Data Protection Policy

The following data protection policy of the Klassik Stiftung Weimar outlines the type, scope and purpose of processing of personal data (hereafter referred to as „data“) performed in connection with our online services, linked web pages, functions and content, as well as external platforms, e.g. our presence on social media platforms (hereafter referred to „online services“). With regard to terminology used in this policy, e.g. „processing“ or „controller“, please refer to the definitions provided in Art. 4 of the EU’s General Data Protection Regulation (GDPR).

Controller

Klassik Stiftung Weimar
Foundation under public law
Burgplatz 4
99423 Weimar

Tel.: +49 (0)3643 545-0
Email: e-mail

 

Authorised representative

The Klassik Stiftung Weimar is legally represented by its president, Dr. Ulrike Lorenz
Data Protection Officer: e-mail

 

Types of processed data:

Categories of persons affected by data processing

Visitors and users of our online services (hereafter summarily referred to as „users“)

Purpose of processing

Terminology

„Personal data“ is defined as all information that makes reference to identified or identifiable natural persons (hereafter referred to as „data subjects“). A natural person is regarded as identifiable if he/she can be directly or indirectly identified by means of an ID (e.g. a name), an ID number, location data, an online ID (e.g. cookie) or  by one or more specific characteristics which convey the physical, physiological, genetic, psychological, financial, cultural or social identity of this natural person.

„Processing“ is defined as any procedure conducted with or without automated assistance, or any sequence of procedures conducted in connection to personal data. The term is broadly applicable and includes practically every case of data handling.

„Pseudonymisation“ refers to the processing of personal data in such a way that the data can no longer be assigned to any specific data subject without the provision of further information, whereby this information is specially safeguarded and is subject to organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

„Profiling“ refers to any type of automated processing of personal data with the aim evaluating, analysing or predicting distinctive aspects related to a natural person, especially those related to work performance, financial situation, health, personal preferences, reliability, geographical location or changes in location of this natural person.

The term „responsible controller“ distinguishes the natural or legal person, agency, organisation or other entity which is entitled to make decisions alone or in consultation with others concerning the purposes and means of processing personal data.

The term „processor“ distinguishes a natural or legal person, agency, organisation or other entity who/which processes personal data on behalf of the responsible controller.

Legal basis

In accordance with Art. 13 GDPR, we provide the following information on the legal basis of our data processing activities. If the legal basis is not explicitly stated in the provisions below, the following applies: The legal basis for obtaining consent from the data subject is provided in Art. 6 (1 a) and Art. 7 GDPR; the legal basis for processing data necessary for  rendering services and performing contractual obligations, as well as responding to inquiries is provided in Art. 6 (1 b) GDPR; the legal basis for processing data necessary for compliance with our legal obligations is provided in Art. 6 (1 c) GDPR; the legal basis for processing data necessary for pursuing our legitimate interests is provided in Art. 6 (1 f) GDPR. In cases for which processing is necessary to protect the vital interests of the data subject or of another natural person, Art. 6 (1 d) GDPR serves as the legal basis.

Security measures

In accordance with Art. 32 GDPR and taking into account the latest standards in technology, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons, we undertake to implement appropriate technical and organisational measures to ensure a level of security appropriate to the given risk.

These measures serve to ensure the ongoing confidentiality, integrity and availability of data by monitoring its physical availability, as well as the respective access, input, transmission, storage and erasure of such data. In addition, we have implemented measures which protect the rights of our users, ensure personal data is erased, and counteract threats to the security of personal data. Furthermore, we take data protection into account when developing or selecting hardware, software and processing methods in accordance with the data protection principles by technical design and privacy-friendly defaults (Art. 25 GDPR).

Registration for press photo access

We ask you to register if you wish to access our high-resolution press photos in print quality. With your registration, you consent to having your data stored and processed in the content management system of our website until you withdraw your permission. The provided photo material is solely intended for reporting on current day-to-day events. We reserve the right to deny access to our press photo area if photos are used for purposes other than explicitly permitted. Your data is stored and processed for this purpose alone and will not be forwarded to third parties. The Press Office of the Klassik Stiftung Weimar holds the exclusive access rights to this data.

Comments and contributions

The Klassik Stiftung Weimar collects and saves data in connection with the publication of a blog. This data comprises the user’s name, email address and submitted comment. The data is provided voluntarily. The Klassik Stiftung Weimar does not use this data for any other purpose.

