Data protection

Our data protection notices contain the following information:

Our contact details and general data processing information

Name and contact details of the responsible party

Staatliche Schlösser, Burgen und Gärten Sachsen gemeinnützige GmbH Stauffenbergallee 2a D-01099 Dresden

represented by the Managing Director, Dr. Striefler

Tel. +49 351 56391-1001

Fax +49 351 56391-1009

service@schloesserland-sachsen.de  

Further information: https://www.schloesserland-sachsen.de/en/legal-notice/   

Contact details of the company data protection officer of the responsible party

Staatliche Schlösser, Burgen und Gärten Sachsen gemeinnützige GmbH

Company data protection officer

Stauffenbergallee 2a

D-01099 Dresden

Datenschutz@schloesserland-sachsen.de 

Legal bases for processing personal data

A contractual relationship in which an event booking, or the order of an annual card, is brought about is normally the basis for processing personal data. Sending information material and newsletters is based on express consent, which you can withdraw at any time with an effect for the future. In such a case, the data in that respect will then no longer be processed.

Deleting data and storage period

We delete the personal data as soon as the purpose for storing the data no longer applies and a statutory regulation does not permit or require further storage.

Our personal data sources

The personal data we process primarily emanates from the data subjects themselves, for example in that

  • in the capacity of users these forward information, such as the IP addresses, to our web server,
  • in the capacity of interested parties request information material or an offer from us,
  • in the capacity of customers grant us an order or enter into a contract with us,
  • in the capacity of press representatives request press releases, comments and the like,
  • in the capacity of suppliers as per agreement supply us with goods or render services and the like on our behalf.

Only in exceptional cases can the personal data we process also emanate from third parties, for example if a person acts in the name of a third party.

Specific categories, purposes and legal bases for processing personal data

We process the following categories of personal data:

  • Users of our website,
  • Interested parties,
  • Representatives of the press,
  • Customers as well as
  • Suppliers.

Depending on the data category, we process personal data for the 

following purposes:

User data: We cannot allocate to any specific person data, which can be attributed to a certain person, of the users of our website (for example the IP address).

Data of interested parties/data of press representatives: Data made available to us as part of an inquiry are only processed in line with the intended purpose as per agreement.

Customer data: We process our customers' data to process contracts or based on granted consent. This also applies to processing procedures that are required to adopt pre-contractual measures (e.g. as part of preparing and negotiating offers).

Supplier data/data from business partners: We process our suppliers' and business partners data to process contracts or based on granted consent. This also applies to processing procedures that are required to adopt pre-contractual measures (e.g. as part of preparing and negotiating offers).

Recipients or categories of recipients of the personal data

Your personal data will only be forwarded to third parties, or otherwise forwarded, if such action is required for the purpose of processing contracts (e.g. to process an order) or for settlement purposes (e.g. to process a payment transaction when purchasing goods or services), if there is a justified interest in forwarding and such action does not override your interests, rights and freedoms or you had effectively consented to such action in the past. Categories of recipients can be 

  • Service providers (publishing houses, printers, promoters and the like)
  • Shipping service providers, suppliers
  • Payment service providers, banks

Data processing in the case of issuing newsletters

You can subscribe to our newsletter free of charge via our website or as part of an inquiry. In that respect, when registering for the newsletter the data entered in the dialog box are forwarded to us. These are

  • E-mail address

In addition, you can use our amendment form to voluntarily enter the following data.

  • Company name
  • Form of address,
  • Title,
  • First name,
  • Surname

In addition, the following data are collected when you register for the newsletter:

  • The user's IP address as well as
  • Date and time of the registration.

This is aimed at preventing misuse of the services or the e-mail address of the data subjects. A so-called double op-in procedure is used to register for our newsletter. This means after registering you will receive an e-mail in which you will be requested to confirm your registration. Such confirmation is required to that nobody can register using a third party e-mail address. As part of the registration procedure your consent is requested, and reference is made to this Data Protection Statement, to process the data. The data are deleted as soon as they are no longer required for sending a newsletter or if you have asked for the sending of the newsletter to be stopped or you have objected to it. 

