Data Protection Statement

Data Protection Information of the Eberbach Abbey Foundation

Effective from 25.05.2018

 

We take your privacy very seriously and process your personal data in accordance with applicable statutory data protection regulations. Personal data in the sense used in the information presented here include all data that could be connected to your person, for instance your name, postal address, email address, IP address, and user behaviour.

In the following data protection statement, we inform you on how we process your personal data. In addition, we provide you with an overview of your data protection rights. Precisely which data are processed and how they are used depends primarily on which services you use, request, or consent to.

 

1. Responsible Body and Data Protection Officer

(1) The responsible body according to Article 4 (7) of the General Data Protection Regulation (GDPR) and the service provider according to § 13 of the German Telemedia Act (TMG) is the 

Eberbach Abbey Foundation
65346 Eltville am Rhein
Germany

(2) The Data Protection Officer of the responsible body may be contacted at:

Eberbach Abbey Foundation
Data Protection Officer
65346 Eltville am Rhein
Germany
Email: datenschutz@dont-want-spam.kloster-eberbach.de

 

2. Source of the Personal Data

We process personal data that we receive from you either during your visit to our website, or when you contact us by email, or via a contact form or booking function. 

 

3. Categories of Personal Data Processed

(1) If you visit or use our website simply to obtain information, i.e. if you do not register with the site or otherwise transmit information to us, we collect only those personal data that your browser transmits to our server. If you wish to take a look at our website, we collect the following data that are technically necessary for us to display the website correctly and guarantee its stability and security:

- Your IP address

- Date, time and duration of your visit

- Content of the request (specific page)

- Access status/http status code

- Data volume transferred in each case

- Website from which the request came

- Your browser

- Your operating system

These data are used solely for internal statistical purposes

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. A cookie is a small text file that is stored on your hard drive and assigned to the browser you use to access the website, through which certain information is transmitted to the site that places the cookie. Cookies cannot execute programmes or infect your computer with viruses. They serve to make Internet presentations generally more user-friendly and effective.

(3) Most browsers are set to accept cookies, though you may at any time deactivate your browser’s cookie-storing function or configure your browser so that you are notified each time cookies are sent to it. However, we hereby inform you that if you do so you may not be able to use all of this website’s functions.

(4) This information is stored separately from other data that may have been passed on to us. In particular, cookie-related data are not linked with your other data.

 

4. Other Functions and Services of our Website

(1) Besides purely informational use of our website, we offer a range of services that you may be interested in using. To do so, you must as a rule provide additional personal data that are used to provide the service in question, and to which the aforementioned guidelines on data processing apply.

(2) When you contact us by email or via a contact form, the data you supply (your email address, your name, to include possibly both family and given name), are stored by us in order to answer your questions. In addition, you have the option of providing us with feedback via a contact form. In doing so, you must provide the following personal data: your name, your email address, and your feedback.

(3) Our website allows you to book rooms for overnight stays online. In order to process inquiries for such bookings, the following personal data must be provided: your name, your email address, and your telephone number.

(4) In addition, you have the option of making reservations for guided tours via our website. In this case, it is necessary to supply the following personal data: your given and family names, your address, your email address, and your telephone number. 

(5) To access our press photos download area, it is necessary to supply the following personal data: your given and family names and your email address.

(6) We delete the data collected in the above cases when storing them is no longer necessary, or restrict their processing in line with existing statutory retention provisions.

 

5. Use of etracker

(1) On this website, data are collected and stored for marketing and optimization purposes using technology provided by etracker GmbH (http://www.etracker.com). Using these data, user profiles can be created under a pseudonym. To this end cookies are used, facilitating recognition of the Internet browser on subsequent visits. Without the explicit consent of the individual involved, the data collected using etracker technology are not used to personally identify the individual visiting this website and are not linked with personal data on the bearer of the pseudonym. Consent to collect and store such data may be withdrawn at any time with future effect. At this link you may unsubscribe from etracker data collecting: http://www.etracker.de/privacy?et=nvm5YV.

