The operator of this website attaches the utmost importance to protecting the privacy of its website visitors (hereinafter “user/s”). All data made available to the operator is exclusively processed in strict compliance with the General Data Protection Regulation (EU GDPR) and all other data protection laws and/or regulations pertinent to data protection valid in the member states of the EU. This particularly applies to the processing of personal data.
Body responsible for data processing
The body responsible for data processing pursuant to the regulations governing data protection is:
Ehrenburg , 56332 Brodenbach
This data protection policy uses legal terms which are defined in Article 4 of the GDPR. According to the above, “personal data” is any information relating to a natural person who is at least identifiable (Article 4, No. 1 of the GDPR). The term “processing” covers every conceivable form of use in conjunction with personal data (Article 4, No. 2 of the GDPR), i.e. from the collection to the destruction of such.
Data processing on website access
This website is hosted by German webmaster Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany. The webmaster is also obliged to comply with EU GDPR and all other data protection laws and/or regulations pertinent to data protection valid in the member states of the EU. In addition, the operator of this website has entered into a contract with the webmaster governing contract data processing (c.f. Article 28 of the GDPR).In this contract the webmaster pledges to protect the transmitted data, to process it on behalf of the operator according to the data protection regulations and, in particular, not to pass it on to third parties. Users can obtain more information on the further processing of data by the webmaster at https://www.mittwald.de/datenschutz.
Each time the website is accessed data is collected which is stored in the server log files and the web application. The following user data is collected: the user’s Internet protocol address (IP address), the date and time of his/her visit, the request, the answer status (HTTP status code), the website URL from which the current website or file is accessed (referrer), the browser type and version and the user’s operating system.
Log files are stored to ensure the operability of the website and shop application. This data is also used in statistical assessments to optimise the website in the interest of the user and ensure the security and stability of the IT systems. Data is processed based on legitimate interests pursuant to Article 6, Paragraph 1, Sentence 1, f) of the GDPR. The operator of this website guarantees that data is not merged with other data sources. Log files are stored separately from the personal data of the user which is collected through entries on forms. Log files are deleted according to common principles (see General information on the deletion of data).
Data processing by cookies
This website uses what are known as cookies. Cookies are small text files which are stored on the operator’s web server or the user’s platform (PC, tablet, smartphone, etc.) and contain data which enables the website to recognise and identify the user’s Internet browser.
Cookies make it easier for the user to use this website. Data is processed based on legitimate interests pursuant to Article 6, Paragraph 1, Sentence 1, f) of the GDPR. The user can prevent or limit the storage of cookies at any time by making the appropriate settings in his/her Internet browser. Previously stored cookies can be deleted at any time via the Internet browser. The operator would like to point out that this option may limit the operability of this website.
Data processing in conjunction with booking requests
The following data is required when filling in a form in conjunction with the booking of an event: name, phone number and email address. The date and time of the registration and the general data registered when the website is accessed (see Data processing on website access) are also recorded. This data, plus any other voluntary information supplied, is used exclusively for the purpose of processing the booking request and to meet any (pre)contractual obligations.
Data is only passed on to third parties when and in as far as this is necessary to meet the (pre)contractual obligations of the operator or based on the legitimate interests of the operator regarding the economic and effective processing of the booking and payment procedure.
All data collected as a necessary requirement is processed according to Article 6, Paragraph 1, Sentence 1, b) and Article 6, Paragraph 1, Sentence 1, f) of the GDPR, in addition also from Article 6, Paragraph 1, Sentence 1, a) and Article 7 of the GDPR. Data is passed on to third parties pursuant to Article 6, Paragraph 1, Sentence 1, b) and Article 6, Paragraph 1, Sentence 1, f) of the GDPR. Data is deleted according to common principles (see General information on the deletion of data).
Data processing of newsletter subscriptions
When subscribing to the newsletter only the user’s email address is requested as a necessary requirement. The date and time of the registration and the general data registered when the website is accessed (see Data processing on website access) are also recorded. This data is only used to process the user’s subscription to the newsletter.
