In the following, we inform you about the processing of personal data when using our website www.documenta.de.
Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior or IP address.
Person responsible pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR)
documenta und Museum Fridericianum gGmbH
Friedrichsplatz 18
34117 Kassel
T +49 561 70727-0
F +49 561 70727-39
(See legal notice https://www.documenta.de/en/imprint#).
You can contact our data protection officer as follows:
by postal mail at the above address accompanied by the words “data protection officer” or by e-mail at datenschutzbeauftragter@documenta.de and by phone: +49 561 83099165.
We are very pleased that you are visiting our Internet pages. It is generally possible to use our website without providing personal data. If the person concerned wants to use one of our company’s services or activities via our website, processing of personal data is probably necessary. If the processing of personal data is required and there is no legal basis for such processing, we will obtain the consent of the person concerned.
The processing of personal data, such as the name, IP address, postal address, e-mail address, or telephone number of the person in question shall always be in line with the country-specific data protection regulations applicable to us, in particular in compliance with the Hessian Data Protection and Freedom of Information Act (HDSIG).
Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, everyone concerned is free to transmit personal data to us by alternative means, for example by phone or postal mail.
1. Scope and purpose of the processing of personal data
1.1 Accessing and visiting the website
When this website is accessed, data is automatically sent to the server of this website by the Internet browser used by the visitor and stored for a limited period of time in a log file at our host and service provider for a maximum of two weeks. Until automatic deletion, the following data will be stored without further input by the visitor:
- IP address of the visitor’s terminal device,
- date and time of access by the visitor,
- name and URL of the page accessed by the visitor,
- the website from which the visitor accessed the website (so-called referrer URL),
- the browser and operating system of the visitor’s terminal device and the name of the access
provider used by the visitor.
The processing of this personal data is based on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f) General Data Protection Regulation (GDPR). We therefore have a legitimate interest in the processing of data for the purpose of:
- establishing a connection to the website quickly,
- enabling a user-friendly application of the website,
- detecting and ensuring the security and stability of the systems and facilitating and improving
the administration of the website.
The processing is expressly not carried out for the purpose of obtaining knowledge about the identity of the visitor to the website.
1.2 Contact via e-mail (e-mail client on your computer)
Visitors can send messages to us, in particular via e-mail, voluntarily providing personal data. In order to be able to reply to your enquiries, we need at least your valid e-mail address and your surname. Any other information is voluntary and the inquirer is not obliged to share it. By sending the e-mail, the visitor consents to the transmitted personal data being processed. The data is processed exclusively for the purpose of handling and responding to inquiries. This is done on the basis of the voluntarily consent provided purusant to Art. 6 para. 1 sentence 1 letter a) GDPR. The data received from you via this communication channel and processed by us will be automatically deleted as soon as the request is completed and there are no reasons for further storage (e.g. subsequent commissioning, donation or similar).
In the context of correspondence with us by email, your personal data may also be transferred to service providers outside the European Union and the European Economic Area (EEA) through the Microsoft Office 365 email service we use in the U.S.A. Any transfer will only take place on the basis of EU standard contractual clauses as appropriate safeguards to protect your personal data in an insecure third country.
Information about the processing of your personal data by the data controller Microsoft Corporation is provided by Microsoft at the following link: https://privacy.microsoft.com/de-de/privacystatement.
You can request detailed information on this and on the level of data protection at our service providers in third countries using the contact information above.
1.3 Newsletter
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter (so-called double opt-in). No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and for related analysis purposes. The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 sentence 1 letter a) DSGVO). We always endeavour to keep your data up to date. You can therefore inform us at any time if your contact details change. To do so, you can contact us at the above addresses. You can revoke your consent to the storage of data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in each newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. Data stored by us for other purposes also remains unaffected by this.
So-called web beacons or tracking pixels are used by our dispatch service provider Sendinblue GmbH. Tracking pixels are extremely small image files, often only 1×1 pixel in size, which are integrated into the newsletter e-mail and thus allow log file recording and log file analysis. If the user now opens the respective previously loaded e-mail, the pixel-code is loaded from the Sendinblue GmbH server and at the same time some information about the e-mail recipient is transmitted, such as:
- Whether the e-mail was opened,
- the time of the call,
- and the corresponding IP address.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue after you unsubscribe from the newsletter. Detailed information on the functions of Sendinblue can be found at the following link: https://de.sendinblue.com/blog/email-tracking/.
