Data protection
This website is operated by:
Historical Museum of the Palatinate Speyer
Foundation under public law.
It is very important to us to handle the data of our website visitors confidentially and to protect it in the best possible way. For this reason, we make every effort to fulfil the requirements of the GDPR.
Below we explain how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you really understand what happens to your data.
2.1 Processing of personal data and other terms
Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.
2.2 Applicable regulations/laws - GDPR, BDSG and TDDDG
The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.
In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.
2.3 The controller
The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
You can contact the controller at
Historical Museum of the Palatinate Speyer
Foundation under public law
Cathedral Square 4
67346 Speyer
datenschutz@museum.speyer.de
We have appointed a data protection officer for our company. You can reach him under:
Elke Wöllner
Domplatz 4, 67346 Speyer
datenschutz@museum.speyer.de
2.5 How data is generally processed on this website
As we have already established, some data (e.g. IP address) is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this or ask for your consent.
You provide us with other personal data deliberately.
Detailed information on this can be found below.
The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.
The details of these rights and how to exercise them can be found in the last section of this privacy policy.
The transfer and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this.
Data is only passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if we are dealing with a so-called processor and an order processing contract has been concluded in accordance with Art. 28 GDPR.
We delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a 'good' overview of this.
For further information, please refer to this privacy policy and contact the controller if you have any specific questions.
This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes the automatically collected and stored log files (see below for more details) as well as all other data provided by website visitors.
External hosting is carried out for the purpose of secure, fast and reliable provision of our website and in this context serves the fulfilment of contracts with our potential and existing customers.
The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user within the meaning of the TDDDG.
Our hoster only processes data that is required to fulfil its performance obligation and acts as our processor, i.e. it is subject to our instructions. We have concluded a corresponding contract for order processing with our hoster.
We use the following hoster:
hosting-rhein-neckar.de
The processing of personal data always requires a legal basis. The GDPR provides for the following possibilities in Art. 6 para. 1 sentence 1:
In the following sections, we will provide you with the specific legal basis for the respective processing.
When you visit our website, we process your personal data.
We use SSL or TLS encryption to protect this data in the best possible way against unauthorised access by third parties. You can recognise this encrypted connection by the https:// or padlock symbol in the address bar of your browser.
Below you can find out what data is collected when you visit our website, for what purpose this is done and on what legal basis.
3.1 Data collection when accessing the website
When the website is accessed, information is automatically stored in so-called server log files. This is the following information:
This data is required temporarily in order to be able to display our website to you permanently and without any problems. In particular, this data is used for the following purposes
Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular our interest in the functionality of the website and its security.
Where possible, this data is stored in pseudonymised form and deleted once the respective purpose has been achieved.
If the server log files allow the data subject to be identified, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified.
Otherwise, the data is not merged with other data.
This website uses so-called cookies. This is a data record, a piece of information that is stored in the browser of your end device and is related to our website.
The use of cookies can make it easier for visitors to navigate the website.
In our cookie consent tool, you will find all information about the cookies that we use on our website (if applicable, with your consent).
You can manage all cookies that are not technically necessary directly via our cookie consent tool.
You can prevent the setting of cookies by adjusting your browser settings.
Here you will find the corresponding links to frequently used browsers:
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac.
If you use a different browser, we recommend that you enter the name of your browser and 'delete and manage cookies' in a search engine and follow the official link to your browser.
Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/
or www.youronlinechoices.com.
However, we must point out that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.
3.2.3 Technically necessary cookies
We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with the applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.
The legal basis for this is Art. 6 para. 1 lit. b, c and/or f GDPR, depending on the individual case.
3.2.4 Cookies that are not technically necessary
We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyse the surfing behaviour of the website visitor or to offer functions of the website that are not technically necessary.
The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Cookies that are not technically necessary are only set with your consent, which you can revoke at any time in the cookie consent tool.
3.3 Data processing through user input
We offer the following (services) on our website: Newsletter, press mailing list, contact forms, PayPal donation link.
We collect the following data for this purpose:
Name
e-mail address
your address
Telephone number
Year of birth
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
If you contact us by email, we will process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
We offer a contact form. This is used to contact our company.
In this form, we generally process your first and last name, your telephone number, your e-mail address, a postal address and the content of the message. The data is stored on our web server and forwarded internally to the relevant e-mail addresses.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in responding to your request and in an uncomplicated way of contacting you. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
We delete this data no later than 3 months after receipt, unless it is required for a contractual relationship that has arisen.
We bind the contact form of
Solspace Freeform
https://solspace.com/plugins/freeform
on our website.
We use the consent management tool from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, to ensure that only those cookies are set on our website for which there is a legal basis.
This service is used to obtain the website visitor's consent to the storage of certain cookies in their browser or the use of certain technologies and to document them in accordance with data protection regulations.
