/155833707900388 (Further information on the responsible party Facebook Ireland Ltd. forthwith).

5.2.2 Facebook (social network)

Responsible entity: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; The provider’s privacy policy can be found at: https://www.facebook.com/about/privacy. A transfer of personal data to unsafe third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data. An opt-out option and settings for advertisements can be found at: https://facebook.com/settings?tab=ads.

Joint responsibility of documenta and Facebook
We and Facebook Ireland Ltd. are jointly responsible for the processing of your personal data that is generated or collected and used in the course of visiting and using the relevant services. The main contents of the agreement on the joint processing of personal data pursuant to Art. 26 GDPR on Facebook pages or on services offered by Facebook are available at : https://www.facebook.com/legal/terms/page_controller_addendum. The privacy policy of the provider for the Facebook pages can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

5.2.3 YouTube (social network, media portal)

Responsible entity: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; the provider’s privacy policy can be found at: https://policies.google.com/privacy. A transfer of personal data to unsafe third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data. An objection option (opt-out) regarding the data processing carried out by Google—in individual cases—can be found at: https://adssettings.google.com/authenticated.
Our website uses plugins from the YouTube site operated by Google. YouTube sets cookies on the terminal device you use, which can also be used to analyze usage behavior for market research and marketing purposes. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. The basis for the use of the YouTube plugins is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Please note that without your consent, it is not possible to play the embedded YouTube videos. If you have not given your consent in our cookie banner, you have the option to do so directly via a lock screen in the embedded video. In addition, you can manage your consents at any time via the “Cookie settings” link at the very bottom of this page. If you wish to revoke the consent you have given, you can also do so via the same route.

5.2.4 Twitter (social network, short message service)

Responsible entity: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, DO2AX07 Ireland Inc. parent company: Twitter Inc. 1355 Market Street, Suite 900, San Francisco CA 94103. The provider’s privacy policy can be found at: https://twitter.com/de/privacy. The website of Twitter on which you can make settings, including privacy settings, can be found at https://twitter.com/personalization. According to Twitter, your data may also be transferred to, stored, and processed in the U.S. and any other countries in which Twitter operates (including insecure third countries). A transfer of personal data to insecure third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data.

5.2.5 XING / New Work SE (professional network)

Responsible entity: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany; Website: https://www.xing.com; You can find the provider’s privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung?sc_o=navigation_footer. You can find an objection option (opt-out) at: https://privacy.xing.com/de/datenschutzerklaerung/informationen-die-wir-auf-grund-ihrer-nutzung-von-xing-automatisch-erhalten.

5.2.6 LinkedIn (professional network)

Responsible entity: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Parent company: LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085; Website: https://www.linkedin.com; The provider’s privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy. A transfer of personal data to insecure third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data. You can find an objection option (opt-out) as well as the settings for advertisements and privacy of your user account at: https://www.linkedin.com

5.2.7 SoundCloud (social audio platform)

Responsible entity: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; headquarters: c/o Third Floor, 20 Old Bailey, London, EC4M 7AN, United Kingdom; the provider’s privacy policy can be found at: https://soundcloud.com/pages/privacy. A transfer of personal data to insecure third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data. Our website uses widgets of the service SoundCloud. By integrating the widgets, SoundCloud sets cookies on the terminal device you use, which may also serve to analyze usage behavior for market research and marketing purposes. In the process, the SoundCloud server is informed about which of our pages you have visited. Information about playing, sharing, or downloading the audio content via the embedded widgets is also transmitted to SoundCloud in connection with your IP address. If you are logged into your SoundCloud account, you enable the service to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your SoundCloud account. The basis for the use of the SoundCloud widgets is your consent pursuant to Art. 6 (1) lit. a GDPR. Please note that without your consent, it is not possible to play the embedded audio content. If you have not given your consent in our cookie banner, you have the option to do so at any time via the link “Cookie settings” at the very bottom of this page. If you wish to revoke the consent you have given, you can also do so via the same route.

5.2.8 Hootsuite

We process the data provided to us by the social media network operators (e.g. reports) in the social media management software “Hootsuite.” We have a legitimate interest in using this software pursuant to Art. 6 (1) lit. f GDPR. The transfer to Hootsuite in Canada is covered by an adequacy decision of the EU Commission.
Hootsuite enables us to manage multiple social media accounts. Posts can be prepared, scheduled, published, liked, and shared in it. At the same time, the channels of the different services can be tracked within Hootsuite in order to follow discussions on the social web that are relevant for us.
documenta und Museum Fridericianum gGmbH has only limited access to your publicly available social media profile data. In addition, we have no conclusive knowledge of the extent to which Hootsuite collects your user data. You can find further information on this in Hootsuite’s privacy policy at: https://hootsuite.com/de/legal/privacy.