For processing we store restricted e-mail addresses beyond this for up to three years based on our justified interests to furnish proof of consent granted in the past.

Users can cancel the newsletter subscription at any time. To that end each newsletter has a corresponding link.

Data processing in the case of competitions and campaigns

If you take part in a competition on our website, we collect the data from you that are required to participate in the competition. Normally, these are First and surname, e-mail address and address. We process such data for the purpose of facilitating participation in the respective competition and to inform you by e-mail in the event of a win. We require your address to send you the prize in the event of a win. You can find our General Terms and Conditions of Participation in Competitions here.

Data processing in the online shop

Order forms on the websites

To procure information/material/tickets via SBG, the data required for shipping needs to be collected. Such data are, in each case, collected to process the order and are not forwarded to third parties. The personal data forwarded to SBG in the case of an order are used as follows:

  • Evaluation for internal statistical purposes
  • Use for optimization of the user friendliness (e.g. if you arrange for use to send you information or we answer questions about the order process)
  • Use for marketing campaigns (e.g. newsletter) where you have granted your consent in that respect.

Purchase of the schloesserlandCARD

We process your personal data, in particular your contact details, to process your order. To establish a credit rating we can use information (e.g. also a so-called score value) of external service providers. As soon as you register via the order form of the schloesserlandCARD, including for our newsletter, when purchasing the schloesserlandCARD for 1 year, following expiry of one year you will receive an e-mail containing notices about the current schloesserlandCARD offers.

Processing complaints/schloesserlandCARD exchanges

When processing complaints/schloesserlandCARD exchanges, your data will be processed exclusively for the accounting as part of the exchange.

Purchase of the schloesserlandCARD via the schloesserlandCARD APP

The order is processed by the external service provider Regiondo.  The provisions set out in Regiondo data protection apply. Those provisions can be viewed here. By way of an interface, Regiondo provides information about the purchasing process.

Using the schloesserlandCARD APP

Setting up a profile We will process your personal data when you set up a profile in the schloesserlandCARD APP.  You can view, amend or delete the data stored in the customer portal at any time after registering.  When you delete your data, a schloesserlandCARD that may have been purchased in the APP will also be deleted. We process your contact details (first name, surname, address and e-mail) so that you can use the schloesserlandCARD. A correct entry is a precondition for using the personal card and additional services. All personal data are recorded and stored exclusively for the purpose of the personal use of the schloesserlandCARD. IT service providers support us and undertake to honor data protection requirements as per agreement. 

Check In

When using the Check In process with the schloesserlandCARD in one of our buildings or gardens, local and time-related data are stored and used for internal evaluations. In the case of using the App, we provide a push message function. Your consent is required to use such a function. Insofar as you have consented to the push message function, we can send you information about current dates and new developments to your mobile telephone. You are informed of the receipt of such messages by a corresponding function in your mobile telephone. Insofar as you make use of this service, the push notification token of your device is stored.

Sale of tickets via third party suppliers

Ticket sales via Eventim

In some sections we make use of the sale via the outside service provider Eventim for the service-oriented sale of event and exhibition tickets. The provisions set out in Eventim data protectionapply.

Ticket sales via Etix

In some sections we make use of the sale via the outside service provider Eventim for the service-oriented sale of event and exhibition tickets. The provisions set out in Etix data protectionapply. 

Data processing via brochure orders

You can order our brochures via the brochure database of the Free Federal City of Saxony. By way of the publication database, the Free Federal City of Saxony provides an extensive electronic range of brochures, flyers and other communications media of the State Chancellery, all ministries and numerous other authorities, which can be ordered in electronic or paper form. The authorities that enter their publications in the central publication database maintain the content of their range themselves.

In accordance with Article 4, Number 7, in conjunction with Article13 and Article 14, General Data Protection Regulation, the Saxony State Ministry of the Interior is responsible for processing the personal data. You can find the contact details of the Saxony State Ministry of the Interior, and the official data protection officer, via the link: http://www.smi.sachsen.de/kontakt.htm. 

Your data are processed, by way of applying the security requirements agreed upon accordingly, by the Staatsbetrieb Sächsische Informatik Dienste and T-Systems International GmbH service provider. You can obtain additional data protection information here when ordering brochures via the publication database.

