Data protection information for the website of the Technisches Landesmuseum Mecklenburg-Vorpommern Betriebsgesellschaft mbH
We are pleased about your visit to our website and would like to inform you as comprehensively as possible about the associated processing of your data.
When you visit our website, personal data about you is collected. This is data that is necessary for you to use our website or that enables us to take your settings into account. In addition, it may be information that you provide to us yourself via the contact options offered on these pages.
We use this information to ensure the proper functioning and all the features of our website and to answer your questions.
In the following, we will inform you about what data is collected on our website and for what purposes it is processed. In addition, you will find information about your rights and contact details for us and our data protection officer.
Contact details and data protection officer
This data protection declaration applies to the website of
Technisches Landesmuseum Mecklenburg-Vorpommern gGmbH
Zum Festplatz 34, 23966 Wismar
eMail: info[at]phanTECHNIKUM.de
Tel.: 03841 304570
Fax: 03841 257812
www: https://tlm-mv.de/
You can contact our data protection officer as follows:
ECOVIS Keller Rechtsanwälte PartG mbB
Rechtsanwalt Axel Keller, LL.M. / Senior Associate Karsten Neumann
Am Campus 1 – 11, 18182 Rostock-Bentwisch
Tel.: +49 381 12 88 49 – 0
eMail: dsb-nord(at)ecovis.com
www: www.ecovis.com/datenschutzberater
You have the right to contact our data protection officer at any time, free of charge and in confidence if you wish, to help you enforce your data protection rights.
Purposes and legal bases of data processing, processors, transfer to third parties in third countries
We use the personal data you provide to us only for the purposes for which it was intended. The legal basis for the processing of your data may be, in particular
• Your consent in accordance with Art. 6 (1) point a GDPR, for example by agreeing to the use of cookies or web analysis,
• the initiation and execution of a contract in accordance with Art. 6 (1) point b GDPR, for example if you contact us using the form,
• our legitimate interest in accordance with Art. 6 (1) point f GDPR, for example in the context of public relations, ensuring the necessary functionality of the website, IT and internet security, quality assurance, fraud prevention and prosecution of criminal offenses.
If you have given us consent for a specific purpose, you can revoke it informally at any time.
Personal data will only be transmitted to state institutions and authorities on the basis of mandatory national legal provisions.
The persons we commission to process the data are obliged to maintain confidentiality and to process the data in a lawful manner. In the event that your personal data is processed for a purpose other than the original purpose, we will notify you accordingly.
We use the support of external service providers (processors) for certain technical processes regarding data analysis, processing and/or storage. Both we and the processor are obliged to comply with the technical and organizational measures under Art. 32 GDPR, and the external service provider is also bound to secrecy. Processing is carried out exclusively on our behalf and in accordance with our instructions. Any processing of your personal data beyond this commissioned data processing will only take place with your explicit consent or in cases required by law, by government authorities or by court order.
Data will only be transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary for the performance of a contract, is required by law, if you have given your consent to the processing of your data or if it is necessary to ensure various functionalities on the website. We will inform you separately about the details, if required by law.
Duration of data storage
In the context of the purely informational use of our homepage, we store the data that your browser transmits to our server for the period of time necessary to rectify faults or error messages. As a rule, the data is deleted within seven days after the end of the internet connection.
Further deletion deadlines may arise depending on your use of the website.
If you contact us through our contact options with a request, we store your collected personal data from the time of collection. We store the data collected in this way for the duration of our business relationship, which also includes, among other things, the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which arise, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO) or other tax law. The retention periods prescribed there are up to ten years after the end of the year in which the contractual relationship was terminated. Finally, the storage period is assessed with regard to the possibility of defending against legal claims and providing evidence of compliance with data protection obligations, even after the statutory limitation periods, which, according to §§ 195 ff. of the German Civil Code (BGB), are generally 3 years from the end of the year in which they arise. You will be informed of any further deletion periods in the further course of the data protection declaration.
Rights of data subjects (information for data subjects in accordance with Chapter 3 of the GDPR)
You have the following rights as a data subject:
• the right of access under Art. 15 GDPR,
• the right to rectification under Art. 16 GDPR,
• the right to erasure under Art. 17 GDPR,
• the right to restriction of processing of personal data under Art. 18 GDPR,
• the right to data portability under Art. 20 GDPR and
• the right to object to the processing of personal data under Art. 21 GDPR.
