Privacy Policy

The City of Dresden attaches great importance to the protection of your personal data. We have therefore taken technical and organizational measures to ensure that data protection regulations are observed.

In the following, we would like to explain to you what data we collect about you and what we do with this data. We also inform you about your data protection rights and explain who you can contact if you have any questions about the protection of your data.

Table of contents (clickable):

  1. About us, scope of application
  2. Do I have to provide my data?
  3. Processing purposes
  4. Processed data
  5. Deletion periods, data sources and data recipients
  6. Your rights

 

Please note that you can find our Privacy Policy for Social Media here and our GTC here.

1. About us, scope of application

About us

Controller responsible for the processing of your data:

Dresdner Philharmonie

Communication department

Schloßstraße 2
01067 Dresden

Our data protection officer will be happy to help you with any questions about this privacy policy, the processing of your data, your rights or other concerns relating to data protection.

Contact details of the data protection officer:

Data Protection Officer of the State Capital Dresden

P.O. Box 120020

01001 Dresden Scope of application

Scope of application

This privacy policy applies to the website https://www.dresdnerphilharmonie.de/ and is intended for visitors to our website.

Further links are provided on our pages that lead to the websites of other operators to which this privacy policy does not apply.

The responsibility for the insertion of advertising banners, text advertising or advertising films before or during embedded videos lies with the respective operator.

2. Do I have to provide my data?

When you visit our website, user data is automatically stored. Some of the data collected is necessary for the use of a website. In addition, we also process your data to protect our legitimate interests after weighing up your interests. This enables us to continuously improve the services we offer you. On the following pages, you can find out the background to our interests and whether and how you can object to the use of your data or deactivate its use yourself.

In order to use one of our offers or to send an inquiry, you will be asked to provide your personal data. You can decide for yourself whether you wish to take advantage of these offers and provide your data for them. We also offer you services for which we only process your data if you have given us your consent to do so. The granting of consent is always voluntary. Once you have given your consent, you can withdraw it at any time, for example by clicking this button:

Reset Settings

Please note that if you provide information about other persons, you must have obtained their prior consent and informed them of the purposes of the disclosure as set out in this Privacy Policy.

We also ask you to pass this information on to the persons you involve in the use of our services, such as family members or authorized representatives.

3. Processing purposes, legal bases and processed data

We distinguish between different types of processing, which we describe below. We describe the data processed for this purpose and the cookies used in tables.

Service provision

In order to visit and use our website, your data must be collected. We process this data to protect our legitimate interest in providing a functioning website (Art. 6 (1) (f) GDPR).

Data security

Every access to our website is stored and analyzed in a log file. We process this data for data security purposes. The processing is carried out to protect our legitimate interest in being able to guarantee data security (Art. 6 para. 1 lit. f) GDPR).

Processing inquiries

We process the data that you provide to us if you have a question or request. This also includes, for example, the data you send us by email. The processing of your data is necessary so that we can process your request. It is done to protect our legitimate interest in answering your questions and concerns (Art. 6 para. 1 lit. f) GDPR).

Display of videos

In order to be able to use the videos integrated on our website, the data provided must be processed. Your data will only be processed to display videos and passed on to the service provider Google Ireland Ltd (hereinafter “Google”) as soon as you give your consent by activating the video service (Art. 6 para. 1 lit. a) GDPR). As a result, Google becomes aware that our website has been accessed via your IP address. The data may also be used by Google to analyze user behavior and for market research and marketing purposes. You can find more information on the handling of user data in Google's privacy policy.

Newsletter

You can subscribe to our newsletter, for which we require the data you provide. The newsletter is then sent on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). Furthermore, we process your data to select suitable recipients of our offers; this is done to protect our legitimate interests in the targeted sending of our offers (Art. 6 para. 1 lit. f) GDPR).

Optimization and billing of advertising measures incl. profiling

Marketing cookies are used to optimize and bill advertising measures and to enable visitors to our website to be retargeted (if you consent to this). This assigns you a unique user ID that is used to identify your subsequent visits. We use your data to analyze your surfing behavior and to optimize advertising. This enables us to evaluate the attractiveness of our advertising measures and to invoice our advertising measures to the advertising partner. Your visit data will not be linked to your name or other personal details (if you provide them to us).

The processing is based on your consent (Art. 6 para. 1 lit. a) GDPR).

