Privacy Policy

Privacy Policy for www.stadtgarten.de

We acknowledge and respect your personal data, we store and process it responsibly. The processing of personal data concerning offers on our website www.stadtgarten.de (‘website’) is carried out in accordance with the General Data Protection Regulation (‘GDPR’) as well as applicable German data protection regulations.
The submission of your personal data on our website is generally neither required by law nor by contract. You are therefore not obliged to provide any personal data on this website unless we need to request this within the boundaries of this Privacy Policy to enable you to make use of certain website offers.
This Privacy Policy explains which type, scope and purpose is applicable when processing personal data collected by us when you visit our website. With this Privacy Policy we also inform you about your rights regarding the processing of your personal data.

I. Name and Contact Details of Data Controller

The following information about data protection applies to data processing by:
Initiative Kölner Jazz Haus e.V.
represented by the Executive Board Ulla Oster, Joachim Ullrich, Robert Landfermann, Rainer Linke, Angelika Niescier
Venloer Str. 40
50672 Cologne
Germany
phone: +49 (0) 221 - 952 994-0
fax: +49 (0) 221 - 952 994-9
email: info@stadtgarten.de
web: www.stadtgarten.de

II. General Information about Data Processing

1. Scope of Processing Personal Data

We only process personal data of our website users if this is necessary to provide a functional website, our content and services. Personal data of our users is generally only processed if our users have given consent to such processing. With the exception where prior consent cannot be obtained for legitimate reasons and processing personal data is permitted by law.

2. Lawful Basis for Processing Personal Data

If we obtain the data subject’s consent for processing his or her personal data, GDPR Article 6.1(a) serves as lawful basis.
For processing personal data necessary for the performance of a contract to which the data subject is party, GDPR Article 6.1(b) serves as lawful basis. This also applies to processing necessary data prior to entering into a contract.
If processing personal data is necessary to comply with a legal obligation to which we are subject to as an association, GDPR Article 6.1(c) serves as lawful basis.
In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, GDPR Article 6.1(d) serves as lawful basis.
If processing is necessary to safeguard our association’s or a third party’s legitimate interest and if the interests, fundamental rights and freedoms of the data subject do not outweigh this legitimate interest, GDPR Article 6.1(d) serves as lawful basis.

3. Data Erasure and Storage

The personal data of the data subject will be erased or restricted as soon as the purpose for which the personal data is stored ceases to apply. Personal data may be stored for longer periods of time if this complies with the Union or Member State law in Union regulations, laws or other provisions to which the data controller is subject. Data restriction or erasure shall also be effected upon expiry of the required storage period according to above mentioned regulations, unless there is a need for longer data storage for the conclusion of a contractual agreement or performance of a contract.

4. Data Recipient

The recipient of the personal data collected via our website is the data controller stated in I) above. In addition, data processors (web hosts, technical support, etc.) which have possibly processed personal data on our behalf also have access to the data collected via our website. However, compliance with statutory regulations is guaranteed by Data Processing Agreements (DPA) we shall conclude with our processors based within the EU.

III. Website and Data Collection for Technical Purposes

When visiting our website for information purposes only, i.e. if you do not contact us, do not provide us with any information or register for our newsletter, we only collect the data which is automatically sent to the server of our website by the browser used on your device. This information is stored temporarily in a log file. The following information is stored without any input from you until its automatic erasure:
• IP address of your device;
• Date and time of access;
• Name and URL of the retrieved file;
• Website from which our website was accessed (referrer URL);
• Browser used and, if applicable, your device’s OS as well as the name of your internet provider;
• Notification about successful retrieval;
• Amount of data transferred.
The above data will be processed by us for the following purposes:
• To ensure a smooth connection with our website;
• To ensure comfortable use of our website;
• To evaluate system security and stability; and
• For other administrative purposes.
The lawful basis for data processing as mentioned above is GDPR Article 6.1. The grounds for our legitimate interest are based on the above-mentioned purposes for data collection. We shall not use the data for any purpose that allows us to conclude your identity.
The server log files with the above data are automatically deleted after 14 days. We reserve the right to store the server log files for a longer period for the legitimate purpose of detecting unauthorized access (such as a system hack attempt or a DDOS attack).

