Data protection

Our data protection notices contain the following information:

Our contact details and general data processing information

Name and contact details of the responsible party

Staatliche Schlösser, Burgen und Gärten Sachsen gemeinnützige GmbH Stauffenbergallee 2a D-01099 Dresden

represented by the Managing Director, Dr. Striefler

Tel. +49 351 56391-1001

Fax +49 351 56391-1009  

Further information:   

Contact details of the company data protection officer of the responsible party

Staatliche Schlösser, Burgen und Gärten Sachsen gemeinnützige GmbH

Company data protection officer

Stauffenbergallee 2a

D-01099 Dresden 

Legal bases for processing personal data

A contractual relationship in which an event booking, or the order of an annual card, is brought about is normally the basis for processing personal data. Sending information material and newsletters is based on express consent, which you can withdraw at any time with an effect for the future. In such a case, the data in that respect will then no longer be processed.

Deleting data and storage period

We delete the personal data as soon as the purpose for storing the data no longer applies and a statutory regulation does not permit or require further storage.

Our personal data sources

The personal data we process primarily emanates from the data subjects themselves, for example in that

  • in the capacity of users these forward information, such as the IP addresses, to our web server,
  • in the capacity of interested parties request information material or an offer from us,
  • in the capacity of customers grant us an order or enter into a contract with us,
  • in the capacity of press representatives request press releases, comments and the like,
  • in the capacity of suppliers as per agreement supply us with goods or render services and the like on our behalf.

Only in exceptional cases can the personal data we process also emanate from third parties, for example if a person acts in the name of a third party.

Specific categories, purposes and legal bases for processing personal data

We process the following categories of personal data:

  • Users of our website,
  • Interested parties,
  • Representatives of the press,
  • Customers as well as
  • Suppliers.

Depending on the data category, we process personal data for the 

following purposes:

User data: We cannot allocate to any specific person data, which can be attributed to a certain person, of the users of our website (for example the IP address).

Data of interested parties/data of press representatives: Data made available to us as part of an inquiry are only processed in line with the intended purpose as per agreement.

Customer data: We process our customers' data to process contracts or based on granted consent. This also applies to processing procedures that are required to adopt pre-contractual measures (e.g. as part of preparing and negotiating offers).

Supplier data/data from business partners: We process our suppliers' and business partners data to process contracts or based on granted consent. This also applies to processing procedures that are required to adopt pre-contractual measures (e.g. as part of preparing and negotiating offers).

Recipients or categories of recipients of the personal data

Your personal data will only be forwarded to third parties, or otherwise forwarded, if such action is required for the purpose of processing contracts (e.g. to process an order) or for settlement purposes (e.g. to process a payment transaction when purchasing goods or services), if there is a justified interest in forwarding and such action does not override your interests, rights and freedoms or you had effectively consented to such action in the past. Categories of recipients can be 

  • Service providers (publishing houses, printers, promoters and the like)
  • Shipping service providers, suppliers
  • Payment service providers, banks

Data processing in the case of issuing newsletters

You can subscribe to our newsletter free of charge via our website or as part of an inquiry. In that respect, when registering for the newsletter the data entered in the dialog box are forwarded to us. These are

  • E-mail address

In addition, you can use our amendment form to voluntarily enter the following data.

  • Company name
  • Form of address,
  • Title,
  • First name,
  • Surname

In addition, the following data are collected when you register for the newsletter:

  • The user's IP address as well as
  • Date and time of the registration.

This is aimed at preventing misuse of the services or the e-mail address of the data subjects. A so-called double op-in procedure is used to register for our newsletter. This means after registering you will receive an e-mail in which you will be requested to confirm your registration. Such confirmation is required to that nobody can register using a third party e-mail address. As part of the registration procedure your consent is requested, and reference is made to this Data Protection Statement, to process the data. The data are deleted as soon as they are no longer required for sending a newsletter or if you have asked for the sending of the newsletter to be stopped or you have objected to it. 

For processing we store restricted e-mail addresses beyond this for up to three years based on our justified interests to furnish proof of consent granted in the past.

Users can cancel the newsletter subscription at any time. To that end each newsletter has a corresponding link.

Data processing in the case of competitions and campaigns

If you take part in a competition on our website, we collect the data from you that are required to participate in the competition. Normally, these are First and surname, e-mail address and address. We process such data for the purpose of facilitating participation in the respective competition and to inform you by e-mail in the event of a win. We require your address to send you the prize in the event of a win. You can find our General Terms and Conditions of Participation in Competitions here.

