Privacy Policy
Data protection
Thank you for visiting our website. We take the protection of your personal data very seriously. Below, we would like to inform you of how we handle your data in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR).
Controller
The controller for data collection and processing is Klimahaus Bremerhaven GmbH, represented by Ingrid Hayen.
Klimahaus Bremerhaven GmbH
Am Längengrad 8
27568 Bremerhaven
Phone: +49-(0)471-90 20 30-0
Telefax: +49-(0)471-90 20 30-99
E-Mail: info@klimahaus-bremerhaven.de
Data protection officer
Our data protection officer is in charge of compliance with and the monitoring of our data protection obligations. The data protection officer is available for information or suggestions regarding data protection.
Data protection officer
DATENSCHUTZ-METROPOL GmbH
Bertold Frick
Wachtstraße 17/24
28195 Bremen
Phone: +49 (0) 421 339 53 50
frick@datenschutz-metropol.de
Contents of the Privacy Policy
- Usage data
- Cookies
- Google Analytics
- Newsletter
- Booking enquiries
- Booking tickets and time slots
- Payment service providers
- Customer account
- Contact
- Job applications
- Redirection to other websites and social networks
- Facebook fan page
- Data recipients
- Data transmission to third countries
- Your rights as a user
USAGE DATA
a) Processing of usage data
Every time the user accesses a page on www.klimahaus-bremerhaven.de and every time a file is retrieved, a service on the web server shall store data about this process in a log file. Storage shall be exclusively for system and statistical purposes. Data shall not be transmitted to or otherwise analysed by third parties. Log data shall be deleted after seven days, provided that there are no legal retention obligations to the contrary.
Specifically, the following data shall be stored for each retrieval:
- the name of the retrieved file,
- the date and time of the retrieval,
- the amount of data transmitted,
- notification of successful retrieval,
- the web browser type,
- the user’s operating system,
- the search terms used, including date and time, and
- the user’s IP address.
This data shall be deleted periodically. The user’s IP address shall only be stored in the log file in anonymised form. For this purpose, the last three digits of the IP address shall be replaced by a random value, making it impossible to associate it directly with a specific person and create personal user profiles.
The legal basis for the processing shall be Art. 6 (1) lit. f of the GDPR. It shall be necessary to store log data to enable both the delivery of the website to the user’s computer and communication with our server. This shall enable the website to function appropriately. In addition, we shall use the data in anonymised form to optimise the website and ensure the security of our information technology systems. In this context, the data shall not be analysed for marketing purposes. Log data shall be deleted after seven days, provided that there are no legal retention obligations to the contrary.
b) Processing of usage data by third-party providers
Third-party services are an integral part of our website. The integration of these services into the klimahaus-bremerhaven.de website requires that third-party providers also collect and process usage data. The extent to which third-party services are used and the personal data that shall be processed for this purpose is explained below, in this privacy Policy.
REDIRECTION TO OTHER WEBSITES
Our websites also contain links to websites of other providers. You can recognize these, for example, by a logo or because a new browser window opens. Insofar as these are not websites of the Klimahaus, we cannot guarantee that the data protection provisions of these providers are complied with. Please refer to the data protection information of the respective providers for information on how your data is processed by external providers and third parties.
COOKIES
We use cookies in several places on our website. They serve exclusively to make our service more user-friendly, effective and secure. Cookies are small text files that are stored on your computer by your browser (such as Firefox, Internet Explorer and Chrome). A distinction is made between session cookies, which are deleted when you close your browser, and persistent cookies, which are retained even after you end your session or close your browser. Cookies may contain data that can be used to recognise the device used. In some cases, cookies only contain information about specific settings, which does not constitute personal data.
We use both session cookies and persistent cookies on our website. The processing shall be pursuant to Art. 6 (1) lit. f of the GDPR and in the interest of optimising and/or enabling the user interface, and of customising the appearance of our website. You may set your browser to inform you every time a website requests to store a cookie. This will make the use of cookies transparent to you. In addition, you may apply the appropriate browser settings to delete cookies at any time and to prevent websites from storing new cookies. Please note that as a consequence our website may be displayed incorrectly and that some features may no longer be technically available.
GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter ‘Google’). Google Analytics uses ‘cookies’, text files that are stored on your computer and that enable analysis of your use of the website. The information generated by the cookie concerning your use of this website is generally transmitted to and stored on a Google server in the USA. However, since we have enabled IP anonymisation on this website, Google will first truncate your IP address if you are within a member state of the European Union or any other state that is a party to the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only there truncated. Google shall use this information to analyse your use of the website for us, to compile reports on website activity and to provide us with further services related to the use of the website and the Internet.
Your express consent is required for the use of Google Universal Analytics. For this purpose, when you first access our website you shall have the option to withhold or grant your consent by making your selection on the cookie banner and to familiarise yourself with our company’s data protection regulations. Should you grant us your consent, the legal basis for the processing of personal data shall be Art. 6 (1) lit. a of the GDPR.
To date, the European Commission has not yet made an adequacy decision with regard to the transfer of data to companies in the USA. However, Google is certified under the terms of the EU—U.S. Privacy Shield Framework (https://www.privacyshield.gov/EU-US-Framework). Consequently, the company has committed to maintaining higher standards of data protection than those prevalent in the United States, which are intended to approach those prevailing in the European Union. In addition, Google has subscribed the latest version of the EU Standard Contractual Clauses. The transfer of your personal data to the USA shall therefore solely occur on the basis of your express consent in accordance with Art. 49 (1) lit. a of the GDPR.
You may withdraw your consent at any time by accessing the cookie settings and deselecting the ‘Statistics’ category.
In addition, you may object to the creation of pseudonymous profiles beforehand. There are a number of options for accomplishing this:
1.) One option is to object to web analytics by Google Analytics by setting an opt-out cookie, which instructs Google not to store or use your data for the purpose of web analytics. Please note: this option will only prevent web analytics from occurring as long as the opt-out cookie is stored by the browser. Please click here if you would like to set the opt-out cookie now.
2.) You may also prevent the storage of cookies used to create profiles by changing your browser software settings accordingly.
3.) Depending on the browser you use, you may install a browser plug-in that prevents tracking. Please click here to install the relevant browser plug-in.
GOOGLE FORMS – SURVEYS FOR SELECTING CLIMATE ACTION MEASURES
We use Google Forms, a form service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), for digital surveys. If personal data from European individuals are processed, the service provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Forms allows us to create surveys on climate protection engagement, the results of which help us optimize our offerings and services. The surveys are conducted on our own devices and can generally be carried out anonymously. Personal data will only be processed and your information associated with you if you provide us with your email address. We process your email address only if you consent to receive further information and two additional emails with follow-up questions about your climate engagement.
If you are logged in with a Google account, your data from using the survey service can be merged with your account information, enabling Google Ireland to profile you. If you wish to avoid this, we recommend logging out of your account beforehand.
If you provide your email address, your personal data and survey data will be transmitted to Google Ireland, which acts as a processor for us. Since using the services can result in data being transferred to the provider’s parent company based in the USA, this constitutes a data transfer to a third country outside the EU or EEA. For transfers to companies in the USA, an adequacy decision exists (EU-US Data Privacy Framework, DPF). Google is certified under the Data Privacy Framework published by the US Department of Commerce. Through certification, the company has committed to adhering to higher data protection standards than those commonly practiced in the USA. Additionally, we have a data processing agreement with Google to ensure data protection principles and the security of your data are maintained. However, there remains a risk that US authorities could access personal data. If your personal data is transferred to the USA, it is done so based on the Privacy Shield Framework.
The storage of your email address for the purpose of sending further information and receiving two emails with follow-up questions about your climate engagement is based on your consent. You will receive the two emails two weeks and two months after registering your email address. The legal basis is Art. 6 para. 1 lit. a GDPR. By entering your email address, you consent to the processing of your data by us and within Google Forms to the extent described. You can withdraw your consent at any time without providing reasons.
