Privacy Policy

Data protection

Thank you for visiting our website. We take the protection of your personal data very seriously. Below, we would like to inform you of how we handle your data in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR).

Controller

The controller for data collection and processing is Klimahaus® Betriebsgesellschaft mbH, represented by Arne Dunker.

Klimahaus® Betriebsgesellschaft mbH
Am Längengrad 8
27568 Bremerhaven
Phone: +49-(0)471-90 20 30-0
Telefax: +49-(0)471-90 20 30-99
E-Mail: info@klimahaus-bremerhaven.de

Data protection officer

Our data protection officer is in charge of compliance with and the monitoring of our data protection obligations. The data protection officer is available for information or suggestions regarding data protection.

Data protection officer
DATENSCHUTZ-METROPOL GmbH
Bertold Frick
Wachtstraße 17/24
28195 Bremen
Phone: +49 (0) 421 339 53 50
frick@datenschutz-metropol.de

Contents of the Privacy Policy

USAGE DATA

a)  Processing of usage data

Every time the user accesses a page on www.klimahaus-bremerhaven.de and every time a file is retrieved, a service on the web server shall store data about this process in a log file. Storage shall be exclusively for system and statistical purposes. Data shall not be transmitted to or otherwise analysed by third parties. Log data shall be deleted after seven days, provided that there are no legal retention obligations to the contrary.

Specifically, the following data shall be stored for each retrieval:

  • the name of the retrieved file,
  • the date and time of the retrieval,
  • the amount of data transmitted,
  • notification of successful retrieval,
  • the web browser type,
  • the user’s operating system,
  • the search terms used, including date and time, and
  • the user’s IP address.

This data shall be deleted periodically. The user’s IP address shall only be stored in the log file in anonymised form. For this purpose, the last three digits of the IP address shall be replaced by a random value, making it impossible to associate it directly with a specific person and create personal user profiles.

The legal basis for the processing shall be Art. 6 (1) lit. f of the GDPR. It shall be necessary to store log data to enable both the delivery of the website to the user’s computer and communication with our server. This shall enable the website to function appropriately. In addition, we shall use the data in anonymised form to optimise the website and ensure the security of our information technology systems. In this context, the data shall not be analysed for marketing purposes. Log data shall be deleted after seven days, provided that there are no legal retention obligations to the contrary.

b) Processing of usage data by third-party providers

Third-party services are an integral part of our website. The integration of these services into the klimahaus-bremerhaven.de website requires that third-party providers also collect and process usage data. The extent to which third-party services are used and the personal data that shall be processed for this purpose is explained below, in this privacy Policy.

COOKIES

We use cookies in several places on our website. They serve exclusively to make our service more user-friendly, effective and secure. Cookies are small text files that are stored on your computer by your browser (such as Firefox, Internet Explorer and Chrome). A distinction is made between session cookies, which are deleted when you close your browser, and persistent cookies, which are retained even after you end your session or close your browser. Cookies may contain data that can be used to recognise the device used. In some cases, cookies only contain information about specific settings, which does not constitute personal data.

We use both session cookies and persistent cookies on our website. The processing shall be pursuant to Art. 6 (1) lit. f of the GDPR and in the interest of optimising and/or enabling the user interface, and of customising the appearance of our website. You may set your browser to inform you every time a website requests to store a cookie. This will make the use of cookies transparent to you. In addition, you may apply the appropriate browser settings to delete cookies at any time and to prevent websites from storing new cookies. Please note that as a consequence our website may be displayed incorrectly and that some features may no longer be technically available.

GOOGLE ANALYTICS

This website uses Google Analytics, a web analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter ‘Google’). Google Analytics uses ‘cookies’, text files that are stored on your computer and that enable analysis of your use of the website. The information generated by the cookie concerning your use of this website is generally transmitted to and stored on a Google server in the USA. However, since we have enabled IP anonymisation on this website, Google will first truncate your IP address if you are within a member state of the European Union or any other state that is a party to the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only there truncated. Google shall use this information to analyse your use of the website for us, to compile reports on website activity and to provide us with further services related to the use of the website and the Internet.

