Privacy Policy

Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing 

   1. Cookie manager
   2. Cookies
   3. Contact and booking enquiries
   4. Orders via the online shop
   5. Newsletter subscription
   6. Online job applications
   7. Social networks
   8. YouTube integration
   9. Google Maps integration
   10. VR tours
   11. Matomo (formerly PIWIK)

I. Information about us as controllers of your data

The party responsible for this website (the „controller“) for purposes of data protection law is:


Staatliche Schlösser und Gärten Hessen
Schloss
61348 Bad Homburg
Germany

Phone: +49(0)6172/9262-120
E-Mail: datenschutz@schloesser.hessen.de

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

1. Cookie Manager

To obtain consent for the use of technically unnecessary cookies on the website, the provider uses a cookie manager. When the website is called up, a cookie with the settings information is stored on the end device of the user so that the request for consent does not have to be made on a subsequent visit. The cookie is required to obtain legally compliant user consent. You can prevent cookies from being installed by adjusting the settings on your internet browser.

2. Cookies

a) Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address. This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function. The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships. If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR. When you close your browser, these session cookies are deleted.

b) Third-party cookies

If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website. Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

c) Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support. If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

3. Contact and booking enquiries

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all. The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR. Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

4. Orders via the online shop

a) Purpose and data

You have the option of purchasing or ordering certain products, such as tickets, vouchers, but also registering for events via our online shop (https://www.shop.schloesser-he...). In addition, if you wish to access the shop more frequently, you can register for a customer account for repeated use. For this purpose, the following data is processed in addition to the general data that is already collected when you visit the website (https://www.schloesser-hessen....):

  • Name and e-mail address, as well as preferred language (German/English)
  • In the case of registration: additionally the address data and a password to be assigned by you, whereby no permanent storage of the password itself takes place, but only a check code (so-called hash value)
  • The products you have selected that you would like to order, including the costs
  • A note that you can add to your order
  • The payment method selected for the order and, subsequently, details of how the payment was made

The data may also be used for marketing purposes to an appropriate extent.

b) Legal basis

The aforementioned data categories are collected and processed in the context of contract initiation and fulfilment. In addition, if a purchase contract is concluded, the resulting accounting documents are stored on a legal basis in accordance with Section 147 (1) No. 4 of the German Fiscal Code. Use for marketing purposes is based on our legitimate interest in making our offer more attractive and advertising it.

c) Data transmission and access rights

The access rights are based on our respective internal authorisation concept and the corresponding written order agreements with our service providers. The State Palaces and Gardens of Hesse is also authorised to pass on the necessary data to third parties commissioned by it to carry out the event visit or ticket sales to the extent required for this purpose. It is assured that the use of customer-related data by the State Palaces and Gardens of Hesse itself and by the commissioned third parties is strictly confidential. In the context of events organised in cooperation with other institutions and organisations, it is sometimes necessary to forward registrations to these cooperation partners. If this is the case, you will be informed of this separately during the registration process.

d) Storage period

If a purchase contract is concluded in our online shop, we are legally obliged to store the accounting documents for a period of ten years. The documents are then deleted. If you register for repeated use of the online shop, the customer account will be deleted when the corresponding account is cancelled or when we discontinue the corresponding offer. In all other cases, the data will be deleted as part of an appropriate deletion cycle, but at the latest at the end of the year after next.

5. Newsletter subscription

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter is carried out in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception to this is if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a) GDPR if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Article 7 (3) UWG.

Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail's servers in Germany. If you do not wish to have your data analysed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail we can determine whether and which links are clicked on in the newsletter message. All links in the email are so-called tracking links, with which your clicks can be counted.

Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

Recipient: The recipient of the data is rapidmail GmbH.

Transmission to third countries: There is no transfer of data to third countries.

Duration: The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Possibility of revocation: You have the possibility to revoke your consent to data processing with effect for the future at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Further data protection information: For more details, please refer to the data security information of rapidmail at: https://www.rapidmail.de/datensicherheit. For more information on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe

6. Online job applications

We offer you the opportunity to apply to us via the job search and applicant portal of the State of Hesse (https://stellensuche.hessen.de). If you apply, your application data will be collected and processed electronically to handle the procedure. You can find information on data protection at https://stellensuche.hessen.de...

