As the operator of this website and as a company, we come into contact with your personal data. This concerns all data that reveals something about you and by which you can be identified. In this privacy policy, we would like to explain how, for what purpose and on which legal basis we process your data.
Responsible for the data processing (“data controller”) on this website and in our company is:
Magdeburger Museen
Otto-von-Guericke-Str. 68-73
39104 Magdeburg
Deutschland
Phone: 0391-540 35 01
E-mail: museen@magdeburg.de
When you enter your data on websites, place online orders or send e-mails via the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do our utmost to protect your data as best we can and to close security gaps as far as we can.
An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.
In some parts in this privacy policy, we inform you about how long we or the companies that process your data on our behalf will store your data. In the absence of such information, we store your data until the purpose of the data processing no longer applies, you object to the data processing or you revoke your consent to the data processing.
In the event of an objection or revocation, we may however continue to process your data if at least one of the following conditions applies:
In this case, we will delete your data as soon as the requirement(s) cease to apply.
On our website, we use tools from companies that transfer your data to the USA and store it there and, if necessary, process it further. The European Commission has adopted an adequacy decision for the EU-US data protection framework. The decision establishes that the US ensures an adequate level of protection for EU personal data transferred to US companies. This decision is based on new safeguards and measures put in place by the US to meet data protection requirements. The adequacy decision includes, among other things, restrictions and safeguards on access to data by US intelligence agencies. Binding safeguards were introduced to limit US intelligence agencies’ access to what is necessary and proportionate to protect national security. In addition, enhanced oversight of US intelligence activities was established to ensure that restrictions on surveillance activities are respected. An independent redress mechanism has also been established to handle and resolve complaints from European citizens about access to their data. The EU-US data protection framework thus allows European companies to transfer data to certified US companies without having to introduce additional data protection safeguards. A list of all certified companies can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search.
A change in the European Commission’s decision cannot be ruled out.
We have appointed a data protection officer for our company.
Datenschutzbeauftragter
Otto-von-Guericke-Straße 34a
E-mail: datenschutzbeauftragter@stadt.magdeburg.de
Phone: +49 391 540-2531
IF IT’S STATED IN THIS PRIVACY STATEMENT THAT WE HAVE LEGITIMATE INTERESTS FOR THE PROCESSING OF YOUR DATA AND THAT THIS PROCESSING IS THEREFORE BASED ON ART. 6 PARA. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO OBJECT IN ACCORDANCE WITH ART. 21 GDPR. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO REASONS ARE REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.
THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING PREREQUISITS EXISTS:
THESE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING OR TO PROFILING RELATED TO IT.
Many data processing operations are based on your consent. You can give this consent, for example, by ticking the appropriate box on online forms before you send the form, or by allowing the operation of certain cookies when you visit our website. You may revoke your consent at any time without giving reasons (Art. 7 (3) GDPR). From the time of revocation, we may then no longer process your data. The only exception: we are required by law to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.
If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. You may contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right to complain exists alongside administrative or judicial remedies.
We must hand over data that we process automatically on the basis of your consent or in fulfillment of a contract to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another “data controller” if this is technically possible.
According to Art. 15 GDPR, you have the right to receive information free of charge about which of your personal data we have stored, where the data came from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have a right to rectification (Art. 16 GDPR), and under the conditions of Art. 17 GDPR you may demand that we delete the data.
In certain situations, according to Art. 18 GDPR, you may demand that we restrict the processing of your data. The data may then – apart from storage – only be processed as follows:
The right to restrict processing exists in the following situations:
Our website is hosted on a server of the following Internet service provider (hoster):
DomainFactory GmbHc/o WeWorkNeuturmstrasse 580331 MunichGermany
Yes
The hoster stores all the data from our website. This includes all personal data that is collected automatically or through entering. This can be in particular: Your IP address, pages accessed, names, contact details and requests, as well as meta and communication data. When processing data, our hoster adheres to our instructions and always processes the data only insofar as this is necessary to fulfill the service obligation to us.
Since we address potential customers via our website and maintain contacts with existing customers, the data processing by our hoster serves to initiate and fulfill contracts and is therefore based on Art. 6 (1) lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the legal basis of Art. 6 (1) lit. f) GDPR.
Server log files log all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so that we cannot assign the data to your person. The data is automatically transmitted to our provider by your browser.
Our provider stores the server log files in order to be able to track the activities on our website and to locate errors. The files contain the following data:
We do not combine this data with other data but use it only for statistical analysis and to improve our website.
We have a legitimate interest in ensuring that our website runs without errors. It is also our legitimate interest to obtain an anonymized overview of the accesses to our website. Therefore, the data processing is lawful according to Art. 6 (1) lit. f) GDPR.
You can send us a message via the contact form on this website.
