Thank you for visiting our website. We take the protection of your personal data very seriously. Below, we would like to inform you of how we handle your data in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR).
The controller for data collection and processing is Klimahaus® Betriebsgesellschaft mbH, represented by Arne Dunker.
Klimahaus® Betriebsgesellschaft mbH
Am Längengrad 8
Phone: +49-(0)471-90 20 30-0
Telefax: +49-(0)471-90 20 30-99
Data protection officer
Our data protection officer is in charge of compliance with and the monitoring of our data protection obligations. The data protection officer is available for information or suggestions regarding data protection.
Data protection officer
Phone: +49 (0) 421 339 53 50
- Usage data
- Google Analytics
- Booking enquiries
- Booking tickets and time slots
- Payment service providers
- Customer account
- Job applications
- Redirection to other websites and social networks
- Facebook fan page
- Data recipients
- Data transmission to third countries
- Your rights as a user
a) Processing of usage data
Every time the user accesses a page on www.klimahaus-bremerhaven.de and every time a file is retrieved, a service on the web server shall store data about this process in a log file. Storage shall be exclusively for system and statistical purposes. Data shall not be transmitted to or otherwise analysed by third parties. Log data shall be deleted after seven days, provided that there are no legal retention obligations to the contrary.
Specifically, the following data shall be stored for each retrieval:
- the name of the retrieved file,
- the date and time of the retrieval,
- the amount of data transmitted,
- notification of successful retrieval,
- the web browser type,
- the user’s operating system,
- the search terms used, including date and time, and
- the user’s IP address.
This data shall be deleted periodically. The user’s IP address shall only be stored in the log file in anonymised form. For this purpose, the last three digits of the IP address shall be replaced by a random value, making it impossible to associate it directly with a specific person and create personal user profiles.
The legal basis for the processing shall be Art. 6 (1) lit. f of the GDPR. It shall be necessary to store log data to enable both the delivery of the website to the user’s computer and communication with our server. This shall enable the website to function appropriately. In addition, we shall use the data in anonymised form to optimise the website and ensure the security of our information technology systems. In this context, the data shall not be analysed for marketing purposes. Log data shall be deleted after seven days, provided that there are no legal retention obligations to the contrary.
b) Processing of usage data by third-party providers
This website uses Google Analytics, a web analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter ‘Google’). Google Analytics uses ‘cookies’, text files that are stored on your computer and that enable analysis of your use of the website. The information generated by the cookie concerning your use of this website is generally transmitted to and stored on a Google server in the USA. However, since we have enabled IP anonymisation on this website, Google will first truncate your IP address if you are within a member state of the European Union or any other state that is a party to the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only there truncated. Google shall use this information to analyse your use of the website for us, to compile reports on website activity and to provide us with further services related to the use of the website and the Internet.
Your express consent is required for the use of Google Universal Analytics. For this purpose, when you first access our website you shall have the option to withhold or grant your consent by making your selection on the cookie banner and to familiarise yourself with our company’s data protection regulations. Should you grant us your consent, the legal basis for the processing of personal data shall be Art. 6 (1) lit. a of the GDPR.
To date, the European Commission has not yet made an adequacy decision with regard to the transfer of data to companies in the USA. However, Google is certified under the terms of the EU—U.S. Privacy Shield Framework (https://www.privacyshield.gov/EU-US-Framework). Consequently, the company has committed to maintaining higher standards of data protection than those prevalent in the United States, which are intended to approach those prevailing in the European Union. In addition, Google has subscribed the latest version of the EU Standard Contractual Clauses. The transfer of your personal data to the USA shall therefore solely occur on the basis of your express consent in accordance with Art. 49 (1) lit. a of the GDPR.
You may withdraw your consent at any time by accessing the cookie settings and deselecting the ‘Statistics’ category.
In addition, you may object to the creation of pseudonymous profiles beforehand. There are a number of options for accomplishing this:
1.) One option is to object to web analytics by Google Analytics by setting an opt-out cookie, which instructs Google not to store or use your data for the purpose of web analytics. Please note: this option will only prevent web analytics from occurring as long as the opt-out cookie is stored by the browser. Please click here if you would like to set the opt-out cookie now.
2.) You may also prevent the storage of cookies used to create profiles by changing your browser software settings accordingly.
3.) Depending on the browser you use, you may install a browser plug-in that prevents tracking. Please click here to install the relevant browser plug-in.
If you would like to receive the newsletter promoted on the website, we shall require a valid email address from you. If you have granted your consent separately, the data shall be processed accordingly, pursuant to Art. 6 (1) lit. a of the GDPR. A link at the end of each newsletter will allow you to unsubscribe from the newsletter. Your subscription will then be automatically deleted.
