Privacy Policy
Stiftung Garnisonkirche Potsdam
We, Stiftung Garnisonkirche Potsdam, hereby inform you, in this Privacy Policy, about the type, scope, purpose, duration, and legal basis of the processing of personal data when using our website.
I. General
1. Responsibility
Responsible for the collection, processing, and use of data in connection with the use of our online services, including the online shop, is:
Stiftung Garnisonkirche Potsdam (SGP)
Breite Str. 7
14467 Potsdam
Telephone: +49 331 95 12 68 00
Email: service@garnisonkirche-potsdam.de
2. Contact for Data Protection Inquiries
Questions and comments on data protection can be sent via email to service@garnisonkirche-potsdam.de.
3. Explanation of Key Terms
- “GDPR” stands for General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
- “BDSG” stands for the German Federal Data Protection Act.
- “Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Processing” (Art. 4 No. 7 GDPR) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- “Consent” (Art. 4 No. 11 GDPR) means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
II. Data Processing when Visiting Our Website
1. Website Access and Log Files
a) Explanation and Processing Purpose:
Each time our website is accessed, we automatically process the following information:
- The IP address of your computer or other device (e.g. tablet or smartphone) and your browser’s request(s)
- The amount of data transferred, browser type, browser version, browser language, and the operating system used.
The IP address and information pertaining to your browser’s request are technically necessary for accessing and using the website; without processing these data, it is not possible to access or display the website. The IP address is anonymized by way of abbreviation or deleted once it is no longer technically required for accessing/using the website.
Information on the amount of data transferred, browser type and version, screen resolution, and operating system is collected and processed to optimize the display of content, identify system loads, and make future adjustments and improvements to the website, potentially based on statistical evaluations.
The data are deleted as soon as they are no longer necessary for the purpose for which they were collected. If data are collected to provide the website, this occurs when the session ends. Log files are deleted or anonymized at the latest after seven days, making it impossible to identify the accessing client.
b) Legal Basis:
The legal basis for processing is Art. 6(1)(f) GDPR. The legitimate interest in processing consists in technically enabling website access, optimizing the display of content to the user, and improving/optimizing the website in the future.
c) Right to Object:
Where data processing is based on Art. 6 (1)(f) GDPR, the user has a right to object. See below (“Data Subject Rights“).
2. General Information about Cookies
a) General Information about Cookies:
Our website uses cookies. Cookies are small text files stored locally on the visitor’s device (e.g., PC, smartphone, tablet) when visiting a website. They can contain various information about the device used and usage behavior and are sent back to the cookie-setting web server upon reconnection to recognize the user and their settings.
Storing cookies can generally be prevented by adjusting the browser settings. Additionally, already stored cookies can be deleted via your browser. Both actions may result in certain functionalities of the website not being usable or not being comfortably usable. You can also conveniently adjust the settings for the various cookies directly on our website (see below).
b) Categories of Cookies:
The cookies used on our website may be from us or third parties and can serve different purposes:
- Necessary Cookies: These are required for the proper access, smooth use, and proper display of our website’s content and functionalities.
- Comfort Cookies: These cookies enhance the usability of our website (e.g., avoiding unnecessary multiple settings).
- Analysis/Statistics Cookies: These cookies collect information about how our website is used and how you arrived at our site. The information helps us statistically evaluate usage, particularly for the purpose of improving and optimizing our website and services in future.
- Advertising/Marketing Cookies: These cookies, usually from external companies, store information about websites previously visited by the user and use it to display personalized advertising tailored to the user’s interests.
Details about the specific cookies used can be found in the cookie banner notice or cookie consent tool (see below). Further information on third-party cookies is provided below. The cookie tool also provides information on the specific effects of not granting or withdrawing consent.
c) Legal Bases for the Use of Cookies:
The use of necessary cookies is based on legitimate interest according to Art. 6(1)(f) GDPR. The legitimate interest lies in enabling the proper display and use of our website’s functionalities.
Right to Object:
Where data processing is based on Art. 6(1)(f) GDPR, the user has a right to object without prejudice to any other rights they may have. See below (“Data Subject Rights”).
The use of cookies from all other categories is based on your consent according to Art. 6(1)(a) GDPR via the cookie consent tool (see next heading).
d) Cookie Banner and Cookie Consent Tool:
Upon the first visit to our website through a browser, as well as after deleting cookies in the browser, a banner appears containing information about individual cookies and allowing the user to activate or deactivate them. If cookies requiring consent are used, the banner can also be used to adjust settings regarding their use. In this case, you can consent to the use of cookies for entire categories or individual cookies within categories by checking the respective boxes. This does not apply to necessary cookies the use of which is not based on your consent but on a legitimate interest (see above); you have a right to object to the necessary cookies (see below “Data Subject Rights”).
e) Right of Withdrawal:
Granting consent is voluntary and can be withdrawn at any time for the future by appropriately changing the selection. You can change the cookie settings at any time via a link in the footer found on every page of our website and withdraw consent by deactivating the respective cookie. Withdrawal does not affect the lawfulness of the processing carried out based on the consent up until the time consent was withdrawn.
