Menu

Data Protection Policy

The following Data Protection Policy applies to the use of our online offer planetarium-hamburg.de (the "Website").

We attribute great importance to data protection. Your personal data is collected and processed in adherence with the applicable data protection rules, in particular the General Data Protection Regulation (GDPR).

1. Controller

Planetarium Hamburg Landesbetrieb der Freien und Hansestadt Hamburg (Kulturbehörde) Linnering 1 (Stadtpark) is the Controller for the collection, processing and use of your personal data within the meaning of personal data Article 4(7) GDPR.

E-mail: info@planetarium-hamburg.de

If you wish to object to us collecting, processing or using your data in accordance with these data protection provisions as a whole or with regard to individual measures, please submit your objection to the Controller.

You may print or store this Data Protection Policy at any time.

2. General Purposes of Processing

We use personal data for the purpose of operating the website, booking tickets and sending our newsletter.

3. The Data We Use, and Why We Use It

3.1 Hosting

The hosting services that we use serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the Website.

We or our hosting provider process contact details, content data, usage data, meta data and communication data of customers, interested parties and visitors of this website on the basis of our legitimate interests in the efficient and secure provision of our website pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR.

3.2 Access Data

We collect, store and use data concerning each on the access to our website (so-called server logfiles). Access data includes the following:

  • - name and URL of the accessed file
  • - date and time of access
  • - transmitted data volume
  • - response on successful access (HTTP response code)
  • - type of browser and version of browser
  • - operating system
  • - referrer URL (i.e., the site previously visited)
  • - websites that were accessed from the user's system via our website
  • - the user's internet service provider
  • - IP address and the requesting provider.

We use this log data without assigning it to persons or creating any other profile. We evaluate it statistically for the purpose of operating, securing and optimising our website, and also for the purpose of anonymously recording the number of visitors to our website (traffic) as well as the extent and nature in which our website and services are used.  This information allows us to do the following: (1) provide personalised and location-based content, (2) analyse data traffic, (3) identify and cure errors, and (4) improve our services.

This is also our legitimate interest pursuant to Article 6(1)(f) GDPR.

We reserve the right to retroactively review log data where concrete indications give rise to a justified suspicion of unlawful use. We also store IP addresses where we have a concrete suspicion that a criminal offence has been committed in the context of our website being used.

3.3 Cookies

We use so-called session cookies to optimise our website. A session cookie is a small text file that is sent by the respective server when an internet site is visited and that is temporarily stored on your hard drive. The file as such contains a so-called session ID with which various requests of your browser can be assigned to the joint session. Thus, your computer can be recognised when you revisit our website. These cookies are deleted after you have closed your browser. For example, they serve to prevent that the cookie banner is redisplayed.

To a small extent we use persistent cookies (also small text files that are stored on your terminal device) that remain on your terminal device to enable us to recognise you at your next visit. These cookies are stored on your hard drive and erase themselves after the prescribed time. They expire after a period ranging from one month to ten years. This enables us to present our offer in a more user-friendly, effective and secure manner, and, for example, to display information on our site that corresponds with your interests.

Our legitimate interest in using cookies pursuant to Article 6(1)(f)GDPR lies in making our website more user-friendly, effective and secure.

The cookies store data and information such as the following:

  • - information on how often our website has been viewed as well as how often individual functions of our internet presence have been used.

An identification number is assigned to the cookie when it is activated, and your personal data is not assigned to this identification number. Your name, your IP address or similar data that would allow the cookie to be assigned to you will not be placed in the cookie. The cookie technology only provides pseudonymised information.

You can adjust the settings of your browser so that you are informed of the placement of cookies in advance and can decide in each individual case whether you refuse consent to cookies in specific cases or in general, or that cookies are prevented completely. This may limit the website's functionality.

3.4 Data to Meet Our Contractual Obligations

A contractual relationship in respect of our website only arises through a booking process. This occurs through the booking system of the company CTS Eventim AG & Co. KGAa, Contrescape 75a, 28195 Bremen (info@eventim.de).

We process the personal data that is necessary to meet our contractual obligations, which includes name, address, e-mail address, products ordered, invoice and payment data. Collecting this data is necessary for contract conclusion.

The data is erased upon expiration of the warranty periods and the statutory retention periods. Data that is connected to a user account (see below) will definitely remain for the period when this account is active.