We use rapidmail GmbH as the commissioned processor for the dispatch of our newsletter. Your data shall be transmitted to rapidmail GmbH, Wentzingerstrasse 21, 79106 Freiburg im Breisgau, Germany. rapidmail is prohibited from using your data for purposes other than dispatching newsletters. rapidmail is a German certified provider, which was selected according to the requirements of the GDPR and the Federal Data Protection Act (BDSG). rapidmail and the controller have entered into a commissioned processing contract in which the provider has undertaken to implement appropriate, state-of-the-art organisational and technical measures to ensure the protection of personal data.
You may withdraw your consent to the storage of data and your email address, and its use for the delivery of the newsletter at any time. If consent is withdrawn, we shall stop the corresponding data processing.
If you submit booking enquiries through our enquiry form, we shall use the information that you provide solely for the purpose of processing your enquiry. We shall require your name and surname, your full address and your email address to process the enquiry and send you a quote. The company name, telephone number and fax number are optional. Data processing for (pre-) contractual purposes shall be pursuant to Art. 6 (1) lit. b of the GDPR. The data shall be erased after your enquiry has been processed in full, unless the data must be stored due to retention obligations under commercial and tax law.
BOOKING TICKETS AND TIME SLOTS
You can book tickets to visit the Klimahaus in our online shop. We shall require your personal data (billing and delivery address) to process the booking. This includes your name, address and contact details (email address and telephone number). The telephone number is requested to be able to get in touch with you immediately should there be any questions in connection with the ticket booking. The tickets are personalised and must be allocated to a person.
We use Reservix as a solution for booking tickets. If you would like to book tickets in our shop, a connection to the servers of Reservix GmbH, Humboldtstrasse 2, 79098 Freiburg im Breisgau, Germany, shall be established and personal data shall be transmitted to Reservix. Reservix shall process the personal data provided above for the purpose of booking tickets. You can view further details on how Reservix handles personal data at https://cdn.reservix.com/Datenschutzerklaerung_Reservix.pdf (German only).
Personal data shall be processed for the purpose of completing the booking. Thus, the legal basis for this shall be Art. 6 (1) lit. b of the GDPR. The data shall be erased as soon as the periods of retention under commercial and tax law expire.
When visiting our Klimahaus, we recommend booking a time slot to guarantee admission. Due to the legal requirements in place to address the COVID-19 pandemic, we can only admit a limited number of people during any specific time slot. When booking a ticket, you can also book a time slot. However, you can also book a time slot if you already hold a ticket. Personal data shall be processed for the purpose of booking a time slot. Again, this includes your name, address and contact details. The processing shall be pursuant to Art. 6 (1) lit. f of the GDPR. Our legitimate interest is to organise admission to the Klimahaus in order to comply with prevalent legal obligations and to safeguard the health of our visitors.
PAYMENT SERVICE PROVIDERS
We use payment service providers to process the bookings.
Should you wish, you can register and set up an optional customer account to process future orders more quickly. For this purpose, you must provide your email address and a password.
Once you have successfully completed the registration process, you will not need to enter your data again. The data shall be processed for pre-contractual measures and for the purpose of discharging contracts. The legal basis for the processing shall be Art. 6 (1) lit. b of the GDPR.
You can have your account deleted at any time by sending an email to firstname.lastname@example.org. The associated data will then be erased, provided that this does not conflict with legal retention obligations.
You can contact us by email at any time. We shall process personal data for this purpose. In addition to the email address and technical transmission data, we shall process personal data that you include voluntarily in your enquiry.
The processing shall be pursuant to Art. 6 (1) lit. b of the GDPR, provided that the enquiry is related to concluding a contract or making a booking. The data shall then be processed further to discharge the contract. Otherwise, the processing shall be pursuant to Art. 6 (1) lit. f of the GDPR. We have a legitimate interest in providing you with an efficient service and responding to your enquiry personally, in a manner that is to your satisfaction.
The personal data shall be erased once the contract has been discharged or your enquiry has been processed, unless this conflicts with legal retention obligations.
We shall only process job application data that you provide when applying for the jobs advertised by us for this specific purpose, in compliance with the data protection requirements. The data processing shall be pursuant to Section 26 (1) of the BDSG. We shall process your data exclusively for the purpose of the application process or for the potential establishment of an employment relationship, as the case may be. In the event that the application process has a positive outcome, we shall process the data to continue establishing and, subsequently, to implement the employment relationship. In the event that the application process has a negative outcome, we shall erase the data after three months.
REDIRECTION TO OTHER WEB PAGES AND SOCIAL NETWORKS
• Facebook: www.facebook.com/klimahaus (https://en-gb.facebook.com/policy.php)
• Twitter: https://twitter.com/Klimahaus_Brhv (https://twitter.com/privacy?lang=en)
• Instagram: www.instagram.com/klimahaus.bremerhaven (https://help.instagram.com/519522125107875/?locale=en_GB)
• YouTube: www.youtube.com/user/KlimahausBremerhaven (https://policies.google.com/privacy?hl=en-GB&gl=de)
FACEBOOK FAN PAGE
The operating company of Facebook and Instagram is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller for the processing of personal data in the case of data subjects living outside the USA or Canada is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter ‘Meta Ireland’).