IV. Collection, Storage and Usage of Personal Data

1) You Subscribe to Our Newsletter

On our website you can subscribe to our newsletter, which informs subscribers about events at our venue, the Stadtgarten restaurant and about news regarding our association. The advertised services are explicitly stated in the declaration of consent.
If you have given your consent to receive our newsletter in compliance with Article 6.1(1), we will use your personal data to send you our newsletter. The only mandatory information for receiving our newsletter is your email address.
We use the double opt-in procedure for subscriptions to our newsletter. This means that after you completed your registration we send you an email to the specified email address asking you to confirm that you would like to receive our newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and deleted. In addition, we store your IP addresses at the time of registration, the time of registration and your confirmation. By the means of this procedure we can prove your active registration and, if necessary, clarify a possible unauthorised use of your personal data.
After your confirmation we will save your email address for the purpose of sending you our newsletter. The lawful basis for this is GDPR Article 6.1(1).
You can withdraw your consent to receive our newsletter at any time and unsubscribe the newsletter. You can unsubscribe by clicking on the unsubscribe link in each newsletter by email or by sending an email to info@stadtgarten.de with your unsubscribe request.
Our newsletter is sent by ‘MailChimp’, a newsletter distribution platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
Email addresses of our newsletter recipients, as well as any associated data, are stored on MailChimp servers in the US. MailChimp uses this information to send and evaluate our newsletter on our behalf. MailChimp can use this data according to their own policies to optimize or improve their services, e.g. to optimize the technical aspects of sending or presentation of the newsletter or for economic purposes, in order to determine the countries, the recipients come from. However, MailChimp does not use the data of our newsletter recipients for their own correspondence, nor to pass them on to third parties.
We have entered into a Data Processing Agreement (DPA) with MailChimp. In this Agreement, MailChimp guarantees to protect our users’ data, to process the data on our behalf in accordance with the Privacy Policy regulations in this Agreement and to not to pass them on to third parties.
We trust in MailChimp’s reliability as well as their IT and data integrity. MailChimp is EU-U.S. Privacy Shield certified and guarantees to comply with EU privacy laws. https://www.privacyshield.gov/participant?id=a2zt0000000000TO6hAAG&status=Active.
The Privacy Policy by MailChimp can be viewed here https://mailchimp.com/legal/privacy/.
Our newsletters contains a web beacon, i.e. a pixel-sized file embedded in emails with HTML format to enable log file recording and analysis. This allows the statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded web beacon in our newsletters, we can see whether and when an email was opened by a newsletter recipient and which links in the email were clicked by the viewer.
We store and evaluate this type of personal data collected by web beacons contained in our newsletters to optimize the newsletter dispatch and to better align the content of future newsletters with the viewers’ interests. This personal data will not be passed on to third parties. Data Subjects are entitled to withdraw their original consent via the double opt-in procedure at any time. After withdrawal, we erase the associated personal data. Unfortunately, a specific withdrawal from web beacon usage and its success measure feature is not possible. Should you object to the usage of this web beacon, you have to unsubscribe our newsletter altogether.

2) You Contact Us by Email

If you contact us by email, we store your provided data (in particular your email address, if applicable your surname and name, your phone number, etc.) in order to process and answer your enquiry. Processing the above-mentioned data qualifies as a necessary legitimate interest for the purpose of processing your enquiry.
The lawful basis for this is GDPR Article 6.1(1). If the enquiry results in a contract, then the additional lawful basis for this is GDPR Article 6.1(b).
The transmitted data shall be deleted as soon as it is no longer necessary for the purpose of its collection, i.e. when the conversation with you has terminated. The conversation has terminated when it can be clearly concluded that the query has been solved.
V. Disclosure of Data to Third Parties
Except in cases mentioned in IV) of this Privacy Policy, we only pass on your data to third parties if
(1) You have given your explicit consent in compliance with GDPR Article 6.1(1);
(2) The disclosure in compliance with GDPR Article 6.1(1)(f) is necessary to assert, exercise and/or defend legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data;
(3) In the event that a legal obligation exists for the transfer in compliance with GDPR Article 6.1(1)(c); and
(4) It is lawful and required for the performance of a contractual relationship with you in compliance with GDPR Article 6.1(1)(b).

V. Transfer of data to third parties

Except in the cases mentioned under point IV of this privacy policy, we will only pass on your data to third parties if
(1) you have given your express consent under Art. 6 para. 1 sentence 1 lit. a DSGVO,
(2) The disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary for the assertion, exercise and/or defence of legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data,
(3) In the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 lit. c DSGVO, and
(4) This is permitted by law and required for the processing of contractual relationships with you in accordance with Art. 6 Para. 1 Sentence 1 lit. b DSGVO.

VI. Cookies

We use cookies on our website. Cookies are text files which are stored in or by a browser on a user's computer. When a user visits any website, a cookie may be stored in the user's OS. This cookie contains a characteristic string of characters which is used as means to identify a given user’s browser when the website is revisited. The use of cookies makes the use of our website and offers more pleasant for you.
We use session cookies to recognize that our website users have already visited individual pages of our website. These session cookies are automatically deleted after leaving our website. To provide you with a user-friendly website we use such temporary cookies which are stored on your device for a certain period of time. When you revisit our site to take advantage of our offers and services, it automatically recognizes that you have already been on our site and which entries and settings you have made, so that you do not have to re-enter them.
In addition, we use cookies on our website in relation with Google Analytics (for further information refer to section (VII)). Cookies, which enable us to analyse the browsing behaviour by users of our website. The personal data collected by using Google Analytics is pseudonymised by technical means. It is therefore not possible to link the data to any specific website user. The data shall not be stored together with other website users’ personal data.
When you visit our website for the first time, a banner will inform you about our use of cookies and refer you to this Privacy Policy.
Cookies are used to improve the quality of our website and its content. By the means of analysing these cookies we learn how our website is being used and can continuously optimize our offers.
Our legitimate interest for processing personal data are defined by these purposes. The lawful basis for processing personal data using cookies is GDPR Article 6.1(1).
As our website user you have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. However, if cookies are deactivated for our website, some website features may not be usable.