7. Social networks

a) X (formerly Twitter)

We maintain an online presence on X to present our company and our services and to communicate with customers/prospects. X is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Twitter. The privacy policy of Twitter can be found at https://twitter.com/privacy

b) YouTube

We maintain an online presence on YouTube to present our company and our services and to communicate with customers/prospects. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA. We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to YouTube. The YouTube privacy policy can be found here: https://policies.google.com/privacy

c) Facebook

To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Facebook platform. On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland. The data protection officer of Facebook can be reached via this contact form: https://www.facebook.com/help/contact/540977946302970

We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services. The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect. When accessing our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).

This data of the user is used for statistical information on the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.

If you contact us via Facebook, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts. Facebook Ireland Ltd. might also set cookies when processing your data. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Facebook may be fully usable.

Details on the processing activities, their suppression, and the deletion of the data processed by Facebook can be found in its privacy policy: https://www.facebook.com/privacy/explanation

It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025.

d) Instagram

To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform. On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland. The data protection officer of Instagram can be reached via this contact form: https://www.facebook.com/help/contact/540977946302970

We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services. The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect. When accessing our online presence on the Instagram platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.). This data of the user is used for statistical information on the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Instagram based on your interests. If you are logged into Instagram at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.

If you contact us via Instagram, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts. Facebook Ireland Ltd. might also set cookies when processing your data. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Instagram may be fully usable.

Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy: https://help.instagram.com/519522125107875

It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025.

e) General linking to third-party profiles

The provider includes a link on the website to the social media listed below. The legal basis for this is Article 6 para. 1 lit. f GDPR. The legitimate interest of the provider is to improve the quality of use of the website. The plugins are integrated via a linked graphic. The user is only forwarded to the service of the respective social media by clicking on the corresponding graphic. After the customer has been forwarded, information about the user is recorded by the respective social media. This is initially data such as IP address, date, time and page visited. If the user is logged into his/her user account of the respective social media at the same time, the social media operator can, if required, assign the information collected from the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective social media, this information can be stored in the user’s personal user account and, if required, be published. If the user wants to prevent the collected information from being directly assigned to his/her user account, the user must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social media are linked by the provider:

  • X (formerly Twitter)

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
Privacy Policy: https://twitter.com/privacy

  • YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre  Parkway, Mountain View, CA 94043 USA
Privacy Policy: https://policies.google.com/privacy

  • Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy Policy: https://www.facebook.com/policy.php

  • Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy Policy: https://help.instagram.com/519522125107875

8. YouTube integration

We use YouTube on our website. This is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, hereinafter referred to as „YouTube“. We use YouTube in its advanced privacy mode to show you videos. In case you have granted your consent to this processing the legal basis is Article 6 para. 1 lit. a GDPR. The legal basis can also be Article 6 para. 1 lit. f GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the advanced privacy mode means that the data specified below will only be transmitted to the YouTube server if you actually start a video. Without this mode, a connection to the YouTube server in the USA will be established as soon as you access any of our webpages on which a YouTube video is embedded.

This connection is required in order to be able to display the respective video on our website within your browser. YouTube will record and process at a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established. If you are logged in to YouTube when you access our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account.

For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above. Further information about the collection and use of data as well as your rights and protection options in Google’s privacy policy found at https://policies.google.com/privacy

9. Google-Maps integration

Our website uses Google Maps to display our locations. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA.

In case you have granted your consent to this processing the legal basis is Article 6 para. 1 lit. a GDPR. The legal basis can also be Article 6 para. 1 lit. f GDPR. Our legitimate interest lies in optimizing the functionality of our website. By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=en and the Terms and Conditions for Google Maps https://www.google.com/intl/de.... Google also offers further information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy

10. VR tours

For our virtual tours, a cookie is used to query whether the operating instructions have already been displayed. In this way, the explanations in the pop-up window only appear when the tour is first opened. They can be called up manually later via the "Information" button. This increases user-friendliness. Personal data is not collected during this process.

11. Matomo (formerly: PIWIK)

We use Matomo (formerly: "PIWIK") on our website. This is an open source software that allows us to analyse the use of our website. Your IP address, the website(s) you visit on our website, the website from which you linked to our website (referrer URL), the time you spend on our website and the frequency with which you visit one of our websites are processed. To collect this data, Matomo stores a cookie on your end device via your internet browser. This cookie is valid for one week. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis and optimisation of our website.

However, we use Matomo with the anonymisation function "Automatically Anonymize Visitor IPs". This anonymisation function shortens your IP address by two bytes so that it is impossible to assign it to you or to the internet connection you are using. If you do not agree to this processing, you have the option of preventing the storage of the cookie by means of a setting in your Internet browser. You can find more information on this above under "Cookies".

For parts of this privacy policy was used:

Model Data Protection Statement for Anwaltskanzlei Weiß & Partner