2. Cookies
So-called cookies are used on the website. These are data packets that are exchanged between the server of our website and the browser of the visitor. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in connection with the specific end device used. We can therefore in no way gain direct knowledge of the identity of the visitors to the website.
Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are either not accepted on the devices used or that a special notice is given before a new cookie is created. However, it should be noted that deactivating cookies may mean that not all functions of the website can be used in the best possible way. The use of cookies serves to make the use of our website more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.
Temporary cookies are used to improve user-friendliness. They are stored on the visitor's device for a temporary period of time. When the website is visited again, it is automatically recognised that the visitor has already called up the page at an earlier time and which entries and settings were made so that these do not have to be repeated.
Please refer to the list below for the different types of cookies (e.g. cookies that are technically necessary to display the website or cookies that serve statistical and marketing purposes) that are set on your terminal device when you visit our website, as well as further information on these cookies (e.g. provider, purpose, storage period, etc.). For cookies that are not technically necessary, we obtain your consent (via the information window that opens at the beginning of your visit to our website) in accordance with Art. 6 Para. 1 lit. a GDPR. The processing associated with the setting of technically mandatory cookies is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.
3. Web analysis by Matomo (formerly Piwik)
3.1 Scope of personal data processing
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:
- Two bytes of the IP address of the calling system of the user,
- the website called up,
- the website from which the user accessed the website (referrer),
- the sub-pages accessed from the accessed website,
- the time spent on the website,
- the frequency with which the website is accessed.
The software runs on the servers of our website. The personal data of the users is only stored there. The data is not passed on to third parties.
The software is set in such a way that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.
3.2 Legal basis for the processing of personal data
The legal basis for the processing of the users' personal data is the consent of each user in accordance with Art. 6 para. 1 lit. a GDPR. The consent is realised and stored by means of a cookie banner (information window at the beginning of the visit to the website).
3.3 Purpose of data processing
The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.
3.4 Duration of storage
The data is deleted immediately as soon as it is no longer required for our recording purposes.
3.5 Possibility of removal
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can revoke the setting of cookies by changing the settings via the link at the end of this data protection declaration.
4. Links to other websites
On our website we link to the online offerings of the social networks Facebook and Instagram, Twitter and YouTube, on which documenta und Museum Fridericianum gGmbH maintains its own online presences (see 5. Presences and offerings in social networks and on online platforms).
On our website, we also link to the online services of the Deutsche Bahn and Google Maps. documenta und Museum Fridericianum gGmbH does not pass on personal data to the respective website operators. The respective site operators are responsible for the processing of your personal data.
The website operators linked to our website have their own data protection declarations for use in Europe.
5. Appearances and offers in social networks and on online platforms
In order to make our cultural offerings and related information accessible to a large number of people, we are active on social networks. We would like to point out that the social media we use operate on a global scale and therefore it cannot be ruled out that your personal data may also be processed outside the EU. In order to ensure that your data protection rights are also protected in the event of transfer to third countries, data is only transferred in accordance with Art. 44 et seq. GDPR and Art. 49 GDPR. Furthermore, we would like to draw your attention to the fact that the respective platform operators may in some cases independently process your personal data and merge it into user profiles. This may also occur even if you do not have a user account with the respective social network. If you are registered as a user with one of the networks, the use of the content provided by us will be evaluated and assigned to your profile. This happens regardless of which end devices you use the media with. The tracking and profiling is done with the purpose of offering you an optimal user experience and to provide you with tailored advertising - both within and outside the network. You can find out which techniques the respective operator uses to process your personal data and which opt-out options you have in this regard in the corresponding data protection declarations of the social network as well as in the further information (see below). If you wish to exercise your data protection rights, we recommend that you contact the respective operator of the social network directly. As a rule, documenta und Museum Fridericianum gGmbH has no access to the personal data processed by the respective operators. documenta und Museum Fridericianum gGmbH receives personal data from the operators of social networks to the extent that you permit this through your settings on the network. The operator of the social network may provide us with information such as your name, your user ID, your profile picture, your network, your gender, your user name, your age or age group, your language, your country, your list of friends, your list of followers and any other information that you have consented to provide or that the social network provides to us (e.g. reports on the interaction with our presences on the respective platforms). documenta und Museum Fridericianum gGmbH processes the personal data you provide in order to share your opinions with your friends, followers or contacts on the connected social network and to optimise its presence and reach in the social media. The processing is therefore based on our legitimate interests in reporting on our cultural work and carrying out public relations in general.