Your express consent is required for the use of Google Universal Analytics. For this purpose, when you first access our website you shall have the option to withhold or grant your consent by making your selection on the cookie banner and to familiarise yourself with our company’s data protection regulations. Should you grant us your consent, the legal basis for the processing of personal data shall be Art. 6 (1) lit. a of the GDPR.

To date, the European Commission has not yet made an adequacy decision with regard to the transfer of data to companies in the USA. However, Google is certified under the terms of the EU—U.S. Privacy Shield Framework (https://www.privacyshield.gov/EU-US-Framework). Consequently, the company has committed to maintaining higher standards of data protection than those prevalent in the United States, which are intended to approach those prevailing in the European Union. In addition, Google has subscribed the latest version of the EU Standard Contractual Clauses. The transfer of your personal data to the USA shall therefore solely occur on the basis of your express consent in accordance with Art. 49 (1) lit. a of the GDPR.

You may withdraw your consent at any time by accessing the cookie settings and deselecting the ‘Statistics’ category.

In addition, you may object to the creation of pseudonymous profiles beforehand. There are a number of options for accomplishing this:

1.) One option is to object to web analytics by Google Analytics by setting an opt-out cookie, which instructs Google not to store or use your data for the purpose of web analytics. Please note: this option will only prevent web analytics from occurring as long as the opt-out cookie is stored by the browser. Please click here if you would like to set the opt-out cookie now.

2.) You may also prevent the storage of cookies used to create profiles by changing your browser software settings accordingly.

3.) Depending on the browser you use, you may install a browser plug-in that prevents tracking. Please click here to install the relevant browser plug-in.

 

NEWSLETTER

If you would like to receive the newsletter promoted on the website, we shall require a valid email address from you. If you have granted your consent separately, the data shall be processed accordingly, pursuant to Art. 6 (1) lit. a of the GDPR. A link at the end of each newsletter will allow you to unsubscribe from the newsletter. Your subscription will then be automatically deleted.

We use rapidmail GmbH as the commissioned processor for the dispatch of our newsletter. Your data shall be transmitted to rapidmail GmbH, Wentzingerstrasse 21, 79106 Freiburg im Breisgau, Germany. rapidmail is prohibited from using your data for purposes other than dispatching newsletters. rapidmail is a German certified provider, which was selected according to the requirements of the GDPR and the Federal Data Protection Act (BDSG). rapidmail and the controller have entered into a commissioned processing contract in which the provider has undertaken to implement appropriate, state-of-the-art organisational and technical measures to ensure the protection of personal data.

You may withdraw your consent to the storage of data and your email address, and its use for the delivery of the newsletter at any time. If consent is withdrawn, we shall stop the corresponding data processing.

BOOKING ENQUIRIES

If you submit booking enquiries through our enquiry form, we shall use the information that you provide solely for the purpose of processing your enquiry. We shall require your name and surname, your full address and your email address to process the enquiry and send you a quote. The company name, telephone number and fax number are optional. Data processing for (pre-) contractual purposes shall be pursuant to Art. 6 (1) lit. b of the GDPR. The data shall be erased after your enquiry has been processed in full, unless the data must be stored due to retention obligations under commercial and tax law.

 

BOOKING TICKETS AND TIME SLOTS

You can book tickets to visit the Klimahaus in our online shop. We shall require your personal data (billing and delivery address) to process the booking. This includes your name, address and contact details (email address and telephone number). The telephone number is requested to be able to get in touch with you immediately should there be any questions in connection with the ticket booking. The tickets are personalised and must be allocated to a person.

We use Reservix as a solution for booking tickets. If you would like to book tickets in our shop, a connection to the servers of Reservix GmbH, Humboldtstrasse 2, 79098 Freiburg im Breisgau, Germany, shall be established and personal data shall be transmitted to Reservix. Reservix shall process the personal data provided above for the purpose of booking tickets. You can view further details on how Reservix handles personal data at https://cdn.reservix.com/Datenschutzerklaerung_Reservix.pdf (German only).