In addition, according to Art. 77 GDPR, you have the right to lodge a complaint with a data protection authority. The complaint may be lodged with the data protection authority of the country in which you are staying, in which you work or in which the alleged infringement occurred. If the data protection authority of another member state is responsible for the body about which you are complaining, the national data protection authority will coordinate with the other data protection authority. An overview can be found here:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The supervisory authority responsible for us is
Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern
Schloss Schwerin, Lennéstraße 1, 19053 Schwerin
Tel.: +49 385 594 94 0
Fax: +49 385 594 94 58
eMail: info@datenschutz-mv.de
www: www.datenschutz-mv.de
Kontakt: www.datenschutz-mv.de/kontakt/kontaktformular/
Functionality and presentation of the website
server log files
The provider of our website automatically collects and stores information in so-called server log files, which are automatically transmitted to us by your browser. The following information can be recorded:
• browser types and versions used,
• the operating system used by the accessing system,
• the website from which an accessing system accesses our website (so-called referrer),
• sub-websites that are accessed via an accessing system on our website,
• the date and time of access to the website,
• an internet protocol address (IP address),
• the Internet service provider of the accessing system, and
• any other data and information that may be used in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about you. Rather, this information is needed to
- - to deliver the content of our website correctly,
- - to optimize the content of our website as well as its advertisement,
- - to ensure the long-term viability of our information technology systems and website technology, and
- - to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
We evaluate this data and information for statistical purposes and with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The processing is carried out within the scope of our legitimate interest in accordance with Art. 6 (1) f GDPR. The anonymous data of the server log files are stored separately from all personal data provided by you. This data is not merged with other data sources. However, if there are indications of illegal use of our website, we are able to subject this data to a retrospective check.
Google Fonts (local)
We have integrated fonts from Google on our website to ensure that fonts are displayed consistently. We have installed Google Fonts locally, which means that a connection to Google's servers is not established. As a result, no data is transferred to Google. The integration of the fonts is based on our legitimate interest in accordance with Art. 6 (1) point f GDPR.
The operating company is Google LLC; 1600 Amphitheatre Parkway; Mountain View, CA 94043; USA, represented in the EU by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Further information and the applicable data protection provisions of Google may be retrieved under developers.google.com/fonts/faq, policies.google.com/privacy and policies.google.com/terms.
Communication
Bookings via the website
In order to process bookings via our website, we collect the personal data necessary to complete the booking. This usually includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data necessary to complete the booking. Personal data related to the respective booking is also necessary to complete the booking. In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, prices and taxes, information on previous purchasing behavior or other information regarding your financial situation.
The transmission of the data is intended in particular for identity verification, payment administration and fraud prevention. The purpose of the data collection is therefore the fulfillment of (pre-)contractual obligations in accordance with Art. 6 para. 1 lit. b DSGVO.
Contact details and contact form
Our website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address).
We have also included a contact form that you can use to get in touch with us. You have the option to voluntarily provide your title, first name, last name and telephone number. However, to communicate with us, it is essential that you provide your e-mail address and your specific request in the message.
If you contact us by email or using the contact form, the personal data you provide will be stored automatically. Such personal data provided on a voluntary basis will be stored for the purposes of processing or contacting you. This personal data will not be passed on to third parties.
The data transfer via the contact form is voluntary and is carried out in accordance with Art. 6 para. 1 lit. a) GDPR. Insofar as the processing is necessary for the fulfillment of a contract or in the context of the implementation of a pre-contractual measure, the data processing is carried out in accordance with Art. 6 para. 1 lit. b) GDPR. We use an external service provider (processor) for this technical process. Both we and the processor are obliged to comply with the technical and organizational measures in accordance with Art. 32 GDPR, and the external service provider is also bound to secrecy. Processing is carried out exclusively on our behalf and in accordance with our instructions.
payment options
EC and giro cards
On our website, we offer payment by EC and Girocard, among other options.
If you select payment via EC and giro cards, the data you enter for the payment process will be transmitted to the providers. This is done on the basis of Art. 6 (1) a) GDPR (consent) and Art. 6 (1) b) GDPR (processing for the performance of a contract).
credit cards
On our website, we offer payment by credit card, e.g. Mastercard, Maestro, JCB, Vpay or American Express.
If you select payment by credit card, the data you have entered for the payment process will be transmitted to the providers. This is done on the basis of Art. 6 (1) a) GDPR (consent) and Art. 6 (1) b) GDPR (processing for the performance of a contract).
Social Media
Use of social media plug-ins
The website also uses social media platforms such as Facebook, Instagram and YouTube. These platforms sometimes contain buttons and plugins that transfer data to the operators of the respective network platform as soon as the page loads, i.e. without any further action on the part of the user. In order to ensure the best possible protection of your personal data, we use a two-stage solution developed by heise online that only transmits data with the consent of the user: By default, buttons are used that do not establish contact with the servers of Facebook and other social media networks. The respective button does not initially transfer any data to third parties. Only when you as a user activate the corresponding button and thus give your consent to communicate with Facebook, Twitter or Google, the buttons become active and establish a connection. With a second click, you can then pass on your recommendation to your own network. If you click on one of the buttons to activate it, you give your consent to the transmission of data to the respective social network operator. If you are already logged in to the respective social network at the time of activation of the button, sharing on Facebook and Google takes place without another window according to the current state of the art. On Twitter, a pop-up window appears in which you can still edit your tweet.
