Privacy

Privacy Policy of the municipality of Oberammergau
Eigenbetrieb Kultur


Last revised: 02.10.2020
 
Information on the collection of personal data
(1)    Below we inform you about the collection of your personal data when you use our website. Personal data are all data that can be related to you personally, e.g. name, address and email addresses, but also user behaviour, if relevant.
(2)    The data controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is

Gemeinde Oberammergau, Eigenbetrieb Kultur
Ludwig-Thoma-Straße 10
D-82487 Oberammergau
Tel. +49 8822 949 88 0
Fax +49 8822 949 88 56
kultur@gemeinde-oberammergau.de

(3)    You can contact our data protection officer at

Gemeinde Oberammergau
Herr Thomas Pfefferle
Ludwig-Thoma-Straße 10
82487 Oberammergau
datenschutz@gemeinde-oberammergau.de

(4)    As a rule, anybody can use our website without having to disclose personal data. When you contact us by email or through a contact form, we will store the data you provide (your email address, your name and, if relevant, your telephone number) so that we can respond to your questions. We delete the data thus obtained once their storage is no longer necessary or restrict their processing if there is a legal requirement to retain the data.
(5)    Insofar as we decide to commission service providers in any individual case or to use your data for advertising purposes, below in this Privacy Policy we inform you of the details of the respective processes. In this context, we also specify the defined criteria for the storage period.
 
Collection of personal data when our website is visited
1)    If you use our website for purely informational purposes – in other words, if you do not register or otherwise provide information to us – we only collect the personal data sent by your browser to our server. If you decide to visit our website, we collect the following data which we require for technical reasons in order to display our website to you and to ensure its stability and security. The legal basis for this data collection is Article 6(1)(1)(f) GDPR:
–       IP address
–       Date and time of the request
–       Time zone difference from Greenwich Mean Time (GMT)
–       Content of the request (specific page)
–       Access status/HTTP status code
–       Data volume transferred in each case
–       Website from which the request has come
–       Browser
–       Operating system and its interface
–       Browser software language and version.

2)    In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information is sent to the entity that sets the cookie (us, in this instance). Cookies cannot run programs or transmit viruses to your computer. They help to make the website more user-friendly and effective overall. Before using our site, we ask you for your preferred cookie settings. We differentiate here between technically necessary cookies, which are essential to operate the site, analysis cookies for evaluating your website activities and external services. We save the date and time of the page view, your cookie settings (consent status) and a random ID. You can adjust your settings at any time under “Cookies” in the footer.

a)    Our website uses the following types of cookies, with their scope and function explained below:
–       transient cookies (see b)
–       persistent cookies (see c).
b)    Transient cookies are automatically deleted when you close your browser. They include session cookies in particular. They store what is known as a session ID, which is used to assign various requests from your browser to the one session. This will allow your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
c)    Persistent cookies are automatically deleted after a predetermined duration, which may differ depending on the cookie.
d)    You can delete the cookies in the security settings of your browser at any time. You may set up your browser as you wish and e.g. refuse to accept third-party cookies or all cookies. Please be aware that in that case you may not be able to use all features of this site. We also recommend that you manually delete your cookies and browser history on a regular basis.
 
Other functions and offerings of our website
1)    In addition to using our website solely for informational purposes, you may also be interested in various services that we offer. As a rule, you will then need to disclose additional personal data that we will use to provide the respective service and to which the aforementioned principles of data processing apply.
2)    In some cases, we may use external service providers to process your data. Such service providers have been carefully selected, examined with respect to the applicable standards under data protection law, and commissioned by us, are bound by our instructions, and are regularly checked.
3)    Furthermore, we may pass on your personal data to third parties if contract conclusions or similar services are offered by us together with partners. You will receive further information on this when you provide your personal data or underneath in the description of the offering.
 
Use of an online shop
(1)    Gemeinde Oberammergau, Eigenbetrieb Kultur does not itself – in connection with the 2022 Passion Play or otherwise – operate its own online shop. However, there is an option on our website to order tickets and what are known as Arrangements (comprising admission tickets, accommodation and other services) from our cooperation partner, Passionsspiele Oberammergau Vertriebs GmbH & Co. KG with registered office in Oberammergau, via an online shop set up and operated by that company to which you are forwarded via the “Book here” section.
(2)    For more information on the online shop operated by Passionsspiele Oberammergau Vertriebs GmbH & Co. KG and the related processing of personal data, please refer to the offers provided by that company.