Types of data processed by you when visiting social networks (depending on the setting and network):
- master data (e.g. user name, name)
- contact data (e.g. e-mail address)
- usage data (e.g. usage times, activities)
- content data (e.g. data provided by you, such as comments)
- metadata (device ID, network and connection, cookie data).
Data subjects affected by data processing:
The respective user of the social network or the device owner with whose device the service is used.
Purposes:
-reporting
-public relations / PR in general
-tracking (e.g. provision of measurements, analyzes of surfing and user behavior)
-reach measurement (e.g. access figures, calls).
5.1 Legal basis (depending on your relationship with the respective operator of the social network):
Our legitimate interests or the legitimate interests of third parties (e.g. platform providers) (see above) (Art. 6 para. 1 sentence 1 lit. f GDPR). If you have a user account with a social network and have consented to the transfer of your data to third parties as part of your data protection settings, the consent to tracking (Art. 6 para. 1 lit. a GDPR) is also a possible legal basis.
5.2 Services used and service providers (recipients of your personal data):
Within the framework of our online presence and for the dissemination of our offer and our content, we consequently also make use of external services and service providers, including online platforms. Below you will find important information on the processing of your personal data within the framework of these services and service providers. The specific processing of personal data within the scope of the following services depends on several factors (e.g. providers' own privacy settings of users and activities). If you have any questions about the processing in a specific individual case, please feel free to contact us or our company data protection officer.
5.2.1 Instagram (social network)
Responsible party: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; Website: https://www.instagram.com; The privacy policy of the provider can be found at: https://de-de.facebook.com/help/instagram/155833707900388. (Further information on the responsible party Facebook Ireland Ltd follows).
5.2.2 Facebook (social network)
Responsible entity: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; The privacy policy of the provider can be found at: https://www.facebook.com/about/privacy. A transfer of personal data to unsafe third countries (e.g. USA) only takes place under the reservation of appropriate guarantees according to Art. 44 ff. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data.
An opt-out option as well as settings for advertisements can be found at: https://www.facebook.com/settings?tab=ads.
Joint responsibility of documenta and Facebook
We are jointly responsible with Facebook Ireland Ltd. for the processing of your personal data that is generated or collected and used in the course of visiting and using the relevant services. The main contents of the agreement on the joint processing of personal data pursuant to Art. 26 DSGVO on Facebook pages or on services offered by Facebook are available at:
https://www.facebook.com/legal/terms/pagecontrolleraddendum. The privacy policy of the provider(s) for the Facebook pages can be found at: https://www.facebook.com/legal/terms/informationaboutpageinsightsdata.
5.2.3 Twitter (social network, short message service)
Responsible entity: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, DO2AX07 Ireland Inc. Parent company: Twitter Inc. 1355 Market Street, Suite 900, San Francisco CA 94103. The privacy policy of the provider can be found at: https://twitter.com/de/privacy. The Twitter website on which you can make settings, including privacy settings, can be found at https://twitter.com/personalization. According to Twitter, your data may also be transferred, stored and processed in the USA and in all other countries in which Twitter operates (including insecure third countries). A transfer of personal data to unsafe third countries (e.g. USA) only takes place subject to appropriate guarantees pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data: As appropriate guarantees for the protection of personal data in unsafe third countries, we have concluded so-called EU standard contractual clauses with Twitter (Art. 46 para. 2 lit. c GDPR).