(2) We employ etracker to regularly analyse and improve use of our website. Using the statistical data thus collected, we are able to improve our online presentation and make it more attractive for you as user. The data collected are stored permanently and analysed pseudonymously. 

(3) Information on the third-party provider is available at: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg; http://www.etracker.com/de/datenschutz.html.

 

6. Use of the Shariff Solution for Google+, Facebook, and Twitter Social Media Plug-ins 

(1) We currently use the following social media plug-ins: Facebook, Google+, and Twitter. In doing so, we employ the so-called Shariff Solution. This means that when you visit our page, initially absolutely no personal data of yours are transmitted to the plug-in providers. You can recognise the plug-in provider by its initial or logo in a greyed-out box. Contact with or requests to these providers are made by our server, such that instead of the visitor’s IP address only the server address is communicated to Facebook, Google and Twitter. Only when you click on the link in order to share content does the provider’s plug-in receive the information that you have accessed the relevant web page of our online presentation. Additionally, the data listed under Point 3 of this data protection information are transmitted. In the case of Facebook, according to its German provider the IP address is anonymised immediately after it is collected. Thus by activating the plug-in, personal data are transferred to and stored with the provider – in the case of American providers such data are stored in the USA. Since the plug-in provider principally uses cookies to collect data, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.

(2) We have no influence on the data thus collected and how they are processed; neither do we know the extent to which, and purposes for which, data are collected, or how long they are stored. We also have no information on the plug-in provider’s policy on deleting the data thus collected.

(3) The plug-in provider stores these data as user profiles and analyses such profiles for advertising and market research purposes and/or to facilitate customer-oriented design of its website. Such analysis is used in particular (even in the case of users who are not logged in to the website) to present customer-oriented advertising and to inform other users of the social network of your activities on our website. You have the right to object to the creation of such user profiles, though to exercise this right you must contact the plug-in provider in question. Via the plug-ins we allow you to interact with the social networks and other users so that we can improve our online presentation and make it more attractive for you as user.

(4) Data is passed on regardless of whether you have an account with the plug-in provider or are logged on to its site. If you are logged on to the plug-in provider, your data are directly linked to your account with the plug-in provider. If you activate the button, thus linking the page for instance, the plug-in provider also stores this information with your user account and communicates it to your contacts. We recommend that you regularly log off after using a social network, especially before activating the button, thus avoiding a link-up to your profile with the plug-in provider.

(5) Additional information on the purpose and scope of the plug-in providers’ collecting and processing of data is available in the following data protection statements published by these providers. There you can also find additional information on your relevant rights and configuration options to protect your privacy.

 (6) Addresses of the providers with links to their data protection information:

- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php. Additional information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

- Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; http://www.google.com/policies/privacy/partners/?hl=de.

- Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy.

 

7. Embedding of YouTube Videos

(1) We have embedded YouTube videos in our online presentation. These are stored at http://www.YouTube.com and are directly accessible from our website. These videos are all embedded in “enhanced data protection mode” – i.e. none of your data as user are transmitted to YouTube if you do not play the video. Only if you play the video are the data referred to in (2) below transmitted to YouTube. We have no control over the transmission of this data.

(2) When you visit the website, YouTube receives information that you have accessed the relevant subpage of our website. In addition, the data listed under Point 3 in this data protection information are transmitted to YouTube, regardless of whether you are logged on to a YouTube account or whether no such user’s account exists. If you are logged on to Google, your data are assigned directly to your account. If you do not wish your data to be linked to your YouTube profile, you must log out of your account before activating the YouTube video. YouTube stores your data as part of your user profile and uses them for advertising and market research purposes and/or to enhance customer-oriented design of its website. Such analysis is used in particular (even in the case of users who are not logged in to the website) to present customer-oriented advertising and to inform other users of the social network of your activities on our website. You have the right to object to the creation of such a user profile, though to exercise this right you must contact YouTube directly.

(3) Additional information on the purpose and scope of YouTube’s collecting and processing of data is available in YouTube’s data protection statement. There you can also find additional information on your rights and on configuration options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your data in the USA and has agreed to abide by the terms of the EU-US Privacy Shield.

