Data Protection Declaration
Privacy policy
Below we inform you about the collection and further processing of your personal data when you access and use our online services. Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes, for example, the name, e-mail address or telephone number. Below we inform you about the collection and further processing of your personal data when you access and use our online services. Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes, for example, the name, e-mail address or telephone number.
Responsible
The controller within the meaning of Art. 4 No. 7 GDPR is the
World Heritage Site Völklinger Hütte,
European Centre for Art and Industrial Heritage GmbH
Rathausstraße 75-79
66333 Völklingen
Germany
mail@voelklinger-huette.org
Telephone: +49 (0) 6898 / 9 100 100
Data protection coordinator and data protection officer
If you have any questions about data protection or would like to exercise your rights as a data subject, you are welcome to contact our data protection officer or one of our data protection coordinators:
Contact details Data Protection Officer:
Mr Gregor Theado - BTL Rechtsanwälte in Bürogemeinschaft
Scheidter Street 2
66123 Saarbrücken
Germany
Telephone: 0681 93 88 2601
Fax: 0681 93 88 2607
E-mail: sekretariat-theado(at)btl-recht.de
Contact details data protection coordinator:
datenschutz@voelklinger-huette.org
Security of the data transfer
The user's personal data is transmitted to the provider's server using SSL (Secure Socket Layer) security technology.
Protection of minors
Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people. We do not knowingly collect such data and do not pass it on to third parties.
Duration of storage of personal data
Unless otherwise stated in this policy, personal data will be deleted as soon as the purpose for which it was collected has ceased to exist, unless there is a legal obligation to retain the data (e.g. 10 years for tax purposes for all data relevant to the tax case, or 6 years for commercial and professional purposes) or a statute of limitations for data that may be useful for criminal prosecution. The personal data collected by us for contact enquiries will generally be deleted after processing your enquiry, unless legitimate interests require longer storage (e.g. due to announced further enquiries, etc.). If your enquiry leads to the conclusion of a contract, your data will be deleted immediately after expiry of the statute of limitations and statutory retention periods.
Your rights as a data subject
You have the right to access, rectify or erase personal data concerning you, to restrict processing where appropriate, to object to processing (see below for more details) and to data portability. You also have the right to lodge a complaint with a data protection authority. You have the right to revoke a declaration of consent under data protection law at any time with effect for the future.
Right to object according to Art. 21 GDPR
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data with effect for the future in accordance with Art. 21 GDPR, provided that there are reasons arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be exercised by us without reference to any particular situation; if you wish to exercise your right to withdraw or object, simply send us an e-mail.
Data processing when visiting our online services
1. access to the website
You can visit our websites without providing any personal data. Every access to the website is stored in a log file for a maximum of 1 year; the access data includes:- name of the website accessed,- file, date and time of access,- amount of data transferred,- browser type and version,- referrer URL (the previously visited page),- IP address and- the requesting provider.The stored data is only evaluated to optimise the website. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. The legal basis is Art. 6 para. 1 lit. f GDPR.
2. Contacting us
If you have any questions, you can contact us using the form provided on the website. You can also contact us by e-mail or telephone. If you contact us, the information you provide (e.g. in the input mask) will be transmitted to us and stored, and the processing of the personal data you provide to us in this respect serves to enable us to contact you quickly and thus process your enquiry swiftly. This enables us to provide good customer service (legal basis is Art. 6 para. 1 lit. f GDPR or your consent, Art. 6 para. 1 lit. a GDPR). If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
3. Newsletter, ordering information material
If you would like to receive the newsletter, we require a valid e-mail address from you as well as your optional voluntary salutation and your name to address you personally.when you register for the newsletter, we store your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses an e-mail address and registers to receive the newsletter without the knowledge of the authorised party.the legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 lit. a GDPR; you can revoke this consent at any time with effect for the future. The revocation can be made via a link in the newsletters themselves, in the registration area of the newsletter or by notifying us (see contact options) We have commissioned the provider Sendinblue to send our newsletters / e-mail invitations and have concluded a contract for order processing, which guarantees that the data collected via Sendinblue will be processed exclusively in accordance with our instructions and in compliance with the GDPR. When ordering information material and sending invitations to events at the World Cultural Heritage Site, we only use the personal data you provide within the World Cultural Heritage Site and the companies commissioned with the dispatch; the legal basis is Art. 6 para. 1 lit. b GDPR.