All data provided in connection with comments and contributions are stored permanently until the user files an objection.

User contact

When a user contacts us (e.g. via contact form, email, telephone or social media), we process the data provided by the user in accordance with Art. 6 (1 b) GDPR in order to respond to the query and settle the matter accordingly. The user’s data may be stored in a customer relationship management system („CRM system“) or comparable contact management program.

Data protection policy on ordering public relations media

We offer various public relations media for advertising and informational purposes which you can order or subscribe to. These include subscriptions to our newsletter and our magazine “klassisch modern”. In the following, we wish to inform you about how we process your personal data and the rights you have as stipulated by the EU General Data Protection Regulation (GDPR).

In order to deliver the media to which you have subscribed, we process your personal data (name, mailing address for postal delivery or email address for newsletter delivery) based on your consent in accordance with Art. 6 (1 a), Art. 7 (GDPR) in conjunction with § 7 (2) no. 3 UWG.

To verify your consent and the legality of processing in case of doubt, we retain your personal data for up to three years after cancellation of your subscription in accordance with Art. 6 (1 f) GDPR. Newsletter registrations are documented in order to substantiate that the registration process meets the respective legal requirements. To this end, we record the date and time of your registration and corresponding confirmation, as well as your IP address.

You may cancel your subscription to our newsletter at any time by withdrawing your consent. A cancellation link is included at the end of every newsletter. To cancel your magazine subscription, please notify us by e-mail.

We do not share your personal data with third parties. The website operator is responsible for processing your personal data:

Klassik Stiftung Weimar
Burgplatz 4
99423 Weimar
e-mail

You have the right to obtain information about the data we have stored regarding your person. Moreover, you have the right to have your personal data corrected or erased, restrict processing of your data, lodge complaints with the data protection supervisory authorities (e.g. the Free State of Thuringia or others) regarding the processing of your personal data, and object to the storage of your data beyond the cancellation of your subscription at any time. If your objection is justified, we will immediately cease processing your data. An exception to this rule exists if there are compelling reasons worthy of protection which outweigh your interests.

If you have any questions concerning data processing and/or exercising your rights as a data subject, our Data Protection Officer would be happy to assist you further. Please contact:

Klassik Stiftung Weimar
Der Datenschutzbeauftragte / Data Protection Officer
Burgplatz 4
99423 Weimar
e-mail

 

Hosting and email delivery

The hosting services we use provide the following services to our customers: Infrastructure and platform services, computing capacity, storage space and database services, email delivery, IT security services and technical maintenance, all of which serve to ensure the operation of our online services. 

In this context, we or our hosting provider (commissioned to perform these tasks on our behalf based on a third-party processing agreement) process personal and master data, contact data, content data, contract data, usage data and meta- and communication data provided by our clients, interested parties and visitors to our website. The collection of this data is pursuant to our legitimate interests in providing efficient and secure online services in accordance with Art. 6 (1 f) GDPR in combination with Art. 28 GDPR.

Access data and server log files

In pursuit of our legitimate interests as provided in Art. 6 (1 f) GDPR, we or our hosting provider collect and store data on every access query made to content saved on our server (so-called „server log files“). These log files contain the name of the accessed web page, file, date and time of the query, transmitted amount of data, report on whether the query was successful, the browser type and version, the user's operating system, referrer URL (i.e. previously visited page), IP address and the querying provider. 

For security reasons (e.g. for investigating cases of possible misuse of fraud), log file data is saved for a period 365 days max., after which time it is erased. Data retained as evidence in criminal investigations is exempt from erasure until the respective case is conclusively clarified.

Tracking analysis with Matomo

As part of the Matomo tracking analysis software and in keeping with our legitimate interests (e.g. analysing, optimising and efficiently operating our online services as provided in Art. 6 (1 f) GDPR), we process the following data: user’s browser type and version, user’s operating system, country of origin, date and time of the server query, number of visits, length of time the user spends on our website, and the clicked external links. The user’s IP address is anonymised before it is saved. Matomo uses cookies which are saved on the user’s computer. These enable Matomo to analyse how visitors use our online services. The processed data allows us to create pseudonymised profiles of our users. Cookies are saved for a period of one week. The usage data collected by the cookie is saved exclusively on our server and is not shared with third parties. Users can withdraw their consent to having anonymised data collected by Matomo with immediate effect for the future by clicking on the provided link below. In such cases, Matomo places an „opt-out cookie“ onto the user’s browser which prevents it from collecting any data during their visit to our website. If users delete all cookies in their browser, the opt-out cookie will also be erased, which means they will have to reactivate the opt-out cookie during their next visit. The data logs are erased within a period of six months. 