The legal basis for processing this data is Article 6(1)(b) GDPR, since this data is needed so we can meet the contractual obligations we owe you.

3.5 User Account

You can create a user account for the booking procedure. If you wish to do so, we need the personal data requested at login. Only your email or your account name with your personal password will be needed for subsequent logins.

For new registration, we collect master data (e.g., name, address), communication data (e.g., e-mail address), payment data (bank details) and access data (user name and password).

To ensure that you can register properly and to prevent unauthorised registrations by third parties, you receive an activation link per e-mail after registering so that you can activate your account. We do not permanently store the data you have transmitted in our system until you have registered.

You can instruct us to delete any user account you have created without incurring any other costs than those for transmission as set out in our basic tariffs. Written notification to the contact data under Clause 1 (e.g., e-mail) is sufficient for this purpose. We will then delete your stored personal data unless we must store it to process orders or are required to do so due to statutory retention duties.

The legal basis for processing this data is your consent in accordance with Article 6(1)(a) GDPR.

3.6 Newsletter

To register for the newsletter, the data requested in the registration process is required. The registration for the newsletter is logged. After registration, a message is sent to the email address you provided, asking you to confirm your registration ("Double Opt-in"). This is necessary to prevent third parties from registering with your email address.

You can revoke your consent to receiving the newsletter at any time, thus cancelling the newsletter.

We store the registration data as long as they are needed for dispatching the newsletter. We store the registration protocol and the shipping address for as long as there was an interest in the proof of the originally given consent. Generally, this corresponds with the limitation periods for civil law claims (i.e., a maximum of three years).

The legal basis for processing this data is your consent pursuant to Article 6(1)(a) GDPR in conjunction with Article 7 GDPR in conjunction with § 7(2) no. 3 German Act Against Unfair Competition (UWG). The legal basis for the logging of the registration is our legitimate interest in proof that the shipment was made with your consent.

You can revoke the registration at any time without incurring any other costs than those for transmission as set out in our basic tariffs. Written notification to the contact data under Clause 1 (e.g., e-mail, fax, letter) is sufficient for this purpose. An unsubscribe link is available in every newsletter.

3.7 Contacting Us

If you contact us (e.g., per email), we process your data to process your query and for any follow-up questions.

If data is processed to carry out pre-contractual measures that occur upon your query, or, if you are already our customer, to perform the contract, the legal basis for processing this data is Article 6(1)(b) GDPR.

We only process additional personal data if you consent (Article 6(1)(a) GDPR) or if we have a legitimate interest in processing your data (Article 6(1)(f) GDPR). For example, a legitimate interest could be responding to your email.

In order to check incoming e-mails for spam messages, we forward all e-mails via an external server hosted by SoftUp Biederbeck & Warmann GbR, Gudewerdtweg 9, 24229 Dänsichenhagen. An additional spam filter is integrated on this server. The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest consists in repelling external attacks.

4. Social Media

This website uses links to our presence on social media sites. For this presence, the data protection and liability rules of the respective provider apply, which you can access as described in the following.

4.1 Facebook

We process your data for the purpose of effective information and support of our customers and interested parties. This is our legitimate interest pursuant to Article 6(1)(f) GDPR.

Processing is done on the basis of the statement on joint controllership(https://www.facebook.com/legal/terms/page_controller_addendum)

More detailed information on data protection:

Provider: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA

Website: https://facebook.com

Plugins: https://developers.facebook.com/plugins

Scope of Data: https://facebook.com/help/

Data Protection: https://facebook.com/policy.php

Facebook Blocker: https://webgraph.com/resources/facebookblocker

4.2 Twitter

Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA

Website: https://twitter.com

Data Protection: https://twitter.com/privacy

4.3 Instagram

Provider: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA

Website: https://instagram.com

Data Protection: https://instagram.com/about/legal/privacy

4.4 YouTube

Provider: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

Website: https://youtube.com

Data Protection: https://www.youtube.com/intl/de/yt/about/policies

5. Information on the Service Providers

To operate this website, we include external services to make our website more user-friendly, effective and secure. This is also our legitimate interest pursuant to Article GDPR.

5.1 YouTube

YouTube is a video portal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter "YouTube").

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the controller for users whose habitual residence is in the European Union.

Please read how Google acts in accordance with data protection provisions, also with regard to transmission to the USA: https://policies.google.com/privacy?hl=de

We use YouTube on the basis of Article 6 (1)(f) GDPR. Our legitimate interest is to improve the offer on our website.

