privacy declaration

In the following, we inform you about the processing of personal data when using our website www.ruruhaus.de.
Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior or IP address. Person responsible pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR)

documenta und Museum Fridericianum gGmbH
Friedrichsplatz 18 34117 Kassel T +49 561 707270 F +49 561 7072739

Impressum

You can contact our data protection officer as follows:
Mr. Stephan Blazy or his deputy Dr. jur. Kevin Marschall (https://gdpc.de/) by postal mail at the above address accompanied by the words “data protection officer”—or by e-mail at datenschutzbeauftragter[at]documenta.de or phone at: +49 561 83099165.

We are very pleased that you are visiting our Internet pages. It is generally possible to use our website without providing personal data. If the person concerned wants to use one of our company’s services or activities via our website, processing of personal data is probably necessary. If the processing of personal data is required and there is no legal basis for such processing, we will obtain the consent of the person concerned.

The processing of personal data, such as the name, IP address, postal address, e-mail address, or telephone number of the person in question shall always be in line with the country-specific data protection regulations applicable to us, in particular in compliance with the Hessian Data Protection and Freedom of Information Act (HDSIG).

Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, everyone concerned is free to transmit personal data to us by alternative means, for example by phone or postal mail.

  1. Scope and purpose of the processing of personal data
    1.1 Accessing and visiting the website
    When this website is accessed, data is automatically sent to the server of this website by the Internet browser used by the visitor and stored for a limited period of time in a log file at our host and service provider for a maximum of two weeks. Until automatic deletion, the following data will be stored without further input by the visitor
    — IP address of the visitor’s terminal device,
    — date and time of access by the visitor,
    — name and URL of the page accessed by the visitor,
    — the website from which the visitor accessed the website (so-called referrer URL),-
    — the browser and operating system of the visitor’s terminal device and the name of the access provider used by the visitor.
    The processing of this personal data is based on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f) General Data Protection Regulation (GDPR). We therefore have a legitimate interest in the processing of data for the purpose of
    — establishing a connection to the website quickly
    — enabling a user-friendly application of the website
    — detecting and ensuring the security and stability of the systems and facilitating and improving the administration of the website.
    The processing is expressly not carried out for the purpose of obtaining knowledge about the visitor to the website.

    1.2 Contact via e-mail (e-mail client on your computer)
    Visitors can send messages to us, in particular via e-mail, voluntarily providing personal data. In order to be able to receive a response from you, it is necessary for you to provide at least a valid e-mail address and your last name. All other information can be given voluntarily by the inquiring person but that person is not obligated to do so. By sending the e-mail, the visitor consents to the transmitted personal data being processed. The data is processed exclusively for the purpose of handling and responding to inquiries. This is done on the basis of the voluntarily consent provided purusant to Art. 6 para. 1 sentence 1 letter a) GDPR. The data received from you via this communication channel and processed by us will be automatically deleted as soon as the request is completed and there are no reasons for further storage (e.g. subsequent commissioning, a donation or the like).
    In the framework of correspondence with us by e-mail, your personal data may also be transferred to service providers outside the European Union and the European Economic Area (EEA) through the e-mail service we use, Microsoft Office 365 in the USA. A transfer will only take place on the basis of EU standard contractual clauses as appropriate safeguards to protect your personal data in an insecure country. Information on the processing of your personal data by the controller “Microsoft Corporation” is provided by the latter under the following link: https://privacy.microsoft.com/de-de/privacystatement.
    You can request detailed information on this and on the level of data protection at our service providers in third countries using the contact information above.

  2. Cookies
    The website uses so-called cookies. These are data packets that are exchanged
    between the server of our website and the visitor’s browser. They are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when the website is visited. Thus, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in each case in connection with the specific terminal device used. We can therefore in no way obtain direct knowledge of the identity of the visitor(s) to the website.
    Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are either not accepted on the devices used, or that a special notice is provided in each case before a new cookie is created. However, it should be noted that the deactivation of cookies may mean that not all functions of the website can be used in the best possible way. The use of cookies serves to make the use of our website more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.
    Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a temporary period of time. When the website is visited again, it is automatically recognized that the visitor has already called up the page at an earlier point in time and which entries and settings were made in the process. As a result, these do not have to be repeated.
    Please refer to the list below for the different types of cookies (e.g. cookies that are technically necessary for displaying the website, or cookies that serve statistical and marketing purposes) that are set on your terminal device when you visit our website, as well as further information on these cookies (e.g. provider, purpose, storage period, etc.).
    For cookies that are not technically mandatory, we obtain your consent (via the information window that opens at the beginning of your visit to our website) in accordance with Art. 6 Para. 1 lit. a GDPR. The processing associated with the setting of technically mandatory cookies is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.
  3. Web analysis by Matomo (formerly PIWIK)
    3.1 Scope of the processing of personal data
    We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software stores a cookie on the user’s computer (for cookies, see above). If individual pages of our website are called up, the following data is stored
    — two bytes of the IP address of the calling system of the user(s),
    — the website called up,
    — the website from which the user has reached the website called up (referrer)
    — the subpages called up from the website that has been called up the
    — the time spent on the website,
    — the frequency with which the website is called up.
    The software runs on the servers of our website. Personal data of the users is stored only there. The data is not passed on to third parties.
    The software is set so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign a shortened IP address to the calling computer.
    3.2 Legal basis for the processing of personal data
    The legal basis for the processing of users’ personal data is the consent of each user pursuant to Art. 6 para. 1 lit. a GDPR. The consent is realized and stored by means of a cookie banner (information window at the beginning of the visit to the website).