 

Partner and press registration

You can register to use our online offering for partners and media representatives. To register, you have to provide the data requested during registration, such as your name, address and email address. In addition, we record the date and time of registration and the IP address. As part of the registration/accreditation process, we use the data provided by you to assess whether or not you meet the criteria for approval.

If you give your consent, processing of data provided for registration purposes is based on Article 6(1)(a) of the GDPR. If you register with us for the the purposes of performance or initiation of a contract, the legal basis for processing the data is also Article 6(1)(b) GDPR.

The information mandatorily required for registration is needed to execute or initiate a contract for certain services to be provided by us.

 

Newsletter
(1)    Giving your consent, you can subscribe to our newsletter by which we will keep you informed about the 2022 Passion Play and events held in the Passion Play Theatre.
(2)    We use what is known as a double opt-in process for newsletter subscription. This means that, following registration, we will send you an email to the specified email address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked. We also save the IP addresses used and the dates and times of registration and confirmation. The purpose of the procedure is for us to be able to provide proof of your registration and, if relevant, clarify any possible misuse of your personal data.
(3)    Only your email address is required in order to send you the newsletter. You are also welcome to provide your first and last names, but this is optional. Following your confirmation, we save these data for the purpose of sending the newsletter. The legal basis for this is Article 6(1)(1)(a) GDPR.
(4)    You are entitled to withdraw your consent and unsubscribe from the newsletter at any time. To revoke your consent, click on the “Unsubscribe from newsletter” link included in all newsletter emails or by sending a message to the contact details provided in the Imprint.


Use of rapidmail to send the newsletter
(1)    We use rapidmail to send out our newsletter. Therefore, your data are transmitted to rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., Germany (hereinafter: rapidmail). rapidmail is forbidden from using your data for any purpose other than sending out the newsletter. rapidmail is not permitted to share or sell your data. rapidmail is a German, certified newsletter software provider that has been carefully chosen in accordance with the requirements of the GDPR and the German Data Protection Act (BDSG).
(2)    The email addresses of our newsletter recipients, as well as other data of theirs indicated in this Policy, are stored on rapidmail’s servers in Germany. This information is used by rapidmail to send and analyse the newsletter on our behalf.
(3)    The Privacy Policy of rapidmail is available here: www.rapidmail.de/datenschutz.  Further information regarding your rights and configuration options for protecting your privacy are also available there. rapidmail only ever processes your personal data in Germany.
(4)    The behaviour of newsletter recipients towards us as the sender is statistically analysed. Among other things, it is evaluated whether or not the newsletter is opened, when it is opened and which links are clicked. Technical information such as the browser and email provider is also collected. We use these evaluations to identify our users’ reading habits and to adapt our content to them or to send different content according to our users’ interests.
(5)    Unsubscribing from the newsletter also ends the sending thereof and the analysis by rapidmail. You can unsubscribe from the newsletter at any time by clicking on the link included in all newsletter emails or by sending a message to the contact details provided in the Imprint. Withdrawing consent to receive the newsletter is equivalent to unsubscribing.

 

Integration of YouTube videos
(1)    We have integrated the YouTube.com platform into our website in order to post our own videos and make them publicly accessible and also playable directly from our website. The videos are all embedded in “enhanced privacy mode”, i.e. no data about you as a user are transferred to YouTube if you do not play the videos. The data mentioned in the next paragraph are only transferred if you play the videos, as YouTube is an offering from a third party that is not affiliated with us, namely YouTube LLC., a service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We have no control of such data transmission.
(2)    When you visit the website, YouTube is informed that you have accessed the corresponding page on our website. The data mentioned in Section 3 of this Policy are also transferred. This takes place regardless of whether or not YouTube provides a user account via which you are logged in or there is no user account. If you are logged into Google, your data are directly assigned to your account. If you do not wish allocation with your YouTube profile, you need to log out of YouTube before activating the button. YouTube stores your data as usage profiles and uses these for the purposes of advertising, market research and/or needs-based design of its website. In particular, such analysis is conducted (even for users that are not logged in) in order to provide appropriate advertising and inform other users of the social network about your activities on our website. You have a right to object to the creation of such user profiles; please contact YouTube if you wish to exercise this. Please ensure that you read the terms of use and data protection information carefully before providing personal data on this platform as we do not assume any responsibility or liability.
(3)    For more information on the purpose and scope of the data collection and the processing conducted by YouTube, please refer to the privacy policy. Further information regarding your rights and configuration options for protecting your privacy are also available there.