We have integrated components of the company Facebook as a link on this website. Facebook is a social network. A social network is a social meeting place operated on the internet, i.e. an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences or enables the internet community to provide personal or company-related information. Facebook enables social network users to create private profiles, upload photos and network via friend requests, among other things.
When you voluntarily click on third-party websites such as Facebook, you will be redirected to the respective third party, over which we have no control.
The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the United States or Canada, the controller of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
If you do not want Facebook to process your data, please do not click on the link.
The data policy published by Facebook, which can be found at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains the settings options that Facebook offers to protect your privacy.
Insight data analysis
The Conference of Independent Data Protection Authorities of the Federation and the Länder (Data Protection Conference – DSK) has pointed out that Facebook is obliged to obtain effective consent from all visitors to the Facebook page for the use of their data. The operators of a Facebook fan page, on the other hand, are obliged to obtain the necessary information from Facebook about the use of the data. These requirements have now been met.
When you visit our fan page, Facebook collects personal data from users within the scope of and to the extent of its responsibility. Such data collection by Facebook can also occur for visitors to this page who are not logged into Facebook or are not registered as members. You can find information about data collection and further processing by Facebook, as well as information about how to exercise your rights and options, in Facebook's privacy policy.
We do not accept any responsibility for the processing of personal data and its transmission outside the European Union when using the Facebook platform, and in particular we do not accept any responsibility for the implementation of the rights of data subjects and the effectiveness of consent.
We have no influence over the extent of the data collected or your profile data, nor do we have full access to it. You decide what information we receive through your Facebook settings or your browser settings when you visit a publicly accessible page, with Facebook being solely responsible for this. In addition, you have the option in your Facebook settings to actively hide your “likes” or to stop following the fan page. Your profile will then no longer appear in the list of fans of this fan page.
We receive anonymous statistics from Facebook about the use and utilization of the fan page. The following information, for example, is provided here (so-called Insight Data):
• Followers: Number of people who follow our fan page – including growth and development over a defined time frame.
• Reach: the number of people who see a specific post on our fan page and the number of interactions with a post.
• Ad performance: number of people who have seen an ad.
• Demographics: average age of visitors, gender, place of residence, language.
We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online services on Facebook and to better respond to the interests of our users. We cannot link the statistical data with the profile data of our fans. You can decide in your Facebook settings how targeted advertising is displayed to you.
We have entered into an agreement with Facebook for the processing of personal data in accordance with Article 26 of the GDPR.
Accordingly, Facebook is the sole controller with respect to the processing of Insight data. In this regard, Facebook is responsible for fulfilling the information obligations under Articles 12 and 13 of the GDPR, for safeguarding the rights of data subjects under Articles 15 to 22 of the GDPR, for data security and also for reporting data protection breaches (Articles 32 to 34 of the GDPR). Furthermore, Facebook remains the sole controller for the processing of other personal data. We receive personal data via Facebook when you actively communicate it to us via a personal message on Facebook or when you use a form to transmit the data to us and actively send the data to us by clicking on a button. We use the data you provide (e.g. first name, last name) to respond to your request if this is necessary.
We have integrated components of the Instagram service as a link on our website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also to disseminate such data in other social networks. If you voluntarily click on the link, you will be forwarded directly to Instagram. We have no influence on data processing by Instagram. If you do not agree to data processing by Instagram, please do not click on the link.
The company that operates the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Instagram is a subsidiary of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, represented in the EU by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
Further information and Instagram's applicable privacy policy can be found at https://www.instagram.com/about/legal/privacy/.
YouTube
We have integrated components of the YouTube service on our website. YouTube processes data on our website with your prior consent in accordance with Art. 6 (1) point a GDPR. You can withdraw your consent at any time.
On the one hand, we have integrated components of the YouTube service as a link. As soon as you click on the link, data processing takes place via YouTube. If you do not want such data processing, you can prevent the transmission by not clicking on the link.
Furthermore, we have embedded videos on our website that are only activated when you actively click on the respective video, and only from that point in time does the data transfer to YouTube start.
YouTube is an online video portal that allows video publishers to upload video clips for free and other users to view, rate and comment on them for free. YouTube allows the publication of all types of videos, which is why complete film and TV shows, music videos, trailers or videos made by users themselves can be accessed via the online portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, represented in the EU by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
According to COMMISSION IMPLEMENTING DECISION (EU) 2021/914 of June 4, 2021, on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016 /679 of the European Parliament and of the Council, data transfer to the USA is based on standard contractual clauses, see here https://business.safety.google/gdprcontrollerterms/ and here https://business.safety.google/gdprcontrollerterms/sccs/.