When this website is accessed, the consent given by the website visitor or the revocation of consent is stored as a Usercentrics cookie in the website visitor's browser. A connection to the Usercentrics servers is established for this purpose.
The legal basis is Art. 6 para. 1 lit. c GDPR. Usercentrics is used to obtain the legally required consent for the use of cookies.
If the Usercentrics consent management tool is integrated into the website via a third-party provider, data (e.g. the IP address) may be transmitted to the third-party provider.
The data collected will be stored until the website visitor requests its deletion or Usercentrics itself deletes it or the purpose for storing the data no longer applies. The mandatory statutory retention periods remain unaffected by this.
3.5.1 postina.net GmbH
We use the newsletter function of postina.net on our website. postina.net is operated by postina.net GmbH, Kapellenstraße 72, 88471 Laupheim, Germany. The service enables the creation and sending of newsletters and the management of email marketing campaigns.
When using postina.net, personal data is processed, including, but not limited to, email addresses, names, salutation, IP addresses and other information collected during registration and use of the newsletter.
The data is processed for the purpose of sending newsletters, managing and analysing user behaviour in order to personalise and optimise the content of the newsletter.
The legal basis for data processing is Art. 6 para. 1 lit. a GDPR, as the processing is based on consent.
Postina.net sets functional cookies that are necessary for the secure and proper functioning of the newsletter. These cookies are set on the basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. In addition, analysis and marketing cookies are set to analyse user behaviour and provide personalised content. These cookies are only set with consent, which can be revoked at any time. The legal basis for setting these cookies is Art. 6 para. 1 lit. a GDPR.
Data is stored until the purpose of storage no longer applies or the person requests deletion. Mandatory statutory retention periods remain unaffected.
Further information on data processing can be found here
3.6 Analysis and tracking tools
We use Google Analytics on this website. Google Analytics is a web analysis service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies to recognise the user and thus analyse user behaviour. These cookies are only set with consent. Consent can be revoked at any time and managed in our cookie consent tool.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
The information collected here is usually transferred to a Google server in the USA and stored there.
On 10 July 2023, the European Commission adopted an adequacy decision for the USA. Google LLC is certified under the EU-US Privacy Framework. However, as the Google servers are located worldwide and data transfer to third countries (e.g. Singapore) cannot be ruled out, the EU Commission's Standard Contractual Clauses (SCC) apply.
The use of Google Analytics results in IP anonymisation. The IP address of the respective user is truncated on servers within the member states of the EU (or the European Economic Area) in such a way that it is no longer possible to trace it back to a natural person. In addition, Google commits to appropriate data protection via the Google Ads data processing conditions and creates an evaluation of website use and website activity and provides the services associated with use. The Google Ads Data Processing Terms apply to companies that are subject to the EU General Data Protection Regulation (GDPR) of the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) or similar regulations.
An additional browser plugin can be used to prevent the information collected (such as the IP address) from being sent to Google and used by Google. The plugin and further information can be found at https://tools.google.com/dlpage/gaoptout?hl=de.
Otherwise, the storage period depends on the type of data processed. Each customer can choose how long Google Analytics stores data before it is automatically deleted. The maximum lifespan of a Google Analytics cookie is two years.
Further information on data usage by Google can also be found at https://support.google.com/analytics/answer/6004245?hl=de. If you have any further questions, you can also contact support-deutschland@google.com
directly.
We embed YouTube videos on this website. YouTube is an online video platform. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
As soon as you start a video on our website, a connection to the YouTube servers is established. After starting a video, YouTube can set cookies on the website visitor's end device in order to save settings and preferences and subsequently display personalised advertising. The information obtained from this is also used for video statistics, to improve user-friendliness and to prevent attempted fraud.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG. This consent can be revoked at any time.
Further information:
3.7.1 Spotify
Elements of the music streaming provider Spotify are integrated on this website. This service is offered by Spotify AB, Regeringsgatan 19, SE 111-53 Stockholm, Sweden.
We embed individual audio files, albums or playlists on our website (iFrame). This means that these can be played directly as a stream on our website. For this purpose, a connection to the Spotify servers is established and the plug-in is displayed on our website. The IP address and information about which website was visited is transmitted to Spotify. If an embedded audio file is played, this information is also transmitted to Spotify. If the website visitor is logged into a corresponding Spotify user account, this data is assigned to the user account.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
The Standard Contractual Clauses (SCC) of the EU Commission apply to data transfers to the USA.
Further information:
https://www.spotify.com/de/legal/privacy-policy/ .
3.8 Social media profiles
In addition to our website, our company is also present on social networks. Here we want to present our company and create the opportunity to get in touch with us.
We also use the opportunity to place adverts and job advertisements on social media.
In the following, we provide information on what data we and the respective social network process when you visit and interact with our profile.
We operate a Facebook fan page on https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
3.9.1 Interaction with our company profile
When you visit our Facebook profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.
