In the following, we wish to inform you about the processing of personal data when using our website www.fridericianum.org. Personal data is all data that can be used to identify you personally, e.g. name, address, e-mail addresses, user behavior or IP address.
Controller according to Art. 4(7) of the EU General Data Protection Regulation (GDPR)
documenta und Museum Fridericianum gGmbH Friedrichsplatz 18
T +49 561 70727-0
F +49 561 70727-39
See legal notice.
You can reach our official data protection officer using the following contact details:
Mr. Stephan Blazy or his deputy Mr. Kevin Marschall (GDPC GbR) by post at the above address with the additional detail – Data Protection Officer -, by e-mail at firstname.lastname@example.org and by phone:
+49 561 83099165.
We are very pleased that you are visiting our website. You can always use our website without providing personal data. However, if a data subject wishes to use one of our company’s services via our website, it is likely that personal data will have to be processed. If it is necessary to process personal data and there is no legal basis for such processing, we shall obtain the consent of the data subject.
The processing of personal data, such as the name, IP address, address, e-mail address or phone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and adhering to the country-specific data protection regulations applicable to us, in particular with respect to HDSIG (Hessisches Datenschutz- und Informationsfreiheitsgesetz, Hessian data protection and freedom of information act). There is always a risk of security vulnerabilities with any data sent over the Internet, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to submit personal data to us by alternative means, for example by phone or by post.
2. Scope and purpose of the processing of personal data
2.1 Accessing and visiting the website
When this website is accessed, the browser used by the visitor automatically sends data to the server of this website; the data is then kept in a log file with our host and service provider for a limited period of time, and at most two weeks. We also use so-called Content Delivery Networks (CDN), which enable us to significantly reduce the load times of our website. Until automatic deletion, the following data is stored without further input by the visitor:
- IP address of the visitor’s device,
- Date and time of access by the visitor,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor arrives at the website (so-called referrer URL),
- Browser and operating system of the visitor’s device and the name of the access provider used by the visitor.
This personal data is processed on the basis of our legitimate interests in accordance with Art. 6(1)(1)(f) of the GDPR. We have a legitimate interest in data processing in order to:
- quickly establish a connection to the website,
- make the website user-friendly,
- understand and ensure the safety and stability of the systems and
- facilitate and improve administration of the website.
The processing of data is expressly not for the purpose of gaining knowledge about the identity of the visitors to this website.
2.2 Contact via e-mail (e-mail client on your computer)
Visitors can contact us via email messages in particular, sharing any personal data voluntarily. In order to receive a reply, you must provide at least a valid e-mail address and your surname. Any other information is voluntary and the inquirer is not obliged to share it. By sending the e-mail, the visitor consents to the processing of the personal data sent. The data is processed exclusively for the purpose of handling and responding to inquiries. This is done on the basis of voluntary consent according to Art. 6(1)(1)(a) of the GDPR. The data received from you and processed by us through this means of communication will be automatically deleted as soon as the inquiry is dealt with and there are no reasons for continued storage (e.g. subsequent order, donor or similar).
If you would like to subscribe to the newsletter on the website, we require an e-mail address from you and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties. The data entered into the newsletter registration form is processed only after your express consent (Art. 6(1)(a) of the GDPR). You can revoke your consent to the storage of the data, the e-mail address or its use for sending the newsletter at any time, for example via the “unsubscribe” link in each newsletter. The legality of the already completed data processing operations remains unaffected by the revocation. The data you share with us when you subscribe to the newsletter will be stored by us until you unsubscribe from the newsletter and is then deleted after you unsubscribe. Data shared with us for other purposes (e.g. e-mail addresses for the members area) remains unaffected by this.
Cookies are used on the website. These are data packets that are exchanged between the server of our website and the visitor’s browser. These are stored by the device used (PC, notebook, tablet, smartphone, etc.) when visiting the website. Cookies cannot cause damage to the device used. In particular, they do not contain viruses or other malicious software. The cookies always store information that is related to the specific device being used. It is not possible for us to use it to obtain direct knowledge of the identity of the visitor to the website.
Cookies are normally accepted by the default browser settings. The browser settings can be changed so that cookies are either not accepted on the devices used or a special message is displayed before a new cookie is created. It should be noted, however, that deactivating cookies may result in some features of the website not functioning optimally. Cookies help to make the use of our website more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages on the website. After leaving the site, these session cookies are automatically deleted.
To improve usability, temporary cookies are used. These are stored on the visitor’s device for a limited period of time. When the website is visited again, they automatically detect that the visitor has already accessed the page at an earlier point in time and remember the previous inputs and settings so that they do not have to be reentered. Cookies are also used to analyze traffic to the website for statistical purposes and to improve the service. These cookies make it possible to automatically detect whether the website has already been accessed by the visitor with every new visit. An automatic deletion of cookies takes place after a specified period of time.