Clicking the links to our Facebook or Instagram fan pages, which are displayed on our site in the form of icons, will take you to our respective pages on the said social networks.
Visiting the social networks shall result in personal data being processed by Meta Ireland. Klimahaus Betriebsgesellschaft mbH and Meta Ireland are jointly responsible for the collection and transmission of personal data to Meta Ireland whenever our Facebook fan page is visited. When our Facebook fan page is visited, Meta Ireland collects and processes visitor data and analyses it for statistical purposes. The data is provided to us in anonymised form. This provides insight into how people interact with their pages and with the content associated with them, enabling us to design our online presence in a user-friendly manner and to optimise it further. This shall also constitute our legitimate interest in processing pursuant to Art. 6 (1) lit. f of the GDPR. With regard to the transfer of personal data in the context of a visit to our fan page, a joint controllership arrangement (Page Insights Controller Addendum: www.facebook.com/legal/terms/page_controller_addendum), which regulates the discharge of obligations in accordance with the GDPR, has been entered into with Meta Ireland. You can assert your data protection rights both with Meta Ireland and with Klimahaus Betriebsgesellschaft mbH. In accordance with the GDPR, the primary responsibility for the processing of Facebook Insights Data shall lie with Meta Ireland and Meta Ireland shall comply with all the GDPR obligations in relation to the processing of Insights Data.
Should the data subject visiting our website be simultaneously logged in to Facebook or Instagram, Meta Platforms detects this and, if applicable, merges the data with your account and thus builds profiles in order to serve personalised advertising or to optimise the social network. Meta Platforms is the sole controller responsible for these processing operations in accordance with data protection law. We have no control over the processing and the details of the processing: the extent of the processing, the purposes of the processing, retention periods and data erasure are unknown to us.
We shall transmit your data within the scope of commissioned processing to service providers that assist us in operating our website and in related processes in accordance with Art. 28 of the GDPR. Our service providers shall be subject to our strict directives and are accordingly contractually bound. We use the following service providers:
Webhosting: domainfactory GmbH, Scheidemannplatz 2, 34117 Kassel
Newsletterversand: rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg im Breisgau
Statistische Analyse: Google Ireland, Barrow St., Dublin 4, Irland
DATA TRANSMISSION TO THIRD COUNTRIES
In some cases, we shall transmit personal data to a third country outside the EU. This shall be done to the extent described in this policy. We have ensured an adequate level of data protection in each case.
We shall neither sell your personal data to third parties nor market it in any other way.
YOUR RIGHTS AS A USER
The GDPR grants you as a website user certain rights regarding the processing of your personal data:
1. Right of access (Art. 15 of the GDPR):
You have the right to require confirmation as to whether personal data concerning you is being processed. Should this be the case, you have the right of access to this personal data and to the information specified in Art. 15 of the GDPR.
2. Right to rectification and erasure (Art. 16 and Art. 17 of the GDPR):
You have the right to require the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data.
Furthermore, you have the right to require that personal data concerning you be erased forthwith, provided that one of the grounds specified in Art. 17 of the GDPR applies, for example, if the data is no longer required for the purposes for which it was collected.
3. Right to restriction of processing (Art. 18 of the GDPR):
You have the right to require the restriction of processing if one of the conditions specified in Art. 18 of the GDPR is met, for example, if you have objected to the processing pending verification.
4. Right to data portability (Art. 20 of the GDPR):
In certain cases specified in Art. 20 of the GDPR in particular, you have the right to receive the personal data concerning you in a structured, conventional and machine-readable format, or to require the transmission of such data to a third party.
5. Right to object (Art. 21 of the GDPR):
Should data pursuant to Art. 6 (1) lit. f be collected (data processing to safeguard legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We shall then no longer process the personal data, unless demonstrably compelling legitimate grounds for the processing exist, which override the interests, rights and freedoms of the data subject, or which serve for the assertion, exercise or defence of legal claims.
6. Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint may be asserted in particular with a supervisory authority in the member state of your residence, your place of work or the place of the alleged violation. The competent supervisory authority in Bremen is Dr Imke Sommer, State Commissioner for Data Protection and Freedom of Information, Arndtstrasse 1, 27570 Bremerhaven.
In accordance with Sections 34 and 35 of the BDSG, you as a user have the right to require information as to which data concerning you we store and the purpose for which we store it. Moreover, you may have incorrect data rectified or data the storage of which is illegitimate or no longer required deleted.