The website of HELLERAU – European Centre for the Arts can generally be used without providing any personal data. However, if a data subject wishes to make use of specific services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary, and there is no legal basis for such processing, we will generally ask for the data subject’s consent.
The processing of personal data, such as the data subject’s name, address, e-mail address or telephone number, always takes place in accordance with the General Data Protection Regulation and in line with the country-specific data protection provisions which apply to HELLERAU – European Centre for the Arts.
As the data controller, HELLERAU – European Centre for the Arts has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as thoroughly as possible. Nonetheless, Internet-based data transmissions may generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject has the option of sending us personal data by alternative means, for example by telephone.
Name and contact details of the controller and the company data protection officer
Controller: HELLERAU – Europäisches Zentrum der Künste, Karl-Liebknecht-Str. 56, 01109 Dresden, Germany
Tel. +49 351 264 62 0
HELLERAU’s company data protection officer can be contacted at the above address, Attn. Mr Andreas Gagelmann, at firstname.lastname@example.org or by telephone on +49 351 4881906.
Collection and storage of personal data and the nature and purpose of their use
a) During visits to our website
When you visit our website www.hellerau.org, the browser used on your device automatically sends information to our website server. This information is temporarily stored in what is known as a log file. In that process, the following information is collected without your intervention and stored until its automatic erasure:
- IP address of the requesting computer,
- date and time of request,
- name and URL of the retrieved file,
- website from which access is made (referrer URL),
- browser used and, if relevant, the operating system of your computer and name of your access provider.
We process the data named above for the following purposes:
- to ensure that the connection to the website is established smoothly,
- to ensure that our website can be used conveniently,
- to assess system security and stability, and
- for other administrative purposes.
The legal basis for this data processing is Article 6, para. 1 (1f) of the GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case will we use the data collected for the purpose of identifying you.
b) When subscribing to our newsletter
If you have expressly consented pursuant to Article 6, para. 1 (1a) of the GDPR, we will use your e-mail address to regularly send you our newsletter. All that is required to receive the newsletter is an e-mail address.
The HELLERAU newsletter can generally only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject subscribes to the newsletter. For legal reasons, when an e-mail address is first entered for the purpose of receiving the newsletter, a confirmation e-mail is sent using the double opt-in procedure. This confirmation e-mail is use to check whether the owner of the e-mail address has authorised the receipt of the newsletter as the data subject.
To send the newsletter securely, we use the tool MailChimp.
When a data subject subscribes to the newsletter, we store the IP address allocated by the Internet Service Provider (ISP) to the computer system used by the data subject at the time of registration, plus the date and time of subscription. It is necessary to collect this data to track the (potential) misuse of a data subject’s e-mail address at a later point in time; this thus serves as a legal safeguard for the controller.
The personal data collected when subscribing to the newsletter are used exclusively for sending our newsletter. Furthermore, newsletter subscribers may receive information by e-mail if this is necessary for the operation of the newsletter service, or if subscription is required in this context, as in the case of changes to the newsletter service or when technological conditions change. The personal data collected in the context of the newsletter service are not disclosed to third parties. The data subject may cancel the subscription to our newsletter at any time. The data subject may at any time withdraw his or her consent to the storage of personal data as given to us for the purpose of sending the newsletter. Every newsletter contains a corresponding link for the purpose of withdrawing that consent. Furthermore, it is also possible at any time to unsubscribe from the newsletter directly via the contact persons in the public relations office (email@example.com).
c) Newsletter tracking
The newsletter sent by HELLERAU – European Centre for the Arts contains what are known as “tracking pixels”. A tracking pixel is a miniature graphic embedded into e-mails of this kind sent in HTML format to enable logging and log file analysis. It can be used to carry out a statistical analysis of the success or failure of online marketing campaigns. Using the integrated tracking pixel, HELLERAU – European Centre for the Arts can recognise whether, and when, an e-mail is opened by a data subject and what links in the e-mail are accessed by the data subject.
Personal data collected via the tracking pixels in the newsletters are stored and analysed by the controller in order to optimise the newsletter and to adapt the content of future newsletters even better to the data subject’s interests. These personal data are not disclosed to third parties. Data subjects are at any time entitled to withdraw their consent to this, as separately given via the double-opt-in procedure. Once consent is withdrawn, these personal data are erased by the controller. HELLERAU – European Centre for the Arts automatically interprets unsubscription from the newsletter as a withdrawal of consent.
d) Entry on press distribution list and ordering the HELLERAU Card
The website of HELLERAU – European Centre for the Arts allows users to be added to the press list, as well as providing a means of ordering the HELLERAU Card online. For direct communication with us, users are asked for a general address and an e-mail address, plus their full name and telephone number. If a data subject contacts the controller by e-mail or a contact form, the personal data sent by the data subject are automatically stored. Personal data of this kind which the data subject voluntarily sends to the controller are stored for the purpose of processing or for contacting the data subject. These personal data are not disclosed to third parties. To carry out both processes securely, HELLERAU uses the tool MailChimp.
