Thank you for your interest in our website. The protection of your personal data is important to us. This policy will inform you in detail about how your data will be handled.
1. Name and address of the controller
The controller for the processing your personal data within the meaning of Art. 4 No. 7 GDPR is:
Stadtmarketinggesellschaft Dessau-Roßlau mbH, represented by its Managing Director Hannes Wolf
Tel: +49 340 204 2008
Fax: +49 340 204 2692908
2. Contact details of the data protection officer
Our data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection. If you have any questions, please contact:
Ms. Ulrike Wunschik
Zerbster Straße 4
Tel: +49 340 204 1709
Fax: +49 340 204 2691709
3. Collection, processing, and use of personal data
When visiting our website
You can visit our website without providing any personal information. Every time you visit our website, data and information are automatically collected by your device’s system; this information is stored in so-called server log files. This information relates to an identified or identifiable natural person. The data is automatically transferred by your browser when you visit our website. The following information is transferred: The time you visit our website, the URL of the website, your operating system, the type and version of the browser you are using, the IP address of your computer, and the city from which you are visiting our website.
The legal basis for data processing is Art. 6(1) lit. f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your terminal device. For optimal communication, we need, in particular, to process your IP address. The processed information is stored only as long as necessary for the intended purpose or as required by law.
When subscribing to the newsletter
In addition to the purely informative use of our website, you can subscribe to our newsletter that provides you with information about the city of Dessau, guided tours, daily and weekly programmes, and other events. When you subscribe to our newsletter, we collect, store, and process the e-mail address you provide and the page from which the newsletter page was opened, the date and time when the page was loaded, and the description of the type of web browser used.
The data processing is carried out to send the newsletter. By registering for our newsletter, you consent to the processing of your personal data. The legal basis for the processing is Art. 6(1) lit. a) GDPR. For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to prove your registration and, if necessary, to detect possible misuse of your personal data. Unsubscribing from the newsletter is possible at any time. You can revoke your consent to receive the newsletter by sending us a message to the contact details provided in section 1 or by clicking on the link provided in each newsletter e-mail.
When responding to user requests
On our website, you will also find a contact form. If we receive personal data from you when you try to contact us, we will use it exclusively for processing the conversation. If you use the contact form, we will collect, store, and process your first and last name, your e-mail address, and, if applicable, your address. The legal basis for the data processing is your consent pursuant to Art. 6(1) lit. a) GDPR.
You can also use our e-mail address or phone number to contact us. In this context, your data will not be passed on to third parties. The purpose of entering data in the contact form is to contact us.
3. Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties (e.g., TSL encryption for our website). In doing so, we consider the state of the art, implementation costs and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
4. Disclosure of personal data
Your data will only be passed on if this is necessary to fulfil the contract, invoice our services, or (if you have given your consent to do so) disclose your data otherwise. Personal data may also be transferred to recipients who are based outside the EEA in so-called third countries. In this case, we will ensure that either an adequate level of data protection exists at the recipient’s site or that your consent to the transfer has been obtained before the transfer.
We use so-called cookies in several places on our Internet pages. These are small files that your browser automatically creates and stores on your device when visiting our pages. They serve to make our offer more user-friendly, effective, and secure. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit (so-called permanent or persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
Most browsers accept cookies automatically. You can altogether disable the storage of cookies in your browser, limit their storage to specific pages or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for consent. You can also block or delete individual cookies. For technical reasons, however, this may result in some functions of our website being impaired and no longer functioning fully.
6. Google Analytics
We create pseudonymous usage profiles to design our Internet pages as needed; to this end, we use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses targeting cookies that are stored on your device and can be read by us. In this way, we can recognise returning visitors, count them, and learn how often different users have accessed our website.
The information generated by the cookie about your use of our website is usually transmitted to a Google server in the US and stored there. However, your IP address is shortened before the usage statistics are analysed so that no conclusions can be drawn as to your identity. To this end, the code “anonymizeIP” has been added to Google Analytics on our website to make sure that IP addresses are collected in an anonymous form.
