Data Protection Declaration
Thank you for your interest in our museum and our offering. We want you to provide you with maximum security when you visit our websites, also with regard to your personal data.
The protection of your personal data is a matter of great importance to us. We consider it a matter of course and an obligation to comply with the statutory regulations on data protection (EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act).
In the following, you can find out when we collect data, which data we collect and how we use it. We have implemented suitable technical and organizational measures that ensure that we, as well as our partners and external service providers, fully comply with data protection regulation.
I. Name and address of responsible entity
The responsible entity under the terms of the GDPR and applicable national data protection acts as well as other data protection statutes is:
Freilichtmuseum Hessenpark GmbH
Laubweg 5
61267 Neu-Anspach
Germany
Phone: +49-6081-588-100
Fax: +49-6081-588-120
Email: service@hessenpark.de
www.hessenpark.de
II. Name and address of of data protection officer
The data protection officer of the responsible entity is:
Florian Marquardt
Laubweg 5
61267 Neu-Anspach
Germany
Phone: +49-6081-588-666
Email: datenschutz@hessenpark.de
III. General information on data protection
1. Scope of processing personal data
Personal data refers to information about your person, including your name, address, phone number and email address, but also your location, IP address or bank details.
As a rule, we only process personal data to the extent necessary to provide a fully functional website and our content and services. Personal data of our users is frequently processed only after acquiring users’ consent. Exceptions apply in cases in which it is not feasible to acquire prior consent for factual reasons and the processing of data is permissible under applicable statutory provisions. This includes, for instance, callback requests, the sending of information material and/or offers, or the answering of individual questions by email. Where required, we will notify you accordingly. Beyond that, we only store and process data provided by you voluntarily or automatically.
If you book one of our offers, we generally only collect data required to perform our services. Personal data is exclusively processed in the context of performing the requested service and to preserve our legitimate business interests.
2. Legal basis for processing personal data
Art. 6 (1a) GDPR provides us with the legal basis for data processing activities, for which the data subject (user) has given consent to the processing of his or her personal data for one or more specific purposes.
In cases where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, Art. 6 (1b) GDPR serves as the legal basis.
In cases where processing is necessary for compliance with a legal obligation to which the controller (responsible entity) is subject, Art. 6 (1c) GDPR serves as the legal basis.
In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1d) GDPR serves as the legal basis.
In cases where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1f) GDPR serves as the legal basis.
3. Data deletion and storage periods
The personal data of data subjects is deleted or blocked when the purpose of data storage is fulfilled. Storing of data beyond this point may become necessary if longer storage periods are stipulated by European or national authorities in EU regulations, laws or other provisions that apply to the responsible entity. Data is also deleted or blocked when a storage period stipulated in the listed statutes expires, provided that data is no longer required for the conclusion or execution of a contract.
IV. Provision of website and creation of log files
1. Description and scope of data processing
Each time you visit our website, our system automatically collects data and information from the computer system of your end device.
The following data is collected:
(1) browser type and version used
(2) user’s operating system
(3) user’s IP address
(4) date and time of visit
(5) referrer URL (website where a person clicked to link that sent them to our website)
Log files contain IP addresses and other data that can be allocated to a specific user.
Data is stored in our system’s log files. We do not store this data together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1f) GDPR.
3. Purpose of data storage
The temporary storing of the IP address on the system is necessary to enable a delivery of the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Data is stored in log files to safeguard the website’s operability. Furthermore, the data allows us to optimize our website and guarantee the security of our IT systems. In this context, data is not processed for marketing purposes.
These purposes constitute our legitimate interests in accordance with Art. 6 (1f) GDPR.
4. Storage periods
Personal data is deleted when the purpose of data storage ceases to apply. With regard to data collected to provide the website to the user, this is the case at the end of the respective session.
In the case of data stored in log files, this is the case after seven days at the latest. Longer storage periods may apply. In such cases, however, the IP addresses of users are deleted or anonymized to make it impossible to identify the accessing client.