III. User Account and Orders
1. Registration and User Account
a) Explanation and Processing Purpose:
You have the option to create a user account, which allows you to store personal data for future orders, view orders, etc. However, orders can also be placed without prior registration. During registration, the following data are required:
- Title
- First name, Last name
- Language
In your login area, you can change the data at any time and add more information to the user account. Additionally, further data about your account are stored when using the site, i.e. the contents of your shopping cart, your wishlist, and information about orders placed.
b) Legal Basis:
The legal basis for collecting and processing personal data when setting up a user account is your consent (Art. 6(1)(a) GDPR). The personal data provided during an order and collected during the ordering process are processed to establish, fulfill, and execute the respective purchase contract and forwarded to the seller (see below: “Ordering Tickets”). The legal basis for this is Art. 6(1)(b)GDPR. The order information is also stored in your user account to allow you to view this information. The legal basis for this is your consent (Art. 6(1)(a) GDPR).
c) Right of Withdrawal:
You can delete the user account at any time in the login area and thus withdraw your consent. If no orders have been placed as a registered user, all data stored in the user account will be deleted. Please note, however, that order-related data collected or otherwise processed during an order may not be deleted immediately after the user account is deleted but may continue to be processed. If the contract has not yet been completely fulfilled at that point in time, further processing occurs to fulfill the contract (Art. 6(1)(b) GDPR). After the contract has been fully processed, the relevant contract data will be blocked for further use and deleted after the statutory tax and commercial retention periods (Art. 6(1)(c) GDPR) unless further processing is exceptionally justified or even required for other reasons. If further storage and other processing are necessary for the assertion of or defense against civil law claims, this is based on Section 24(1) No. 1 BDSG.
2. Ordering Tickets
a) Explanation and Purpose of Processing:
On our website, we offer you the opportunity to purchase tickets for visiting the Garnisonkirche viewing platform. For this purpose, you will be redirected to the Gomus ticket system, operated by Giant Monkey GmbH, Brunnenstraße 39, 10115 Berlin, hereinafter “Gomus”. Giant Monkey GmbH has been bound by us to comply with the statutory data protection requirements by way of a data processing agreement.
You can place orders either as a registered customer or as a guest. Setting up a user account is optional. To place an order, the following data is required:
- Title and first and last name
- Address
- Information about the ordered tickets
- Payment information
The personal data provided during an order and collected as part of the ordering process is processed for the purpose of establishing, fulfilling, and processing the respective purchase contract. After the complete processing of the contract, the relevant data is stored until expiration of the statutory commercial or tax retention periods. In individual cases, further storage and processing may occur for the assertion of or defense against civil claims. In your user account, the data will be stored until the account is terminated.
b) Legal Basis:
The legal basis for data processing to establish and process orders is Art. 6(1)(b) GDPR. Further processing of the data after contract processing to comply with commercial or tax retention periods is based on Art. 6(1)(c) GDPR. If further storage and processing occur for the assertion of or defense against civil claims, it is based on § 24 (1) No. 1 BDSG.
c) Further Information – Gomus:
Data protection information for Gomus can be found under Privacy Policy (gomus.de).
3. Payment Processing
a) Explanation and Purpose of Processing:
For payment via PayPal, we use a payment tool operated in the EU by Stripe Payments Europe (“Stripe”), Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (www.stripe.com). Information on the provider’s data protection practices can be found here: https://stripe.com/de/privacy. When using this payment method, your name, address, PayPal email address, invoice amount, currency, and transaction number are transmitted to Stripe, which in turn transmits the data to PayPal.
For payments via credit card, Apple Pay, and Google Pay, we use a payment tool from Payyo TrekkSoft AG, Hauptstraße 15, 3800 Matten near Interlaken, Switzerland (www.payyo.ch). Information on the provider’s data protection practices can be found here: https://www.trekksoft.com/de/datenschutzerklaerung.
b) Legal Basis:
The legal basis for the processing of data by payment service providers is Art. 6(1)(b) GDPR, as data processing is necessary for the fulfillment of a contract. Furthermore, processing is based on Art. 6(1)(f) GDPR, with our legitimate interest being to ensure secure payment processing and prevent fraud.
IV. Donation tool
1. Use of the donation form
a) Explanation and Purpose of Processing:
On our website, we use the donation form of twingle GmbH, Prinzenallee 74, 13357 Berlin, Germany, hereinafter “twingle”, to provide you with a simple option for supporting our projects via donations. When you use the donation tool, the data you enter when making the donation (e.g. contact details, address etc.) will be stored by twingle, on our behalf, on servers in Germany solely for the purpose of processing the donation.