 

Use of Matomo
(1)    This website uses the Matomo web analytics service so that we can analyse and regularly improve how our website is used. The statistics obtained help us to improve our site and make it more interesting for users. The legal basis for using Matomo is your consent in accordance with Article 6(1)(1)(a) GDPR, which you are asked for when you visit our website.
(2)    Cookies are stored on your computer to evaluate this (for more details, please refer to the “Collection of personal data when our website is visited” section). The controller only saves the information collected in this way on its server in Germany. You can opt-out of the analysis by Matomo by not ticking “Statistics” in our cookie consent banner.
(3)    This website uses Matomo with the “AnonymizeIP” extension. This allows IP addresses to be truncated for further processing so that data cannot be directly linked to individuals. The IP address transmitted by your browser by means of Matomo is not aggregated with other data collected by us.
(4)    The Matomo program is an open source project. Privacy information from the third-party provider is available at https://matomo.org/privacy/policy.

 

Use of Facebook and Instagram pages               
In addition to our own website, we also maintain a fan page on the social network Facebook. We use the fan page to post information about our activities and provide a channel for communication. The social network Facebook is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: Facebook).
1. Joint controllership
(1)    Within the range of possibilities on Facebook, we try to ensure the protection of your privacy and personal data. Insofar as we process your personal data in connection with your visit to our fan page, the explanations in this Privacy Policy apply without restriction. Please note that due to the fan page being integrated into the Facebook offering, personal data are at the same time processed by Facebook. We have no influence on the data processing conducted by Facebook; in particular, Facebook does not act for us as a processor under our responsibility. Facebook has its own policy which, according to Facebook, applies to its data processing. This can be accessed at https://en-gb.facebook.com/policy.php.
(2)   In terms of data protection law, joint controllership between Facebook and ourselves must be assumed for the operation of the fan page and analysis of user data when the fan page is visited. Therefore, we have concluded an arrangement with Facebook regarding joint controllership under data protection law in accordance with Article 26 GDPR. The arrangement, referred to as the “Page Insights Addendum” or “Page Insights Controller Addendum”, is available here: https://en-gb.facebook.com/legal/terms/page_controller_addendum.
(3)    With reference to what are called “Facebook Insights data” (hereinafter “Facebook Insights”), Facebook assumes essential obligations under this arrangement, especially the obligation to inform data subjects and protect the rights of data subjects.
2. Purposes and legal bases of processing
(1)    Our data processing in connection with our pages on Facebook and Instagram is conducted in accordance with Article 6(1)(f) GDPR based on our legitimate interest in public relations and communication. We use Facebook and Instagram to present our work and communicate with you. We may communicate directly with you via Facebook or Instagram in order to respond to questions you pose there. We also use Facebook and Instagram data to analyse and increase the reach of our communication. We erase such data once they are no longer required or restrict their processing if there is a legal requirement to retain the data, insofar as erasure or the restriction of processing is possible. Communication via Facebook is potentially insecure. You may also contact us via other channels at any time.
(2)    Use of Facebook Insights
We use Facebook’s Facebook Insights features on our Facebook and Instagram pages to obtain anonymised statistical data about the use of and visitors to our Facebook and Instagram pages. The legal basis for this, pursuant to Article 6(1)(f) GDPR, is our legitimate interest in public relations and communication and, especially, the optimisation of our Facebook and Instagram pages. We obtain information regarding the use of our Facebook and Instagram pages via Facebook Insights, especially anonymised information about the visitor profiles, including demographic and geographic analyses. Facebook also compiles these usage statistics on a cross-device basis if relevant when you use Facebook or Instagram on multiple devices (e.g. in a browser and via an app).
Facebook conducts data processing within the context of Facebook Insights based on the joint controllership arrangement mentioned in Section 1 herein above. We only ever receive anonymised data from Facebook. Further information on the data processing conducted by Facebook within the context of Facebook Insights is available here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
(3)    General information on the data processing conducted by Facebook Ltd. is available for Facebook here: https://en-gb.facebook.com/about/privacy/ and for Instagram here: https://help.instagram.com/519522125107875.
3. Cookies
Facebook Ltd. also uses cookies and other comparable storage technologies in conjunction with visits to our Facebook and Instagram pages and the use of Facebook Insights. For more information on this, please refer to the Facebook Cookie Policy and Instagram Cookie Policy.
4. Rights of data subjects
(1)    You have the right to object (Article 21(1) GDPR) at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6(1)(f) GDPR.
(2)    You can adjust your settings to control the extent to which Facebook records your user behaviour when you visit Facebook and Instagram pages here as a registered Facebook user and here as a registered Instagram user. Other options for managing the data processing conducted by Facebook and Instagram, including an opt-out form, are available here https://www.facebook.com/help/contact/367438723733209 and in the general settings options for Facebook and Instagram.
(3)    If the respective legal requirements are met, you have a right of access pursuant to Article 15 GDPR, a right to rectification pursuant to Article 16 GDPR, a right to erasure pursuant to Article 17 GDPR, a right to restriction of processing pursuant to Article 18 GDPR, a right to object pursuant to Article 21 GDPR and a right to data portability pursuant to Article 20 GDPR.
(4)    You have the right to lodge a complaint with a data protection supervisory authority. The competent data protection supervisory authority for us is the Data Protection Authority of Bavaria for the Private Sector (BayLDA).

