Data protection

Information in accordance with § 5 TMG

(Telemedia Act § 5 General Information Duties)

Data protection information

We, the Burg Frankenstein Event and Restaurant GmbH, take the protection of your personal data very seriously and we adhere strictly to the rules of the data protection acts. Personal data on this website is collected only as far as is technically necessary. The data we collect is never sold or distributed to third parties.

The following declaration gives you an overview of how we guarantee this protection and what kind of data is collected for what purpose.

Data protection declaration

  1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection acts of the member states as well as other data protection related provisions is:

Halloween Veranstaltung GmbH

Sandgasse 49,
64347 Griesheim
Phone: 0 61 51 501 501
Fax: 0 61 51 – 501 500
e-mail: mail@frankenstein-halloween.de

  1. General information regarding data processing
  1. Extent of processing of personal data

We generally only collect and use the personal data of our users, insofar as is necessary for the provision of a functional website as well as our contents and services. The collection and use of the personal data of our users takes place regularly only after the consent of the user. An exception applies in such cases in which the previous obtaining of consent is not possible for factual reasons and the processing of the data is allowed by statutory regulations.

  1. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, the legal basis for the processing of said personal data is Art. 6 par. 1 lit. a of the EU General Data Protection Regulation (GDPR).

For the processing of personal data required for the fulfilment of a contract to which the data subject is the contracting party, the legal basis is Art. 6 par. 1 lit. b GDPR. This also applies for processing which is required for the implementation of pre-contract measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Art. 6 par. 1 lit. c GDPR.

In the case that processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Art. 6 par. 1 lit. d GDPR.

If processing is necessary for the protection of the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the first-stated interests, the legal basis for processing is Art. 6 par. 1 lit. f GDPR.

 

  1. Data erasure and storage duration

The personal data of the data subject is erased or blocked, as soon as the purpose of the storage no longer exists. Storage may furthermore take place, if this is provided for compliance with a legal obligation in the European Union or Member State ordinances, laws or other regulations to which the controller is subject. Blocking or erasure of the data also takes place when a storage period specified by the named standards expires, unless there is a necessity for the further storage of the data due to the conclusion of a contract or the fulfilment of a contract.

III.     Provision of the website and creation of log files

  1. Description and extent of data processing

Upon each use of our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is saved in this process:

(1)   Information regarding the type of browser and the version used

(2)   The operating system of the user

(3)   The internet service provider of the user

(4)   The IP address of the user

(5)   Date and time of the access

(6)   Websites from which the system of the user accesses our internet site

(7)   Websites that are called up by the system of the user via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

 

  1. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 par. 1 lit. f GDPR.

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the computer of the user. For this, the IP address of the user remains stored for the duration of the session. Storage takes place in log files to ensure the functional capability of the website. Furthermore, the data is used by us to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this respect.

These purposes also substantiate our legitimate interest in the data processing pursuant to Art. 6 par. 1 lit. f GDPR.

  1. Duration of storage

The data is erased as soon as it is no longer required for the accomplishment of the purpose of its collection. In the event of the acquisition of the data for the provision of the website, this is the case when the respective session ends. If the data is stored in log files, this is the case after seven days at the latest. A continuation of storage beyond this period is possible. In this case, the IP addresses of the users is erased or pseudonymised, such that allocation to the calling client is no longer possible.

  1. Objection and disposal possibility

The acquisition of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. The user therefore does not have an option of objection.

  1. Use of cookies
  1. a) Description and extent of data processing

Our website uses cookies. Cookies are small text files, which are stored in the internet browser or by the internet browser on the computer system of the user. If a user calls up a website, a cookie can be saved on the operating system of the user. This cookie contains a characteristic character string, which enables the clear identification of the browser when the website is called up again.

This website uses the following types of cookies, whose scope and working principles are described below:

–               Transient cookies

–               Persistent cookies

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser must be able to be identified after changing pages. Furthermore, we use cookies on our website, which enable us to analyse the surfing behaviour of the users. This way, the following data can be transferred:

(1)   Entered search terms

(2)   Frequency of page visits

(3)   Usage of website functions

The user data collected in this way is pseudonymised by means of technical precautions. Therefore, allocation of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users. When calling up our website, the users are informed by means of an info banner about the use of cookies for analysis purposes and referred to this data protection declaration. In this connection an indication is also given regarding how to prevent the storage of cookies in the browser settings. The user is ultimately asked to consent to the data processing.

 

  1. b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 par. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is, upon the existence of the relevant consent of the user is Art. 6 par. 1 lit. a GDPR.