For more information on processing within Google Docs and Forms, please visit: https://support.google.com/docs/answer/10381817?hl=en
TURNSTILE
On our website, we use the Turnstile service provided by Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA.
Turnstile is an anti-spam service that helps protect our forms from non-human, abusive requests, and attacks. To achieve this, Turnstile solves several challenges in the background to verify human behavior. During this process, cookies are set by the provider, and information from the end device is read. If an end device already uses so-called Privacy Access Tokens, only these will be read.
The use of Turnstile and the associated processing, including the transfer of data to the third-party provider, is based on your consent according to Art. 6 para. 1 GDPR. The storage and reading of cookies and information on your end device are based on your consent according to Art. 25 para. 1 TTDSG.
When using Turnstile, personal data is transmitted to Cloudflare Inc. An adequacy decision (EU-US Data Privacy Framework, DPF) exists for transfers to companies in the USA. Companies certified under the Data Privacy Framework published by the US Department of Commerce are committed to adhering to data protection regulations. Cloudflare Inc. is certified under the DPF. We have a data processing agreement with the provider, through which the provider commits to comply with data protection regulations and ensure the security of your data. The legal basis for the transfer of your data to the third country USA is the applicable DPF adequacy decision.
You can revoke your consent to the processing and transfer of your personal data or the storage and reading of information at any time. Simply revisit our cookie settings and slide the toggle back. The revocation does not affect the lawfulness of the processing carried out up to that point.
For more information about Turnstile and the provider’s privacy policy, please visit: [https://blog.cloudflare.com/turnstile-private-captcha-alternative/](https://blog.cloudflare.com/turnstile-private-captcha-alternative/) and [https://www.cloudflare.com/de-de/privacypolicy/](https://www.cloudflare.com/de-de/privacypolicy/).
Please note that for security reasons, our forms cannot be used if consent for the use of Turnstile is not given or is revoked.
YOUTUBE
We embed YouTube on our website to display video content and features of the social platform YouTube, thereby enhancing and making our offer and user experience more interesting. You will recognize the use of YouTube when your consent is requested to play the video or when the YouTube logo or the YouTube text is displayed.
YouTube is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). By streaming a YouTube video, your personal data is processed by Google. The processing is generally for marketing and analytical purposes, for which Google is responsible. For more information on processing, you can refer to Google’s privacy policy, which can be accessed at https://policies.google.com/privacy?hl=de.
If you want to prevent data transfer, you should not use YouTube’s features. Nevertheless, we recommend that you log out of your social network account regularly after using it, especially before activating embedded content, to avoid being associated with your profile with the respective provider.
On our website, YouTube is used in the variant of YouTube-No-Cookie or in extended privacy mode. This means that no cookie is set on your end device when you visit our website, and thus no personal data is processed. A connection to YouTube is only established when you play the video.
With the playback of the video, personal data may be transmitted to Google Inc. in the USA and processed there by Google. This includes your IP address, technical data of the end device, and the information that you have accessed the corresponding subpage of our website. There is no adequacy decision for the transfer of personal data to companies in the USA. However, Google is certified under the Privacy Shield Framework published by the US Department of Commerce. Through certification, the company has committed to adhering to higher data protection standards than those commonly practiced in the USA. Additionally, we have a data processing agreement with Google and have agreed on standard data protection clauses for the transfer of data, through which data protection principles and the security of your data are maintained. However, there remains a risk that US authorities could access personal data.
The transfer of your personal data to the USA is based solely on your consent according to Art. 49 para. 1 sentence 1 lit. a GDPR. You can give your consent in the cookie box or by playing the video. You can withdraw your consent at any time by opening the cookie box and sliding the corresponding toggle to “Off”.
For more information on data protection and data usage by Google, you can visit Google’s website at: https://www.google.de/intl/de/policies/privacy
NEWSLETTER
On our website, you have the opportunity to sign up for our newsletter. For this purpose, we need your name and email address to send you the newsletter. The legal basis for this is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). By registering for the newsletter, you consent to us sending a newsletter to your email address. When registering, you agree to the following consent text:
You can withdraw this consent at any time for the future by unsubscribing from the newsletter. You will find a link at the end of each newsletter email that allows you to unsubscribe from the newsletter. Your entry will then be automatically deleted.