The data processed by cookies is justified for the above-mentioned purposes in order to protect our legitimate interests pursuant to Art. 6(1)(1)(f) of the GDPR.
Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses “cookies”. These are stored on your computer and allow us to analyze your use of the website. The information generated by the cookies on the use of this website is also stored on our server. The IP address is anonymized before storage. Matomo cookies remain on your device until you delete them. Matomo cookies are stored in accordance with Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. The information generated by the cookies about the use of this website is not passed on to third parties. You can prevent the storage of cookies by selecting the appropriate setting in your browser; however, please note that in doing so you may not be able to use the full functionality of this website. If you do not agree to the storage and use of your data, you can deactivate storage and use here (link). An opt-out cookie is then stored in your browser to prevent Matomo from collecting usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must then be reactivated the next time you visit our website.
4. Integration of external service providers
The legal basis for the use of external service providers and so-called social plug-ins is Art. 6(1)(1)(f) of the GDPR. Our legitimate interest and the purpose of this integration is to make our offer known to a wider audience and to give it the opportunity to present the information on our website more appealingly. These external service providers are themselves responsible for handling of their users’ data in compliance with data protection requirements.
5 Google Maps
We also use Google Maps on our website as an external service. This allows us to display interactive maps directly on the website and lets you conveniently use the map function.
By visiting the website, Google receives notification that you have accessed the corresponding subpage of our site. In addition, the data specified in this declaration under “Collection of personal data when visiting our website” will be sent. This occurs regardless of whether Google provides a user account that you are logged in to, or if there is no user account. If you are logged in to Google, your information will be directly associated with your account. If you do not want it to be associated with your Google profile, you must log out before pressing the button. Google stores your data as usage profiles and processes it for the purposes of advertising, market research and/or customizing the design of its website. In particular, processing takes place (even for users who are not logged in) to provide customized advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles; you must contact Google to exercise this right.
6 Google Analytics
You can prevent Google Analytics data collection by clicking on the following link. An opt-out cookie is downloaded to prevent future collection of your data when you visit this website, provided the cookie is not deleted: Disable Google Analytics.
7 Google Web Fonts
8 Data protection for applications and in the application process
We also collect and process personally identifiable information from applicants for the purpose of conducting and completing the application process. The information may also be processed electronically. This is particularly the case if an applicant submits application documents to us electronically, e.g. by e-mail, or uses the contact form on our homepage. For e-mail applications, we have also set up a special e-mail address [email@example.com]. If we enter into an employment contract with an applicant, the data sent will be stored in compliance with the statutory provisions for the purpose of processing the employment relationship. If no such contract with the applicant is concluded, the application documents will be automatically deleted at the latest 6 months after notification of the refusal, provided no other legitimate interests on our part stand in the way of the deletion. An example of “another legitimate interest” in the aforementioned sense is the burden of proof in proceedings under the Allgemeines Gleichbehandlungsgesetz (AGG, General Act on Equal Treatment).
9 Your rights
You have rights with us regarding your personal data. Special statutory provisions may preclude the fulfillment of general data protection rights. If you assert such a right, but special statutory provisions prevent us from complying, we will inform you of this stating the specific reasons. You are entitled to the data protection rights listed below:
According to Art. 15 of the GDPR, you may request information about your personal data processed by us. In particular, you may request information about the purpose of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the right to rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data if it was not collected by us or the existence of automated decision-making including profiling, as well as any specific significant details if applicable.
In accordance with Art. 16 of the GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored by us.
According to Art. 17 of the GDPR, you have the right to request the deletion of your personal data stored with us, unless the data processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
9.4 Restriction of processing
According to Art. 18 of the GDPR, you can request a restriction of processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer require the data but you still need it to assert, exercise or defend legal claims or you have filed an objection against the processing in accordance with Art. 21 of the GDPR.
9.5 Data portability
In accordance with Art. 20 of the GDPR, you may receive the personal data you have shared with us in a structured, up to date and machine-readable format or request that it be forwarded to another person with authority.
According to Art. 7(3) of the GDPR you have the right to revoke your consent at any time (e.g. in writing or by e-mail). As a result, we are no longer allowed to continue processing data based on such consent in the future.
According to Art. 77 of the GDPR, you can lodge a complaint with the competent supervisory authority about our processing of your personal data at any time. Our supervisory authority (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, The Hessian Representative for Data Protection and Freedom of Information) is based in Gustav-Stresemann-Ring1, 65189 Wiesbaden, Germany.
9.8 Objection to the processing of your data
Insofar as we are processing your personal data in our legitimate interest according to Art. 6(1)(1)(f) of the GDPR, you may object to the processing, in particular if it is processed for advertising purposes. This is especially the case if processing is not necessary for the purpose of fulfilling a contract with you; we will always describe the purpose in an accompanying description of the functions.
When exercising such objection, we request that you explain the reasons why we should not process your personal data as we have. If your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue the processing. Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection using the contact data shown above.