The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Facebook profile.
Insofar as an enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.
3.9.2 Page Insights
As explained in the Meta Privacy Policy under "How do we use your information?" (Meta also collects and uses information to provide analytics services, so-called Page Insights, for page operators. This also applies to our Facebook page.
Page Insights are summarised statistics that are created and logged by the Meta servers based on certain interactions of visitors with pages and the content associated with them (e.g. viewing a page or a video, subscribing to a page, marking a page with "Like" or "No longer like", etc.).
Meta provides us with summarised statistics and insights in connection with the Page Insights, which give us information about how people interact with our company website. We do not have access to any personal data, only to the summarised Page Insights. With the help of the page insights, we can view anonymous statistics, e.g. the reach of our account, page views, likes, etc.. These also include analyses by age, gender and location of the users (as specified by them in their respective Facebook profiles). To analyse the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymised. It is not possible for us to draw conclusions about specific individuals.
The purpose of processing this data is to analyse our reach and to adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By analysing this data, we can recognise how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place adverts to better market our company and our services.
The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
When processing personal data in the course of the so-called Page Insights, we are jointly responsible with Facebook in accordance with Art. 26 para. 1 GDPR.
We have concluded a corresponding agreement with Facebook for this purpose, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum).
Facebook's contact details are as follows:
Online contact: https://www.facebook.com/help/contact/1650115808681298
Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.
For Facebook, you can contact the data protection officer at the following link
https://www.facebook.com/help/contact/540977946302970.
Further information about the Page Insights:
https://de-de.facebook.com/legal/terms/page_cntroller_addendum
3.9.3 Processing of personal data and cookies by Meta
When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for "German" IP addresses). Facebook also stores information about the end devices of its users (e.g. as part of the "login notification" function); Facebook may thus be able to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to understand that you have visited this page and how you have used it. Facebook buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer you customised content or advertising.
Information on how personal data can be managed or deleted can be found in Facebook's Privacy Centre:
https://www.facebook.com/privacy/center/.
More information on how Facebook handles data can be found here:
http://de-de.facebook.com/about/privacy.
3.10 Instagram
We operate an Instagram profile. This social media platform is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
3.10.1 Interaction with our company profile
When you visit our Instagram profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.
The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile.
Insofar as an enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.
3.10.2 Insights
As explained in the meta privacy policy under "How do we use your information?" (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as insights, for site operators. This also applies to our Instagram profile.
Insights are summarised statistics that are created based on certain interactions of visitors with pages and the content associated with them and are logged by the Meta servers. This includes the following information, among others
How people interact with our content, websites, apps and services;
Which group of people interact with our content and which group of people use our services.
Meta provides us with summarised reports and insights that tell us how well our content, features, products and services are performing.
We do not have access to personal data, only to the summarised reports.
To analyse the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymised. It is not possible for us to draw conclusions about specific individuals.
The purpose of processing this data is to analyse our reach and to adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By analysing this data, we can recognise how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place adverts to better market our company and our services.
The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
When processing personal data in the course of the so-called Insights, the processing is carried out in joint responsibility with Meta in accordance with Art. 26 para. 1 GDPR.
We have concluded a corresponding agreement with Meta for this purpose, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum.).
Meta's contact details are as follows:
Online contact: https://www.facebook.com/help/contact/1650115808681298
Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.
For Instagram, you can contact the data protection officer at the following link
https://www.facebook.com/help/contact/540977946302970.
Further information about the Insights:
https://de-de.facebook.com/help/pages/insights.
Instagram's full privacy policy can be found here:
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
Processing of personal data and cookies by Meta
When you access an Instagram page, the IP address assigned to your end device is transmitted to Meta. According to Meta, this IP address is anonymised (for "German" IP addresses). Meta also stores information about the end devices of its users (e.g. as part of the "login notification" function); Meta may thus be able to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Meta to understand that you have visited this page and how you have used it. Meta buttons integrated into websites enable Meta to record your visits to these websites and assign them to your Instagram profile. This data can be used to offer you customised content or advertising.
Further information:
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
3.11 YouTube
We operate a profile on YouTube. This is a video platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which enables us to publish video content and interact with our audience.
3.11.1 Data processing by us
We also process the data of profile visitors. In doing so, we process data from your use of our profile, which is provided to us by YouTube.
This information includes statistics on visits to our profile, reports on the playback time of our videos, user interaction (e.g. "I like" or comments), as well as information about individual people who actively interact with our site, e.g. by subscribing or using YouTube's communication options.
The data entered on YouTube, in particular the user name and the content published under the account, is made visible and processed by us through interactions with our profile.
We process this data to enable communication and to optimise our content in terms of reach and target group.
The legal basis for the processing is a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR for the purposes mentioned.
