a city and museum guide. With regard to the terminology used, e.g. "processing" or
"responsible party" I refer to the definitions in Article 4 of the
EU General Data Protection Regulation (GDPR).
Responsible party for the data protection is the owner of the website:
c/o Block Services
Stuttgarter Str. 106
Tel: +49- 931-78099529
(at) googlemail (dot) com
Link to the imprint: http://www.rudis-kunstgeschichten.de/aboutme.htm
Types of processed data:
- names, addresses
- contact information (e.g., e-mail, phone numbers).
- the service you requested or booked
You provide this data voluntarily by e-mail or telephone. My website does not contain forms for entering personal information. It does not set cookies on your computers. It does not use analytics services like Google Analytics. It does not give me
your IP addresses. It also contains no plugins for Facebook, Twitter, Instagram or similar platforms. For the server logfiles see below.
In rare cases, customers send me photos they took during the tour of me and the group and give me permission to use them to illustrate my website.
According to GDPR photos with persons
are personal data. Therefore, I use these photos only with the permission of the photographer and all
persons depicted. This permission can be revoked by the depicted at any time. I myself do not take pictures of my clients.
Categories of affected persons
Visitors and users of my website or my services in general (in the following, I
refer to the affected persons as "users").
Purpose of processing
- Answering inquiries
- Customer support
- Processing of orders
- Contact during my service
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data
subject"). A person is considered as identifiable, when can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this
"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data.
"Responsible party" means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.
Relevant legal bases
In accordance with Art. 13 GDPR (General Data Protection Regulation), I inform you
abaout the legal basis of my data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of my services and the execution of contractual measures as well as the answer to inquiries is Art. 6 para. 1 lit. b
GDPR, the legal basis for processing in order to fulfill my legal obligations is Art. 6 (1) lit. c
GDPR, and the legal basis for processing in order to safeguard my legitimate interests is Article 6 (1) lit. f
GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d
GDPR as legal basis.
Collaboration with processors and third parties
If, as part of my processing, I disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, such as to payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or on the basis of my legitimate interests (eg the use of agents, webhosters, etc.).
If I entrust third parties with the processing of data on the basis of a so-called
"data processing agreement", this is done on the basis of Art. 28 GDPR. Such an
agreement currently exists between me and my web hoster "Domain Factory" (server location is European Union). This contract regulates the data protection of the logfiles and e-mail traffic
via the address "info (ätt) rudis-kunstgeschichten.de". This e-mail traffic is encrypted to protect the content
on the way between me and the servers of Domain Factory. Under no circumstances will personal data be leased or sold to third parties for advertising purposes.
Collecting Server Logfiles
You can visit my website without telling me who you are. The IT service Domain Factory, on whose servers my website is
hosted for retrieval on the Internet, collects on the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f.
GDPR Data on every access to the server on which this service is located (so-called server log files). These access data include name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
This log-file information is stored for security reasons (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident. An assignment of these statistical data to a person is therefore only
performed for the investigation of abuse or fraud or the like by Domain Factory or the German authorities. As the operator of the website and
responsible party, I am in no way receiving the IP addresses of the visitors of my website and therefore can not
connect the statistical data with a specific person.
Access, use and
storage of data
Only the responsible party Rudolf Held has access to personal data. He is informed about the legal regulations for the data protection and has committed
himself according to the valid legal regulations (article 5 of the GDPR) to comply with them. The collection, processing, use and transmission of the personal data collected
are, according to Art. 6 (1) of the GDPR, executed only to the extent necessary to answer queries or to execute a contractual relationship between Rudolf
Held as the responsible party and the user as a person affected. The data is stored either digitally on my password-protected computers or on paper in lockable filing cabinets. There is no sending of newsletters. Under no circumstances will personal data be leased or sold to third parties for advertising purposes.
Transfers to third countries
If I process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or when using third party services or disclosing or transmitting data to third parties, this will only be done if it is to fulfill my
contractual obligations on the basis of your consent or on the basis of a legal obligation or on the basis of my legitimate interests. Subject to legal or contractual permissions, I process or let the data
be processed in a third country only in the presence of the special conditions of Art. 44 et seq.
GDPR. The processing is executed e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the USA through the Privacy Shield) or on the basis of officially recognized special contractual obligations (so-called "standard contractual clauses").
affected persons (data subjects)
You have the right to ask for confirmation as to whether the data in question is being processed.
You have the right for information about this data as well as for further information and a copy of the
the processed data in accordance with Art. 15 GDPR.
Accordingly Art. 16 GDPR you have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with Art. 17 GDPR you have the right to demand that the relevant data be deleted immediately
or to require a restriction of the processing of data in accordance with Art. 18 GDPR.
You have the right to request that the data relating to you provided to me be obtained in accordance with Art. 20 GDPR and to request their transmission to other persons responsible.
In accordance with Art. 77 GDPR you have the right to file a complaint with the competent supervisory
authority, which is the State data protection officer of the federal state
Bavaria in Germany.
You have the right to withdraw consent in accordance with. Art. 7 para. 3 GDPR
with effect for the future
Right to objection
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.
Deletion of data
Then the data is blocked and not processed for other purposes. This
applies for example for data that must be kept for commercial rules or tax reasons.
According to legal requirements in Germany the storage takes place in particular for 6 years pursuant to § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books,
business records, management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).
For your information, you will find links on my pages that refer to the pages of third parties. As far as this is not obvious, I would point out that this is an external link. As a responsible
party of my website and business I have no influence on the content and design of these pages of other
Further information and contact
If you have further questions about privacy, please contact me at any time.
Text is adapted
and translated by me. Source of text in german language is: Erstellt
mit Datenschutz-Generator.de von RA Dr. Thomas Schwenke
About Me / Disclaimer