Transfer of data
Your personal data are not transferred to third parties for any purposes other than those listed below.
We only pass on your personal data to third parties if:
- you have given your explicit consent to this pursuant to Article 6, para. 1, Point (1a) of the GDPR,
- processing is necessary for the establishment, exercise or defence of legal claims pursuant to Article 6, para. 1, Point (1f) of the GDPR, and there are no reasons to consider that you have an overriding interest worth protecting in your data not being disclosed,
- if there is a legal obligation to pass them on pursuant to Article 6, para. 1, Point (1c) of the GDPR, and
- this is legally permissible and necessary to process contractual relationships with you pursuant to Article 6, para. 1, Point (1b) of the GDPR.
Information is stored in the cookies which arises in connection with the specific device used in each case. However, this does not mean that we are immediately made aware of your identity.
On the one hand, using cookies helps make it more pleasant for you to use our offerings. For example, we use so-called “session cookies” to recognise that you have already visited individual pages on our website. When you leave our site, these are automatically erased.
Furthermore, to improve user-friendliness, we place temporary cookies which are stored on your device for a certain period of time. If you visit our site again to make use of our services, it automatically recognises that you have visited us before and remembers the information entered and settings chosen, so you do not need to enter these again.
The data processed by cookies are required for the purposes named above of safeguarding our legitimate interests and those of third parties, pursuant to Article 6, para. 1 (1f) of the GDPR.
Most browsers accept cookies automatically. You can nonetheless configure your browser so that no cookies are stored on your computer, or so that a prompt always appears before a new cookie is placed. However, disabling cookies completely may mean that you cannot use all the features of our website.
a) Tracking tools
The tracking measures which we use, as listed below, are carried out on the basis of Article 6, para. 1 (1f) of the GDPR. Our aim in using these tracking measures is to ensure that our website design is tailored to users’ needs and continuously optimised. We also employ these tracking measures to gather statistics on the use of our website and to analyse them in order to improve our offerings for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
b) Google Analytics
In order to tailor our website design to users’ needs, and to continually optimise it, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies (see Clause 4) are used. The information generated by the cookie about your use of this website, such as
- browser type / version,
- operating system used,
- referrer URL (page visited previously),
- hostname of the computer making the request (IP address),
- time of server query
is transmitted to a Google server in the USA and stored there. The information is used to evaluate the website’s use, to compile reports on website activity and to provide other services related to the use of this website and the Internet for the purposes of market research and to tailor this website’s design to users’ needs. This information is also sent to third parties where this is required by law, or where third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. The IP addresses are anonymised such that they cannot be associated with you (IP masking).
Moreover, you may prevent Google from gathering the data (including your IP address) collected using the cookie and regarding your use of the website, and prevent Google from processing this data, by downloading and installing a browser add on.
As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can also stop Google Analytics from collecting data by clicking on this link. An opt-out cookie is stored which prevents your data from being collected when you visit this website in future. The opt-out cookie is only valid in this browser and for our website, and is stored on your device. If you delete the cookies in this browser, you will have to place the opt-out cookie again.
For more information about data protection related to Google Analytics, see the Google Analytics Help Center.
c) Google Adwords Conversion Tracking
To gather statistics on our website’s use and for purposes of improving the website, we also use Google conversion tracking. This involves Google Adwords placing a cookie (see Clause 4) on your computer if you visit our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this site.
Every Adwords customer is given a different cookie. Cookies can thus not be tracked via Adwords customers’ websites. The information gathered using the conversion cookie is used to compile conversion statistics for Adwords customers who have chosen conversion tracking. Adwords customers are informed of the total number of users who have clicked on their ad and been redirected to a site with a conversion tracking tag. However, they do not receive any information which can be used to identify users.
Forms and components of the company One Microsoft Way, Redmond, WA 98052-6399 USA, hereinafter “Microsoft”, are integrated on our Internet pages. The personal data collected via the respective online forms provided by Microsoft (Microsoft Forms and Microsoft Bookings) are processed and secured accordingly on the basis of an order processing agreement pursuant to Article 28 DSGVO between HELLERAU and Microsoft and the associated technical and organizational measures to protect the data.
The forms are used to request information on artistic projects and to book visiting times at the Festspielhaus.
By calling up the above-mentioned forms, data about your use of this website may be transmitted to Microsoft, collected and used by Microsoft.
However, we would like to point out that in this case you will not be able to use all the relevant applications, or only to a limited extent.
Your personal data will only be stored as long as it is necessary for the respective purpose (Art. 5 para. 1 lit. e) DSGVO). Further use after the purpose of storage has been fulfilled, e.g. for statistical purposes (Art. 89 DSGVO), is not intended.
Social media plugins
On our website, we use social plugins for the social networks Facebook, Twitter, Instagram and YouTube on the basis of Article 6, para. 1 (1f) of the GDPR. This is for the purpose of advertising, which should be seen as a legitimate interest in line with the GDPR. Responsibility for their operation in compliance with data protection regulations is to be guaranteed by their respective provider. We integrate these plug-ins using the two-click method to give visitors to our website the best possible protection.