5.2.4 YouTube (social network, media portal)
Responsible entity: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; the privacy policy of the provider can be found at: https://policies.google.com/privacy. A transfer of personal data to insecure third countries (e.g. USA) only takes place subject to appropriate guarantees pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data.
An objection option (opt-out) regarding the data processing carried out by Google - in individual cases - can be found at: https://adssettings.google.com/authenticated.
Our website uses plugins from the YouTube site operated by Google. YouTube sets cookies on the terminal device you use, which can also be used to analyse usage behaviour for market research and marketing purposes. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. The basis for the use of the YouTube plugins is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Please note that it is not possible to play the integrated YouTube videos without your consent. If you have not given your consent in our cookie banner, you have the option to do so directly via a lock screen in the embedded video. You can also manage your consent at any time via the link "Change your consent" under point 2 "Cookie settings" at the very end of this page. If you wish to revoke your consent, you can also do so via the same route.
5.2.5 SoundCloud (social audio platform)
Responsible entity: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Headquarters: c/o Third Floor, 20 Old Bailey, London, EC4M 7AN, United Kingdom; the privacy policy of the provider(s) can be found at: https://soundcloud.com/pages/privacy. A transfer of personal data to unsafe third countries (e.g. USA) only takes place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data.
Our website uses widgets of the SoundCloud service. By integrating the widgets, SoundCloud sets cookies on the terminal device you use, which may also serve to analyse usage behaviour for market research and marketing purposes. In the process, the SoundCloud server is informed which of our pages you have visited. Information about the playing, sharing or downloading of audio content via the embedded widgets is also transmitted to SoundCloud in connection with your IP address. If you are logged into your SoundCloud account, you enable the service to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your SoundCloud account. The basis for the use of the SoundCloud widgets is your consent pursuant to Art. 6 (1) lit. a GDPR. Please note that it is not possible to play the integrated audio content without your consent. If you have not given your consent in our cookie banner, you have the option to do so at any time via the link "Change your consent" under point 2 Cookies on this page. If you wish to revoke the consent you have given, you can also do this via the same route.
5.2.6 XING / New Work SE (professional network)
Responsible entity: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany; Website: https://www.xing.com; The privacy policy of the provider can be found at: https://privacy.xing.com/de/datenschutzerklaerung?sco=navigationfooter. You can find an opt-out option at: https://privacy.xing.com/de/datenschutzerklaerung/informationen-die-wir-auf-grund-ihrer-nutzung-von-xing-automatisch-erhalten.
5.2.7 LinkedIN (professional network)
Responsible entity: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, parent company: LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085; Maude Ave, Sunnyvale, California 94085; Website: https://www.linkedin.com; The privacy policy of the provider can be found at: https://www.linkedin.com/legal/privacy-policy. A transfer of personal data to unsafe third countries (e.g. USA) only takes place under the reservation of appropriate guarantees according to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data.
You can find an objection option (opt-out) as well as the settings for advertisements and privacy of your user account at: https://www.linkedin.com.
5.2.8 Hootsuite
The data provided to us by the social media network operators (e.g. reports) are processed by us in the social media management software "Hootsuite". We have a legitimate interest in the use of this software in accordance with Art. 6 Para. 1 lit. f GDPR. The transfer to Hootsuite in Canada is covered by an adequacy decision of the EU Commission.
Hootsuite enables us to manage multiple social media accounts. Posts can be prepared, scheduled, published, liked and shared in it. At the same time, the channels of the different services can also be followed within Hootsuite to keep track of discussions on the social web that are relevant to us.
documenta und Museum Fridericianum gGmbH has only limited access to your publicly accessible social media profile data. In addition, we have no conclusive knowledge of the extent to which Hootsuite collects your user data. You can find further information on this in the Hootsuite privacy policy at: https://hootsuite.com/de/legal/privacy.