4. Cookies
5. Analysis of the websites
If you have given your consent (legal basis is Art. 6 para. 1 lit. a GDPR), various technical programs may be used to optimise the content and offers of our websites and to collect statistical evaluations, which also record data on the behaviour of the user of the websites in anonymous form. For this purpose, for example, data on click behaviour, visit duration, system settings and user origin are collected in the form of text files using analysis software cookies. Cookies are stored on your computer for these analyses. This collected data can be stored on the servers of the operators of the analysis tools. The data collected will not be used to personally identify the user and will not be merged with other personal data of the user.
The following analysis tools are used on our websites:
Website analysis with Matomo
This website uses the open source web analysis service Matomo. The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.
With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
IP anonymisation
We use IP anonymisation for the analysis with Matomo. Your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.
Hosting
We use the externally hosted Matomo Cloud with the following third-party provider
ePrivacy Holding GmbH
Grosse Bleichen 21
20354 Hamburg,
Germany
Conclusion of an order processing contract
We have concluded an order processing contract with these third-party providers, which ensures that the data collected with Matomo is processed exclusively in accordance with our instructions and in compliance with the GDPR.
Consent to Matomo tracking
6. Videos
We have integrated videos on our website. The video services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (regarding YouTube videos) and Vimeo.com Inc, New York 10011, USA (Vimeo videos). The videos are preceded by a window so that the videos are only displayed when you actively click on them. By clicking on the button, you consent to the respective service provider setting cookies on the end device you are using, which may also be used to analyse user behaviour for market research and marketing purposes, and may collect and process other data. The legal basis is Art. 6 para. 1 lit. a GDPR. A transfer of data to the USA cannot be ruled out. You can find more information on the use of cookies by YouTube in Google's cookie policy at https://policies.google.com/technologies/types?hl=de. Further information on this can also be found at http://www.youtube.com/t/privacy_guidelines and in the privacy policy published by YouTube, which is available at https://policies.google.com/privacy?hl=de/. These provide information about the collection, processing and use of personal data by Google. You can find this information for Vimeo at https://vimeo.com/privacy.
7. Online shop
When you place an order via our website, we process the following data: Title, first name, surname, address, postcode, city, country, email address, telephone number.
The collection of data serves in particular to identify the person without any doubt, to fulfil the contract, for accounting purposes and to send the mandatory information required in e-commerce. The collection of the telephone number serves to make direct contact in cases where visitors need to be informed of changes, cancellations, etc. at short notice.
The legal bases are Art. 6 para. 1 lit. b, c in conjunction with, among others, § 14 UStG and f DSGVO.
Internet payment
We transmit the data required for payment processing to our Internet payment service partner for the purpose of billing, as well as to the companies commissioned with the dispatch of the ordered goods.
Our internet payment service partners are:
PAYONE GmbH
Lyoner Straße 15
60528 Frankfurt am Main
Germany
info@payone.com
www.payone.com
The applicable data protection provisions of Payone GmbH can be found at: https://www.payone.com/DE-de/dsgvo.
Furthermore the
PayPal (Europe) S.à.r.l. & Cie. S.C.A.
22-24 Boulevard Royal
2449 Luxembourg,
If you pay with PayPal, the payment data you enter will be transmitted to PayPal.
PayPal's privacy policy is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
8 Other data processing
In addition to the cases expressly mentioned in this privacy policy, we only process your data if
- you have consented to this in accordance with Art. 6 para. 1 lit. a GDPR,
this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR (e.g. transmission to service providers required for the fulfilment of the contract, in particular postal services, etc.)
- there is a legal obligation for the processing pursuant to Art. 6 para. 1 lit. c GDPR (in particular tax and commercial law storage and transmission obligations), and
processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, in particular for the establishment, exercise or defence of legal claims (e.g. disclosure to courts, debt collection agencies, lawyers, tax advisors, auditors, etc.), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Recipients of the data may also be service providers on whose services we rely to operate our company (e.g. technical service providers for the maintenance of the software and IT landscape, hosting providers) and to fulfil our contractual obligations. These process your data for us as so-called processors and are obliged to handle the data with care.