  1. c) Purpose of data processing

The purpose of the use of technically necessary cookies is to simplify the use of websites for the users. Some functions of our website are not available without the use of cookies. For this, the browser must be able to be identified again after changing pages. The user data collected by technically necessary cookies is not used to create user profiles.

Analysis cookies are used to improve the quality and content of our website. The analysis cookies provide us with information as to how the website is used, which enables us to continuously optimise our offer.

These purposes also substantiate our legitimate interest in the processing of personal data pursuant to Art. 6 par. 1 lit. f GDPR.

 

  1. d) Duration of storage, possibility of objection and erasure

Transient cookies (see a) are deleted automatically when you close the browser. These include particularly the session cookies. Session cookies save a so-called session-ID, which permit the assignment of different browser searches to the general session. This enables your computer to be recognised when you return to our website. Session-cookies are deleted when you log off or close your browser.

Persistent cookies (see a) are automatically deleted after a pre-specified duration which can vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings. Therefore, you as the user have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also take place automatically. If cookies for our website are deactivated, it may be possible that not all functions of the website can be fully used.

Flash cookie transfer is not regulated by the browser settings but by changes to Flash Player settings.

 

  1. Google Analytics

Our websites use Google Analytics, a web analysis services of Google Inc. (“Google”). The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

For this, Google use so-called “cookies”, which are text files stored on your computer to enable the analysis of your use of the website. The information generated by the cookie with regard to your use of the website

–  Browser type/version,

–  Operating system used,

–  Referrer URL (site previously visited),

–  Host name of the accessing computer (IP address),

–  Time of server request,

is usually transferred to a Google server in the USA and stored there. The website also uses Google Analytics with the extension “_anonymizeIp()”, so that data is only processed in an anonymized form. For this, the IP address is shortened by the last three digits, such that the clear allocation of the IP address is no longer possible. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional cases.

On our behalf, Google will use this information to analyse your use of the website, to compile reports on the website activities and to render further services associated with the website and Internet use. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google’s behalf. Google will not connect your IP address with other data from Google. These purposes also substantiate our legitimate interest in the processing of personal data pursuant to Art. 6 par. 1 lit. f GDPR.

The basis for the data processing is Art. 6 par. 1 S. 1 lit. f GDPR. Erasure of the data takes place automatically after statistical evaluation.

You can prevent the installation and storage of the cookies by making the appropriate setting in your browser software. We must hereby inform you that, in this case, you may possibly not be able to fully utilise certain functions of this website.

You can also prevent the collection of the data related to your use of the website and generated by the cookie (incl. your IP address) to Google and the processing of said data by Google, by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser add-on, in particular for browsers on mobile end devices, you can also prevent the collection by Google Analytics by setting an opt-out cookie in your browser, which prevents the future collection of your data when visiting this website. The opt-out cookie applies only in this browser and only to our website and is stored on your device. If you delete the cookies in this browser you must set the opt-out cookie anew.

https://developers.google.com/analytics/devguides/collection/analyticsjs/user-opt-out

By using the website, you declare that you consent to the processing of your personal data collected by Google in the manner described and for the purpose described above. For further information on Google Analytics, please refer to the internet under the following link of the manufacturer Google: https://support.google.com/analytics/answer/6004245?hl=de.

 

  1. Use of Google Adwords Conversion

We use the Google Adwords product with the help of advertising materials (so-called Google Adwords), to draw your attention to attractive offers on external websites. In relation to the data of advertising campaigns we can determine how successful individual advertising measures are. We do this in the interest of drawing your attention to advertising which is of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.

These advertising materials are supplied by Google via so-called “Ad Servers”. We use Ad Server cookies with which we can measure specific parameters for success measurement, such as display of advertisements or clicks by the user. If you access our website via a Google advertisement, Google Adwords saves a cookie on your PC. These cookies generally expire in 30 days and are not intended to be used to identify you personally. The analysis values generally saved to this cookie are the unique cookie-id, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) as well as opt-out-information (marker, that the user no longer wishes to be approached).

These cookies enable Google to recognise your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie saved on its computer has not expired, Google and the customer can recognise that the user has clicked on the advertisement and has been directed to this site. A different cookie is assigned to each Adwords customer. Cookies cannot therefore be traced via the websites of Adwords customers. We do not collect or process any personal data in the specified advertising actions. We only receive statistical evaluations from Google. These evaluations can tell us which of our advertising measures has been the most successful. We receive no further data from the use of the advertising materials and in particular we cannot identify the user with this information.

Based on the marketing tool your browser automatically connects directly to the server of Google. We have no influence on the scope and further use by Google of the data collected by the use of this tool and this information is therefore based on our current understanding: By the integration of AdWords Conversion Google obtains the information that you have actuated the corresponding part of our Internet site or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google and/or have not logged in, it is possible that the provider will be able to acquire and save your IP address.