    3.3 Purpose of data processing
    The processing of our users’ personal data enables us to analyze their surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymizing the IP address, the interest of users to protect their personal data is adequately taken into account.

    3.4 Duration of storage
    The data is deleted immediately as soon as it is no longer required for our recording purposes.

    3.5 Removal option
    Cookies are stored on the user’s computer and transmitted by it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings via the link at the end of this privacy policy, you can revoke the placing of cookies.

  4. Links to other websites
    On our website, we link to the online offerings of the social networks Instagram, Facebook, Twitter, YouTube, Soundcloud, Xing and LinkedIn, on which documenta und Museum Fridericianum gGmbH maintains its online presence (see 5. presence and offerings on social networks and online platforms).
    On our website, we also link to the online services of Deutsche Bahn, Google Maps, and Kasseler Verkehrs-Gesellschaft (KVG). documenta und Museum Fridericianum gGmbH does not pass on any personal data to the respective site operators. The respective site operators are responsible for the processing of your personal data.
  5. Appearances and offers on social networks and online platforms
    In order to make our cultural offerings and related information accessible to a large number of people, we are active on social networks. We would like to point out that the social media we use operate on a global scale and therefore it cannot be ruled out that your personal data will also be processed outside the EU. To ensure that your data protection rights are also protected in the event of a transfer to third countries, a transfer will only take place in accordance with Art. 44 et seq. GDPR and Art. 49 GDPR. Furthermore, we would like to draw your attention to the fact that the respective platform operators may in part independently process personal data from you and merge it into user profiles. This may also occur in part if you do not maintain a user account with the respective social network. If you are registered as a user with one of the networks, the deployment of the content provided by us will be evaluated and assigned to your profile. This happens regardless of the terminal devices with which you use the media. The tracking and profiling is done for the purpose of offering you an optimal user experience and to provide you with tailored advertising—both within and outside the network. You can find out which techniques the respective operator uses to process your personal data and which opt-out options you have in this regard in the corresponding data protection declarations of the social network as well as in the further information (see below). If you wish to exercise your data subject rights, we recommend that you contact the respective operator of the social network directly. As a rule, documenta und Museum Fridericianum gGmbH does not have access to the personal data processed by the respective operators. documenta und Museum Fridericianum gGmbH receives personal data from the operators of social networks to the extent that you permit this through the settings you have made with the network. The social network operator may provide us with information such as your name, user ID, profile picture, network, gender, username, age or age group, language, country, friends list, followers list, and any other information that you have consented to provide to us or that the social network provides to us (e.g., reports on interactions with our website, etc.). documenta und Museum Fridericianum gGmbH processes the personal data you provide in order to share your opinions with your friends, followers or contacts on the associated social network and to optimize its presence and reach in social media. The processing is thus based on our legitimate interests in reporting on our cultural work and carrying out public relations / PR in general.
    Types of data you process when visiting social networks (depending on the setting and network):
    master data (e.g. user name, name), contact data (e.g. e-mail address), usage data (e.g. usage times, activities), content data (e.g. data provided by you, such as comments, images or videos), metadata (device ID, network and connection, cookie data).
    Persons affected by data processing:
    The respective user of the social network or the device owner with whose device the service is used.
    Purposes:
    Reporting, public relations / PR in general, tracking (e.g. provision of measurements, analyses of surfing and user behavior), reach measurement (e.g. access figures, calls).
    Legal basis (depending on how you relate to the respective operator of the social network):
    Our legitimate interests or the legitimate interests of third parties (e.g., the platform providers) (see above) (Art. 6 para. 1 p. 1 lit. f. GDPR). If you have a user account with a social network and have consented to the transfer of your data to third parties as part of your data protection settings, the legal basis for this is the consent to tracking (Art. 6 para. 1 lit. a GDPR).