The operator of this website only sends out newsletters with the consent of the recipient or on legal authority. In as far as the content of the newsletter is specifically described during newsletter subscription, it is covered by the consent of the user. The newsletter otherwise contains promotional information on products or offers provided by the website operator. Users subscribe to the newsletter in what is known as a double opt-in procedure. Following his/her registration, for security reasons the user receives an email in which he/she is asked to confirm his/her subscription.
The user can withdraw his/her consent to receive the newsletter at any time without charge. Each newsletter contains a clearly visible link with which the user can unsubscribe to the newsletter.
The data contained in the required email address and in any voluntary information provided is processed pursuant to Article 6, Paragraph 1, Sentence 1, a) and Article 7 of the GDPR in conjunction with Section 7, Paragraph 2, No. 3 of the Act Against Unfair Competition or on the basis of the legal authority pursuant to Section 7, Paragraph 3 of the Act Against Unfair Competition. Data is deleted according to common principles (see General information on the deletion of data).
Google Maps, Google Fonts
This website uses maps provided by the Google Maps service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to be able to use this map service the user’s IP address must be saved which is usually transmitted to and stored on a Google server in the USA. This website also uses external fonts provided by Google Inc. (Google Fonts). The fonts are linked in by accessing a server at Google. Data is processed based on legitimate interests pursuant to Article 6, Paragraph 1, Sentence 1, f) of the GDPR. The application of the aforementioned services facilitates the use of this website for the user and optimises the way in which the website is presented. Google is certified as being an active participant in Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) which guarantees compliance with EU GDPR and all other data protection laws and/or regulations pertinent to data protection valid in the member states of the EU. Users can find more information on the processing of data at https://www.google.com/policies/.
General information on the deletion of data
Personal data is always immediately deleted once the purpose of storing it has been met in as far as legal storage periods do not stipulate a longer term of storage (c.f. Section 257, Paragraph 1 of the German Commercial Code: six years; Section 147, Paragraph 1 of the Fiscal Code of Germany: 10 years) or storage is required as evidence. Orderly deletion of data is monitored on an annual basis. If data is not deleted, as it is required for other and legally permissible purposes, the processing thereof is restricted.
Security measures of the operator
Subject to Article 32 of the GDPR and taking into account the state of the art, cost of implementation and manner, scope, circumstances and purpose of data processing and the various probabilities of occurrence and seriousness of the risk to the rights and freedoms of the persons affected, the operator continuously implements suitable organisational, contractual and technical measures to ensure that legal data protection regulations are adhered to and the data which is subject to data processing is protected against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The operator has taken the protection of personal data into account in the technical development and design of this website (Article 25 of the GDPR). In particular, security measures include the coded transmission of data between the user’s browser and the operator’s server.
The user has the right to request information at any time as to whether or not and which personal user data is processed (Article 15 of the GDPR). On request the user’s personal data must be issued in a structured, commonly used and machine-readable format (Article 20 of the GDPR).
Furthermore, the user has the right to rectify any inaccurate or complete any incomplete personal data (Article 16 of the GDPR) and – under the provisions of Article 18 of the GDPR – the right to limit the processing thereof.
In as far as the processing of data is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims the user can also request that his/her personal data is erased (Article 17 of the GPDR).
The user may withdraw his/her consent to the processing of data for the future at any time pursuant to Article 6, Paragraph 1, Sentence 1, a) and Article 7 of the GDPR. If data is processed pursuant to Article 6, Paragraph 1, Sentence 1, f) of the GDPR the user can object to data processing for the future unless the operator of this website can provide proof of compelling legitimate grounds for processing which override the interests, rights and freedoms of the user or where the processing of data is required to establish, exercise or defend the legal claims of the operator of this website (Article 21 of the GDPR).
If the user is of the opinion that the processing of his/her personal data infringes data protection regulations, he/she can lodge a complaint with the appropriate supervisory authority (Article 77 of the GDPR). The supervisory authority responsible for the operator of this website is the official representative for data protection and freedom of information for the state of Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, Germany.