Thank you for visiting our website. We take the protection and security of your personal data seriously and would like you to feel secure when visiting our website and using our Internet services and to know which personal data is processed when using our Internet services.
Name and contact details of the controller
Gasteig München GmbH
Represented by Managing Director Max Wagner
Adress: Rosenheimer Straße 5, 81667 München, Germany
Phone: +49 (0)89 480 98-0
Purposes for which your personal data are processed and legal bases for their processing
The term »personal data« refers to all information relating to an identified or identifiable natural person. In the following cases, we process personal data from you relating to your use of our website for the purposes stated below and based on the legal basis mentioned:
- Processing of personal data for the purpose of registering for »Türmer München«: To register for »Türmer München«, you must specify a specific time and date. For this purpose, we process your personal data. This consists of your title, surname, first name, telephone number, street address, postal code, city, date of birth and e-mail address. Legal basis for processing your personal data: Consent in accordance with point (a), Article 6(1) GDPR.
- Processing of personal data for contacting you:
When you use the e-mail address given on the www.tuermer-muenchen.de website, we use your personal data to process your request. This consists of your e-mail address and, if applicable, the title, surname, first name and other contents of your e-mail to us. Legal basis for processing your personal data: Consent in accordance with point (a), Article 6(1) GDPR.
- Processing of personal data for the purpose of investigating and prosecuting violations or misuse of our online offers:
We identify and track breaches or misuse of our online offers or telecommunications services and facilities, for which we process your personal usage data. These are the IP address of the requesting computer, date and time of access, name and URL of the file accessed and the website from which access is made (referrer URL). Legal basis for processing your personal data: Legitimate interest of the controller in accordance with point (f), Article 6(1) GDPR.
You are not obliged by law to provide us with your personal data when using our website and it is not necessary for concluding a contract. We do not use your personal data that is processed through our website for automated decision making, including profiling.
Categories of recipients of personal data
Your personal data that is processed through our website will be transmitted or made accessible to other recipients only if this is necessary for us to process your request or if we have entrusted other recipients with the performance of individual tasks or services and access to these personal data is thereby necessary or cannot be excluded. The categories of recipients of personal data processed through our website are:
- Internal departments involved in completing the respective business processes (e. g. Purchasing, Accounts, IT)
- Service provider for hosting, maintenance and administration of our website or our databases and for website analysis. Currently this is: Hetzner Online GmbH, Gunzenhausen
- External service providers for direct independent support of the respective business processes (e. g. courier or delivery service providers, tax consultants, auditors)
The transmission of your personal data processed through our website to the above recipients takes place with your consent in accordance with point (b) Article 6(1) GDPR, due to the legitimate interests of the controller in accordance with point (f) Article 6(1) GDPR, for order processing in accordance with Article 28(1) GDPR.
In addition, your personal data that are processed through our website are transmitted to state institutions or authorities if we are obliged to provide information by law or as a result of a court order. Furthermore, your personal data that are processed through our website are transmitted to government institutions or authorities if this is necessary to prosecute criminal offences against us as the injured party and to prosecute disruptions or misuse of our online offers or telecommunications services and systems or to assert, exercise or defend civil law claims (legal basis for processing your personal data: legitimate interest of the controller in accordance with point (f) Article 6(1) GDPR, processing for other purposes by non-public bodies in accordance with Para. 24(1) of the German Federal Data Protection Act).
Data transmission to recipients in a third country or to an international organisation
We do not transfer your personal data processed via our website to a recipient in a third country or to an international organisation.
Duration of storage of personal data
Your personal data processed through our website will only be stored for as long as is necessary to fulfil the purposes for which they were processed. In addition, your personal data processed through our website will be stored if required by law, the articles of association or contractual retention periods. For example, personal data relevant to tax law are usually stored for a period of 10 years; other personal data are usually stored for a period of 6 years in accordance with commercial law regulations.
Information about your rights as a data subject
In general, and with respect to your personal data processed through our website, you may exercise the rights set out below:
- Right of access in accordance with Article 15 GDPR:
You have the right to request information from the controller about the personal data stored about you and other information relating to this personal data.
- Right to rectification in accordance with Article 16 GDPR:
You have the right to obtain from the controller rectification of inaccurate personal data concerning you.
- Right to erasure in accordance with Article 17 GDPR:
You have the right to obtain from the controller the erasure of personal data concerning you.
- Right to restrict processing in accordance with Article 18 GDPR:
You have the right to request the controller to restrict the processing of personal data concerning you.
- Right to data portability in accordance with Article 20 GDPR:
You have the right to receive your personal data from the controller in a structured, commonly used and machine-readable format.
- Right of revocation in accordance with Article 7(3) GDPR:
You have the right to withdraw your consent given in accordance with point (a) Article 6(1) to the processing of your personal data at any time. Your withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal.
- Right to object in accordance with Article 21(1) GDPR:
You have the right to object at any time to the processing of your personal data in accordance with point (e) or (f) Article 6(1) GDPR.
- Right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR:
If, as data subject, you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Competent supervisory authority: Bavarian Data Protection Authority, Promenade 27 (Schloss), 91522 Ansbach, Germany; Phone: +49 (0) 981-531300, Fax: +49 (0) 981-53981300, E-mail: firstname.lastname@example.org.
The exercise of your rights to cancellation, restriction of processing, revocation or objection may mean that you can use our website or other services that we provide only to a limited extent.
Secure transmission of personal data through SSL encryption, links to other websites
Personal information that you submit via our website and the Internet is encrypted using the Secure Socket Layer (SSL) encryption technology. SSL technology encrypts and protects your personal data when it is transmitted via our website and the Internet. Our website may contain links to other websites. If you use such links, you will automatically be taken to another website for whose privacy policies we assume no responsibility. For your own safety, you should carefully read the privacy policies of the websites concerned.
Contact details of the Data Protection Officer
Data Protection Officer Gasteig München GmbH
℅ TÜV SÜD Sec-IT GmbH
Version: October 2020