    Services used and service providers (recipients of your personal data):
    Within the scope of our online presence and for the dissemination of our offer and our content, we consequently also make use of external services and service providers, including online platforms. Below you will find important information on the processing of your personal data within the scope of these services and service providers. The specific processing of personal data within the scope of the respective services below depends on several factors (e.g. provider, users’ own privacy settings and activities). If you have any questions about the processing in a specific individual case, you are welcome to contact us or our company data protection officer.

    Instagram (social network)
    Responsible party: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; Website: https://www.instagram.com; The privacy policy of the provider can be found at: https://de-de.facebook.com/help/instagram/155833707900388 (Further information on the responsible party Facebook Ireland Ltd. forthwith).

    Facebook (social network)
    Responsible entity: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; The provider’s privacy policy can be found at: https://www.facebook.com/about/privacy. A transfer of personal data to unsafe third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data. An opt-out option and settings for advertisements can be found at: https://www.facebook.com/settings?tab=ads.
    – Joint responsibility of documenta and Facebook
    We and Facebook Ireland Ltd. are jointly responsible for the processing of your personal data that is generated or collected and used in the course of visiting and using the relevant services. The main contents of the agreement on the joint processing of personal data pursuant to Art. 26 GDPR on Facebook pages or on services offered by Facebook are available at : https://www.facebook.com/legal/terms/page_controller_addendum. The privacy policy of the provider for the Facebook pages can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
    YouTube (social network, media portal)

    Responsible entity: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; the provider’s privacy policy can be found at: https://policies.google.com/privacy. A transfer of personal data to unsafe third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data. An objection option (opt-out) regarding the data processing carried out by Google—in individual cases—can be found at: https://adssettings.google.com/authenticated.
    Our website uses plugins from the YouTube site operated by Google. YouTube sets cookies on the terminal device you use, which can also be used to analyze usage behavior for market research and marketing purposes. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. The basis for the use of the YouTube plugins is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Please note that without your consent, it is not possible to play the embedded YouTube videos. If you have not given your consent in our cookie banner, you have the option to do so directly via a lock screen in the embedded video. In addition, you can manage your consents at any time via the “Cookie settings” link at the very bottom of this page. If you wish to revoke the consent you have given, you can also do so via the same route.

    Twitter (social network, short message service)
    Responsible entity: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, DO2AX07 Ireland Inc. parent company: Twitter Inc. 1355 Market Street, Suite 900, San Francisco CA 94103. The provider’s privacy policy can be found at: https://twitter.com/de/privacy. The website of Twitter on which you can make settings, including privacy settings, can be found at https://twitter.com/personalization. According to Twitter, your data may also be transferred to, stored, and processed in the U.S. and any other countries in which Twitter operates (including insecure third countries). A transfer of personal data to insecure third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended

    SoundCloud (social audio platform)
    Responsible entity: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; headquarters: c/o Third Floor, 20 Old Bailey, London, EC4M 7AN, United Kingdom; the provider’s privacy policy can be found at: https://soundcloud.com/pages/privacy. A transfer of personal data to insecure third countries (e.g. the USA) can only take place subject to appropriate safeguards pursuant to Art. 44 et seq. GDPR and Art. 49 GDPR, which are intended to ensure an adequate level of data protection in the processing of data. Our website uses widgets of the service SoundCloud. By integrating the widgets, SoundCloud sets cookies on the terminal device you use, which may also serve to analyze usage behavior for market research and marketing purposes. In the process, the SoundCloud server is informed about which of our pages you have visited. Information about playing, sharing, or downloading the audio content via the embedded widgets is also transmitted to SoundCloud in connection with your IP address. If you are logged into your SoundCloud account, you enable the service to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your SoundCloud account. The basis for the use of the SoundCloud widgets is your consent pursuant to Art. 6 (1) lit. a GDPR. Please note that without your consent, it is not possible to play the embedded audio content. If you have not given your consent in our cookie banner, you have the option to do so at any time via the link “Cookie settings” at the very bottom of this page. If you wish to revoke the consent you have given, you can also do so via the same route.

