Data Protection Policy
1. Name and contact data of the controller (responsible for the processing)
This data protection policy applies for data processing by
Geopark Ries e. V.
Further information can be found in the imprint of this website.
If you have any comments or questions about the data processing by the Association, we are at your disposal at any time under the aforementioned contact data.
2. Purposes of the data processing, data categories and legal bases
a) Visiting the website
When you open our website, the browser used on your end device automatically sends information to our website server. This information is saved temporarily in a log file. The following information is collected without any action on your part and saved until it is automatically deleted:
- IP address of the requesting computer,
- date and time of the access,
- name and URL of the requested file,
- website from which the access is made (referrer URL),
- browser type and version and further information sent by the browser (such as your computer's operating system, the name of your access provider, geographical origin, language setting etc.).
In addition, two persistent, technically necessary cookies are used.
We process and evaluate the cookies and the specified data for the following purposes:
- ensuring a smooth connection set-up to the website,
- ensuring user-friendly use of our website,
- evaluating the system security and stability and
- for further administrative purposes.
The data stored in the log file and the persistent cookies will be deleted automatically after 30 days.
The legal base for the data processing is Art. 6 (1) 1st sentence lit. f GDPR. Our justified interest arises from the purposes given above. Under no circumstances shall we use the data collected for the purpose of drawing conclusions about you as an individual.
b) Ordering info material
If you order info material from our website, we collect the information provided in the order form for the purpose of processing the order. Compulsory information is marked with an asterisk symbol (*). The data are processed on the basis of Art. 6 (1) 1st sentence lit. b GDPR following your request and are required for the aforementioned purpose of fulfilling the contract and precontractual measures.
To ensure smooth and simple processing of your order and faster clarification of any queries, you can also voluntarily provide your electronic or telephone contact data. You can also send us a message. The legal base is Art. 6 (1) 1st sentence lit. a GDPR.
The personal data we collect for the order will saved until complete processing of the order and then deleted.
c) Use of the personal notepad
If you use the personal notepad function, your notepad will be saved in a so-called “session cookie” and deleted after the session has expired.
d) Using our contact form
If you contact us using the contact form, we collect the information provided in the contact form for the purpose of processing your message. Compulsory information is marked with an asterisk symbol (*). We process the fields marked with the asterisk symbol and your message on the basis of Art. 6 (1) 1st sentence lit. f GDPR. The processing and any required answering of questions are a justified interest.
You can also voluntarily provide your electronic or telephone contact data so that your contact can be processed faster. The legal base is Art. 6 (1) 1st sentence lit. a GDPR.
The data you sent will be deleted and the purpose of storage no longer applies as rule with the complete processing or answering of your inquiry.
We have commissioned Magenta4 GmbH, Pfahlstr. 25, 85072 Eichstätt for the technical implementation of the contact process via the contact form. A data processing contract pursuant to Art. 28 GDPR has been concluded with Magenta4 GmbH.
e) Ordering our newsletter
If you order our newsletter, we process the information shown in the registration form on the basis of your consent (Art. 6 (1) 1st sentence lit. a GDPR). After you enter the information, we will first send you a confirmation email. Please click on the confirmation link in that email to be included in the newsletter mailing list. In conjunction with this double-opt-in procedure, we store the IP address used for registration on our website and to which the confirmation was sent and the time of those actions. The legal base for this processing is Art. 6 (1) 1st sentence lit. f GDPR. The ability to prove in cases of doubt about consent being given to receive our newsletter is a justified interest. Due deliberation found no overriding exclusion interests for the visitors to the website.
f) Creating statistics on the use of the website with Google Analytics
On the basis of your consent, Art. 6 (1) 1st sentence lit. a GDPR, we use the Google Analytics service, a web analysis service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, IrlandGoogle LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google") on our website. This uses information to evaluate the use of the website, to compile reports on the website activities and to render further services related to the website use and Internet use for the purposes of market research and needs-based design of this website. The IP addresses will be anonymised, so that linking of the use to your person is not possible (IP masking).