Data processing in the online shop

Order forms on the websites

To procure information/material/tickets via SBG, the data required for shipping needs to be collected. Such data are, in each case, collected to process the order and are not forwarded to third parties. The personal data forwarded to SBG in the case of an order are used as follows:

  • Evaluation for internal statistical purposes
  • Use for optimization of the user friendliness (e.g. if you arrange for use to send you information or we answer questions about the order process)
  • Use for marketing campaigns (e.g. newsletter) where you have granted your consent in that respect.

Purchase of the schloesserlandCARD

We process your personal data, in particular your contact details, to process your order. To establish a credit rating we can use information (e.g. also a so-called score value) of external service providers. As soon as you register via the order form of the schloesserlandCARD, including for our newsletter, when purchasing the schloesserlandCARD for 1 year, following expiry of one year you will receive an e-mail containing notices about the current schloesserlandCARD offers.

Processing complaints/schloesserlandCARD exchanges

When processing complaints/schloesserlandCARD exchanges, your data will be processed exclusively for the accounting as part of the exchange.

Purchase of the schloesserlandCARD via the schloesserlandCARD APP

The order is processed by the external service provider Regiondo.  The provisions set out in Regiondo data protection apply. Those provisions can be viewed here. By way of an interface, Regiondo provides information about the purchasing process.

Using the schloesserlandCARD APP

Setting up a profile We will process your personal data when you set up a profile in the schloesserlandCARD APP.  You can view, amend or delete the data stored in the customer portal at any time after registering.  When you delete your data, a schloesserlandCARD that may have been purchased in the APP will also be deleted. We process your contact details (first name, surname, address and e-mail) so that you can use the schloesserlandCARD. A correct entry is a precondition for using the personal card and additional services. All personal data are recorded and stored exclusively for the purpose of the personal use of the schloesserlandCARD. IT service providers support us and undertake to honor data protection requirements as per agreement. 

Check In

When using the Check In process with the schloesserlandCARD in one of our buildings or gardens, local and time-related data are stored and used for internal evaluations. In the case of using the App, we provide a push message function. Your consent is required to use such a function. Insofar as you have consented to the push message function, we can send you information about current dates and new developments to your mobile telephone. You are informed of the receipt of such messages by a corresponding function in your mobile telephone. Insofar as you make use of this service, the push notification token of your device is stored.

Sale of tickets via third party suppliers

Ticket sales via Eventim

In some sections we make use of the sale via the outside service provider Eventim for the service-oriented sale of event and exhibition tickets. The provisions set out in Eventim data protectionapply.

Ticket sales via Etix

In some sections we make use of the sale via the outside service provider Eventim for the service-oriented sale of event and exhibition tickets. The provisions set out in Etix data protectionapply. 

Data processing via brochure orders

You can order our brochures via the brochure database of the Free Federal City of Saxony. By way of the publication database, the Free Federal City of Saxony provides an extensive electronic range of brochures, flyers and other communications media of the State Chancellery, all ministries and numerous other authorities, which can be ordered in electronic or paper form. The authorities that enter their publications in the central publication database maintain the content of their range themselves.

In accordance with Article 4, Number 7, in conjunction with Article13 and Article 14, General Data Protection Regulation, the Saxony State Ministry of the Interior is responsible for processing the personal data. You can find the contact details of the Saxony State Ministry of the Interior, and the official data protection officer, via the link: 

Your data are processed, by way of applying the security requirements agreed upon accordingly, by the Staatsbetrieb Sächsische Informatik Dienste and T-Systems International GmbH service provider. You can obtain additional data protection information here when ordering brochures via the publication database.

Data processing in the case of customer feedback

Your contact details will be processed to reply to your questions and feedback, and as required where requested by you for participation in the prize draw.  

Guest monitoring via Netigate

Participation in guest monitoring

The guest monitoring on our web pages is provided by Netigate Deutschland GmbH. You will find extensive information about data protection here. Personal data are processed and only used for the purpose of feedback/establishing contact with the customer. The data are stored at SBP only for the purpose of establishing contact.  By way of the guest monitoring via Netigate you are informed of this and your consent is requested. 

Participation in a competition in guest monitoring

When taking part in a competition, we will ask you to provide your first and surnames, your address and e-mail address for the purpose of shipping the respective prize.

Data processing at trade fairs, congresses and events

You can establish contact with us at any time at trade fairs/congresses and events. If you are interested in receiving information and further material, you can complete a contact form at the respective event. You will find further data protection information here for personally establishing contact at fairs or events.