Google will use this information on our behalf to evaluate your use of our website, compile reports on website activity, and provide other services relating to website activity and Internet usage to us as the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data processing is based on your consent, according to Art. 6(1) s. 1 lit. a) GDPR. Google Analytics cookies, including your usage behaviour, are only stored if you have previously consented to this tracking. You can revoke this consent at any time with effect for the future. As part of this processing, personal data is transferred to the USA. The data transfer is based on European standard contractual clauses in which Google agrees to comply with European data protection law for the services provided by Google. We have also concluded an order processing agreement with Google LLC pursuant to Art. 28 GDPR.
7. Google Maps
When the user calls up the map service, the user’s data is exclusively used for the best possible display of the map functions and temporary storage of the selected settings. This data includes, in particular, IP addresses, data about your browser, device, and operating system, as well as website call data. The legal basis for data processing is Art. 6(1) lit. f) GDPR.
8. Social media profiles
We do not use social media plugins on our websites. If our website contains icons from social media providers (e.g., from Facebook, Instagram, and Twitter), we only use these icons to create a passive link to the pages of the respective social media provider.
9. Facebook fan page
As the operator of a Facebook fan page, we can only view the information stored in your public Facebook profile, provided that you have such a profile and are logged in to it when you access our fan page. In addition, Facebook provides us with anonymous usage statistics that we use to improve the user experience when you are vising our fan page. We do not have access to the usage data that Facebook collects to create these statistics. Facebook has agreed to assume primary responsibility under the GDPR to process this data, comply with all obligations under the GDPR concerning this data, and provide data subjects with the material commitments made by Facebook in this regard. This data processing serves our (and your) legitimate interest in improving the user experience and adapting the website to the target group’s needs. The legal basis for data processing is Art. 6(1) lit. f) GDPR. Besides, Facebook uses so-called cookies stored on your device when you visit our fan page, even if you do not have your own Facebook profile or are not logged into it during your visit to our fan page. These cookies allow Facebook to create user profiles based on your preferences and interests and show you ads (inside and outside of Facebook) tailored to those preferences. Cookies remain on your device until you delete them. For further details, and in particular how
you as a data subject can exercise your rights, please refer to the data protection information at: https://www.facebook.com/policy.php
10. Rights of data subjects
To protect your personal data with regard to data processing, you can exercise your rights against us at any time using the contact details provided at the beginning of section 1. You have the following rights:
Right to information
According to Art. 15 GDPR, you can request information about your data processed by us. In particular, you can obtain information about the purposes of the processing, the category of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if we did not collect it, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
Right to rectification
Pursuant to Art. 16 GDPR, you can immediately request the rectification of incorrect data or the completion of your data stored by us.
Right to erasure
Pursuant to Art. 17 GDPR, you may request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or the assertion, exercise, or defence of legal claims.
Right to restriction of processing
Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your data if the accuracy of the data is disputed by you or the processing is unlawful.
Right to data portability
Pursuant to Art. 20 GDPR, you may receive the data you have provided to us in a structured, commonly used, and machine-readable format or request that it be transmitted to another controller (“data portability”).
Right of withdrawal of consent
If you have given your consent to the data processing, you may withdraw your consent at any time, pursuant to Art. 7(3) GDPR; the term “consent” shall be defined as your voluntary will, made understandable in an informed manner and unambiguously by a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes. As a result, we may no longer continue the data processing based on this consent for the future.
If your personal data is processed based on legitimate interests pursuant to Art. 6(1) s. 1 lit. e) or lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. This is true, in particular, if the
processing is not necessary for the performance of a contract concluded with you. Unless your objection does not relate to direct marketing, we ask you to explain why you do not want us to process your data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the data processing or inform you about our compelling legitimate grounds based on which we will continue the processing. In addition, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.
No automated decision-making
We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).