VII. Use of Facebook

We have embedded features by Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA) on our website. When you access one of our website pages which contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to your browser and embedded into our website. By embedding the plugins, Facebook receives the information that your browser has used the corresponding page on our website, even if you do not have a Facebook account or aren’t currently logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the US and stored there. If you are logged in to Facebook, Facebook can associate your visit to our website directly with your Facebook account. If you interact with the plugins, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook may use this information for the purpose of advertising, market research and user-centred design of the Facebook pages. Facebook creates usage, interest and relationship profiles for this purpose, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website.
The purpose and scope of the data collection and the data’s processing and use by Facebook as well as your rights and settings options for the protection of your privacy can be found in the Facebook Privacy Policy: https://www.facebook.com/about/privacy/.
Facebook is EU-U.S. Privacy Shield certified and therefore committed to comply with EU data protection regulations: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

VIII. Use of Twitter

We have embedded features by Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) on our website. You can recognize Twitter plugins (tweet button) by the Twitter logo on our site. An overview of the tweet buttons can be found here: https://about.twitter.com/resources/buttons. When you access one of our website’s pages that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our website with your IP address. If you click the Twitter ‘tweet button’ while being logged into your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to associate the visit of our pages with your user account. We would like to point out that we are not aware of the content of the data transmitted or how this is used by Twitter. If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account before consulting our website.
Further information regarding Twitter's Privacy Policy: http://twitter.com/privacy.
If you want to change your privacy settings on Twitter: http://twitter.com/account/settings.
Twitter is EU-U.S. Privacy Shield certified and therefore committed to comply with EU data protection regulations: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

IX. Embedded YouTube Videos

We have embedded YouTube videos on our website which are stored at http://www.YouTube.com, but can be played directly from our website. These are all embedded in the ‘extended privacy mode’, meaning that that no data about you as a user will be transmitted to YouTube if you do not play a video. Only when you play a video, the data referred to in section (III) will be transmitted to YouTube.
Irrespective of the fact if you have a YouTube user account at all or are logged in or not. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out of Google before activating the button. We have no influence on this data transmission.
YouTube stores your data as user profiles and uses them for the purpose of advertising, market research and/or user-oriented design of their website. These analysis (even of users who are not logged in) are especially used to provide targeted advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles in accordance with GDPR Article 6.1(1)(f). However, you must contact YouTube to exercise this right.
For more information on the purpose and scope of data collection and processing by YouTube, please refer to their Privacy Policy. Further information about your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
Google also processes your personal data in the US and is EU-U.S. Privacy Shield certified: https://www.privacyshield.gov/EU-US-Framework.

X. Rights of Data Subjects

If personal data about you is being processed, you are considered a data subject according to the GDPR and you have the following rights in regard to the data controller:
(1) The right to request information about your personal data processed by us in accordance with GDPR Article 15. You may particularly request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of object, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about their details;
(2) The right to immediately request the rectification or completion of incorrect or incomplete personal data stored by us in accordance with GDPR Article 16;
(3) The right to request the deletion of your personal data stored by us in accordance with GDPR Article 17, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
(4) The right to restrict the processing of your personal data in accordance with GDPR Article 18, if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection to the processing according to GDPR Article 21;
(5) The right to receive your personal data, which you have provided to us, in a structured, current and machine-readable format in accordance with GDPR Article 20 or to request the transmission to another data controller;
(6) The right to withdraw your original consent towards us at any time according to GDPR Article 7.3. We are then no longer allowed to continue processing data based on this original consent in the future; and
(7) The right to file a complaint with a supervisory authority in accordance to GDPR Article 77. Generally, you can contact the supervisory authority at your usual place of residence or workplace, or our association’s headquarters.

XI. Right to Object

In the event, that we process your personal data on the basis of a legitimate interest in accordance with GDPR Article 6.1(1)(f), you have the right to object to this processing in accordance with GDPR Article 21, provided that there are reasons for doing so that arise from your situation, or the objection is directed against direct advertising. When exercising the right to object, we ask you to explain the reasons why we should not process your personal data the way we did. In the event of your justified objection, we will examine the situation and either stop or adapt data processing, or point out our legitimate reasons for protection, on the basis of which we will continue processing the data.

XII. Data Integrity

We use the most common SSL (Secure Socket Layer) method combined with the highest level of encryption supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted with encryption is indicated by the closed key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved according to technological developments.

XIII. About this Privacy Policy

You are advised that it may be necessary to adapt this Privacy Policy due to changes in legal or official requirements. The current Privacy Policy can be viewed any time on the website, can be consulted and printed out by you.