Data privacy notice
1. Data privacy at a glance
GENERAL INFORMATION
This notice provides an overview of what happens to your personal data when you visit this website. ‘Personal data’ is defined as any data that can be used to personally identify you. You can find more detailed information on our data privacy policies in the following data privacy notice.
DATA COLLECTION ON THIS WEBSITE
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the ‘Party Responsible for Data Processing’ section of this privacy policy.
How do we collect your data?
When you visit our website, your data is collected by our IT systems either automatically or once you have given consent. This is primarily technical data (such as your internet browser, operating system, or the time at which the page is accessed). This data is gathered automatically as soon as you access this website.
You may also upload image files to this website. Your consent and verification of your age (minimum age of 18) are required for this purpose.
What do we use your data for?
Some of the data is gathered in order to ensure the smooth functioning of our website. The remaining data (image files, consent) is collected in order to publish your uploaded files in our exhibition.
What are your rights in relation to your data?
You have the right to obtain information about the origin, recipients, and purpose of your stored personal data at any time free of charge. You also have the right to request that this data be rectified or erased. If you have granted us consent to process your data, you may withdraw this consent at any time. Under certain conditions, you also have the right to request restriction of the processing of your personal data. In addition, you also have the right to lodge a complaint with the relevant supervisory authority.
You may contact us at any time for these purposes or with further questions relating to data privacy.
2. Web hosting
This website is externally hosted. The personal data collected on this website is saved on the host’s servers. This primarily includes IP addresses, contact requests, metadata, communications data, contract dates, names, page views, and other data generated on a website.
Our website is externally hosted for the purpose of fulfilling our contractual obligations towards potential and existing customers in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR) and in the interest of offering secure, fast, and efficient online services through a professional provider in accordance with Article 6(1)(f) of the GDPR. In cases where the relevant consent has been requested, data processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the Telecommunications Digital Services Data Protection Act (TDDDG), to the extent that this consent encompasses the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Our web host will process your data only to the extent required to perform its obligations and in compliance with our instructions regarding the data.
We use the following web host:
netcup GmbH
Daimlerstraße 25
76185 Karlsruhe
Germany
Processing
We have entered into a contractual processing agreement for the use of the above-mentioned service. This contract is legally mandated by data privacy law to guarantee that this service processes our users’ personal data only according to our instructions and in compliance with the GDPR.
3. General notice and obligatory information
DATA PRIVACY
The operators of this website take your data privacy very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.
Personal data is collected when you visit this website. ‘Personal data’ is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for, as well as how and for what purpose this is carried out.
Please be advised that data transmission over the internet (such as email communication) may be subject to security breaches. It is not possible to completely protect data against access by third parties.
PARTY RESPONSIBLE FOR DATA PROCESSING
The party responsible for data processing on this website is:
Stiftung Deutsches Hygiene-Museum Dresden
Board Members: Dr Iris Edenheiser (Director) and Lisa Klamka (Managing Director)
Lingnerplatz 1
01069 Dresden
Phone: +49 351 48 46 0
Email: direktion@dhmd.de
The responsible party or ‘controller’ is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
DATA PROTECTION OFFICER
We have a designated data protection officer.
IfDDS GmbH - Institut für Datenschutz und Datensicherheit
Dresdner Straße 58A
01156 Dresden
Phone: +49 351 27579057
Email: dhmd@ifdds.eu
STORAGE PERIOD
Unless a more specific storage period is specified in this privacy policy, we store your personal data until the purpose for data processing is concluded. If you make a justified request for erasure or withdraw consent for data processing, your data will be erased, as long as we have no other legal grounds for storing your personal data (e.g. retention periods mandated under tax or commercial law), in which case the data will be erased once these conditions no longer apply.
GENERAL INFORMATION REGARDING THE LEGAL BASIS FOR PROCESSING USER DATA ON OUR WEBSITE
If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) of the GDPR, or Article 9(2)(a) of the GDPR, insofar as the data processed falls under the special categories of data described in Article 9(1) of the GDPR. In the case of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25(1) of the TDDDG. Consent can be withdrawn at any time. If your data is necessary for the fulfilment of a contract or for the performance of measures taken prior to entering into a contract, your data is processed on the basis of Article 6(1)(b) of the GDPR. Furthermore, your data is processed to the extent necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Article 6(1)(f) of the GDPR. Information on the relevant legal provisions pertaining to individual cases is provided in the following sections of this privacy policy.
RECIPIENTS OF PERSONAL DATA
As part of our business activities, we work together with various external parties. In some cases, it is necessary to transmit personal data to these external parties. We only share personal data with external parties if it is necessary for the fulfilment of a contract, if we are legally obligated to do so (e.g. sharing data with tax authorities), if we have a legitimate interest in sharing data in accordance with Article 6(1)(f) of the GDPR, or if another legal provision permits the sharing of data. When using processors, we only share our customers’ personal data on the basis of a valid contract for data processing. In cases of joint processing, a contract for joint processing is entered into.