 

Data security
We use an encryption method on our website to protect your data against unwanted access. You can recognise this by the closed lock icon displayed in your browser status bar and https:// at the start of the address line.

 

Your rights as a data subject
(1)     You have the following rights against us with regard to your personal data:
-    Right of access pursuant to Article 15 GDPR
-    Right to rectification pursuant to Article 16 GDPR
-    Right to erasure pursuant to Article 17 GDPR
-    Right to restriction of processing pursuant to Article 18 GDPR
-    The right of access and the right to erasure are subject to the restrictions under Sections 34 and 35 BDSG
-    Right to data portability pursuant to Article 20 GDPR

(2)     If you are of the view that the processing of your personal data infringes legal requirements, you have the right to lodge a complaint with the competent data protection supervisory authority for us (Article 77 GDPR read in conjunction with Section 19 BDSG).


Storage period, blocking and erasure of personal data
We only store and process your personal data for as long as this is necessary for the respective purpose (cf. “Scope, purposes and legal bases for the data processing” section). In all other cases, we erase your personal data; the only exception are data that we have to continue to store in order to meet legal obligations (e.g. retention obligations under tax or commercial law).

 

Objection to or withdrawal of consent for the processing of your data
(1)     If you have given your consent to the processing of your data, you may revoke such consent at any time. You have the right to object, on grounds relating to your particular situation, to the processing of your personal data conducted on the basis of Article 6(1)(e) GDPR (data processing carried out in the public interest) and Article 6(1)(f) GDPR (data processing based on a consideration of interests) at any time. Such a withdrawal affects the legitimacy of the processing of your personal data once you have notified us of the withdrawal.
(2)     If our processing of your personal data is based on the balance of interests, you have the right to object to processing. In particular, this is the case if the processing is not necessary for the performance of a contract with you; more details on this are provided in the description of functions below. When you exercise such a right to object, we ask that you specify the reasons why we should not process your personal data in this manner. If your objection is justified, we will examine the situation and either cease or adjust the data processing or explain to you the compelling legitimate grounds on which we will continue to process the data.
(3)     Of course, you have the right to object to the processing of your personal data for purposes of advertising and data analysis at any time. You can use the following contact details to inform us of your objection to advertising: newsletter@oberammergau.de.

 

Disclosure of data to third parties
(1)    In principle, we only use your personal data within the Eigenbetrieb Kultur department. If and insofar as we involve third parties in the performance of contracts, such third parties only receive personal data to the extent that the transmission is necessary for the relevant service. This is the case if disclosure to partner companies is necessary based on your order or request or fulfilment of a contractual obligation. These partner companies may also be located outside of the EU and the EEA.
(2)    If we outsource certain data processing elements (“commissioned processing”), we contractually oblige the processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of data subjects.
(3)    Data are not transferred to entities or persons outside of the EU other than the cases mentioned in this Policy and such a transfer is not planned.

 

Changes to our Privacy Policy

We reserve the right to occasionally make changes to this Privacy Policy so that it always complies with the latest legal requirements and in order to make changes to our services in the Privacy Policy, e.g. when introducing new services. The new Privacy Policy then applies the next time you visit.