Data processing in the case of customer feedback

Your contact details will be processed to reply to your questions and feedback, and as required where requested by you for participation in the prize draw.  

Guest monitoring via Netigate

Participation in guest monitoring

The guest monitoring on our web pages is provided by Netigate Deutschland GmbH. You will find extensive information about data protection here. Personal data are processed and only used for the purpose of feedback/establishing contact with the customer. The data are stored at SBP only for the purpose of establishing contact.  By way of the guest monitoring via Netigate you are informed of this and your consent is requested. 

Participation in a competition in guest monitoring

When taking part in a competition, we will ask you to provide your first and surnames, your address and e-mail address for the purpose of shipping the respective prize.

Data processing at trade fairs, congresses and events

You can establish contact with us at any time at trade fairs/congresses and events. If you are interested in receiving information and further material, you can complete a contact form at the respective event. You will find further data protection information here for personally establishing contact at fairs or events.

Press data processing

We perform professional and strategic press and public relations work to honor our public service. To that end we collect and store the contact details of editors, journalists, publishers and media representatives. The contact details can be deleted at any time from our distribution list via the unsubscribe button in the corresponding media information or via a corresponding note by e-mail directed to presse@schloesserland-sachsen.de.

Your rights as a data subject

By way of this data protection statement, we are inform you pursuant to Article 13, GDPR about how we process data that can be attributable to a certain person or personal data. In that respect, you have the following rights:

Right to obtain information

You have the right to receive confirmation from us free of charge as to whether or not we process your personal data. If this is the case, you will have the right to obtain information about such personal data and additional information pursuant to Article 15 GDPR. To that end, you can approach us by post or e-mail with your ID details.

Right to rectification

Furthermore, you are entitled to request that we correct without delay inaccurate data that apply to you. 

Right to erasure

You have the right to request the deletion of your personal data if one of the preconditions of Article 17, GDPR, is met. 

Right to restriction of the processing

You have the right to request that we restrict the processing if one of the preconditions of Article 18, GDPR, is met. 

Right to data portability

You are entitled to receive the personal data that applies to you, and which you have made available to us, in a structured, conventional and machine-readable format, and you are have the right to forward such data to another controller without restrictions by us if the preconditions of Article 20 GDPR are met. 

Right to object in the case of processing due to a justified interest

Insofar as we process personal data in exceptional cases as a result of justified interests, you have the right to object at any time to the processing of your personal data for reasons that arise from your special situation. 

Right to object in the case of granted consent

You have the right to withdraw at any time consent given to the use of the collection and use of personal data with an effect for the future. 

Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, we do not perform such automated decision-making.

Voluntary nature of the provision of data

If the provision of personal data is specified by or set out in a contract, as a matter of principle we will draw attention to that when collecting the data. Furthermore, data may, however, be required to enter into a contract. 

Right to lodge a complaint with a supervisory authority

Furthermore, you have the right to lodge a complaint at any time with a data protection supervisory authority at your place of work, place of residence or place of abode within the EU if you believe that the processing of your personal data is unlawful.

Our relevant supervisory authority is

The Saxony Data Protection Officer Kontor am Landtag Devrientstraße D-101067 Dresden

Scope of the processing of personal data via our website

We process and use personal data of our users as a matter of principle only in so far as this is necessary to provide a functioning website, our content and render services. 

Making the website available and creating log files

Server logs

When an internet page is viewed, our system automatically records data and information for technical reasons. Such data are only collected as required in the case of a specific attack or error analysis, and are deleted following the end of the analysis. In that respect, these are

  • Access inquiry on server with URL
  • Browser address
  • IP address

Logs for search words

When using the search function that is made available on our website, we store all the search terms entered in the search with the IP address of the searching party via TYPO3 Search Extension. We use such data as required for internal statistics and to prevent attacks by exploiting security gaps. The IP addresses are rendered anonymous after 10 days.

Establishing contact via the contact form, e-mail contacts, sending faxes and telephone calls

Our website contains contact forms that can be used to establish contact with us electronically in various areas and regarding various topics. In addition to the data you state in the contact form, the IP address and the time of the inquiry are stored. The data will be deleted as soon as the collection of such data is no longer required. 