Our website uses social media plugins from Facebook to personalise its use. This involves using the “Like” or “Share” buttons. This is a Facebook service.
If you access a page on our website which contains a plugin of this type, your browser creates a direct connection with the Facebook servers. Facebook sends the content of the plugin straight to your browser, which integrates it into the page.
Integrating the plugins means that Facebook is informed that your browser has accessed the relevant page on our site, even if you do not have a Facebook account or are currently not logged into Facebook. This information (including your IP address) is sent from your browser straight to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can directly connect your visit to our website to your Facebook profile. If you interact with the plugins, e.g. by pressing the “Like” or “Share” buttons, that information is also sent directly to a Facebook server and stored there. The information is also published on Facebook and shown to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and tailoring Facebook pages. To do so, Facebook creates profiles about usage, interests and relationships, e.g. to analyse your use of our website in connection with the advertisements you are shown on Facebook, to inform other Facebook users about your activities on our website and to carry out other services related to the use of Facebook.
If you do not want Facebook to link the data collected on our website to your Facebook account, please log out of Facebook before visiting our website.
Our website contains plugins from the short message network Twitter Inc. (Twitter). Twitter plugins (tweet buttons) can be recognised by the Twitter logo on our site. An overview of tweet buttons can be found here.
When you visit a page on our website that contains a plugin of this type, a direct connection is established between your browser and the Twitter server, sending Twitter the information that you (your IP address) have visited the site. If you click on the Twitter ‘tweet’ button while logged into your Twitter account, you can link to content on our site from your Twitter profile. This allows Twitter to link your visit to our site to your user account. Please note that as the website provider we do not receive any information about the content of the data transmitted or how it is used by Twitter.
If you do not want Twitter to link your visit to our site to your account, please log out of your Twitter user account.
Our website also uses so-called social plugins (“plugins”) operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
These plugins feature an Instagram logo, e.g. in the form of an “Instagram camera”.
If you access a page on our website which contains a plugin of this type, your browser creates a direct connection with the Instagram servers. Instagram sends the content of the plugin straight to your browser, which integrates it into the page. Integrating the plugin means that Instagram is informed that your browser has accessed the relevant page on our site, even if you do not have an Instagram profile or are currently not logged into Instagram.
This information (including your IP address) is sent from your browser straight to an Instagram server in the USA and stored there. If you are logged into Instagram, then Instagram can directly link your visit to our website to your Instagram account. If you interact with the plugins, e.g. by pressing the “Instagram” button, the information is also sent directly to an Instagram server and stored there.
This information is also published on your Instagram account and shown to your contacts there.
If you do not want Instagram to directly link the data collected on our website to your Instagram account, please log out of Instagram before visiting our website.
For further information on this subject, see the Instagram data policy.
Rights of the data subject
You have the right:
- pursuant to Article 15 of the GDPR to demand access to the personal data concerning you which we process. Among other things, you can obtain access to the purposes of the processing, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, where the personal data are not collected by us, information as to their source, and the existence of automated decision-making, including profiling, and meaningful information about its details;
- pursuant to Article 16 of GDPR to obtain the rectification of inaccurate personal data concerning you stored by us or to have incomplete personal data of this kind completed;
- pursuant to Article 17 of the GDPR to obtain the erasure of personal data concerning you and stored by us, to the extent that such processing is not required to exercise our right to freedom of expression and information, for compliance with a legal obligation, on grounds of public interest or to establish, exercise or defend legal claims;
- pursuant to Article 18 of the GDPR to obtain restriction of processing of your personal data, where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose their erasure and we no longer need the data, but you require them for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 of the GDPR;
- pursuant to Article 20 of the GDPR to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;
- pursuant to Article 7, para. 3 of the GDPR at any time to withdraw your consent given to us. As a result, we will in future no longer be permitted to continue the data processing which was based on that consent, and
- pursuant to Article 77 of the GDPR, to lodge a complaint with a supervisory authority. As a rule, to do so you can contact the supervisory authority at your usual place of residence or workplace, or at our offices.
Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Article 6, para. 1 (1f) of the GDPR, you have the right pursuant to Article 21 of the GDPR to object to processing of personal data concerning you on grounds relating to your particular situation, or where you object to direct marketing. In the latter case, you have a general right to object which we must implement without any particular situation being specified.
If you would like to exercise your right to withdraw your consent or to object, all that is needed is to send an e-mail to firstname.lastname@example.org.
We also take appropriate technical and organisational security precautions to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security precautions undergo continuous updates in line with technological development.
Updates and amendments to this privacy statement
This privacy statement is currently valid as of May 2018.
In the process of further developing our website and related offerings, or due to changes in legal or regulatory requirements, it may become necessary for this privacy statement to be changed. The current privacy statement can be retrieved and printed by you at any time on our website at https://www.hellerau.org/datenschutz.