Press data processing

We perform professional and strategic press and public relations work to honor our public service. To that end we collect and store the contact details of editors, journalists, publishers and media representatives. The contact details can be deleted at any time from our distribution list via the unsubscribe button in the corresponding media information or via a corresponding note by e-mail directed to

Your rights as a data subject

By way of this data protection statement, we are inform you pursuant to Article 13, GDPR about how we process data that can be attributable to a certain person or personal data. In that respect, you have the following rights:

Right to obtain information

You have the right to receive confirmation from us free of charge as to whether or not we process your personal data. If this is the case, you will have the right to obtain information about such personal data and additional information pursuant to Article 15 GDPR. To that end, you can approach us by post or e-mail with your ID details.

Right to rectification

Furthermore, you are entitled to request that we correct without delay inaccurate data that apply to you. 

Right to erasure

You have the right to request the deletion of your personal data if one of the preconditions of Article 17, GDPR, is met. 

Right to restriction of the processing

You have the right to request that we restrict the processing if one of the preconditions of Article 18, GDPR, is met. 

Right to data portability

You are entitled to receive the personal data that applies to you, and which you have made available to us, in a structured, conventional and machine-readable format, and you are have the right to forward such data to another controller without restrictions by us if the preconditions of Article 20 GDPR are met. 

Right to object in the case of processing due to a justified interest

Insofar as we process personal data in exceptional cases as a result of justified interests, you have the right to object at any time to the processing of your personal data for reasons that arise from your special situation. 

Right to object in the case of granted consent

You have the right to withdraw at any time consent given to the use of the collection and use of personal data with an effect for the future. 

Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, we do not perform such automated decision-making.

Voluntary nature of the provision of data

If the provision of personal data is specified by or set out in a contract, as a matter of principle we will draw attention to that when collecting the data. Furthermore, data may, however, be required to enter into a contract. 

Right to lodge a complaint with a supervisory authority

Furthermore, you have the right to lodge a complaint at any time with a data protection supervisory authority at your place of work, place of residence or place of abode within the EU if you believe that the processing of your personal data is unlawful.

Our relevant supervisory authority is

The Saxony Data Protection Officer
Kontor am Landtag
Devrientstraße 5
D-01067 Dresden

Scope of the processing of personal data via our website

We process and use personal data of our users as a matter of principle only in so far as this is necessary to provide a functioning website, our content and render services. 

Making the website available and creating log files

Server logs

When an internet page is viewed, our system automatically records data and information for technical reasons. Such data are only collected as required in the case of a specific attack or error analysis, and are deleted following the end of the analysis. In that respect, these are

  • Access inquiry on server with URL
  • Browser address
  • IP address

Logs for search words

When using the search function that is made available on our website, we store all the search terms entered in the search with the IP address of the searching party via TYPO3 Search Extension. We use such data as required for internal statistics and to prevent attacks by exploiting security gaps. The IP addresses are rendered anonymous after 10 days.

Establishing contact via the contact form, e-mail contacts, sending faxes and telephone calls

Our website contains contact forms that can be used to establish contact with us electronically in various areas and regarding various topics. In addition to the data you state in the contact form, the IP address and the time of the inquiry are stored. The data will be deleted as soon as the collection of such data is no longer required. 

Using Cookies

Encrypting the website

The website and therefore the data forwarding via the website are encrypted using the SSL-Standard (HTTPS protocol).

Hosting the website and the APP SchloesserlandCARD

We largely process data by way of calling on the services of so-called hosting service providers that make storage space and processing capacities available to us in their computer centers and pursuant to our instructions also process personal data on our behalf.  Wirtschaftsförderung Sachsen GmbH is our hosting service provider. You can find all the necessary data protection information of Wirtschaftsförderung Sachsen GmbH here.

Forwarding personal data to a third country (foreign countries in the EU)

If we forward data to third countries, i.e. countries outside the European Union, the forwarding applies exclusively by way of complying with the admission requirements specified by law. If the forwarding of data to a third country is not aimed at performing a contract concluded with you, you have not granted us your consent in that respect, the forwarding is not necessary for the establishment, exercise or defense of legal claims, and otherwise an exemption provision pursuant to Article 49 GDPR does not apply, we will only forward your data to a third country if an adequacy decision pursuant to Article 45 GDPR is adopted or suitable guarantees pursuant to Article 46 GDPR have been provide. One of these adequacy decisions is the (EU) 2016/1250 Commission Implementing Decision of 12.07.2016 on the so-called "EU-US Privacy Shield" for the US. As a matter of principle, the German data protection standard is deemed appropriate for forwarding data to companies that are certified pursuant to the EU-US Privacy Shield within the meaning of Article 45 GDPR or it is to be additionally established by way of entering into the EU standard data protection clauses issued by the European Commission with the receiving party, suitable guarantees pursuant to Article 46 (2c), GDPR, or an appropriate data protection standard. You can obtain copies of the EU standard data protection clauses on the European Commission website at