5. Right to object, right to erasure
The collection of data for delivering the website and its storage in log files is essential to operating the website. Consequently, the user has no option to object to the collection and storage of such data.
V. Use of Cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are small text files sent to your computer and stored in your browser and/or your computer system. When a user visits a website, a cookie may be stored in the user’s operating system. This cookie contains a characteristic character string, which allows us to recognize the browser the next time the user visits our website.
On our website, we use cookies that enable us to analyze users’ web surfing activities.
In this context, the following data is transmitted:
(1) Entered search terms
(2) Frequency of site visits
(3) Use of website features
We apply technical measures to anonymize user data collected in the process that make it impossible to allocate data to a specific user. Such data is not stored together with other personal data of users.
When users visit our website, they are informed about the use of cookies for analysis purposes and referred to this privacy policy through a web banner. Furthermore, we provide information on how to disable the storage of cookies in the browser settings.
2. Legal basis for data processing
The legal basis for the processing of personal data using technically required cookies is Art. 6 (1f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes, provided that the user has given consent, is Art. 6 (1a) GDPR.
3. Purpose of data processing
Analysis cookies are used to improve the quality of our website and its content. They enable us to analyze how the website is used and, consequently, to continuously optimize our offering.
These purposes constitute our legitimate interests in accordance with Art. 6 (1f) GDPR.
4. Storage periods, right to object, right to erasure
Cookies are stored on your computer and transmitted to our website. This means that you as the user have full control over the use of cookies. You can change your browser settings to disable or restrict the transfer and use of cookies. Previously stored cookies can be deleted at any time, also in an automated fashion. Please note that blocking or removing cookies may adversely affect your ability to use the website.
VI. Newsletter
1. Description and scope of data processing
Our website uses cookies. Cookies are small text files sent to your computer and stored in your browser and/or your computer system. When a user visits a website, a cookie may be stored in the user’s operating system. This cookie contains a characteristic character string, which allows us to recognize the browser the next time the user visits our website.
On our website, we use cookies that enable us to analyze users’ web surfing activities.
In this context, the following data is transmitted:
(1) Entered search terms
(2) Frequency of site visits
(3) Use of website features
We apply technical measures to anonymize user data collected in the process that make it impossible to allocate data to a specific user. Such data is not stored together with other personal data of users.
When users visit our website, they are informed about the use of cookies for analysis purposes and referred to this privacy policy through a web banner. Furthermore, we provide information on how to disable the storage of cookies in the browser settings.
2. Legal basis for data processing
The legal basis for the processing of personal data using technically required cookies is Art. 6 (1f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes, provided that the user has given consent, is Art. 6 (1a) GDPR.
3. Purpose of data processing
Analysis cookies are used to improve the quality of our website and its content. They enable us to analyze how the website is used and, consequently, to continuously optimize our offering.
These purposes constitute our legitimate interests in accordance with Art. 6 (1f) GDPR.
4. Storage periods, right to object, right to erasure
Cookies are stored on your computer and transmitted to our website. This means that you as the user have full control over the use of cookies. You can change your browser settings to disable or restrict the transfer and use of cookies. Previously stored cookies can be deleted at any time, also in an automated fashion. Please note that blocking or removing cookies may adversely affect your ability to use the website.
VII. Email contact
1. Description and scope of data processing
Our website allows you to contact us by sending an email to the provided email address. If you decide to do so, we will store the personal data transmitted with your email.
Data from your contact email is at no point disclosed to third parties and exclusively used to process your query.
2. Legal basis for data processing
The legal basis for the processing of data from contact emails is Art. 6 (1f) GDPR. In case the email contact is aimed at concluding a contract, Art. 6 (1b) GDPR applies as additional legal basis.
3. Purpose of data processing
In the case of email contact, this purpose constitutes our legitimate interests in processing data in accordance with Art. 6 (1f) GDPR.
Other personal data collected during the sending process is collected to prevent any misuse of the contact form and to guarantee the security of our IT systems.