Online presence in social media

We maintain online presence in social networks and platforms in order to communicate with active clients, interested parties and users, and provide them with information about our services. When a user accesses these networks and platforms, the terms and conditions of usage and the privacy policies of the respective controllers apply. 

If not otherwise indicated in our data protection policy, we process the personal data of users insofar as they communicate with us via these social networks and platforms, e.g. when contributing or sending us messages, for the scope and duration required for the respective purpose.

Integrated third-party services and content

In pursuit of our legitimate interests (e.g. analysing, optimising and efficiently operating our online services as provided in Art. 6 (1 f) GDPR), we integrate third-party content and services into our website so that we can offer content and services provided by these third parties, for example, videos and fonts (hereafter referred to summarily as „content“).

Third-party providers of this content always obtain access to the user’s IP address, for without it, their content could not be transmitted to the user’s browser. In other words, the IP address is necessary for delivering third-party content. We make every effort to integrate third-party content only from those providers who pledge to use IP addresses exclusively for delivering content. Third-party providers can also use pixel tags (hidden graphic elements, also known as „web beacons“) for statistical and marketing purposes. By using pixel tags, providers can analyse information about the user traffic on our web pages. The pseudonymised information can also be saved in cookies on the user’s device. The cookies may contain technical information about the user’s browser and operating system, referral URLs, duration of the visit and other information about the usage of our online services, which can then be aggregated with related information from other sources.

Mapbox

A map from the provider Mapbox is used for the Weimar+ app. The open source map integrated in the app locates information on locations in Weimar and the surrounding area, in particular their geographic coordinates and audio tracks. The content can be operated by users with and without location approval. This release of the location is used to give users in Weimar recommendations on content in the immediate vicinity of their own location. This service only works if location sharing has been activated on the user's device. Mapbox's privacy policy: https://www.mapbox.com/legal/privacy

 

 

YouTube

We integrate videos via the video sharing platform „YouTube“, owned and operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in a privacy-enhanced mode. This means that if the user visits a website with an embedded YouTube video player but does not click to play the video, YouTube will not automatically save cookies in the user’s browser. However, once the user clicks on a YouTube video player, YouTube may save a cookie in the user’s browser. However, no personal data is contained in the cookie information when the user clicks an embedded video. (Source: YouTube „Enable the privacy-enhanced mode for embedded videos“). Privacy statement: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We use „Google fonts“, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. Privacy statement: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

rooom AG

The 360° views of rooom AG are made available on special servers in the USA for smooth display in your browser. Pursuant to Art. 49 para. 1 p. 1 lit. a DSGVO, we require your consent for your data to be processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. There is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly also without any legal remedy. In particular, your IP address will be disclosed.

At the latest 24 hours after you have given your consent, the data transfer is automatically terminated. To immediately revoke your consent and end the data transfer, you only need to deactivate the content via the slider at the top or delete the cache of your browser. Your consent will be requested again after 24 hours or after deactivation of the content each time you call up the 360° tours.

Information on video surveillance

To prevent damage and vandalism to the historical assets entrusted in our care, the Klassik Stiftung Weimar operates a video surveillance system in accordance with the statutes of our foundation in combination with § 2 of the Thuringian Foundation Act of the Klassik Stiftung Weimar and § 30 Thür DSG.

Should any damages occur, we analyse the saved video recordings of the area for the period in question. This is done to determine whether the recording of the incident can be used in the prosecution of a criminal or civil offense. This procedure affects visitors and users who enter and remain within the confines of the properties of the Klassik Stiftung Weimar.

Video recordings are erased 72 hours after storage insofar as no damages are reported in the respective area in the given time. Should damages be reported, the video recording of the respective areas and time periods are examined within seven days and are either subsequently erased or forwarded to the authorities for use in criminal prosecution.

Our video recordings are viewed in real time by the staff of our partner companies. If they suspect that damages have occurred, the data of the respective areas/times are forwarded to law enforcement authorities. The data is neither shared with nor forwarded to any other third parties.

 

Projects of the Klassik Stiftung Weimar are funded by the European Regional Development Fund (ERDF) and the Free State of Thuringia, represented by the State Chancellery of Thuringia, Department of Culture and the Arts.