6. Data protection during applications and the application process
The primary purpose of data processing is to carry out and process the application process and to assess the extent to which you are suitable for the position in question. As a result, the processing of your applicant data is necessary to be able to decide on the establishment of an employment relationship and thus on the hiring. The primary legal basis for this is Art. 6 (1) lit. b) GDPR in conjunction with. Section 23 (1) HDSIG. The processing of special categories of personal data—insofar as necessary for the decision on recruitment—is based on Art. 9 (1) GDPR in conjunction with. Section 23 (3) HDSIG. If you have voluntarily provided us with special categories of personal data whose processing is not necessary for the decision on recruitment, the collection and processing will be based on your consent given with the submission. We also collect and process personal data of applicants on the basis of legitimate interests for the defense of legal claims (in particular from the General Equal Treatment Act (AGG) pursuant to Art. 6 para. 1 p.1 lit. f GDPR. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. We have set up a special e-mail address for applications by e-mail [bewerbung@documenta.de]. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no such contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the decision regarding rejection, provided that no other legitimate interests on our part prevent deletion. An example of an “other legitimate interest” in the sense just mentioned is, for example, the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
7. Data protection information for participation in events
We process the personal data you provide to us as part of the registration process for the purpose of preparing and holding the respective event as well as for capacity planning on the basis of your consent granted through registration pursuant to Art. 6 (1) lit. a GDPR and, depending on the type of event, on the basis of a contract pursuant to Art. 6 (1) lit. b GDPR. You can revoke your consent at any time with effect for the future. A revocation has the consequence that we can no longer use your personal data for the event - which requires registration - and your participation in the event is therefore excluded.
Where necessary, we process your data beyond your consent in accordance with Art. 6 (1) p. 1 lit. f GDPR to protect the legitimate interests of us or third parties, such as for the defence in legal disputes. Please note that photographs and videos will be taken at our events and that the images and videos may be published on the Internet, on the websites operated by documenta und Museum Fridericianum gGmbH or its cooperation partners, or in social media and/or in one of the publications of documenta und Museum Fridericianum gGmbH or its cooperation partners for the purpose of public relations (in particular reporting) on the respective event.
By participating in the event, you consent to the publication of photographs and video recordings made during the event (§§ 22, 23 KUG). The collection, i.e. the photographic recording and its processing, is carried out for the purpose of pictorial reporting on the basis of Art. 6 para. 1 p. 1 lit. f GDPR. We would like to point out that you can object to this processing in accordance with Art. 21 (1) GDPR for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection should be sent to the above address.
We would like to point out that the documentation of the event may also result in data worthy of archiving, which may become part of the documenta archiv's holdings. Should archival records contain personal data about you, we will process this data on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with. § 7, 8 and 11 HArchivG. We process the special categories of personal data that may be processed in this context on the basis of Section 25 HDSIG.
If you have any questions about this information, including your (data protection) rights, you can also contact our data protection officer: datenschutzbeauftragter@documenta.de.
8. Your rights
You have rights vis-à-vis us with regard to the personal data concerning you. Special legal regulations may prevent the fulfilment of general data protection rights. If you assert a corresponding right and special legal regulations prevent us from fulfilling it, we will inform you of this, stating the specific reasons. You are entitled to the data protection rights listed below:
8.1 Information
Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
8.2 Correction
In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.
8.3 Deletion
Pursuant to Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
8.4 Restriction of processing
Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
8.5 Data portability
Pursuant to Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller(s).
8.6 Revocation
Pursuant to Art. 7 (3) GDPR, you have the right to revoke your consent once given to us at any time (e.g. in writing or by e-mail). This has the consequence that we may no longer continue the data processing based on this consent for the future.
8.7 Complaint
In accordance with Art. 77 GDPR, you can complain about our processing of your personal data to the competent supervisory authority at any time. The supervisory authority responsible for us (The Hessian Commissioner for Data Protection and Freedom of Information) is located at Gustav-Stresemann-Ring 1, 65189 Wiesbaden, P.O. Box 3163, 65021 Wiesbaden.
8.8 Objection to the processing of your data
Insofar as we base the processing of your personal data on our legitimate interest pursuant to Art. Art. 6 (1) p. 1 lit. f GDPR, you may object to the processing, in particular if the processing is carried out for advertising purposes. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection using the contact details above.
Amendment of the data protection declaration (as of 17.09.2021)
Due to the ongoing iterative development of the Internet offer and/or legal developments, it may be necessary for us to make adjustments to our data protection declaration from time to time. Please therefore note the current version of our data protection declaration.