  6. Data protection during applications and the application process
    The primary purpose of data processing is to carry out and process the application process and to assess the extent to which you are suitable for the position in question. As a result, the processing of your applicant data is necessary to be able to decide on the establishment of an employment relationship and thus on the hiring. The primary legal basis for this is Art. 6 (1) lit. b) GDPR in conjunction with. Section 23 (1) HDSIG. The processing of special categories of personal data—insofar as necessary for the decision on recruitment—is based on Art. 9 (1) GDPR in conjunction with. Section 23 (3) HDSIG. If you have voluntarily provided us with special categories of personal data whose processing is not necessary for the decision on recruitment, the collection and processing will be based on your consent given with the submission. We also collect and process personal data of applicants on the basis of legitimate interests for the defense of legal claims (in particular from the General Equal Treatment Act (AGG) pursuant to Art. 6 para. 1 p.1 lit. f GDPR. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. We have set up a special e-mail address for applications by e-mail [bewerbung[at]documenta.de]. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no such contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the decision regarding rejection, provided that no other legitimate interests on our part prevent deletion. An example of an “other legitimate interest” in the sense just mentioned is, for example, the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
  7. Data protection information for participation in events/exhibitions
    We process the personal data you provide to us as part of the registration process for the purpose of preparing and holding the respective event as well as for capacity planning on the basis of your consent granted through registration pursuant to Art. 6 (1) lit. a GDPR and, depending on the type of event, on the basis of a contract pursuant to Art. 6 (1) lit. b GDPR. You can revoke your consent at any time with effect for the future. A revocation has the consequence that we can no longer use your personal data for the event—which requires registration—and your participation in the event is therefore excluded.
    To the extent necessary, we process your data beyond your consent in accordance with Art. 6 (1) p. 1 lit. f GDPR to protect our or third parties’ legitimate interests, such as for the defense in legal disputes.
    Please note that photographs or video recordings will be made at our events and the image or video material may be published on the Internet, on the sites operated by documenta und Museum Fridericianum gGmbH or its cooperation partners, or on social media and/or in one of the publications of documenta und Museum Fridericianum gGmbH or its cooperation partners, for the purpose of public relations (in particular reporting) on the respective event.
    By participating in the event, you consent to the publication of photographs and video recordings made during the event (§§ 22, 23 KUG). The collection, i.e. the photographic recording and its processing, is carried out for the purpose of an illustrated report on the basis of Art. 6 para. 1 p. 1 lit. f GDPR. We would like to point out that you may object to this processing pursuant to Art. 21 (1) GDPR for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
    The objection should be sent to the above address.

    We would like to point out that the documentation of the event may also result in data worthy of archiving, which may be transferred to the holdings of the documenta archiv. Should archival records contain personal data about you, we will process these data on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with. § 7, 8, and 11 HArchivG. We process the special categories of personal data that may be processed in this context on the basis of Section 25 HDSIG.

    If you have any questions about this information, including your (data protection) rights, you can contact our data protection officer datenschutzbeauftragter[at]documenta.de.

  8. Your rights
    You have rights vis-à-vis us with regard to the personal data concerning you. Special legal regulations may prevent the fulfillment of general data protection rights. If you assert a corresponding right and special legal regulations prevent us from fulfilling it, we will inform you of this, stating the specific reasons. You are entitled to the data protection rights listed below:

    8.1 Information
    Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

    8.2 Correction
    Pursuant to Art. 16 GDPR, you can immediately request the correction of incorrect data or the completion of your personal data stored by us.

    8.3 Deletion
    Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims.

    8.4 Restriction of processing
    Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, the processing is unlawful, but you object to its deletion and we no longer need the data, or you need it for the assertion, exercise, or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.

    8.5 Data portability
    Pursuant to Art. 20 GDPR, you may receive the personal data you have provided to us in a structured, common, and machine-readable format or request that it be transferred to another controller.

    8.6 Revocation
    Pursuant to Art. 7 (3) GDPR, you have the right to revoke the consent you have given to us at any time (e.g. in writing or by e-mail). This has the consequence that we may no longer continue the data processing based on this consent for the future.

    8.7 Complaint
    Pursuant to Art. 77 GDPR, you may complain about our processing of your personal data to the responsible supervisory authority at any time. The supervisory authority responsible for us (The Hessian Commissioner for Data Protection and Freedom of Information) is based at Gustav-Stresemann-Ring 1, 65189 Wiesbaden.

    8.8 Objection to the processing of your data
    To the extent that we base the processing of your personal data on our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f GDPR, you may object to the processing, in particular if the processing is carried out for advertising purposes. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which we show in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of a justified objection on your part, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
    Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time.

You can inform us of your objection using the contact details above.

Amendment of the data protection statement
(as of March 5, 2021).

Due to the ongoing iterative development of the Internet offer and/or legal developments, it may be necessary for us to make adjustments to our privacy policy from time to time.

This is a historical website. The imprint available here was valid on the date of the website’s publication and is only kept in the original for archival purposes. Here you can get the imprint currently valid for this site and further information.
Accept