You can prevent participation in this tracking method in different ways:

  1. a) by setting the corresponding settings in your browser software, particularly suppressing third party cookies, you can choose not to receive advertisements from third party providers;
  2. b) by deactivating the cookies for conversion tracking, by setting your Browser so that cookies from the domain “www.googleadservices.com” are blocked https://www.google.de/settings/ads. This setting is deleted when you delete your cookies;
  3. c) by deactivating the interest-related advertisements from providers who are part of the self-regulating “About Ads” campaign, via the link http://www.aboutads.info/choices. This setting is deleted when you delete your cookies;
  4. d) by permanent deactivation in your browser Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We must hereby inform you that, in this case, you may possibly not be able to fully utilise certain functions of this website.

The legal basis for processing your data is Art. 6 par. 1 p. 1 lit. f GDPR. You will find further information about the data protection at Google here:

http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has opted into the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

VII.     Use of social media plug-ins

This site uses plug-ins from the Facebook provider.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, APPROX 94304, USA. You will find an overview of the plug-ins of Facebook here:

https://developers.facebook.com/docs/plugins/

if you call up a sub-page of our website that has one of the plug-in stated above, a connection to the servers of Facebook is established and the plug-in is displayed on the website by a message to your browser. The servers of Facebook then know which of our Internet pages you have visited. If you are logged in as a member of Facebook, Facebook will assign this information to your personal user account. During the use of the plug-in functions (e.g. clicking the “Like” button, leaving a comment on Facebook) this information is also allocated to your account, which you can only prevent by logging out prior to using the plug-in.

The plug-ins are only regularly activated when you click on the corresponding buttons. If these are displayed greyed-out, the plug-ins are inactive. You have the possibility to activate the plug-ins once or permanently.

The plug-ins establish a direct connection between your browser and Facebook. This takes place only after the activation of the plug-in. As the website operator we have no influence whatsoever on the nature and extent of the data transferred by the plug-in to the servers of the plug-in providers.

For further information regarding the collection and use of the data by the network provider, your relevant rights and possibilities for the protection of your privacy, please refer to the respective data protection information of the providers:

Data protection information:

Facebook, accessible under https://www.facebook.com/policy.php.

The basis for the data processing via our website is Art. 6 par. 1 S. 1 lit. f GDPR.

If you do not want the network providers to directly allocate the data collected via our website to your user profile, you must log out of your network account prior to visiting our website. In addition, the loading of the plug-ins can be completely prevented by means of specially developed add-ons for your browser.

 

VIII.     Newsletter

  1. Description and extent of data processing

There is an option to subscribe to our free newsletter on our website. If you subscribe to the newsletter, the data from the input mask is transmitted to us.

In addition, the following data is collected upon registration:

(1)   IP address of the activating computer

(2)   Date and time of the login

During the registration process your consent is obtained for use of your data and reference is made to this data protection declaration. There is no disclosure of the data to third parties in relation to the data processing for the sending of newsletters. The data is used exclusively to send the newsletter.

 

  1. Legal basis for data processing

The legal basis for the processing of the data after registration for the newsletter by the user, subject to the consent of the user, is Art. 6 par. 1 lit. a GDPR.

 

  1. Purpose of data processing

The user’s email address is collected in order to be able to send the newsletter. The collection of other personal data in the context of the registration process is used to prevent misuse of the services or of the email address.

 

  1. Duration of storage

The data is erased as soon as it is no longer required for the accomplishment of the purpose of its collection. The user’s email address is stored for as long as the user’s newsletter subscription is active. The other personal data collected in the context of the registration process is generally deleted after a period of seven days.

  1. Objection and disposal possibility

The newsletter subscription can be cancelled by the user concerned at any time in writing or by e-mail. For this purpose, each newsletter also includes a corresponding link. This also makes it possible to revoke the consent to the storage of the personal data collected during the registration process.

 

  1. Contact form and email contact
  1. Description and extent of data processing

A contact form is available on our website, which can be used for the establishment of electronic contact (including for table reservation or purchase of a voucher). If a user takes advantage of this option, the data entered in the input mask is transferred to us and saved. In addition, the following data is saved at the time the message is sent:

(1)   The IP address of the user

(2)   Date and time of the login

Within the framework of the sending procedure, your consent to the processing of the data is obtained and reference is made to this data protection declaration. As an alternative, contact may be made via the e-mail address provided. In this case, the personal data of the user that is communicated together with the e-mail is stored. No disclosure to third parties takes place in this respect. The data is solely used for processing the conversation.