Using Cookies

So-called Cookies are used when individual pages are visited. These are small text files that are stored on your terminal (PC, Smartphone or Tablet etc.). When you visit the website, a Cookie can be stored by your browser. This Cookie contains a characteristic string, which facilitates a unique identification of the browser when the website is visited in the future. In addition, Cookies can be used by third party suppliers. If this is the case, we will inform you in that respect in these data protection notices separately in the case of information about the respective third supplier tools (such as analysis tools or plug-ins and the like). When visiting our website, the user is informed of the use of Cookies for analysis purposes. In that respect, we store your consent. That data will be deleted after 365 days. Some of the Cookies we use will be deleted following the end of the browser session, i.e. once you have closed your browser (so-called session Cookies). Other Cookies remain on your terminal and enable us or our service providers (third party providers) to identify your browser when you next visit the site (persistent Cookies). 

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (»Google«) Google Analytics uses »Cookies«, which are stored on your terminal and facilitate an analysis of how you use the website. The information created by the Cookie about how you use this website (including your IP address) is transferred to a Google server in the US and stored there. Prior to the storage, the final digits will be removed from your IP address so prevent unequivocally attributing it to a certain person. Google will use this information to evaluate your use of the website, to put together reports on the website activities for the website operator and to render additional services associated with the website and internet use. Where applicable, Google will also forward this information to third parties insofar as this is legally specified or insofar as third parties process the data by order of Google. Under no circumstances will Google associate your IP address with other data of Google. You can prevent the installation of Cookies by way of a corresponding setting in your browser software; however, we draw attention to the fact that in such a case you may not be able to fully use all the functions on this website. By way of using this website you consent to the processing of your personal data that have been gathered by Google in the manner described above and for the purpose described above. Furthermore, the user can prevent the recording of the data created by the Cookie and data related to your use of the website (including your IP address) and forwarding to Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout?hl=en   

In addition, to that end we use Google Analytics to evaluate data from AdWords and the DoubleClick Cookie as well as data from the Google advertising functions solely for statistical purposes. You can deactivate such evaluation at any time via the following link: https://adssettings.google.com/authenticated?hl=en.

Google Adwords Remarketing/Conversion Tracking:

Our website uses the Google Adwords service. Google AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). By way of the remarketing function, we can present advertisements to the users of our website, based on their interests, on other websites within the Google Display Network (on Google itself, so-called "Google Advertisements" or on other websites).  

In the case of Google services such as AdWords, DoubleClick for Publishers, AdExchange and AdSense, Google is responsible for processing the data because in this respect Google uses its own user data.

You will find an overview here and here of how Google specifically protects and processes your data.

As part of the so-called Conversion Tracking, a Cookie will be placed on your computer/terminal when you click on an advertisement placed by Google. These cookies are no longer valid after 30 days. They do not contain any personal data and are, therefore, not aimed at personal identification.

You can deactivate interest-related advertisements on Google as well as interest-related Google advertisements on the web (within the Google Display Network) in your browser by clicking in the "Off" button at https://adssettings.google.com/authenticated?hl=en 

Google DoubleClick (including SafeFrame and Publisher Tags):

The DoubleClick service/platform of the supplier Google Inc. (Google) is used to provide, process, control and optimize advertisements, based on your interests, on the websites of publishers. Cookies are used to that end. As part of the use of DoubleClick, we furthermore use the functionalities of Google Publisher Tags, whereby the targeting can be adjusted ideally to the content of the website. We also use Google SafeFrame to optimize the provision of advertisements. 

You can deactivate interest-related advertisements of Google in your browser by clicking on the respective link "deactivate" in the sub-point "Deactivation Settings" at https://adssettings.google.com/authenticated?hl=en or insofar as you use Google Chrome, Firefox or Internet Explorer as a browser, you can deactivate the DoubleClick Cookie by installing the extension for your browser that is available at https://adssettings.google.com/authenticated?hl=en.