3.11.2 Data processing by YouTube
When you visit our YouTube channel or interact with our YouTube channel, YouTube collects personal data such as IP address, device information, geographic information and activity on the platform, including videos viewed, interactions such as likes, comments and subscriptions. This data may be collected through cookies and similar technologies that are stored on the device.
YouTube uses this information to operate and improve the platform, to provide personalised advertising and to carry out analyses and measurements to understand how users interact with the content. In addition, data processing helps to evaluate and improve the reach and effectiveness of content.
The processing of data by YouTube takes place, among other things, on the basis of your consent, which is expressed by accepting the cookie policy on YouTube.
The data collected by YouTube may be shared within the Google group of companies and with third parties that may be located in countries outside the European Union, including the USA. Google LLC is certified by the EU-U.S. Data Privacy Framework, which ensures that an adequate level of data protection is maintained even when data is transferred to third countries.
We have no influence on the scope of the data processed by YouTube, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect.
Information about which data is processed by YouTube and for what purposes it is used can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de&gl=de
We use the Spotify plugin on this website. Spotify is a music streaming service. This service is offered by SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, United Kingdom.
After activating the plugin, a direct connection is established between the website visitor's browser and the Spotify server when visiting the website. This provides Spotify with the information that the website was visited with this IP address. If the website visitor is logged in with a Spotify user account, Spotify can assign the visit to this website to the user account.
When using Spotify, cookies from Google Analytics are used. Usage data may also be passed on to Google. Spotify is solely responsible for the integration of these cookies.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Further details:
https://www.spotify.com/de/legal/privacy-policy/.
We integrate a donation button from the PayPal service, PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, on our website.
The donation button is integrated as an iFrame on our website. This means that a connection to PayPal is established to display the button. The IP address of the website visitor and other log data may be transmitted to PayPal.
The donation button fulfils the purpose of making a donation in an uncomplicated way and with just a few clicks. The legal basis for data processing through the integration of the donation button is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the integration of the donation button in order to make the processing of donations as simple as possible and to secure our existence and our activities through the donations.
Further information:
3.13 Audio and video conferencing
3.13.1 Zoom
We use Zoom to communicate with customers. Zoom is an online conferencing tool. This service is offered by Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.
When communicating with this tool via video or audio conferencing, personal data is processed by us and the provider of the tool. The data collected includes all information that you provide when using the tool. Metadata relating to the conference is also processed. Furthermore, technical information required for the function of online communication is processed. Furthermore, all files that are shared within the tool are stored on the tool provider's servers.
Zoom can also set cookies. These cookies are only set with consent. Consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
Otherwise, the legal basis for the processing of data by Zoom is Art. 6 para. 1 lit. b GDPR. The communication is related to the fulfilment of a contract or is necessary for the fulfilment of pre-contractual obligations. Furthermore, this tool is used to simplify communication with our company. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
This data is stored until the data subject requests its deletion, the consent for storage has been revoked or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory statutory provisions on retention periods remain unaffected.
The EU Commission's Standard Contractual Clauses (SCC) apply to data transfers to the USA.
Further information:
https://zoom.us/de-de/privacy.html.
Finally, we would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.
4.1.1 Right to information in accordance with Art. 15 GDPR
You can request information about whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.
4.1.2 Right to rectification in accordance with Art. 16 GDPR
This right includes the rectification of inaccurate data and the completion of incomplete personal data.
4.1.3 Right to erasure in accordance with Art. 17 GDPR
This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the erasure of your personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This "right to be forgotten" also corresponds to the controller's obligation under Art. 17 para. 2 GDPR to take appropriate measures to bring about the general erasure of data.
4.1.4 Right to restriction of processing pursuant to Art. 18 GDPR
This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d.
4.1.5 Right to data portability pursuant to Art. 20 GDPR
This regulates the basic right to receive your own data in a commonly used form and to transfer it to another controller. However, this only applies to data processed on the basis of consent or contract in accordance with Art. 20 para. 1 lit. a and b and insofar as this is technically feasible.
4.1.6 Right to object pursuant to Art. 21 GDPR
In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.
4.1.7 Right to "individual decision-making" in accordance with Art. 22 GDPR
In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also subject to restrictions and additions in Art. 22 (2) and (4) GDPR.
The GDPR contains comprehensive rights to inform third parties whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this is only possible or feasible with reasonable effort.
We would like to take this opportunity to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.
We would also like to draw your attention to your rights under Sections 32 et seq. BDSG, which, however, are largely congruent with the rights just described.
4.1.9 Right to lodge a complaint pursuant to Art. 77 GDPR
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates this regulation.
The current status of this data protection declaration is 24 July 2025. From time to time it is necessary to adapt the content of the data protection declaration in order to react to actual and legal changes. We therefore reserve the right to amend this privacy policy at any time. We will publish the amended version in the same place and recommend that you read the privacy policy regularly.