 

  1. Legal basis for data processing

If consent has been obtained from the user, the legal basis for processing the data is Art. 6 par. 1 lit. a GDPR. The legal basis for the processing of the data transferred in the process of sending an e-mail is Art. 6 par. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is Art. 6 par. 1 lit. b GDPR.

 

  1. Purpose of data processing

The processing of the personal data from the input mask serves only for the purpose of establishing contact. In the case of establishing contact via e-mail, this also involves the necessary legitimate interest in the processing of the data. The other personal data processed during the sending procedure serves to prevent any misuse of the contact form and to ensure the security of our IT systems.

 

  1. Duration of storage

The data is erased as soon as it is no longer required for the accomplishment of the purpose of its collection. For the personal data from the input mask of the contact form and that sent via e-mail, this is the case when the respective conversation with the user is finished. The conversation is only over when the circumstances indicate that the situation in question has been finally clarified. The personal data additionally collected during the sending procedure is erased after a period of seven days at the latest.

  1. Objection and disposal possibility

The user has the possibility at any time to revoke his consent to the processing of his personal data. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored during the establishment of contact is erased in this case.

  1. Rights of the data subject

If your personal data is processed, you as the data subject in the sense of the GDPR have the following rights against the controller:

 

  1. Right to information

You can demand confirmation from the controller as to whether personal data referring to you is being processed by us.

In the case of such processing, you can demand the following information from the controller:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipients, to whom your personal data has been disclosed or will be disclosed;

(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the storage period;

(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of personal data by the controller or of a right of objection to said processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) where the personal data is not collected from the data subject, any available information as to the source;

(8) the existence of automated decision-making, including profiling, referred to in Art. 22 par. 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed whether your personal data is to be transferred to a third country or an international organisation. In this connection you can demand to be informed as to the suitable safeguards pursuant to Art. 46 GDPR in conjunction with the transfer.

 

  1. Right of rectification

You have a right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data. The controller must implement the rectification immediately.

 

  1. Right to restriction of processing

You have the right to obtain the restriction of processing of your personal data under the following conditions:

(1) you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but is required by you for the establishment, exercise or defence of legal claims; or

(4) you have objected to processing pursuant to Art. 21 par. 1 GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of your personal data has been restricted, said personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained a restriction of processing pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.

 

  1. Right to erasure
  2. a)   Erasure obligation

You can demand from the controller that your personal data is immediately erased, and the controller is obligated to immediately erase said data, if one of the following reasons apply:

(1) The personal data is no longer required in relation to the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing is based according to Art. 6 par. 1 lit. a, or Art. 9 par. 2 lit a GDPR and where there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 par. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 par. 2 GDPR.

(4) Your personal data has been unlawfully processed.

(5) The erasure of your personal data is required for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) Your personal data has been collected in relation to the offer of information society services referred to in Art. 8 par. 1 GDPR.

  1. b)   Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Art. 17 par. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the person affected have requested the erasure of all links to said data, or of copies or replications of said personal data.

  1. c)   Exceptions

The right to erasure does not exist if processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 par. 2 lit. h and i as well as Art. 9 par. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 par. 1 GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of said processing; or

(5) for the establishment, exercise or defence of legal claims.

  1. Right to notification

If you have exercised the right to rectification, erasure or restriction of processing against the controller, said controller shall be obligated to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You are entitled with respect to the controller to be instructed about said recipients.

 

  1. Right to data portability

You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit said data to another controller without hindrance from the controller to which the personal data has been provided, where:

(1) the processing is based on consent pursuant to Art. 6 par. 1 lit. a GDPR or Art. 9 par. 2 lit. a GDPR or on a contract pursuant to Art. 6 par. 1 lit. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you shall also be entitled to have the personal data transferred directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of other persons.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

  1. Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 par. 1 lit. e or f GDPR; this shall also apply to profiling based on these provisions.

The controller shall no longer process your personal data, unless he can present compelling protection reasons for processing that outweigh your interests, rights and freedoms, or that processing serves the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

If you object to the processing for purposes of direct marketing, we shall no longer process your personal data for these purposes.

In connection with the use of the services of the information company – irrespective of the directive 2002/58/EC – you have the possibility to exercise your right of objection by automated means where technical specifications are used.

 

  1. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent pursuant to data protection law at any time. The lawfulness of the processing performed based on the consent until the time of revocation shall not be affected by the revocation of the consent.

 

  1. Right to lodge a complaint with a supervisory authority

Irrespective of another administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Further information

Your trust is important to us. We are always therefore happy to discuss the processing of your personal data with you. If you have any questions which this data protection declaration has not answered or if you require further details about any item please contact the Burg Frankenstein Event and Restaurant GmbH.