6. Data protection during applications and the application process

The primary purpose of data processing is to carry out and process the application process and to assess the extent to which you are suitable for the position in question. As a result, the processing of your applicant data is necessary to be able to decide on the establishment of an employment relationship and thus on the hiring. The primary legal basis for this is Art. 6 (1) lit. b) GDPR in conjunction with. Section 23 (1) HDSIG. The processing of special categories of personal data—insofar as necessary for the decision on recruitment—is based on Art. 9 (1) GDPR in conjunction with. Section 23 (3) HDSIG. If you have voluntarily provided us with special categories of personal data whose processing is not necessary for the decision on recruitment, the collection and processing will be based on your consent given with the submission. We also collect and process personal data of applicants on the basis of legitimate interests for the defense of legal claims (in particular from the General Equal Treatment Act (AGG) pursuant to Art. 6 para. 1 p.1 lit. f GDPR. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. We have set up a special e-mail address for applications by e-mail [bewerbung@documenta.de]. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no such contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the decision regarding rejection, provided that no other legitimate interests on our part prevent deletion. An example of an “other legitimate interest” in the sense just mentioned is, for example, the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

7. Data protection information for participation in events/exhibitions

We process the personal data you provide to us as part of the registration process for the purpose of preparing and holding the respective event as well as for capacity planning on the basis of your consent granted through registration pursuant to Art. 6 (1) lit. a GDPR and, depending on the type of event, on the basis of a contract pursuant to Art. 6 (1) lit. b GDPR. You can revoke your consent at any time with effect for the future. A revocation has the consequence that we can no longer use your personal data for the event—which requires registration—and your participation in the event is therefore excluded.
To the extent necessary, we process your data beyond your consent in accordance with Art. 6 (1) p. 1 lit. f GDPR to protect our or third parties’ legitimate interests, such as for the defense in legal disputes.
Please note that photographs or video recordings will be made at our events and the image or video material may be published on the Internet, on the sites operated by documenta und Museum Fridericianum gGmbH or its cooperation partners, or on social media and/or in one of the publications of documenta und Museum Fridericianum gGmbH or its cooperation partners, for the purpose of public relations (in particular reporting) on the respective event.
By participating in the event, you consent to the publication of photographs and video recordings made during the event (§§ 22, 23 KUG). The collection, i.e. the photographic recording and its processing, is carried out for the purpose of an illustrated report on the basis of Art. 6 para. 1 p. 1 lit. f GDPR. We would like to point out that you may object to this processing pursuant to Art. 21 (1) GDPR for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
The objection should be sent to the above address.

We would like to point out that the documentation of the event may also result in data worthy of archiving, which may be transferred to the holdings of the documenta archiv. Should archival records contain personal data about you, we will process these data on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with. § 7, 8, and 11 HArchivG. We process the special categories of personal data that may be processed in this context on the basis of Section 25 HDSIG.

If you have any questions about this information, including your (data protection) rights, you can contact our data protection officer datenschutzbeauftragter@documenta.de.

8. Data protection information for online offers / webinars via “Zoom Video Communication” by documenta und Fridericianum gGmbH

In the following we inform about the processing of personal data in connection with the use of “Zoom”. 

8.1 Purpose of processing

We use the tool “Zoom” to conduct online offers (e.g. “Online Walks and Stories”), online meetings, video conferences and/or webinars (hereinafter referred to as “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc., which has its registered office in the USA.

8.2. Controller

The controller for data processing directly associated with the conducting of online meetings is: 

documenta und Museum Fridericianum gGmbH
Friedrichsplatz 18
34117 Kassel
office@documenta.de

You can get in touch with our official data protection officer by post at the above address preceded by the words “data protection officer”, by e-mail at datenschutzbeauftragter@documenta.de or by telephone on +49 561 8309 9165.

N. B.
If you access the web page of “Zoom”, the provider of “Zoom” will be responsible for the processing of your data. However, the web page only needs to be accessed for the use of “Zoom” to download the software. You can also use “Zoom” if you enter the appropriate meeting ID and – if required – other access data for the meeting directly in the “Zoom’ app. If you do not wish or are not able to use the “Zoom” app, the basic functions can be used via a browser version which is also to be found on the “Zoom” website.

8.3 Welche Daten werden verarbeitet? Which data are processed?

Depending on the type and context of use, various different kinds of data are processed when you use “Zoom”. The extent of the data also depends on what data details you provide before or during your participation in an online meeting and what the subject of your actual participation is.

The following personal data are or may be subject to processing:

  • Information on the user: forename, surname, telephone number (optional), e-mail address, password (if ‘single sign-on’ is not being used), profile image (optional), department / position (optional)
  • Meeting metadata: topic, description (optional), IP addresses of participants, information on devices / hardware
  • In the case of recordings (optional, depending on the individual case in question): MP4 file with all video, audio and presentation recordings, M4A file with all audio recordings, text file with online meeting chat
  • In the case of connection via telephone: information on incoming and outgoing numbers, name of country, starting and finishing time – other connection data such as the IP address of the device may also be stored
  • Text, audio and video data: You may have the possibility to use the chat, questions or survey functions in an online meeting. If so, your text input will be processed so that it can be displayed at the meeting and, if appropriate, recorded. To enable video to be shown and audio to be played back, the data from the microphone of your device and, if it has one, the data from the video camera will be processed. You can switch off the camera yourself, or switch the microphone to silent, at any time via the ‘Zoom’ applications.