Personal data shall be processed for the purpose of completing the booking. Thus, the legal basis for this shall be Art. 6 (1) lit. b of the GDPR. The data shall be erased as soon as the periods of retention under commercial and tax law expire.

When visiting our Klimahaus, we recommend booking a time slot to guarantee admission. Due to the legal requirements in place to address the COVID-19 pandemic, we can only admit a limited number of people during any specific time slot. When booking a ticket, you can also book a time slot. However, you can also book a time slot if you already hold a ticket. Personal data shall be processed for the purpose of booking a time slot. Again, this includes your name, address and contact details. The processing shall be pursuant to Art. 6 (1) lit. f of the GDPR. Our legitimate interest is to organise admission to the Klimahaus in order to comply with prevalent legal obligations and to safeguard the health of our visitors.

PAYMENT SERVICE PROVIDERS

We use payment service providers to process the bookings.

a) PayPal: PayPal is an online payment service provider. Payments are processed by way of PayPal accounts, which are virtual private or business accounts. A PayPal account is managed by means of an email address. The operating company of PayPal in the European Union is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If you select ‘PayPal’ as your payment option in our online shop, data concerning the data subject shall be automatically transmitted to PayPal. This usually includes the name, surname, address, email address, IP address, telephone number, mobile telephone number and other data that is required to process a payment. Personal data related to the respective booking shall also be required to process the sales contract. The legal basis for the processing shall be Art. 6 (1) lit. b of the GDPR. The processing of your personal data shall serve the purpose of payment processing and thus the discharge of the contract. The personal data exchanged between PayPal and the Klimahaus may be transmitted by PayPal to credit reference agencies. The purpose of this transmission shall be to verify identity and creditworthiness. PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to discharge its contractual obligations or to process the data on its behalf. The provisions of PayPal’s applicable privacy policy can be accessed at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full?locale.x=en_GB.

b) Sofortüberweisung: Sofortüberweisung is a payment service that enables cashless payment of products and services on the Internet. Sofortüberweisung is a technical procedure by means of which the online trader immediately receives confirmation of payment. The operating company of Sofortüberweisung is Sofort GmbH, Fussbergstrasse 1, 82131 Gauting, Germany. If the data subject selects ‘Sofortüberweisung’ as a payment option during the ordering process in our online shop, the data subject’s data shall be automatically transmitted to Sofortüberweisung. For the purchase transaction using Sofortüberweisung, the buyer transmits the PIN and the TAN to Sofort GmbH. After electronically checking the account balance and retrieving additional data to check that there are sufficient funds, Sofortüberweisung transfers the amount to the online trader. The online trader is then automatically notified that the financial transaction has occurred. The legal basis for the processing shall be Art. 6 (1) lit. b of the GDPR. The processing of your personal data shall serve the purpose of payment processing and thus the discharge of the contract. The personal data exchanged with Sofortüberweisung includes the name, surname, address, email address, IP address, telephone number, mobile telephone number and other data that is required to process a payment. The purpose of transmitting the data shall be to process the payment. The personal data exchanged between Sofortüberweisung and the Klimahaus may be transmitted by Sofortüberweisung to credit reference agencies. The purpose of this transmission shall be to verify identity and creditworthiness. Sofortüberweisung may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to discharge its contractual obligations or to process the data on its behalf. The provisions of Sofortüberweisung’s applicable privacy policy can be accessed at https://www.sofort.com/1.0/shared/content/legal/terms/en-GB/1.0.0-0TFtKcYwpqp9ls0HdiqqWqS6QKkn7mc0/SOFORT/.

CUSTOMER ACCOUNT

Should you wish, you can register and set up an optional customer account to process future orders more quickly. For this purpose, you must provide your email address and a password.

Once you have successfully completed the registration process, you will not need to enter your data again. The data shall be processed for pre-contractual measures and for the purpose of discharging contracts. The legal basis for the processing shall be Art. 6 (1) lit. b of the GDPR.