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email in which you are asked to confirm your registration. To prove the registration for the newsletter, the time of registration and confirmation, as well as the IP address, are stored.
The statistical collection, analysis, and logging of the registration process are based on legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). The legitimate interest lies in the proper and technically flawless execution of the email dispatch and the documentation of your given consent.
The data you provide us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored with us for other purposes remains unaffected.
CleverReach
This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that organizes and analyzes the newsletter dispatch. The data you enter for the purpose of subscribing to the newsletter (e.g., email address) is stored on CleverReach’s servers in Germany and/or Ireland.
The newsletters we send with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g., the purchase of a product on this website) has taken place after clicking the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: [https://www.cleverreach.com/en/features/reporting-tracking/](https://www.cleverreach.com/en/features/reporting-tracking/).
If you do not want analysis by CleverReach, you must unsubscribe from the newsletter. We provide an appropriate link in each newsletter message for this purpose.
For more information, please refer to CleverReach’s privacy policy at: [https://www.cleverreach.com/en/privacy-policy/](https://www.cleverreach.com/en/privacy-policy/).
Data Processing Agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
BOOKING ENQUIRIES
If you submit booking enquiries through our enquiry form, we shall use the information that you provide solely for the purpose of processing your enquiry. We shall require your name and surname, your full address and your email address to process the enquiry and send you a quote. The company name, telephone number and fax number are optional. Data processing for (pre-) contractual purposes shall be pursuant to Art. 6 (1) lit. b of the GDPR. The data shall be erased after your enquiry has been processed in full, unless the data must be stored due to retention obligations under commercial and tax law.
BOOKING TICKETS AND TIME SLOTS
For visiting the Klimahaus, you can book tickets online through our shop. The form allows you to request or book group and school visits, conferences, weddings, and other events. To process your request or booking, we need your personal data, including your name, address, contact details (email and phone number), and payment information. The phone number is requested to enable quick contact for any questions regarding the ticket order.
We use Get Your Guide (hereinafter: GYG) as a solution for ticket bookings. GYG is embedded into our website when you want to use our services in the online shop area. In this process, a connection to the provider Get Your Guide Deutschland GmbH, Sonnenburger Str. 73, 10409 Berlin, Germany, is established, and personal data is transmitted to GYG.
GYG processes, in addition to the IP address, the aforementioned personal data for the purpose of booking tickets or purchasing other services. The processing is carried out on our behalf, and we have concluded a data processing agreement with GYG GmbH, whereby the provider is obliged to process your data in compliance with data protection regulations and securely. GYG also uses its own sub-processors for its services, some of which are located outside the EU. The provider is obligated to ensure data protection-compliant processing by the sub-processors and to take sufficient measures to ensure an adequate level of data protection. This is done, for example, through the conclusion of standard data protection clauses when necessary.
The processing and transmission of personal data are carried out to process the booking and services. The legal basis is therefore Art. 6 para. 1 sentence 1 lit. b GDPR. The data is deleted once the commercial and tax law retention periods expire.
For your visit to the Klimahaus, we recommend booking a time slot to guarantee entry. As part of the ticket booking, you can also book a time slot. Alternatively, you can book a time slot if you already have a ticket. For booking a time slot, personal data such as name, address, and contact details are processed. The processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in organizing entries to the Klimahaus to comply with legal obligations and to protect the health of our visitors.