8.4 Scope of processing

We use “Zoom” to hold online meetings. If we wish to record such a meeting, we will inform you of the fact clearly ahead of the event and – if necessary – request your consent. The recording itself will also be shown to you in the “Zoom” app. There will not be any recording of online guided tours in our ‘sobat sobat’ format. 

If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. As a rule, however, this will not be the case.

If you are registered as a user with “Zoom”, reports on online meetings (meeting metadata, data for connection by telephone, questions and answers in webinars, and the survey function in webinars) can be stored in “Zoom” for up to one month.

When we use “Zoom” as a host, the “attention tracking” function is deactivated as standard, which prevents us from processing the data concerned.

8.5 Legal bases of data processing

For the rest, the legal basis for data processing in the holding of online meetings is Art. 6 1. (b) of the General Data Protection Regulation (GDPR), provided that the meetings are held in the framework of contractual relationships (e.g. for the rendering of services that you have booked in our webshop).

If there is no contractual relationship, or no contractual relationship yet, the legal basis is Art. 6 1. (f) of the GDPR. Our interest here consists in holding online meetings in an effective and productive way.

8.6 Recipient / transfer of data

As a matter of basic principle, personal data which are processed in connection with participation in online meetings are not transferred to third parties provided that they are not specifically intended for transfer. Other data recipients: as a matter of necessity, the provider of “Zoom” receives knowledge of the above data if provision for this has been made by “Zoom”. For further information on data processing by “Zoom” go to https://explore.zoom.us/de/privacy/ 

8.7 Data processing outside the European Union

“Zoom” is a service rendered by a provider in the USA. The processing of the personal data thus takes place in an insecure third country (Art. 44 ff. of the GDPR). An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses, including supplementary protective measures (e.g. end-to-end encryption of data transfer; pseudonymisation).

We do not have any influence on further data processing by Zoom. For information on this go to https://explore.zoom.us/de/trust/

8.8 What rights do you have as a data subject?

In respect of the processing of your personal data you have a wide range of rights, in particular the right of access to the personal data stored with us (Art. 15 of the GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and the right to object to processing (Art. 21), especially in the case of direct marketing. Heed should be paid to the restrictions in Sections 31 to 35 of the Hessian Law on Data Protection and Freedom of Information (HDSIG) concerning the rights of data subjects. 

Furthermore, you have the right to complain to the competent supervisory authority for data protection (Art. 77 of the GDPR), to which we hereby draw your specific attention. You can contact the supervisory authority which is responsible for us at the following address:

The Hessian Officer for Data Protection and Freedom of Information
P. O. Box 3163
65021 Wiesbaden
Contact / e-mail: https://datenschutz.hessen.de/print_panel?nid=6 

 

8.9 Erasure of data

We erase personal data as a matter of basic principle if there is no longer any reason for continuing to store them. In particular, there may be such a reason if the data are still required for the fulfilment of contractual performance, for the examination of warranty or guarantee claims and for granting or defending against them. If the data are subject to statutory obligations to preserve, their erasure will continue to be out of the question until the obligation or obligations concerned have expired. If you require any further information – about your own actual individual case – on the erasure of the relevant data, please feel free to apply to our data protection officer at the contact data provided here. 

9. Your rights

You have rights vis-à-vis us with regard to the personal data concerning you. Special legal regulations may prevent the fulfillment of general data protection rights. If you assert a corresponding right and special legal regulations prevent us from fulfilling it, we will inform you of this, stating the specific reasons. You are entitled to the data protection rights listed below:

9.1 Information

Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

9.2 Correction

Pursuant to Art. 16 GDPR, you can immediately request the correction of incorrect data or the completion of your personal data stored by us.

9.3 Deletion

Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims.

9.4 Restriction of processing

Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, the processing is unlawful, but you object to its deletion and we no longer need the data, or you need it for the assertion, exercise, or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.

9.5 Data portability

Pursuant to Art. 20 GDPR, you may receive the personal data you have provided to us in a structured, common, and machine-readable format or request that it be transferred to another controller.

9.6 Revocation

Pursuant to Art. 7 (3) GDPR, you have the right to revoke the consent you have given to us at any time (e.g. in writing or by e-mail). This has the consequence that we may no longer continue the data processing based on this consent for the future.

9.7 Complaint

Pursuant to Art. 77 GDPR, you may complain about our processing of your personal data to the responsible supervisory authority at any time. The supervisory authority responsible for us (The Hessian Commissioner for Data Protection and Freedom of Information) is based at Gustav-Stresemann-Ring 1, 65189 Wiesbaden.

9.8 Objection to the processing of your data

To the extent that we base the processing of your personal data on our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f GDPR, you may object to the processing, in particular if the processing is carried out for advertising purposes. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which we show in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of a justified objection on your part, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time.

You can inform us of your objection using the contact details above.

Amendment of the data protection statement
(as of August 1, 2022).

Due to the ongoing iterative development of the Internet offer and/or legal developments, it may be necessary for us to make adjustments to our privacy policy from time to time.

This is a historical website. The imprint available here was valid on the date of the website’s publication and is only kept in the original for archival purposes. Here you can get the imprint currently valid for this site and further information.

Ok