 

8. Embedding of Google Maps

(1) On this website we use Google Maps, enabling us to display interactive maps directly on the website and facilitating use of the map function.

(2) When you visit the website, Google Maps receives information that you have accessed the relevant subpage of our website. In addition, the data listed under Point 3 in this data protection information are transmitted to Google, regardless of whether you are logged on to a Google account or whether no such user’s account exists. If you are logged on to Google, your data are assigned directly to your account. If you do not wish your data to be linked to your Google profile, you must log out of your account before activating the Google Maps button. Google stores your data as part of your user profile and uses them for advertising and market research purposes, and/or to facilitate customer-oriented design of its website. Such analysis is used especially (even in the case of users who are not logged in to the website) to present customer-oriented advertising and to inform other users of the social network of your activities on our website. You have the right to object to the creation of such a user profile, though to exercise this right you must contact Google directly.

(3) Additional information on the purpose and scope of the plug-in provider’s collecting and processing of data is available in the provider’s data protection statement. There you can also find additional information on your rights and on your configuration options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your data in the USA and has agreed to abide by the terms of the EU-US Privacy Shield.

 

9. Newsletter

(1) By giving your consent, you may subscribe to our newsletter, through which we inform you of our current offerings of interest. The goods and services promoted are named in the declaration of consent.

(2) In registering for our newsletter, we make use of the so-called double-opt-in process. This means that after registering you receive an email at the email address you supply, in which we ask you for confirmation that you wish to be sent the newsletter. If you do not confirm your registration within 24 hours, your data are blocked and automatically deleted after a month. In addition, we store the IP address you use and the times of your registration and confirmation. The purpose of this process is to document your registration and if necessary resolve any possible misuse of your personal data.

(3) The only mandatory disclosure for sending the newsletter is your email address. Disclosure of additional separately indicated data is voluntary and will be used to contact you personally. After receiving your confirmation, we store your email address in order to send you the newsletter.

(4) You may withdraw your consent to receive the newsletter and cancel the newsletter at any time. You may cancel by clicking on the relevant link available in every newsletter email or by sending a message by post, telephone or fax to one of the contacts listed in the imprint.

 

10. Subscribing to the Klosterbote Newspaper

(1) By giving your consent, you may subscribe to our newspaper, the Klosterbote, through which we inform you of our current offerings of interest. The contents promoted are named in the declaration of consent.

(2) In registering to receive our newsletter, we make use of the so-called double-opt-in process. This means that after registering you receive an email at the email address you supply, in which we ask you for confirmation that you wish to be sent the newsletter. If you do not confirm your registration within 24 hours, your data are blocked and automatically deleted after a month. In addition, we store the IP address you use and the time of your registration and confirmation. The purpose of this process is to document your registration and if necessary resolve any possible misuse of your personal data.

(3) The only mandatory disclosure for receiving the newsletter is your email address. Disclosure of additional separately indicated data is voluntary and will be used to contact you personally. After receiving your confirmation, we store your email address for the purpose of sending you the newsletter.

(4) To register to receive the Klosterbote by post, the following personal data must be supplied: your given and family names and your address.

(5) You may withdraw your consent to receive the newsletter and cancel the newsletter at any time. You may cancel by clicking on the relevant link available in every newsletter email, or by sending a message by post, telephone or fax to one of the contacts listed in the imprint.

 

11. Press Mailing List

(1) By giving your consent, you can register for our press mailing list, through which we send you media-relevant information. The contents promoted are named in the declaration of consent.

(2) In registering for our press mailing list, we make use of the so-called double-opt-in process. This means that after registering you receive an email at the email address you supply, in which we ask you for confirmation that you wish to be placed on the press mailing list. If you do not confirm your registration within 24 hours, your data are blocked and automatically deleted after a month. In addition, we store the IP address you use and the times of your registration and confirmation. The purpose of this process is to document your registration and if necessary resolve any possible misuse of your personal data.