You can have your account deleted at any time by sending an email to info@klimahaus-bremerhaven.de. The associated data will then be erased, provided that this does not conflict with legal retention obligations.

CONTACT

You can contact us by email at any time. We shall process personal data for this purpose. In addition to the email address and technical transmission data, we shall process personal data that you include voluntarily in your enquiry.

The processing shall be pursuant to Art. 6 (1) lit. b of the GDPR, provided that the enquiry is related to concluding a contract or making a booking. The data shall then be processed further to discharge the contract. Otherwise, the processing shall be pursuant to Art. 6 (1) lit. f of the GDPR. We have a legitimate interest in providing you with an efficient service and responding to your enquiry personally, in a manner that is to your satisfaction.

The personal data shall be erased once the contract has been discharged or your enquiry has been processed, unless this conflicts with legal retention obligations.

JOB APPLICATIONS

We shall only process job application data that you provide when applying for the jobs advertised by us for this specific purpose, in compliance with the data protection requirements. The data processing shall be pursuant to Section 26 (1) of the BDSG. We shall process your data exclusively for the purpose of the application process or for the potential establishment of an employment relationship, as the case may be. In the event that the application process has a positive outcome, we shall process the data to continue establishing and, subsequently, to implement the employment relationship. In the event that the application process has a negative outcome, we shall erase the data after three months.

In the course of the application process, our company works together with the job application platform of the service provider Workwise GmbH (legal notice: https://www.workwise.io/impressum). Recruitment on behalf of jobseekers or employers does not constitute commissioned processing, but rather the use of an external specialist service provided by an autonomous accountable entity (BayLDA FAQ dated 20/07/2018). Further information on Workwise GmbH’s data protection provisions is available in the service provider’s privacy policy (https://www.workwise.io/en/datenschutz).

 

REDIRECTION TO OTHER WEB PAGES AND SOCIAL NETWORKS

Our website also includes links to third-party web services. These can be identified by a logo or by the website opening in a new browser tab or window. Insofar as these are not Klimahaus websites, we cannot warrant the relevant provider’s compliance with the provisions of the privacy policy. Should you have any data protection queries, please contact the relevant provider. Pursuant to Art. 6 (1) lit. f of the GDPR and in the interest of communicating with customers and promoting our services, we have an official presence on the following social networks:

• Facebook: www.facebook.com/klimahaus (https://en-gb.facebook.com/policy.php)
• Twitter: https://twitter.com/Klimahaus_Brhv (https://twitter.com/privacy?lang=en)
• Instagram: www.instagram.com/klimahaus.bremerhaven (https://help.instagram.com/519522125107875/?locale=en_GB)
• YouTube: www.youtube.com/user/KlimahausBremerhaven (https://policies.google.com/privacy?hl=en-GB&gl=de)

We shall not collect, store or process our users’ personal data on this website at any time. Furthermore, we shall neither carry out nor initiate any other data processing. We shall neither use nor process the data you provide on our Facebook page, such as comments, videos or images, at any time for other purposes. Social networks may use web tracking methods on their pages. Please be advised: It cannot be excluded that social networks use your profile data to analyse your habits, personal relationships, preferences, etc. We have no influence whatsoever on the processing of your data by social networks. Should you visit our pages on social networks, please also consider our respective privacy policy there as well as the provider’s privacy Policy.

FACEBOOK FAN PAGE

The operating company of Facebook and Instagram is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller for the processing of personal data in the case of data subjects living outside the USA or Canada is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter ‘Meta Ireland’).

Clicking the links to our Facebook or Instagram fan pages, which are displayed on our site in the form of icons, will take you to our respective pages on the said social networks.