When you visit one of our web pages on which a video from YouTube is embedded, a connection is immediately established with the servers of Google LLC or its subsidiary YouTube LLC.
The activated YouTube component causes your internet browser on your system to download a display of the corresponding YouTube component. As part of this technical process, YouTube and Google receive information about which specific subpage of our website you are visiting.
If you are logged into YouTube at the same time, YouTube recognizes which specific subpage you are visiting. This information is collected by the YouTube component and associated with your YouTube account by YouTube. If you click on a YouTube component integrated into our website, the data and information transmitted with it will be associated with your personal YouTube user account and stored and processed by YouTube and Google.
YouTube and Google will receive information through the YouTube component that you have visited our website, if you are logged in on YouTube at the same time as you access our website.
If you do not want this information to be transmitted to YouTube and Google, you can prevent it by logging out of your YouTube account before accessing our website.
Further information and the applicable data protection provisions of YouTube and Google may be retrieved under https://policies.google.com/privacy.
Other providers
If a link is made to the websites of other providers beyond the information contained here, the present data protection declaration does not apply to their contents. The collection of data by the operators of the respective pages is beyond our knowledge and sphere of influence. Please note the data protection information of the respective page.
API Tools
Google Maps
As part of our internet offering, for example to find our company locations, the use of interactive maps from the “Google Maps API” map service and the associated data processing is carried out with your prior consent in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time.
The operating company is Google LLC; 1600 Amphitheatre Parkway; Mountain View, CA 94043; USA, represented in the EU by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
When using this service, information about the use of the website, as well as your IP address, is transmitted to Google's servers and stored.
According to COMMISSION IMPLEMENTING DECISION (EU) 2021/914 of June 4, 2021, on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016 /679 of the European Parliament and of the Council, data transfer to the USA is based on standard contractual clauses, see here https://business.safety.google/gdprcontrollerterms/ and here https://business.safety.google/gdprcontrollerterms/sccs/.
We cannot rule out the possibility of Google transferring your data to third parties, for example in the case of legally required transfers or the processing of data by third parties on behalf of Google. Further information and Google's current privacy policy can be found at https://policies.google.com/privacy and https://policies.google.com/terms.
Google Analytics (with anonymization function)
We have integrated the Google Analytics component (with anonymization function) on our website. This is done with your prior consent in accordance with Art. 6 (1) point a GDPR. You can withdraw your consent at any time.
The operating company is Google LLC; 1600 Amphitheatre Parkway; Mountain View, CA 94043; USA, represented in the EU by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics is a web analysis service. Web analysis is the collection and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed.
The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on your system. Each time you access one of the individual pages of this website that has a Google Analytics component integrated into it, your internet browser is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as your IP address, in order to track the origin of visitors and clicks. The cookie stores personal information, such as access time, the location from which access originated and the frequency of your visits to our website. Each time you visit our website, this personal data, including the IP address you are using, is transmitted to Google. This personal data is stored by Google.
With IP anonymization, your IP address will be shortened by Google. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
According to COMMISSION IMPLEMENTING DECISION (EU) 2021/914 of June 4, 2021, on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016 /679 of the European Parliament and of the Council, data transfer to the USA is based on standard contractual clauses, see here https://business.safety.google/gdprcontrollerterms/ and here https://business.safety.google/gdprcontrollerterms/sccs/.
You can prevent the setting of cookies at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies.
Furthermore, you have the option to object to and prevent the collection of data generated by Google Analytics and related to the use of this website as well as the processing of this data by Google. To do this, you must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout.
Further information and the applicable data protection provisions of Google may be retrieved under https://policies.google.com/privacy and https://policies.google.com/terms. Google Analytics is explained in more detail under the link https://www.google.com/intl/de_de/analytics/.
Google Ads
We have integrated Google Adwords components on our website.
Google AdWords is an internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, which are used to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed on topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.
The operating company of the Google AdWords services is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
If you reach our website via a Google ad, a so-called conversion cookie is stored on your system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart from an online store system, have been accessed on our website. The conversion cookie enables both us and Google to track whether you have reached our website via an AdWords ad and generated a sale, i.e. completed or canceled a purchase.
The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify you.
The conversion cookie is used to store personal information, such as the web pages you have visited. Each time you visit our website, personal data, including your IP address, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
You can prevent the setting of cookies at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. To do this, you can generally deactivate the automatic setting of cookies or specifically block cookies.
Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do so, please use the following link: https://adssettings.google.com/.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.