Hellerau Logo
H Logo
Overlay Logo
Chev DownProgram
Chev DownVisit
Chev DownAbout us
YouTube YouTubeInstagram InstagramFacebook Facebook
AccessibilitySunDark Mode
DeutschEnglish

Data protection

The use of the Internet pages of HELLERAU - European Centre for the Arts is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the HELLERAU - European Centre for the Arts.

As the controller, HELLERAU - European Center for the Arts has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

This data protection information applies to data processing by

Controller: 
HELLERAU - European Centre for the Arts,
Karl-Liebknecht-Str. 56 
D-01109 Dresden, Germany
T +49 351 - 264 62 0

The company data protection officer of HELLERAU can be contacted at the above address, for the attention of Andreas Gagelmann, or at datenschutzbeauftragter@dresden.de or by telephone on +49 351 488 19 06.

Collection and storage of personal data and the nature and purpose of its use

a) When visiting the website

When you visit our website www.hellerau.org, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access was made (referrer URL),
  • browser used and, if applicable, the operating system of your computer and the name of your access provider.

The aforementioned data is processed by us for the following purposes

  • Ensuring a smooth connection to the website,
  • Ensuring a comfortable use of our website,
  • Analysing system security and stability and
  • for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

We also use cookies and analysis services when you visit our website. You can find more detailed explanations on this in sections 4 and 5 of this privacy policy.

b) When registering for our newsletter

When registering for the newsletter, the data in the respective input mask is transmitted to the controller. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's email addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception is made if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. Subscription to the newsletter can be cancelled by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. There is a corresponding link in every newsletter for this purpose. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

We use rapidmail to send newsletters. The provider is Positive Group Deutschland GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. If you do not wish to be analysed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. It is also possible to unsubscribe from the newsletter at any time by contacting the press and public relations department directly (info@hellerau.org).

For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. This allows us to determine whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links with which your clicks can be counted.

Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

Recipient : The recipient of the data is Positive Group Deutschland GmbH.

Transfer to third countries: Data will not be transferred to third countries.

Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Revocation option: You have the option of revoking your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

Further data protection information: For more information, please refer to rapidmail's data security information at www.rapidmail.de/datensicherheit.

c) Inclusion in the press mailing list and ordering the HELLERAU Card

The website of HELLERAU - European Centre for the Arts offers the option of joining the press mailing list and ordering a HELLERAU Card online. For direct communication with us, the enquiry includes a general address and e-mail address, full name and telephone number. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties. HELLERAU uses the MailChimp tool for the data-secure implementation of both procedures.

Forwarding of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

  • You have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookies that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see section 5). These cookies enable us to automatically recognise that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

Analysis tools

a) Tracking tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

b) Matomo

For statistical purposes, we use an installation of the analysis software Matomo (formerly Piwik), which is operated entirely within our data centre. Full IP addresses are not processed and are only stored in abbreviated form.

c) Microsoft

Forms and components of the company One Microsoft Way, Redmond, WA 98052-6399 USA, hereinafter referred to as "Microsoft", are integrated on our website. The personal data collected via the respective online forms provided by Microsoft (Microsoft Forms and Microsoft Bookings) are processed and secured on the basis of an order processing contract in accordance with Article 28 GDPR between HELLERAU and Microsoft and the associated technical and organisational measures to protect the data.

The forms are used to request information on artistic projects and to book visiting times at the Festspielhaus.

By accessing the above-mentioned forms, data about your use of this website may be transmitted to Microsoft, collected and used by Microsoft.

If you do not agree to this processing of your data, you have the option of deactivating the service of the respective Microsoft tools and thus preventing the transfer of data to Microsoft. To do this, you must deactivate the Javascript function in your browser. However, we would like to point out that in this case you will not be able to use all the applications concerned, or only to a limited extent.

By using this website and not deactivating "Javascript", you declare your consent that you agree to the processing of your data by Microsoft for the above purpose.

Your personal data will only be stored for as long as it is necessary for the respective purpose (Art. 5 para. 1 lit. e) GDPR). Further use after fulfilment of the storage purpose, e.g. for statistical purposes (Art. 89 GDPR), is not intended. Microsoft Booking and Microsoft Forms are used in accordance with the Microsoft Terms of Use. By using the above forms, you automatically agree to Microsoft's privacy policy. The Microsoft Service Agreement also applies.

Social media plugins

We use social plug-ins from the social networks Facebook, Instagram and YouTube on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. We integrate these plug-ins using the so-called two-click method to protect visitors to our website in the best possible way.

a) Facebook

Social media plugins from Facebook are used on our website to personalise their use. We use the "Like" or "Share" button for this purpose. This is an offer from Facebook.

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which integrates it into the website.

By integrating the plugin, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, for example by clicking the "Like" or "Share" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook can use this information for the purposes of advertising, market research and customising Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to analyse your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information.

b) Instagram

Our website also uses so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").

The plugins are labelled with an Instagram logo, for example in the form of an "Instagram camera".

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram.

This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there.

The information is also published on your Instagram account and displayed to your contacts there.

If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. Further information can be found in Instagram's privacy policy.

Rights of data subjects

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
  • in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
  • to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at the registered office of our law firm.

Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to info@hellerau.org.

Data security

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and was last updated in September 2025. It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can call up and print out the current data protection declaration at any time on the website at this point.