PAYMENT SERVICE PROVIDERS
We use payment service providers to process the bookings.
a) PayPal: PayPal is an online payment service provider. Payments are processed by way of PayPal accounts, which are virtual private or business accounts. A PayPal account is managed by means of an email address. The operating company of PayPal in the European Union is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If you select ‘PayPal’ as your payment option in our online shop, data concerning the data subject shall be automatically transmitted to PayPal. This usually includes the name, surname, address, email address, IP address, telephone number, mobile telephone number and other data that is required to process a payment. Personal data related to the respective booking shall also be required to process the sales contract. The legal basis for the processing shall be Art. 6 (1) lit. b of the GDPR. The processing of your personal data shall serve the purpose of payment processing and thus the discharge of the contract. The personal data exchanged between PayPal and the Klimahaus may be transmitted by PayPal to credit reference agencies. The purpose of this transmission shall be to verify identity and creditworthiness. PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to discharge its contractual obligations or to process the data on its behalf. The provisions of PayPal’s applicable privacy policy can be accessed at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full?locale.x=en_GB.
b) Sofortüberweisung: Sofortüberweisung is a payment service that enables cashless payment of products and services on the Internet. Sofortüberweisung is a technical procedure by means of which the online trader immediately receives confirmation of payment. The operating company of Sofortüberweisung is Sofort GmbH, Fussbergstrasse 1, 82131 Gauting, Germany. If the data subject selects ‘Sofortüberweisung’ as a payment option during the ordering process in our online shop, the data subject’s data shall be automatically transmitted to Sofortüberweisung. For the purchase transaction using Sofortüberweisung, the buyer transmits the PIN and the TAN to Sofort GmbH. After electronically checking the account balance and retrieving additional data to check that there are sufficient funds, Sofortüberweisung transfers the amount to the online trader. The online trader is then automatically notified that the financial transaction has occurred. The legal basis for the processing shall be Art. 6 (1) lit. b of the GDPR. The processing of your personal data shall serve the purpose of payment processing and thus the discharge of the contract. The personal data exchanged with Sofortüberweisung includes the name, surname, address, email address, IP address, telephone number, mobile telephone number and other data that is required to process a payment. The purpose of transmitting the data shall be to process the payment. The personal data exchanged between Sofortüberweisung and the Klimahaus may be transmitted by Sofortüberweisung to credit reference agencies. The purpose of this transmission shall be to verify identity and creditworthiness. Sofortüberweisung may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to discharge its contractual obligations or to process the data on its behalf. The provisions of Sofortüberweisung’s applicable privacy policy can be accessed at https://www.sofort.com/1.0/shared/content/legal/terms/en-GB/1.0.0-0TFtKcYwpqp9ls0HdiqqWqS6QKkn7mc0/SOFORT/.
CONTACT
You can contact us by email at any time. We shall process personal data for this purpose. In addition to the email address and technical transmission data, we shall process personal data that you include voluntarily in your enquiry.
The processing shall be pursuant to Art. 6 (1) lit. b of the GDPR, provided that the enquiry is related to concluding a contract or making a booking. The data shall then be processed further to discharge the contract. Otherwise, the processing shall be pursuant to Art. 6 (1) lit. f of the GDPR. We have a legitimate interest in providing you with an efficient service and responding to your enquiry personally, in a manner that is to your satisfaction.
The personal data shall be erased once the contract has been discharged or your enquiry has been processed, unless this conflicts with legal retention obligations.
EVALUATION, MICROSOFT FORMS
Use of Microsoft Forms
We use the Microsoft Forms tool for conducting surveys. This tool is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
When using Microsoft Forms, the following data is processed:
- Name
- Date of birth
- Age
- IP address
- Data related to your role (e.g., teacher, group leader)
- Data related to your educational background (e.g., type of school)
Microsoft is also a recipient of your data.
When using Microsoft Forms, cookies are set. Some cookies are necessary for the use of Microsoft Forms to maintain the functionality of the survey and to prevent multiple submissions. The legal basis for setting and reading these cookies is § 25 Abs. 2 Nr. 2 TTDSG. Some cookies are not necessary and are set only with your consent. These cookies are used by Microsoft for statistical analysis and read your device data. The legal basis for setting and reading these cookies is § 25 Abs. 1 TTDSG. You can withdraw your consent at any time.