4. Storage periods
Personal data is deleted when the purpose of data storage ceases to apply. In the case of personal data sent by email, this is the case when the exchange with the user is completed. The completion of an exchange is the point at which circumstances clearly indicate that final clarification or a solution has been reached for the issue in question.
Other personal data collected during the sending process is deleted after a period of seven days at the latest.
5. Right to object, right to erasure
You can revoke your consent to the processing of personal data at any time. If you contact us by email, you have the right to object to the storage of personal data at any time. Please note, however, that we will not be able to continue the exchange with you if you decide to do so.
If you want to revoke your consent, please send an email to service@hessenpark.de. In this case, all personal data collected in the course of the email contact will be deleted.
VIII. Applicant data
1. Description and scope of data processing
You can apply to Freilichtmuseum Hessenpark via the email address personal@hessenpark.de provided on our website. Your personal data will be collected and stored as part of the application process, irrespective of whether you send your information by email or postal mail, and whether you send us an unsolicited application or reply to a specific job offer. Your data will only be made available and processed by the relevant department and staff at Freilichtmuseum Hessenpark GmbH.
2. Legal basis for data processing
Art. 6 (1b) GDPR applies as the legal basis for processing applicant data transmitted by email and aimed at concluding a contract.
3. Purpose of data processing
In the case of an application, data processing serves the purpose of performing the tasks involved in the application process and of concluding an employment contract. We use the pool of applicants who have send us unsolicited applications to search for suitable candidates.
4. Storage periods
Data is deleted after the completion of the application process and the expiration of the required storage period (generally six months). Data from unsolicited applications is deleted after a period of six months at the latest.
5. Right to object, right to erasure
Applicants have the right to revoke their consent to the processing of personal data at any time. If you contact us by email, you have the right to object to the storage of personal data at any time by sending an email to personal@hessenpark.de. Please note, however, that we will not be able to continue the application process if you decide to do so. In this case, all personal data collected in the course of the email contact will be deleted.
IX. Matomo (formerly PIWIK) web analysis
Scope of data processing
We use Matomo (formerly PIWIK) web analysis software (www.matomo.org) for our website. This service is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”). The software places a cookie on the user’s end device (see above for information on cookies). If you access individual pages of our website, the following data is stored:
(1) two bytes of the IP address of the user’s system
(2) accessed website
(3) referrer URL (website where a person clicked to link that sent them to our website)
(4) subpages visited from the accessed website
(5) duration of the website visit
(6) frequency of website visits
The Matomo software exclusively runs on the servers of our website. No personal data of users is collected. The software is set to not store full IP addresses but anonymize two bytes of an IP address (e.g. 192.168.xxx.xxx). This makes it impossible to allocate the abbreviated IP address to the accessing end device.
X. Matterport
Our website uses the services of Matterport Inc., 352 E Java Dr, Sunnyvale, CA 94089, USA, for our virtual tours. Visiting one of our pages equipped with a Matterport space will establish a connection to Matterport’s servers. This means your IP address, browser version and displaying device, source and destination URL and the respective 3D tour’s ID are all shared with Matterport’s servers in the USA.
Matterport services are used in the interest of presenting our online offering in an attractive manner. This constitutes a legitimate interest under Art. 6 Sec. 1(f) GDPR.
Further information on how users’ data is handled can be found in Matterport’s privacy statement at: https://matterport.com/de/privacy-policy
XI. Rights of data subjects (users)
Our website uses the services of Matterport Inc., 352 E Java Dr, Sunnyvale, CA 94089, USA, for our virtual tours. Visiting one of our pages equipped with a Matterport space will establish a connection to Matterport’s servers. This means your IP address, browser version and displaying device, source and destination URL and the respective 3D tour’s ID are all shared with Matterport’s servers in the USA.
Matterport services are used in the interest of presenting our online offering in an attractive manner. This constitutes a legitimate interest under Art. 6 Sec. 1(f) GDPR.
Further information on how users’ data is handled can be found in Matterport’s privacy statement at: https://matterport.com/de/privacy-policy