To ensure compliance with all statutory requirements, we have concluded an agreement with twingle for commissioned data processing.
Further information on the scope and purpose of data collection and processing can be found in twingle’s privacy policy at: https://www.twingle.de/datenschutz.
b) Legal Basis:
The legal basis for the processing of personal data is Art. 6(1)(b) GDPR, for the establishment and performance of the donation agreement.
V. Newsletter
1. Explanation and Purpose of Processing:
On our website, you can sign up for our newsletter, which informs you about current offers and events. For this, it is necessary to provide your email address and consent to the use of this email address for future newsletter delivery. The personal data you provide will be electronically transmitted to and processed by the external service provider Brevo to include you in our newsletter distribution list. Brevo is a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, hereinafter referred to as “Brevo”, for managing email addresses and sending messages.
When you sign up for our newsletter, the following personal data will be collected, stored, and further processed by Brevo for the purpose of sending the newsletter:
- The IP address of your computer or other device (e.g. tablet or smartphone) and the request(s) of your browser
- Date and time of access
- Email address
- Date and time of registration and confirmation
To ensure compliance with legal requirements, we have concluded a data processing agreement with Brevo.
2. Legal Basis:
The legal basis for processing personal data for sending the newsletter is Art. 6(1)(a) GDPR. By signing up for our newsletter, you consent to the processing of your personal data. We use the double-opt-in procedure for newsletter registration, which means that after your registration, we will send you an email to the provided address asking for confirmation that you wish to receive the newsletter. The purpose of this procedure is to verify your registration and to be able to detect any possible misuse of your personal data.
3. Right of Withdrawal:
The consent required for receiving the newsletter is voluntary and can be revoked at any time with future effect through a simple declaration (e.g. via email). At the end of each newsletter you will find a link which you can use to unsubscribe from the email list and thus withdraw your consent. Without consent, it is not possible to sign up for the newsletter.
4. Further Information – Brevo:
Data protection information from the service provider Brevo can be found at Datenschutzrichtlinie – Schutz der personenbezogenen Daten | Brevo.
VI. Contact
1. Explanation and Purpose of Processing:
You can contact us for questions, requests, and concerns via our email address service@garnisonkirche-potsdam.de. To respond to your inquiries and handle your requests, the personal data you provide – including your email address – will be processed electronically by us. The purpose of the processing is to handle your contact and your request.
2. Legal Basis:
The legal basis for processing your personal data when contacting us is Art. 6(1)(f) GDPR. The legitimate interest lies in processing and responding to your inquiry directed at us. In some cases, the processing of data may also be based on other legal grounds. In individual cases, the processing of these data may also be permitted or required by other legal bases, such as Art. 6(1)(c) GDPR (legal obligations, e.g., commercial or tax retention periods) or § 24(1) No. 1 BDSG (assertion of or defense against civil claims).
Right of Objection:
In cases where data processing is based on Art. 6(1)(f) GDPR, users have the right to object to the processing of their personal data at any time, without prejudice to other rights. See below (“Data Subject Rights”).
VII. Additional Web Tools Used
1. Notes on Data Transfers to Third Countries
On our website, we use third-party tools that may transfer personal data to third countries, i.e. countries outside the EU. We provide specific details regarding these tools within their respective sections (see below).
These countries include the USA. We hereby advise you that, according to the European Court of Justice (CJEU), the USA does not provide an adequate level of data protection, as defined by EU law, compared to EU member states. Rights guaranteed under EU law may only be partially or not at all guaranteed there. In particular, we must point out that US authorities may access data processed by a US company without informing you about such access, and you may not be able to assert and enforce your rights to the same extent and effectiveness as within the EU.
2. Google Maps
a) Explanation and Purpose of Processing
Our website contains a link to Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). By activating the link, you leave our website. The processing of personal data on the linked page is not conducted by us but by Google. When Google Maps is accessed, Google may create usage profiles and use cookies (see above).
Google stores your data as usage profiles and uses them for advertising, market research, and/or to customize its website. Such evaluation is done particularly (even for users not logged in) to provide personalized advertising and to inform other users about your activities on our website. IP addresses are anonymized, preventing direct identification (IP masking).
If you have a Google account and are logged in while using Google Maps, Google may link usage data to your account.
b) Further Information on Google Maps:
Further information on the purpose and scope of data collection and processing by Google can be found in the provider’s privacy policies at http://www.google.de/intl/de/policies/privacy and https://privacy.google.com/take-control.html. There, you can also find information on your rights concerning Google and options to protect your privacy.