The function "Extended Data Protection" has been activated to protect your data. A connection to YouTube is only established when the video is clicked. In doing so, at least the IP address is transmitted to YouTube.

If you are already logged in to YouTube, the connection data is assigned to your account. Please log out of YouTube first to prevent this.

5.2 Google Maps

To help you find our location we use Google Maps, a service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Please read how Google acts in accordance with data protection provisions, also with regard to transmission to the USA: https://policies.google.com/privacy?hl=de

We use Google Maps on the basis of Article 6 (1)(f) GDPR. Our legitimate interest is to improve the offer on our website and to provide better customer service to you.

As soon as this service is accessed on our site, a connection is established to Google, with which your IP address is transmitted to Google. If you are already logged in to YouTube, information on your search can be assigned to your user account. Please log out of Google first to prevent this.

5.3 Google Fonts

Our website uses Google Fonts to achieve a better display of fonts. This is a service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Please read how Google acts in accordance with data protection provisions, also with regard to transmission to the USA: https://policies.google.com/privacy?hl=de

We use Google Fonts on the basis of Article 6(1)(f) GDPR. Our legitimate interest is to optimise the presentation of our website and thus make it more attractive for customers.

As soon as this service is accessed on our site, a connection is established to Google, with which your IP address is transmitted to Google.

5.4 Google Ads

The Google Ads service is used on our website to display advertising material on external websites that draw attention to our offer. This service is offered by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Please read how Google acts in accordance with data protection provisions, also with regard to transmission to the USA: https://policies.google.com/privacy?hl=de

We use Google Ads on the basis of Article 6(1)(f) GDPR. Our legitimate interest is to display advertising that is customised for our target group's interests and to make our offer more attractive.

As soon as this service is accessed on our site, a connection is established to Google, with which your IP address is transmitted to Google. Google stores a cookie on your computer. This cookie is not used to identify a natural person but contains statistical values.

We receive campaign evaluations from Google, which do not include any personal data.

6. Tracking

6.1 Google Analytics

We use Google Analytics, a web analysis service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). Google Analytics uses so-called cookies, which are text files placed on your computer, to enable the website to analyse how you use the site. The information on how visitors use this website, which the cookie generates, can be transmitted to a server of Google in the USA and stored there.

We use Google Analytics on the basis of Article 6(1)(f) GDPR. Our legitimate interest is to operate our website economically.

Google has submitted to the Privacy Shield Agreement between the European Union and the United States, and is certified accordingly. Thus, Google is obligated to comply with the standards and provisions of European data protection law. Click on the following link for more detailed information: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We have activated IP anonymisation on this website (anonymizeIp). Thus, your IP address will be truncated in EU member states and in other states which are signatories to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA in exceptional cases, where it is then shortened. On our request, Google will use this information to evaluate your use of the website, compile reports about website activities, and render services for us that are connected to the use of the website and the internet.

Your IP address, which has been transmitted by your browser in the context of Google Analytics, will not be combined with other Google data. You can prevent the storage of cookies by using the respective settings of your browser software; however, please note that you might thus be unable to fully use all functions of this website.

Furthermore, by downloading and installing the browser plugin available at the following link, you can prevent that the data which is generated by the cookie and relates to your use of the website (including your IP address) is collected and processed by Google: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to store an opt-out cookie that will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click on this link again):

7. Duration of Storage

Unless specifically stated otherwise, we store personal data only for as long as it is necessary for the designated purposes.

In some cases, the legislator provides for the retention of personal data, such as in tax or trade law. In these cases, the data will only be further stored by us for these legal purposes, but will not be processed in any other way and will be deleted after expiry of the legal retention period.

8. Your Rights as a Party Affected by Data Processing

Under applicable law, you have various rights concerning your personal data. If you would like to assert these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address mentioned in Clause 1.

The following provides an overview of your rights.

8.1 Right to Confirmation and Information

You have the right to comprehensive information on the processing of your personal data.

In detail:

You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you may demand from us free-of-charge information on the personal data that is stored and relates to you; additionally, you can demand a copy of this data. Furthermore, you are entitled to the following information:

  • the purposes of processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed; in particular to recipients in third countries or to international organisations;
  • if possible, the planned duration for which the personal data will be stored; or, if this is not possible, the criteria for determining this duration;
  • the existence of the right to rectification or erasure of personal data, or restriction of the processing of personal data concerning you by the Controller, or the right to objection to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • if the personal data is not collected from you, all available information about the origin of the data;
  • the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for you.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

8.2 Right to Rectification

You have the right to ask us to rectify and, if necessary, complete personal data concerning you.