Visiting the social networks shall result in personal data being processed by Meta Ireland. Klimahaus Betriebsgesellschaft mbH and Meta Ireland are jointly responsible for the collection and transmission of personal data to Meta Ireland whenever our Facebook fan page is visited. When our Facebook fan page is visited, Meta Ireland collects and processes visitor data and analyses it for statistical purposes. The data is provided to us in anonymised form. This provides insight into how people interact with their pages and with the content associated with them, enabling us to design our online presence in a user-friendly manner and to optimise it further. This shall also constitute our legitimate interest in processing pursuant to Art. 6 (1) lit. f of the GDPR. With regard to the transfer of personal data in the context of a visit to our fan page, a joint controllership arrangement (Page Insights Controller Addendum: www.facebook.com/legal/terms/page_controller_addendum), which regulates the discharge of obligations in accordance with the GDPR, has been entered into with Meta Ireland. You can assert your data protection rights both with Meta Ireland and with Klimahaus Betriebsgesellschaft mbH. In accordance with the GDPR, the primary responsibility for the processing of Facebook Insights Data shall lie with Meta Ireland and Meta Ireland shall comply with all the GDPR obligations in relation to the processing of Insights Data.

Should the data subject visiting our website be simultaneously logged in to Facebook or Instagram, Meta Platforms detects this and, if applicable, merges the data with your account and thus builds profiles in order to serve personalised advertising or to optimise the social network. Meta Platforms is the sole controller responsible for these processing operations in accordance with data protection law. We have no control over the processing and the details of the processing: the extent of the processing, the purposes of the processing, retention periods and data erasure are unknown to us.

DATA RECIPIENTS

We shall transmit your data within the scope of commissioned processing to service providers that assist us in operating our website and in related processes in accordance with Art. 28 of the GDPR. Our service providers shall be subject to our strict directives and are accordingly contractually bound. We use the following service providers:

Webhosting: domainfactory GmbH, Scheidemannplatz 2, 34117 Kassel

Newsletterversand: rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg im Breisgau

Statistische Analyse: Google Ireland,  Barrow St., Dublin 4, Irland

DATA TRANSMISSION TO THIRD COUNTRIES

In some cases, we shall transmit personal data to a third country outside the EU. This shall be done to the extent described in this policy. We have ensured an adequate level of data protection in each case.

We shall neither sell your personal data to third parties nor market it in any other way.

YOUR RIGHTS AS A USER

The GDPR grants you as a website user certain rights regarding the processing of your personal data:

1. Right of access (Art. 15 of the GDPR):
You have the right to require confirmation as to whether personal data concerning you is being processed. Should this be the case, you have the right of access to this personal data and to the information specified in Art. 15 of the GDPR.

2. Right to rectification and erasure (Art. 16 and Art. 17 of the GDPR):
You have the right to require the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data.

Furthermore, you have the right to require that personal data concerning you be erased forthwith, provided that one of the grounds specified in Art. 17 of the GDPR applies, for example, if the data is no longer required for the purposes for which it was collected.

3. Right to restriction of processing (Art. 18 of the GDPR):
You have the right to require the restriction of processing if one of the conditions specified in Art. 18 of the GDPR is met, for example, if you have objected to the processing pending verification.

4. Right to data portability (Art. 20 of the GDPR):
In certain cases specified in Art. 20 of the GDPR in particular, you have the right to receive the personal data concerning you in a structured, conventional and machine-readable format, or to require the transmission of such data to a third party.

5. Right to object (Art. 21 of the GDPR):
Should data pursuant to Art. 6 (1) lit. f be collected (data processing to safeguard legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We shall then no longer process the personal data, unless demonstrably compelling legitimate grounds for the processing exist, which override the interests, rights and freedoms of the data subject, or which serve for the assertion, exercise or defence of legal claims.

6. Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint may be asserted in particular with a supervisory authority in the member state of your residence, your place of work or the place of the alleged violation. The competent supervisory authority in Bremen is Dr Imke Sommer, State Commissioner for Data Protection and Freedom of Information, Arndtstrasse 1, 27570 Bremerhaven.

In accordance with Sections 34 and 35 of the BDSG, you as a user have the right to require information as to which data concerning you we store and the purpose for which we store it. Moreover, you may have incorrect data rectified or data the storage of which is illegitimate or no longer required deleted.