Privacy Policy of the

Passionsspiele Oberammergau Vertriebs GmbH & Co. KG

Dear (prospective) customer,

We wish to inform you about the processing of your personal data and your rights under data protection law in relation to this.
The specific data processed and the way in which they are used largely depend on the requested/agreed services.
In order to ensure that you are fully informed about the processing of your personal data within the context of the performance of a contract or in order to take steps prior to entering into a contract, please take note of the following information.


Controller within the meaning of data protection law
Passionsspiele Oberammergau Vertriebs GmbH & Co. KG
Dorfstraße 3
82487 Oberammergau
Tel. +49 8822 949 88 57
Fax +49 8822 949 88 56
support@oberammergau.de
 

Use of cookies

When you visit our website, information in the form of cookies may be stored on your computer in order to identify visitor preferences, for example, and to optimise the website design accordingly. This helps us, for example, to improve the ease of navigation and to achieve a high degree of user-friendliness.

Cookies are text files that are stored on a user’s hard drive when they visit a website. They are harmless for your computer and cannot be read by third parties. They allow information to be kept available for a particular period of time and enable identification of the user’s computer.

The cookies that we use are, where possible, session cookies that are automatically deleted again once the browser session ends. Occasionally, cookies with a longer storage duration may also be used so that your settings and preferences can be considered the next time you visit our website as well.

If our cookies are accepted, they remain on your computer for 30 days unless you delete them. During online booking, cookies are temporarily stored for the booking process. They are then automatically deleted after 30 minutes of inactivity or after you have left the website.

You can opt out from having your data collected and stored via this service at any time. If you wish to avoid the use of cookies, please disable them in your browser. However, please be aware that disabling cookies may restrict use of the website and the services offered.

The legal basis for using necessary cookies is our legitimate interest in the proper provision of our website within the meaning of Article 6(1)(b) GDPR.
 

Data processing in the context of ticket booking and other travel services  
The provision of personal data in relation to a decision to conclude or perform a contract or take steps prior to entering into a contract is voluntary. However, we can only make a decision within the framework of contractual measures if you provide the personal data needed for conclusion or performance of a contract or for measures taken prior to entering into a contract.

 

Legal basis for data processing for the performance of a contract: booking request/travel booking
The processing is performed at your request and is necessary pursuant to Article 6(1)(1)(b) GDPR for the performance of a contract and in order to take steps prior to or after entering into a contract. If these data are not provided, it is not possible to make a booking and/or to perform a contract. We obtain the data directly from you.
We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG).

Where necessary and legally permitted, we process your data beyond the actual contractual purpose in order to meet legal obligations pursuant to Article 6(1)(c) GDPR. Moreover, processing may be performed for the purposes of legitimate interests that we and/or third parties may have and to defend or establish legal claims pursuant to Article 6(1)(f) GDPR. Where relevant, we shall inform you separately, indicating the legitimate interest, insofar as this is required by law.

Categories of personal data
We only process data connected with the establishment of a contract or the steps prior to entering into a contract.

If you provide us with the personal data of other persons (e.g. fellow travellers), you must ensure that they consent to this and you have permission to transmit the data.

You have to ensure that these persons are aware of how we may process their personal data and what rights they have.

The following data are collected and processed as part of booking and contract performance:

-    Title (of all passengers)
-    First and last names (of all passengers)
-    Address (for sending booking data/invoice and travel documents, information on changes to your travel itinerary that are known in advance e.g. resulting from orders issued by authorities or security-related measures)
-    Date of birth/age of all passengers
-    Telephone number of the main traveller/contact person (for making contact at short notice in the event of security arrangements/changes)
-    Email address (for sending a summary of the booking data/invoice/travel documents
-    Information on changes to your travel itinerary that are known in advance, e.g. resulting from orders issued by authorities or from security-related measures)
-    Credit card data in the event of payment by credit card
-    Bank details in the event of payment via SEPA direct debit

This also includes the related customer support.

We will send your booking confirmation to the postal or email address provided by you.

 

Data recipients

We only share your personal data with departments and persons within our company that need these data to fulfil contractual and legal obligations or for the purposes of our legitimate interest. We may transfer your personal data to affiliated companies insofar as this is permitted within the context of the purposes and legal bases presented in Section 3 of this Privacy Policy. Your personal data are processed on our behalf on the basis of contract data processing agreements pursuant to Article 28 GDPR. In these cases, we ensure that personal data are processed in accordance with GDPR provisions.