3. YouTube Videos
a) Explanation and Purpose of Processing:
YouTube videos from the YouTube platform are embedded on our website to integrate videos from YouTube channels into our online offerings. YouTube is a video sharing platform operated in the EU by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”). When visiting one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established, informing YouTube’s server which of our pages you have visited.
We use YouTube in the online service’s enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store information about visitors to this website before they watch the video. Only when you start a YouTube video embedded in our website will a connection to YouTube’s servers be established to play the video. YouTube processes general data such as:
- Referrer URL
- IP address of your device (e.g. computer, tablet, smartphone) and browser request(s)
- Date and time of accessing the video
If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
b) Legal Basis and Right to Withdraw Consent:
The legal basis for processing personal data by YouTube is your consent according to Art. 6(1)(a) GDPR, which you can provide via the cookie consent tool described above. Giving consent is voluntary and can be withdrawn for the future via the same tool at any time. You can change cookie settings and revoke consent by disabling the respective cookie through a link in the footer present on every page of our website.
c) Further Information on YouTube:
For further details on the purpose and scope of data collection and processing by YouTube, consult the provider’s privacy policies at Privacy Policy – Privacy and Terms – Google. There, you can also find information on your rights concerning YouTube and options to protect your privacy.
4.Matomo
a) Explanation and Purpose of Processing:
We use the open-source tool Matomo for statistical analysis of visits to our website, which is activated after obtaining your prior consent. The tracking measures employed aim to ensure user-friendly design and continuous optimization of our website. Matomo is also used to statistically record website usage for optimization purposes.
This web analysis uses cookies (see above for explanations). Information generated by cookies about website usage is compiled into pseudonymous user profiles. Data is not shared with third parties, and IP addresses are anonymized, preventing direct identification (IP masking). Matomo evaluates data such as: Pages visited, access times and locations, clicked links, screen resolution, loading times, browser type, language settings, etc.
b) Legal Basis and Right to Withdraw Consent:
Matomo is used solely based on your prior consent (Art. 6(1)(a) GDPR). Upon initial access to our website, a banner appears enabling you to consent to Matomo activation. This consent can be withdrawn, with effect for the future, either via the link in the footer of our website or here: Consent Settings. Withdrawal of consent is carried out by deselecting the feature.
5. Links to Websites (Social Media)
Our website contains various links to social media profiles on third-party websites (Facebook and Instagram). Clicking these links does not set cookies on our site, but platform providers may use cookie technologies on their platforms, potentially involving profiling and tracking. Please review the following privacy policies:
- Facebook: https://de-de.facebook.com/privacy/policy/
- Instagram: https://help.instagram.com/155833707900388
VIII. Recipients of Personal Data
In connection with the provision of our website and services, there may be further transfers of personal data to third parties, strictly for specific purposes. These recipients include data processors as defined in Article 28 GDPR. In addition to the aforementioned parties, potential recipients may include categories such as web hosting, IT support, website administration, server administration, and tax consulting.
IX. Rights of Data Subjects
a) You have the right to obtain confirmation from us as to whether or not we are processing personal data concerning you. If we are, you have the right to access this personal data within the scope permitted by law (Article 15 GDPR in conjunction with § 34 BDSG). This does not apply if the data:
- is retained solely due to legal or statutory retention requirements, or
- is used exclusively for backup or data protection control purposes,
and providing such information would require disproportionate effort, with processing for other purposes excluded through appropriate technical and organizational measures.
b) You also have the right to request the rectification of inaccurate personal data concerning you and, considering the purposes of processing, the completion of incomplete personal data, including by way of an explanatory note, where appropriate (Article 16 GDPR).
c) In the cases listed in Article 17(1)(a) to (f) GDPR, you additionally have the right to request erasure of personal data, unless an exception under Article 17(3) GDPR applies, and in cases under Article 18(1) GDPR, the right to restriction of processing.
d) Furthermore, in cases under Article 20(1) GDPR, you have the right to data portability.
e) Consent declarations can be revoked at any time with future effect and without stating reasons.
f) You have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. You can find the supervisory authority responsible for our main establishment here: https://www.lda.brandenburg.de.
g) Right to object to processing based on legitimate interest.
If data processing is based on Article 6(1)(f) GDPR (“legitimate interest”), you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation.
X. Concluding Remarks
1. Automated Decision-Making and Profiling
Automated decision-making and profiling do not occur.
2. No Obligation to Provide Personal Data
There is generally no legal or contractual obligation to provide us with personal data for visiting our website. However, providing personal data may become contractually or legally required, for example, in order to establish or execute a contract between you and us. For instance, entering into a contract may require disclosure of the contracting party or the natural person acting on behalf of a legal entity.
This Privacy Policy may be amended from time to time to adapt to changed circumstances, particularly changes in legal requirements, regulatory practices, or case law. The current version can always be found on our website under the “Data Protection” section.
Last updated: June 2024