(3) Mandatory disclosures for inclusion in our press mailing list are your given and family names, your email address, and in addition your medium and the desired subject area. Disclosure of additional, separately indicated data is voluntary. After receiving your confirmation, we store your email address for the purpose of inclusion in, and sending messages from, the press mailing list.

(4) You may withdraw your consent to receive messages from the press mailing list and cancel your subscription to the press mailing list at any time. You may cancel by clicking on the relevant link available in every newsletter email, or by sending a message by post, telephone or fax to one of the contacts listed in the imprint.

 

12. Spendino Donation Form

(1) On our website you have the option of making an immediate donation via GRÜN Software GmbH’s Spendino donation form. The data relevant to these financial transactions are processed only by Spendino on their servers. You may access the data protection statement of GRÜN Software AG, Pascalstraße 6, 52076 Aachen, Germany at https://www.gruen.net/datenschutz/.

(2) For online donations, disclosure of the following personal data is necessary: your title, given and family names, postal address, email address, duration or frequency of the donation, your bank details, and the country in which you live. 

(3) In making your donation, should you decide to use PayPal’s online payment service, your contact data generated in the course of the donation process will be transmitted to PayPal. This is necessary to complete the donation process using the method of payment you have selected. The personal data transmitted to PayPal consist in most cases of your given name, family name, postal address, telephone number, IP address, email address, or other data necessary to complete the transaction, as well as data connected with the donation. Depending on the method of payment selected via PayPal, the personal data transmitted to PayPal will be transmitted by PayPal to credit agencies. To find out which agencies are involved and in general which data are collected, processed, stored and passed on by PayPal, please consult PayPal’s data protection information at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev.

 

13. Use of AmazonSmile

(1) Our website offers you the option of donating to the Eberbach Abbey Foundation when making a purchase from the external service provider AmazonSmile. The links embedded in the website transfer you to AmazonSmile, and your purchase is completed entirely through the AmazonSmile account, such that personal data necessary for the purchase (e.g. postal address and bank details) are not transmitted to our website. Processing of personal data necessary to complete the purchase with AmazonSmile is subject to AmazonSmile’s conditions of use. We do not receive any data or other information on purchases or persons from AmazonSmile.

(2) AmazonSmile is operated by Amazon EU S.à r.l. (Société à responsabilité limitée), 5 Rue Plaetis, L-2338 Luxemburg, or Amazon EU SARL, Niederlassung Deutschland, Marcel-Breuer-Straße 12, 80807 Munich. You can find more information on AmazonSmile’s data protection policy at https://smile.amazon.de/gp/help/customer/display.html/ref=smi_ge_ft_priv?ie=UTF8&nodeId=3312401.

 

14. Categories of Recipients of Personal Data

(1) We allow some of the aforementioned processes and services to be conducted by carefully selected service providers commissioned in compliance with current data protection laws. These external service providers are subject to our directives and are regularly controlled. They will not pass your data on to third parties.

(2) As regards our transmitting data to third parties, we pass on information about you only when statutory provisions require us to do so, you have given your consent, or we are authorised to pass on such data. If these requirements are met, recipients of personal data might include:

- Public authorities and institutions (e.g. fiscal authorities, law enforcement agencies) on presentation of proof of legal or official obligation.

- Other firms or comparable institutions to whom we transmit personal data in order to complete business transactions with you.

 

15. Purposes for Which Personal Data Are to be Processed and Legal Grounds for Such Processing

We process your personal data in accordance with applicable statutory data protection regulations, whereby this processing is lawful when at least one of the following conditions is fulfilled:

- Consent given (Article 6, § 1a GDPR):

The processing of personal data is lawful if consent has been given for a specific purpose (e.g. processing your inquiry, using data for marketing purposes). Consent once given may be withdrawn at any time with future effect. This is also the case for consent granted to us before the GDPR came into force, that is before 25 May 2018.

- To fulfil contractual obligations (Article 6, § 1b GDPR)

We process personal data in order to fulfil our contractual obligations or in order to take steps based on an inquiry prior to entering into a contract. The reasons for processing such data arise primarily from your inquiry.