In conjunction with this, pseudonymised usage profiles will be created and cookies will be used. The information created by the cookie about your use of this website such as
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
We have concluded a data processing contract with Google. Under that contract, Google warrants that the data will be processed as per our instructions and the protection of the data subjects' rights is ensured.
The information may be passed to third parties, in so far as this is required by law or if third parties process these data under contract. The processed data can be sent to servers in the USA and other unsafe third countries (see also number 3) and processed there. Concerning that transfer, Google cites the standard contractual clauses approved by the EU Commission as a safeguard for ensuring a level of data protection comparable to the EU.
The user data collected by the Google Analytics cookies will be deleted automatically after 14 months.
g) Zur Buchung von Tickets
Wir bieten die Möglichkeit der Ticketbuchung des jeweiligen Veranstalters auf unserer Website an. Wenn Sie sich dazu entscheiden, eine Führung verbindlich zu buchen, ist es für die Vertragsabwicklung erforderlich, dass wir personenbezogene Daten zu ihrer Person an den Veranstalter und Dienstleister der Buchungsabwicklung weitergeben. Nach der Weiterleitung haben wir keinen Zugriff auf die durch den Veranstalter erhobenen Daten. Weitere Informationen zum Datenschutz im Zusammenhang mit der Buchung finden Sie in den Datenschutzbestimmungen des Veranstalters.
g) Google Maps
This website uses the Google Maps map service to display map material. The provider is Google. We use Google Maps on the basis of your consent, which can be revoked at any time, Art. 6 Para. 1 S. 1 lit. a GDPR.
If you give your consent for Google Maps via the consent management tool or click on a map from Google Maps on our website, information about your use of this website and your IP address will also be transmitted to a Google server in the USA. This happens regardless of whether Google provides a user account that you are logged into or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. Your data will be deleted as soon as it is no longer required for the purpose of processing.
We are jointly responsible with Google for the use of Google Maps (Art. 26 GDPR) and have concluded an agreement with Google on joint responsibility.
Further information on data protection in connection with Google Maps can be found in Google's data protection declaration.
Google also transmits the information to Google servers in the USA (see also section 3). The transmitted data are only pseudonyms; it is not possible to identify your name. For data transfers from Google to processors or group companies in the USA or other insecure third countries, Google relies on standard contractual clauses approved by the EU Commission.
h) Leaflet / OpenStreetMap
This website uses the open source-based Java script library Leaflet API to integrate maps from the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, Great Britain (hereinafter “OpenStreetMap”). OpenStreetMap collects freely usable geodata and stores it in a database for free use.
The web browser used connects to other servers to integrate and display the map material. This will process information about your use of this website and personal data (in particular your IP address). The legal basis for processing is the consent you have given in accordance with Art. 6 Paragraph 1 Sentence 1 Letter a GDPR, which can be revoked at any time with effect for the future.
Google Maps is implemented as a framework for the Leaflet API and OpenStreetMap, so that you can only use the external map services on our website together and not select and deselect them individually.
For the transmission of personal data to Great Britain, we rely on the adequacy decision of the EU Commission according to Art. 45 Para. 1 GDPR.
Further information on data protection in connection with OpenStreetMap can be found here: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
i) Implemented YouTube videos
On our website we use components (videos) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "YouTube"), a Google company. The implementation is on the basis of your consent pursuant to Art. 6 (1) 1st sentence lit. a GDPR. Loading the videos on our website will send data to Google. In particular, data about which of our Internet pages you have visited and device-specific information including the IP address will be sent to Google.
Here, we use the "privacy-enhanced mode" option provided by YouTube. If you open a page that has an embedded video, a connection to the YouTube servers will only be made and the content shown on the Internet page by instruction to your browser, if you actually watch the video.
If you are logged in with YouTube at the same time, that information will be assigned to your member account at YouTube. You can prevent this by first closing your member account before visiting our website. Your data will be deleted, once they are no longer needed for the purpose of the processing.
Further data protection information in conjunction with YouTube can be found in the Google data protection policy.