In detail:

You have the right to ask us to correct without delay any incorrect personal data concerning you. In consideration of the purposes of the processing, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration.

8.3 Right to Erasure ("Right to Be Forgotten")

In a number of scenarios, we are obliged to delete personal data concerning you.

In detail:

Pursuant to Article 17(1) GDPR, you have the right to demand that we delete without delay personal data relating to you, and we are obliged to delete personal data without delay if one of the following reasons applies:

  • The personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw consent on which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there are no other legal grounds for the processing.
  • You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  • The personal data has been unlawfully processed.
  • The Controller is subject to a legal obligation under Union or Member State law that prescribes erasure of the personal data.
  • The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If we have made the personal data public and are obliged to delete them pursuant to Article 17(1) GDPR, we will, with consideration of the available technology and the implementation costs, take reasonable measures, including technical measures, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.

8.4 Right to Limiting Processing

In a number of cases, you are entitled to request us to limit the processing of your personal data.

In detail:

You have the right to ask us to limit the processing if one of the following conditions is met:

  • the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data;
  • the processing is unlawful and you opposed the erasure of the personal data and requested the restriction of its use instead;
  • we no longer need the personal data for the purposes of processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our company override those put forth by you.

8.5 Right to Data Portability

You have the right to receive, transmit or have us transmit personal data concerning you in machine-readable form.

In detail:

You have the right to receive in a structured, common and machine-readable format the personal data which concerns you and which you have made available to us, and you have the right to transfer such data to another controller without hindrance from us where

  • the processing is based on consent to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or to a contract pursuant to Article 6(1)(b) GDPR; and
  • the processing is carried out by automated procedures.

When exercising your right to transfer data in accordance with sub-clause 1, you have the right to effect that the personal data be transferred directly from us to another controller, insofar as this is technically feasible.

8.6 Right to Object

You have the right to object to the lawful processing of your personal data by us if this is justified by your particular situation and if our interests in the processing do not outweigh the interests of the data subject.

In detail:

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Article 6 (1)(e) or (f) GDPR; this also applies to profiling based on these provisions.  We will not continue to process the personal data unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Where personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing; this also applies to profiling where it relates to such direct marketing.

You have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89(1) GDPR unless the processing is necessary for the performance of a task carried out in the public interest.

8.7 Automated Decisions Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects in relation to you or significantly affects you in a similar way.

There will be no automated decision making based on the personal data collected.

8.8 Right to Revoke the Declaration of Consent Under Data Protection Law

You have the right to revoke your consent to the processing of personal data at any time.

8.9 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider the processing of personal data relating to you is unlawful.

9. Data Security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data will be encrypted for transmission. This applies to all forms offered.  We use the SSL (Secure Socket Layer) coding system, but please note that the online transmission of data (e.g., when communicating per email) can be subject to security risks. Complete protection of data against access by third parties is not possible.

To protect your data, we maintain technical and organisational security measures in accordance with Article 32 GDPR, which we continually update to the state of the art of technology.

Furthermore, we do not warrant that our offer will be available at certain times; disturbances, interruptions or failures cannot be excluded. The servers we use are regularly and diligently backed up.

10. Transfer of Data to Third Parties, No Data Transfer to Non-EU States

As a general rule, we only use your personal data within our company.

If and to the extent that we involve third parties in the fulfilment of contracts (e.g., logistics service providers), they will only receive personal data to the extent that the transmission is necessary for the corresponding service.

In the event that we outsource certain parts of data processing ("Contract Processing"), we contractually oblige contract processors to use personal data only in accordance with the requirements of the data protection laws and to ensure that the data subject's rights are warranted.

A data transfer to bodies or persons outside the EU beyond the cases mentioned in this declaration in Clauses 5 and 6 does not take place and is not planned.

11. Data Protection Officer

Should you have any further questions or concerns regarding data protection, please contact our data protection officer:

Sven Weschler

dsb-planetarium-hamburg@iqanta.com

12. Changes to this privacy policy

If new services or providers are used to operate this website, we reserve the right to adapt this data protection declaration in order to comply with legal requirements. This adapted privacy policy will apply when you revisit this website.