Microsoft may transfer personal data to the USA or other non-European countries in certain cases. Microsoft USA is certified under the Data Privacy Framework (DPF), which serves as an adequacy decision according to Art. 45 GDPR for the transfer of data to Microsoft in the USA. However, your data may still be accessed and processed by US authorities. Microsoft ensures that appropriate safeguards (e.g., standard data protection clauses) and technical measures (e.g., encryption) are used when transferring data to non-European countries. Microsoft has committed to this through a data processing agreement with us.
The data is collected:
- To link the questionnaires you fill out (one before and one after the event). For this purpose, we process your name and date of birth.
- To better understand and derive specific recommendations for action based on the characteristics of your group during the evaluation of our educational programs (e.g., adjusting target group information regarding age/class level). For this purpose, we process personal data related to age, educational background, and role.
We process your name and date of birth once to link the questionnaires. We regularly process your other data (age, educational background, and role) to repeatedly evaluate the affected educational program, identify trends, and derive recommendations for action. In individual cases, we can identify you based on your data; however, aggregation usually makes it impossible to trace back to an individual.
Data processing is based on your consent, and the legal basis is Art. 6 para. 1 lit. a GDPR.
You have the right to withdraw your consent at any time without giving reasons by sending an email to info@klimahaus-bremerhaven.de. The processing carried out until the withdrawal remains unaffected.
Data processing is also based on Art. 6 para. 1 lit. f GDPR to protect our legitimate interests, as we are an officially recognized extracurricular learning site and aim to offer efficient and target group-oriented educational programs. This applies to every educational program offered by Klimahaus Bremerhaven GmbH for booking by external parties.
Your data will be stored for the following periods:
- Your name and date of birth will be stored until the questionnaires are linked.
- Your data related to age, educational background, and role will be stored as long as necessary to fulfill the purposes mentioned above and based on legitimate interests. The legitimate interest refers to the evaluation of individual educational programs and the long-term observation of trends in the groups booking the programs. The goal of the evaluation is the gradual improvement of the educational programs, and this is a continuous process, making trend analysis in the evaluations a legitimate interest.
The storage only concerns personal data. In individual cases, we can identify you based on the available data. Typically, however, the data is anonymized by aggregating it with other data, making identification impossible. This anonymized data is no longer personal and will be stored as long as necessary for our purposes.
JOB APPLICATIONS
We shall only process job application data that you provide when applying for the jobs advertised by us for this specific purpose, in compliance with the data protection requirements. The data processing shall be pursuant to Section 26 (1) of the BDSG. We shall process your data exclusively for the purpose of the application process or for the potential establishment of an employment relationship, as the case may be. In the event that the application process has a positive outcome, we shall process the data to continue establishing and, subsequently, to implement the employment relationship. In the event that the application process has a negative outcome, we shall erase the data after three months.
In the course of the application process, our company works together with the job application platform of the service provider Workwise GmbH (legal notice: https://www.workwise.io/impressum). Recruitment on behalf of jobseekers or employers does not constitute commissioned processing, but rather the use of an external specialist service provided by an autonomous accountable entity (BayLDA FAQ dated 20/07/2018). Further information on Workwise GmbH’s data protection provisions is available in the service provider’s privacy policy (https://www.workwise.io/en/datenschutz).
SOCIAL MEDIA
a) General Information
We currently operate the following social media channels: Instagram, Facebook, LinkedIn, and YouTube. These links are indicated by the respective logos on our website.
When you visit our website, the social media button is initially inactive, and no personal data is transmitted to the providers of these plug-ins. It is only when you click the button that you start communicating directly with the plug-in provider, who then receives information that you have accessed the corresponding page of our online offer.
The plug-in provider usually stores the data collected about you as usage profiles and uses them for advertising, market research, and/or the personalized design of their website. Such analysis is carried out (also for non-logged-in users) to display personalized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact the respective plug-in provider to exercise this right. By using the plug-ins, we offer you the opportunity to interact with social networks and other users, allowing us to improve our offer and make it more interesting for you as a user. We have a legitimate interest in strengthening our presence in social networks for these purposes and in providing you access to them. The legal basis for the use of plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.