Google sends the information also to Google servers in the USA (see also number 3). The data sent are merely pseudonyms, no linking to your name is possible. In that case, you also give your consent in awareness of the risks described below that your data will be sent to the USA pursuant to Art. 49 (1) lit. a GDPR.When Google transfers data to processors or group companies in the USA or other insecure third countries, Google uses standard contractual clauses approved by the EU Commission as a safeguard for ensuring a level of data protection comparable to the EU.
j) Uniform fonts with fonts.com
For uniform presentation of fonts, this website uses web fonts provided by Monotype GmbH (fonts.com and/or fast.fonts.net). When you access a page, your browser loads the required web fonts to your browser cache so that texts and fonts can be shown properly. This requires the browser you use to open a connection to the fonts.com servers. A technically necessary cookie is used to recognise the end device you are using. This informs fonts.com that our website was accessed via your IP address. The Fonts.com web fonts are used in the interest of a uniform and appealing presentation of our online offerings. This is a justified interest within the meaning of Art. 6 (1) 1st sentence lit. f GDPR. Through the use of Monotype GmbH web fonts, data such as the IP address and referrer URL can be collected during the website visit and sent to servers of Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA and processed there. The data will be processed anonymised. Linking to your person is excluded. More information about this can be found here. We have no influence over this transfer.
If your browser does not support web fonts, a standard font on your computer will be used.
Further information about these web fonts can be found at https://www.fonts.com/info/legal and in the data protection policy of Fonts.com: https://www.fonts.com/info/legal/privacy and the data protection policy of Monotype GmbH: https://www.monotype.com/legal/privacy-policy.
3. Additional information about data transfers to third countries
Personal data will only be sent to a third country or an international organisation, if we inform you about it and the preconditions of Art. 44 ff. GDPR are satisfied.
A third country is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered unsafe, if the EU Commission has not made an adequacy decision for that country pursuant to Art. 45 (1) GDPR, in which it is confirmed that there is an adequate level of protection for personal data in that country.
The USA is such an unsafe third country. This means that a level of data protection comparable to that in the EU is not provided in the USA. The following risks arise when sending personal data to the USA. There is a risk that US authorities can gain access to the personal data under the PRISM and UPSTREAM surveillance programs based on Section 702 FISA (Foreign Intelligence Surveillance Act) and on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective possibilities of legal protection against such access in the USA or in the EU.
We will inform you in this data protection information about when and how we send personal data to the USA or other unsafe third countries. We send your personal data only if
- the recipient offers appropriate safeguards pursuant to Art. 46 GDPR for the protection of the personal data,
- you have explicitly consented to the transfer, after we informed you about the risks, pursuant to Art. 49 (1) lit. a) GDPR,
- the transfer is required to fulfil contractual obligations between you and us or
- another exception under Art. 49 GDPR applies.
Safeguards pursuant to Art. 46 GDPR can be standard contractual clauses. In those standard contractual clauses, the recipient warrants to sufficiently protect the data and so ensure a level of protection comparable to the GDPR.
4. Affected parties’ rights
You have the right:
- pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the categories of the personal data, the categories of recipients to whom the personal data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of or objection to processing, the existence of a right to lodge a complaint, the origin of your data in so far as not collected by us, and about the existence of automated decision-making including profiling and where appropriate meaningful information about the details thereof;
- pursuant to Art. 16 GDPR to demand the rectification of inaccurate or completion of incomplete personal data stored by us without undue delay;
- pursuant to Art. 17 GDPR to demand the erasure of your personal data stored by us, in so far as the processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- pursuant to Art. 18 GDPR to demand the restriction of the processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose their erasure; we no longer need the data but you do for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to demand they be transmitted to another controller;
- pursuant to Art. 7 (3) GDPR to revoke your consent to us at any time. This means that we may no longer continue data processing based on that consent in the future and
- pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence, place of work or our registered offices.
In so far as your personal data are processed on the basis of justified interests pursuant to Art. 6 (1) 1st sentence lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data in so far as there are reasons which arise from your particular situation or the objection is to direct advertising. In the latter case, you have a general right to object which we will implement without your having to specify a particular situation.
To assert your rights, please use the contact data provided at the beginning of this data protection policy.
5. Actuality and changing of this data protection policy
The further development of our website and offers on or to changes in statutory or official requirements may make it necessary to change this data protection policy.