- To comply with legal obligations (Article 6, § 1c GDPR):

The Eberbach Abbey Foundation is subject to a number of legal obligations. These include:

o Statutory commercial and fiscal retention regulations according to the German Commercial and Fiscal Codes

o Compliance with fiscal monitoring and reporting obligations 

- Within the framework of legitimate interests (Article 6, § 1f GDPR)

As far as is necessary, we process your data beyond actual fulfilment of the contract in order to protect our legitimate interests or those of a third party.

For example:

o To enforce and to defend against legal claims

o To guarantee IT security and IT operations

o To analyse and improve the use of our website

o To facilitate the use of social media plug-ins

 

16. Intention to Transmit Personal Data to a Third Country or an International Organisation

Active transmitting of personal data to a third country occurs only insofar as this is explicitly indicated within the framework of the aforementioned services.

 

17. Criteria for Determining the Period for Which Personal Data Are Stored

(1) The data are stored according to statutory regulations on data processing and in compliance with statutory retention periods. We process and make use of your data exclusively for the purposes to which you have consented, and only for as long as the data are necessary for these purposes. 

(2) If the data are no longer necessary for such purposes or in order to comply with statutory obligations, they are as a rule deleted unless their – restricted and, as the case may be, limited – additional processing is necessary for one of the following purposes:

- Compliance with statutory commercial and fiscal retention regulations: the relevant regulations are the German Commercial Code (HGB) and Fiscal Code (AO), according to which the statutory storage or documentation period is ten years.

- Retention of evidence within the framework of statutory limitation regulations. According to §§ 195 ff. of the German Civil Code (BGB), the regular period of limitation is three years; however, under special circumstances this may extend to 30 years.

 

18. Your Data Protection Rights

(1) Each person concerned has the right to information according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to deletion according to Article 17 GDPR, the right to limitation of processing according to Article 18 GDPR, the right to objection according to Article 21 GDPR, and the right to data portability according to Article 20 GDPR. In the cases of the right to information and the right to deletion, the restrictions imposed by §§ 34 and 35 of the Federal Data Protection Act (BDSG) apply. In addition, each person concerned has the right of appeal to the appropriate data protection supervisory authority (Article 77 GDPR in connection with § 19 BDSG).

(2) Consent given to us for processing personal data may be withdrawn at any time with future effect. This is also the case for consent granted to us before the General Data Protection Regulation came into force, that is before 25 May 2018.

(3) You have the right – for reasons arising from your particular circumstances – to file an objection at any time to the processing of your personal data as a result of Article 6, § 1e GDPR (data processing in the public interest) or Article 6, § 1f GDPR (data processing based on legitimate interests).

Should you file an objection, we will no longer process your personal data unless we can provide evidence of urgent, protection-worthy interests for processing your data that outweigh your interests, rights, and freedoms, or unless such processing serves to enforce, exercise or defend against legal claims. 

The objection may be submitted informally and should if possible be addressed to 

Eberbach Abbey Foundation
Data Protection Officer
65346 Eltville am Rhein
Germany
Email: datenschutz@dont-want-spam.kloster-eberbach.de

 

19. Obligation to Provide and Possible Consequences of Not Providing Personal Data

When using our online offerings, you must provide such personal data as are necessary to fulfil the purpose in question or that we are legally obliged to collect. Without these data, as a rule we will not be in a position to conclude a contract with you or to carry out such a contract. 

 

20. Existence of Automated Decision Making to include Profiling

In accordance with Article 22 GDPR, we categorically do not use fully automated decision making to create and implement a business relationship. Should we employ this process in individual cases, we will inform you as such separately as long as we are legally required to do so.

 

21. Alterations to the Data Protection Information

We are continually developing and optimising our services. It can thus happen that we add new functions to our website. Should this influence the way we process personal data, we will inform you of such in our data protection information in good time.

 

 

Stiftung Kloster Eberbach

65346 Eltville am Rhein, Phone: +49 (0) 6723 9178 -0, Fax: +49 (0) 6723 9178 -105, info@dont-want-spam.kloster-eberbach.de