If necessary, personal data are shared with companies involved in processing the contract, e.g. service providers such as hoteliers, restaurants, and financial institutions for payment processing.

In the event of payment by credit card, your data needed for this, such as name, address and the purchase data, are shared with the respective credit card company.
Subject to these conditions, other recipients of personal data may include, e.g.:

• external tax consultants
• public bodies and institutions (e.g. public prosecutors, police, supervisory authorities, tax authorities) if there is a legal or official obligation.

We may also share your data directly with external service providers (e.g. security service providers, customer service providers, printing service providers, travel insurers) who require such data to establish or perform the contract subject to these conditions and who, acting strictly in accordance with our instructions, support us in the processing and provision of services – as a rule – under the provisions on contract data processing pursuant to Article 28 GDPR.

 

Consent by minors
Persons under 18 years of age should not transfer any personal data to us without the permission of their guardians. Pursuant to Article 8 GDPR, children up to 16 years of age may only provide the necessary consent with the permission of their guardians. We do not knowingly collect and/or process personal data of minors.

 

Data processing for the protection of vital interests
We may process your data in individual cases to protect your vital interests, e.g. so that an evacuation list can be provided to emergency services in the event of an emergency. The data are processed on the basis of Article 6(1)(d) GDPR. The data are erased after the required retention periods have expired.

 

Newsletter

If you subscribe to our newsletter, your email address is used for our own advertising purposes until you cancel your subscription. You will receive regular information on current topics as well as emails relating to special occasions, such as separate promotions. The emails may be personalised and individualised based on our information about you.

Unless you have given us your consent in writing, we use what is known as a double opt-in process for subscriptions to our newsletter, i.e. we only then send you the newsletter and ask you to confirm that you wish to receive our newsletter by clicking on a link in the email.

If you have explicitly subscribed to our newsletter, your consent constitutes the legal basis for processing your data pursuant to Article 6(1)(a) GDPR.

Under the applicable legal provisions, we may send you our newsletter without having obtained your express consent based on the fact that you have ordered certain goods or services from us and we have therefore received your email address and you have not objected to receiving information from us by email.

In this case, our legitimate interest in direct mailing constitutes the legal basis pursuant to Article 6(1)(f) GDPR.

You have the right to object in such an instance. If you choose to exercise this right, the processing will be terminated for the purposes of direct marketing without any costs being incurred other than the transmission costs in accordance with basic tariffs. We will immediately cease sending you the newsletter on receipt of your objection. If possible, please direct your objection to: datenschutz@gemeinde-oberammergau.de.   


Transfer to a third country and automated decision-making
A transfer a to third country is not intended. There is no automated decision-making.

 

Duration of data storage
Where necessary, we process and store your personal data for the duration of our business relationship and in order to fulfil contractual purposes. This includes, without being limited to, contract initiation and processing. Moreover, we are subject to various retention and documentation obligations that arise from, without being limited to, the German Commercial Code (HGB) and German Fiscal Code (AO). The retention and documentation periods prescribed there range from two to ten years. Finally, the duration of storage also depends on statutory limitation periods, which are usually three years as per section 195 et seq. of the German Civil Code (BGB), for example, but may also be up to thirty years in certain circumstances.

 

Your rights
All data subjects have a right of access pursuant to Article 15 GDPR, a right to rectification pursuant to Article 16 GDPR, a right to erasure pursuant to Article 17 GDPR, a right to restriction of processing pursuant to Article 18 GDPR, a right of notification pursuant to Article 19 GDPR and a right to data portability pursuant to Article 20 GDPR. You also have a right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR if you are of the view that your personal data are not being processed in a lawful manner. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.  Provided that the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time pursuant to Article 7 GDPR. Please note that a withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected by it. Please also note that we may have to retain certain data in order to fulfil legal requirements for a certain period (see Section 8 of this Privacy Policy).

 

Contact details of our Data Protection Officer
Gemeinde Oberammergau
Herr Thomas Pfefferle
Ludwig-Thoma-Str. 10
82487 Oberammergau
datenschutz@gemeinde-oberammergau.de

 

Changes to the Privacy Policy
We reserve the right to amend this Privacy Policy in order to adjust it to changes in legislation and technical standards. Our users are asked to keep themselves regularly informed. This Privacy Policy was last updated on 02/10/2020.

 

LOAD CONTENT