DATA PROTECTION DECLARATION
The protection of your personal data plays an important role for us. We respect and protect your privacy. In this data protection declaration, you will find out which personal data we collect and how we handle the collected data.
The responsible party within the meaning of the applicable data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:
Grandls Festbetriebe GmbH
Phone: +49 711 5509090
1 | CONTACT DATA PROTECTION OFFICER
If you have any questions about data protection, please contact us at:
Grandls Festbetriebe GmbH
Data Protection Officer
Phone: +49 711 5509090
2 | YOUR RIGHTS
You have the right
– pursuant to Art. 7 (3) DSGVO, to revoke the consent you have given to us at any time. This means that we may no longer process the data based on this consent in the future, unless this is still required to process the contractual relationship or for legal reasons;
– to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
– in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
– in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
– in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
– in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
– pursuant to Art. 21 DSGVO, insofar as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, to object to the processing of your personal data, insofar as there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you wish to make use of your right of revocation or objection, it is sufficient to send an e-mail to email@example.com.
– complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
3 | DURATION OF STORAGE OF PERSONAL DATA
The duration of the storage of personal data is based on the respective legal retention period, according to HGB (German Commercial Code) 6 years and according to AO (German Tax Code) 10 years. After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract and/or there is no further justified interest on our part in its continued storage.
More detailed information on the storage period for specific purposes can also be found in the following sections.
4 | DUTIES TO NOTIFY BASIC DATA PROTECTION REGULATION
When you visit our website www.grandls-hofbraeuzelt.de, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
– IP address of the requesting computer
– Date and time of access
– Name and URL of the file accessed
– Website from which the access was made (referre URL)
– Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data is processed by us for the following purposes:
– Ensuring a smooth connection set-up of the website,
– Ensuring a comfortable use of our website,
– evaluating system security and stability, and
– for other administrative purposes.
5 | COOKIES
Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
The data processed by cookies is necessary for the before mentioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
6 | ENQUIRIES BY MAIL, TELEPHONE OR FAX
If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request.
We do not pass on this data without your consent. The processing of this data is based on Art. 6 Para. 1 lit. b DSGVO, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time. The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
7 | USE OF THE SPRING FESTIVAL / FOLK FESTIVAL BOOKING TOOL
We only process data that is related to the conclusion of the contract (reservation for the Spring Festival or Folk Festival) or the pre-contractual measures (enquiries, mailing). This can be general data about you or persons in your company (name, address, contact details, etc.) as well as, if applicable, further data that you provide to us in the context of establishing the contract.
The legal basis for this data processing is the fulfilment of a contract (Art. 6 para. 1 lit. b) DS-GVO) as well as the fulfilment of a contractual obligation (Art. 6 para. 1 lit. c) DS-GVO).
We also use your email address and telephone number, which we have received in connection with the assignment, for customer care and to communicate with you. The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f) DS-GVO).
We use your postal address, which we have received in connection with the order, to send you the admission wristbands and tokens or similar before the start of the festival, if requested when ordering. The legal basis for this data processing is the fulfilment of a contract (Art. 6 para. 1 lit. b) DS-GVO) as well as the fulfilment of a contractual obligation (Art. 6 para. 1 lit. c) DS-GVO).
This personal data is necessary for the fulfilment of the corresponding contract and will only be stored as long as necessary for the execution of the contract and any subsequent contract-related correspondence and invoicing or, in the case of documents relevant under commercial and/or tax law that contain personal data, as long as the statutory periods of the German Commercial Code and the German Fiscal Code provide for the storage of these documents.
8 | REGISTRATION FOR OUR NEWSLETTER
Our website offers the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. Your consent is obtained for the processing of the data during the registration process. For sending the newsletter, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter service. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail. Should you later no longer wish to receive newsletters from us, you can object to this at any time. If you have expressly consented in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time by e-mail to firstname.lastname@example.org.
9 | USE OF YOUR DATA FOR ADVERTISING PURPOSES
From time to time we inform our customers by post and by e-mail about offers from our company. For this purpose, we use your name, postal address and e-mail address. Of course, you can object to the use of your data for advertising purposes at any time. You can revoke your consent to the use of your data for advertising purposes by sending an e-mail to email@example.com.
10 | TRANSFER OF DATA TO THIRD PARTIES
We do not transfer your personal data to third parties for purposes other than those listed below. We will only disclose your personal data to third parties if:
– you have given your express consent to this in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO,
– the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 Para. 1 Sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– in the event that there is a legal obligation for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c DSGVO, as well as if this is legally permissible and necessary pursuant to Art. 6 (1) sentence 1 lit. b DSGVO for the processing of contractual relationships with you.
11 | PLUG-INS AND TOOLS
We use plug-ins from the social networks Instagram and Youtube on our website on the basis of Art. 6 (1) sentence 1 lit. f DSGVO in order to make our company better known via these. As well as tools for a consistent and appealing presentation of our website. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for data protection-compliant operation is to be ensured by their respective providers. The integration of these plug-ins and tools by us takes place via consent when entering the site for the first time via the cookie opt-in and can be changed at any time in the cookie settings.
11.1 | INSTAGRAM
Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the social media element is active, a direct connection is established between your end device and the Instagram server is established. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
Insofar as consent has been obtained, the above-mentioned service is used on the basis of
Art. 6 para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility.
Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of the Facebook or Instagram products. Data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
11.2 | YOUTUBE
This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
Furthermore, YouTube may store various cookies on your terminal device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers.
This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
11.3 | ADOBE FONTS / TYPEKIT
We use Adobe Fonts, a web font hosting service, on our website. The service provider is the American company Adobe Inc. The Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible for the European region.
Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO. The consent can be revoked at any time.
Adobe also processes your data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of the data processing.
Adobe uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a transfer of data there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Adobe undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information on the data processed and the standard contractual clauses at Adobe can be found at https://www.adobe.com/de/privacy/eudatatransfers.html.
11.4 | FONT AWESOME
This site uses Font Awesome for the consistent display of fonts and symbols. The provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.
When you call up a page, your browser loads the required fonts into its browser cache in order to display texts, fonts and symbols correctly. For this purpose, the browser you use must connect to Font Awesome’s servers. This enables Font Awesome to know that this website was accessed via your IP address has been used to access this website.
The use of Font Awesome is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the uniform presentation of the typeface on our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
If your browser does not support Font Awesome, a standard font will be used by your computer.
12 | DATA SECURITY
We use the widespread SSL (Secure Socket Layer) procedure within the website visit in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
13 | CHANGES TO THIS DATA PROTECTION DECLARATION
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.