We store your message and the information from the form in order to process your request including follow-up questions. This also applies to the contact details provided. We do not pass on the data to other persons without your consent.
We delete your data as soon as one of the following occurs:
This does not apply only if we are required by law to retain the data.
If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the legal basis of Art. 6 (1) lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests directed to us. The legal basis for data processing is therefore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
We use the following tools to analyze the behavior of our website visitors and show you advertisements.
We are always interested in optimizing our website for users and placing advertising in the best possible way. We are helped in this by Matomo Analytics, an open-source tool that analyzes user behavior and thus provides us with the necessary database for adjustments. Matomo uses cookies, device fingerprinting, and other technologies that enable user recognition across pages to analyze user behavior. Matomo records page views, which region they come from, IP address, referrers, browsers used and operating systems. In addition, the tool can measure whether our website visitors perform certain actions (e.g. click on links or make purchases). After anonymizing your IP address, the collected data is stored exclusively on our server.
As a website operator, we have a legitimate interest in the anonymized analysis of user behavior for the purpose of optimizing our website and the advertising placed there. The data processing is therefore lawful according to Art. 6 (1) lit. f) DSGVO. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing, the legal basis is exclusively Art. 6 (1) lit. a) DSGVO. You can revoke your consent at any time with effect for the future.
We use fonts from the US company Google on our website. We have installed the fonts locally, so there is no connection to Google’s servers when you visit our website.
For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy?hl=de.
A mapping service provided by Google Ireland Ltd.
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
We use Google Maps on our website. To enable you to use all the functions of the map service, Google stores your IP address on one of its servers in the USA.
The maps from Google Maps ensure that the places indicated on our website are easier to find for visitors. As a company, we have a legitimate interest in this. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR.
If you have consented to the data processing, we process your data exclusively on the basis of Art. 6 (1) lit a) GDPR. You may revoke your consent at any time. From the time of revocation, we may no longer process your data.
By social media, we mean the social networks on which we have created publicly accessible profiles. You can read below which social networks these are specifically.
The respective operating companies of the social networks. You can find the individual operators below under the respective networks.
The operators of social networks are generally able to collect and evaluate comprehensive data about the behavior of visitors and users of the network. It is not possible for us to track all processing operations on the social networks we use, which is why further processing operations not listed here may be carried out by the operators of the social networks. You can find more information on this in the terms of use and privacy statements of the respective social networks.
The processing of your data can be triggered by you visiting the website of the social network or our profile page there. Even if you visit a website that uses certain content of the network, e.g. like or share buttons, data may already be transmitted to the operators of the social network. If you yourself are a user of the social network and logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you yourself have not registered a user account or are not logged in, the operator of the network may still collect your personal data, e.g. by recording your IP address or setting cookies. With this data, the operators can create user profiles adapted to your behavior and interests and show you interest-based advertising inside and outside the network. If you are a registered user of the network, the interest-based advertising may also be displayed on all devices on which you are or were logged in.
Our profiles in the social networks are intended to ensure the broadest possible presence of our company on the Internet. As a company, we have a legitimate interest in this. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR.
The data processing operations and analyses carried out by the operators of the social networks themselves may be based on other legal grounds. These must be stated by the operators of the social networks.
If you visit one of our profiles on the social networks, we are jointly responsible with the operator of the respective network for the data processing operations triggered during this visit. In principle, you can assert your rights both against us and against the operator of the respective network.
Despite the joint responsibility with the operators of the social networks, however, our influence on the data processing operations of the respective operator is limited and is primarily based on the operator’s specifications.
If we collect data via our profiles in the social networks, these are deleted from our systems as soon as the purpose for storing them no longer applies, you request us to delete them or you revoke your consent to storage. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on how long the operators of the social networks store your data, which the operators collect for their own purposes. You can obtain information on this directly from the operator of the respective social network, e.g. in the respective privacy policy.
What is Facebook?A social network
Who processes your data?Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Is your data transferred to third countries?Yes, to the U.S. and also to other third countries.
Where can you find more information about data protection at Facebook?https://www.facebook.com/about/privacy/
As a Facebook user, where can you adjust your advertising preferences?As a registered Facebook user, you can adjust your advertising settings in your user account. To do so, click on the following link and log in:
What is Instagram?A social network specializing in photos and videos.
Who processes your data?Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Is your data transferred to third countries?Yes
Where can you find more information about data protection at Instagram?https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Richtlinien%20und%20Meldungen
As a user, where can you adjust your privacy settings?As a registered Instagram user, you can adjust your privacy settings in your user account. To do so, click the following link and log in:https://www.instagram.com/accounts/privacy_and_security/
What is YouTube?A social network in the form of an online video portal.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Where can you find more information about data protection at YouTube?https://policies.google.com/privacy?hl=de
As a user, where can you adjust your privacy settings?