By activating the plug-in, personal data will be transferred to the respective plug-in provider and stored there (in the case of US providers, in the USA). We have no control over the data collected and the processing procedures, nor are we fully aware of the scope of data collection, the purposes of processing, or the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
The data transfer occurs regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected with us will be directly associated with your account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. We recommend logging out regularly after using a social network, especially before activating the button, as this helps to avoid associating your profile with the plug-in provider.
For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the following privacy policies of these providers. There you will also find further information about your rights and settings options for protecting your privacy.
Addresses of our profiles, the respective social media providers, and URLs with their privacy notices:
- Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; http://www.facebook.com/about/privacy/. Our profiles can be reached at www.facebook.com/klimahaus/ and www.instagram.com/klimahaus.bremerhaven/
- YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; http://www.google.com/intl/de/privacy/privacy-policy.html. Our profile can be reached at https://www.youtube.com/user/KlimahausBremerhaven
- LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://de.linkedin.com/legal/privacy-policy? Our profile can be reached at https://www.linkedin.com/company/klimahaus/
We shall transmit your data within the scope of commissioned processing to service providers that assist us in operating our website and in related processes in accordance with Art. 28 of the GDPR. Our service providers shall be subject to our strict directives and are accordingly contractually bound. We use the following service providers:
Webhosting: domainfactory GmbH, Scheidemannplatz 2, 34117 Kassel
Newsletterversand: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede
Statistische Analyse: Google Ireland, Barrow St., Dublin 4, Irland
Ticketing-Service: Get Your Guide GmbH, Sonnenburger Str. 73, 10409 Berlin
DATA TRANSMISSION TO THIRD COUNTRIES
In some cases, we shall transmit personal data to a third country outside the EU. This shall be done to the extent described in this policy. We have ensured an adequate level of data protection in each case.
We shall neither sell your personal data to third parties nor market it in any other way.
YOUR RIGHTS AS A USER
The GDPR grants you as a website user certain rights regarding the processing of your personal data:
1. Right of access (Art. 15 of the GDPR):
You have the right to require confirmation as to whether personal data concerning you is being processed. Should this be the case, you have the right of access to this personal data and to the information specified in Art. 15 of the GDPR.
2. Right to rectification and erasure (Art. 16 and Art. 17 of the GDPR):
You have the right to require the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data.
Furthermore, you have the right to require that personal data concerning you be erased forthwith, provided that one of the grounds specified in Art. 17 of the GDPR applies, for example, if the data is no longer required for the purposes for which it was collected.
3. Right to restriction of processing (Art. 18 of the GDPR):
You have the right to require the restriction of processing if one of the conditions specified in Art. 18 of the GDPR is met, for example, if you have objected to the processing pending verification.
4. Right to data portability (Art. 20 of the GDPR):
In certain cases specified in Art. 20 of the GDPR in particular, you have the right to receive the personal data concerning you in a structured, conventional and machine-readable format, or to require the transmission of such data to a third party.
5. Right to object (Art. 21 of the GDPR):
Should data pursuant to Art. 6 (1) lit. f be collected (data processing to safeguard legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We shall then no longer process the personal data, unless demonstrably compelling legitimate grounds for the processing exist, which override the interests, rights and freedoms of the data subject, or which serve for the assertion, exercise or defence of legal claims.
6. Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint may be asserted in particular with a supervisory authority in the member state of your residence, your place of work or the place of the alleged violation. The competent supervisory authority in Bremen is Dr Imke Sommer, State Commissioner for Data Protection and Freedom of Information, Arndtstrasse 1, 27570 Bremerhaven.
In accordance with Sections 34 and 35 of the BDSG, you as a user have the right to require information as to which data concerning you we store and the purpose for which we store it. Moreover, you may have incorrect data rectified or data the storage of which is illegitimate or no longer required deleted.
Right to Object According to Art. 21 GDPR
If data is processed based on Art. 6 para. 1 lit. f (data processing for the protection of legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process your personal data unless there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is for the establishment, exercise, or defense of legal claims.