GA Audience

Our website uses GA Audience, a service of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: GA Audience). GA Audience uses, inter alia, Cookies, which are stored on your computer as well as other mobile devices (e.g. Smartphones and Tablets etc.) and which facilitate an analysis of the use of the corresponding devices. In that respect, the data are, in part, evaluated on a device-wide basis. In that respect Google Audience is granted access to the Cookies that are created as part of using Google AdWords and Google Analytics. As part of the use, data, in particular such as the IP address, and activities of the user can be forwarded to a server of the company Google Inc. and stored there. Google Inc. will, where applicable, forward such information to third parties where such action is specified by law or insofar as such data are processed by third parties. You can prevent the recording and forwarding of personal data (in particular your IP address), as well as the processing of such data, by deactivating the implementation of Java Script in your browser or by installing a tool such as "NoScript". Furthermore, you can prevent the recording of the data created by the Cookie and data related to your use of the website (including your IP address) and forwarding to Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in available via the following link: (https://tools.google.com/dlpage/gaoptout?hl=en). You can obtain further data protection information in the case of using GA Audience via the following link: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283

TYPO3 Session Cookie 

On our website we use a TYPO3 session Cookie to store your filter settings on an intermediate basis for the next time you visit our website. The data used in that respect are not personal, are not rendered anonymous and are deleted at the end of the session (final closure of the website).

Buttons containing labels of the social networks Facebook, Twitter, Google+ or their logos

The website merely contains buttons with labels of the social networks Facebook, Twitter, Google+ or their logos. These buttons are qualified links to the respective social networks. When clicking on a button, users are forwarded via a link to the respective social network. Furthermore, a link is also sent by the visited website for the purpose of sharing in the social networks. Users' personal data are not collected via the buttons or forwarded to the operators of the social networks.

External content suppliers: YouTube

When activating the videos embedded in our web pages based on the "schloesserland Saxony" YouTube channel, we will draw your attention to the fact that you are hereby entering the area of validity of the Google data application guidelines at https://policies.google.com/privacy?hl=en&gl=de. 

Please be aware of the information you disclose in these channels via comments. They can be viewed by other visitors on the page and by the administrators. In view of the fact that the pages are generally accessible, the information that you share on a page is public data. This means that a comment can also be used outside of YouTube. Please consider that such information may be indexed by search machines, including Google.

The administrators of our YouTube channel will not evaluate or record such data elsewhere, neither currently nor in the future. The statistics that YouTube makes available to the administrators are issued in an aggregated form and do not enable the administrators to draw any conclusions about personal data.

Encrypting the website

The website and therefore the data forwarding via the website are encrypted using the SSL-Standard (HTTPS protocol).

Hosting the website and the APP SchloesserlandCARD

We largely process data by way of calling on the services of so-called hosting service providers that make storage space and processing capacities available to us in their computer centers and pursuant to our instructions also process personal data on our behalf.  Wirtschaftsförderung Sachsen GmbH is our hosting service provider. You can find all the necessary data protection information of Wirtschaftsförderung Sachsen GmbH here.

Forwarding personal data to a third country (foreign countries in the EU)

If we forward data to third countries, i.e. countries outside the European Union, the forwarding applies exclusively by way of complying with the admission requirements specified by law. If the forwarding of data to a third country is not aimed at performing a contract concluded with you, you have not granted us your consent in that respect, the forwarding is not necessary for the establishment, exercise or defense of legal claims, and otherwise an exemption provision pursuant to Article 49 GDPR does not apply, we will only forward your data to a third country if an adequacy decision pursuant to Article 45 GDPR is adopted or suitable guarantees pursuant to Article 46 GDPR have been provide. One of these adequacy decisions is the (EU) 2016/1250 Commission Implementing Decision of 12.07.2016 on the so-called "EU-US Privacy Shield" for the US. As a matter of principle, the German data protection standard is deemed appropriate for forwarding data to companies that are certified pursuant to the EU-US Privacy Shield within the meaning of Article 45 GDPR or it is to be additionally established by way of entering into the EU standard data protection clauses issued by the European Commission with the receiving party, suitable guarantees pursuant to Article 46 (2c), GDPR, or an appropriate data protection standard. You can obtain copies of the EU standard data protection clauses on the European Commission website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en