WITHDRAWAL OF CONSENT TO DATA PROCESSING
Many data processing operations are permissable only with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out before the withdrawal of consent remains unaffected by such a withdrawal.
RIGHT TO OBJECT TO DIRECT MARKETING AND TO THE COLLECTION OF DATA In SPECIAL CASES (ARTICLE 21 of the GDPR)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ARTICLE 6(1)(E) OR 6(1)(F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING ON THE BASIS OF THESE PROVISIONS. THE RESPECTIVE LEGAL PROVISION CONCERNING PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21[1] OF THE GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21[2] OF THE GDPR).
RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT SUPERVISORY AUTHORITY
In the event of an infringement of the GDPR, the affected party has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
RIGHT TO data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
DISCLOSURE, ERASURE, AND RECTIFICATION
As part of the applicable legal provisions, you have the right to information about your stored personal data, its origin and recipients, and the purpose of the data processing and, if necessary, a right to rectification or erasure of this data free of charge at any time. You may contact us at any time for this purpose or if you have further questions about your personal data.
right to restriction of processing
You have the right to request restriction of the processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing applies in the following cases:
If you have restricted the processing of your personal data, this data, with the exception of its storage, may only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
SSL and tls encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address bar in the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your address bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
objection to advertising emails
We hereby object to the use of contact information published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event that unsolicited advertising information is sent, for example in the form of spam emails.
4. Data collection on this website
Cookies
Our website uses cookies. ‘Cookies’ are small parcels of data that do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or long-term (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (‘first-party cookies’) or from third parties (‘third-party cookies’). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary since certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you (e.g. the shopping basket function), or to optimise the website (e.g. cookies that measure web audience) are known as necessary cookies. Necessary cookies are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies in order to provide optimised services free of technical errors. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out only on the basis of this consent (Article 6[1][a] of the GDPR and Section 25[1] of the TDDDG); consent may be withdrawn at any time.
You can set your browser to inform you about cookie settings and to allow cookies only in individual cases, to block cookies generally or in certain cases, and/or to activate automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
This privacy policy states which cookies and services are used on this website.
Server log files
The website provider automatically collects and stores information in what are known as server log files, which your browser automatically transmits to us. This information is:
· IP address
· hostname of the device you use to access our site
· referrer URL
· browser details (name and version) as well as language settings
· operating system
· date and time of the server request
· time zone difference to GMT
· access status (HTTP status)
· volume of data transferred
· navigation data (subpages visited)
This data is not combined with other data sources.
This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in optimising its website and presenting it free of technical errors, for which purpose the server log files must be recorded.
EMAIL, TELEPHONE AND FAX ENQUIRIES
If you contact us by email, telephone, or fax, we will store and process your enquiry including all personal data (name, enquiry) for the purpose of handling your request.
This data is processed on the basis of Article 6(1)(b) of the GDPR, provided that your enquiry is related to the fulfilment of a contract or is necessary for the performance of measures taken prior to entering into a contract. In all other cases, processing takes place on the basis of our legitimate interest in the effective handling of enquiries addressed to us (Article 6[1][f] of the GDPR) or your consent (Article 6[1][a] of the GDPR) if this has been requested; you may withdraw consent at any time.
We store the data you send to us via contact requests until you ask us to delete it, until you withdraw your consent to its storage, or until the purpose for data storage no longer applies (e.g. after your request has been handled). Mandatory legal regulations, particularly legally mandated retention periods, remain unaffected.
uploading photos to this website
When you upload photos to this site, details about the time of the photo upload are stored in addition to the photo itself.
examination OF PHOTOS BEFORE Publication
Our upload function initially saves users’ photos such that they cannot be accessed by third parties. The uploaded photos are then reviewed in order to prevent publication of the photos in the event of legal infringements such as copyright, violation of the privacy of third parties, offensive material, or propaganda. Illegal content will be deleted immediately upon review. The controller reserves the right to take legal action against the dissemination of illegal content.
Photos that have been favourably evaluated during the clearance process will be published on the digital signage devices in our exhibition rooms.
duration of photo storage
Photos and their associated data are stored and remain on this website (and, if they have been cleared for publication, on our digital signage devices) until the end of the exhibition.
If a user withdraws consent to the processing of their photo, publication will be halted as quickly as possible (‘Restriction of Data’) and, following a review process, the data will be erased.
legal basis
Photos are stored and published on the basis of your consent (Article 6[1][a] of the GDPR). You may withdraw your consent at any time. An informal email notification is sufficient for this purpose; you can send it to us at widerruf.luft@dhmd.de. The legality of data processing operations occurring before the withdrawal of consent remains unaffected.
The controller reserves the right to further process the data processing operations that have already been lawfully carried out for archiving purposes that are in the public interest (Article 89 of the GDPR). This applies, for example, to photo and video documentation of the exhibition rooms in which the uploaded photos appear incidentally.