Information about cookies

If we use cookies required for the operation of the website, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in a functioning provision of the website. All cookies that are used to optimize the website including profiling, to optimize and bill advertising measures including profiling or to display external content are only set if you have given us your consent (Art. 6 para. 1 lit. a) GDPR). You can delete the cookies at any time via your browser settings.

NAME

PROVIDER

PURPOSE

LIFESPAN

WITHDRAWAL OF CONSENT

_ga

Google

Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits for marketing purposes.

13 months

Delete cookies via browser settings

_ga_[id]

Google

Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits for marketing purposes.

13 months

Delete cookies via browser settings

_fbp

Facebook

Sets an individual user ID. Used to store and track visits across websites by Facebook for marketing purposes.

3 months

Delete cookies via browser settings

cookiebanner-approved-all-v1

Own cookie

Sets a boolean indicating whether the user has consented to tracking. Controls the loading of tracking codes accordingly.

12 months

Not applicable

cookiebanner-approved-v1

Own cookie

Sets a boolean indicating whether the user has interacted with the cookie banner and controls its display accordingly.

12 months

Not applicable

cookiebanner-settings-v1

Own cookie

Sets an object that stores individual cookie banner settings. As there are no individual settings on DDPhil, this value always remains the same.

12 months

Not applicable

4. Processed Data

Data

Service Provision

Data Security

Optimization and Billing of Advertising incl. Profiling

Website Optimization incl. Profiling

Processing of Requests

Newsletter

Video Display

IP Address

 x x         x

Name of Retrieved File

   x         x

Transferred Data Volume

   x         x

Accessed Webpage

 x            

Referrer URL (previously visited page)

   x   x     x

Search Terms Leading to Our Website

       x      

User Agent Sent by Your Browser

 x x         x

Session Cookie

   x          

Google Cookies

       x     x

Date and Time of Access

   x         x

Date and Time of Last User Activity (for Session Timeout)

       x      

IDs to Identify Advertiser, Ad, and Campaign

     x        

Marketing Channel

     x        

Information about Browser (type, version, resolution (window size), language)

 x            

Cookie Enabled

 x            

JavaScript Enabled

 x            

Other Purposes of Processing

In addition, the data mentioned above is used for the following purposes within the framework of legitimate interests (Art. 6 (1) lit. f) GDPR). These interests are listed below:

  1. If a security incident occurs in our organization that affects your data, we are obligated to report the incident to the data protection supervisory authority responsible for us (Art. 33 GDPR). Since it is in our legitimate interest to comply with this legal reporting obligation as quickly as possible, it may happen that data relating to you is processed as part of investigating the security incident. The notifications to data protection authorities do not contain any of your personal data.

  2. Since it is in our interest to ensure the security of our systems, we regularly conduct security and effectiveness tests, during which your aforementioned data may be processed.

  3. Since it is in our interest to resolve legal disputes, we process your data for this specific purpose in such cases. It is also in our interest to retain evidence in the event of legal disputes until all relevant statutory limitation periods pursuant to §§ 195 ff. BGB have expired. For this purpose, we store the corresponding data about you in accordance with these limitation periods. Deletion periods cannot be predicted in general, as they depend on the subject of the dispute and the applicable legal limitation period, which can be up to 30 years. The regular limitation period is 3 years.

  4. It is also in our interest to investigate suspected cases and to pass on relevant information to law enforcement authorities in the event of concrete suspicions of criminal offenses.

  5. We carry out audits, internal reviews, and other control measures (e.g., monitoring by the data protection officer), as it is in our legitimate interest to comply with legal regulations, to create transparency about our business processes, to continuously optimize these processes, and to prevent or detect harmful activities. In doing so, it may happen that documents or files containing your personal data are processed.

  6. Errors can happen to anyone and can occur in any business process or system. In order to optimize these processes and systems and to reduce our error rate, we process data available within our company to identify sources of error. This processing takes place to safeguard our legitimate interest in improving our processes and systems.

  7. We process your data to test IT systems and software products as well as to carry out migrations. This processing is carried out to fulfill our legitimate interest in verifying the accuracy of new products and the correctness and completeness of migrations.

5. Deletion Periods, Data Sources and Data Recipients

Deletion periods (or storage duration)

The data processed for the purpose of data security is deleted after 28 days.

The data used for optimizing and billing our advertising activities, including profiling, which has not been used for a business transaction within a period of three years, is initially deactivated. This deactivation means that the relevant data is no longer actively used for business or analytical purposes.

After a further period of seven years – i.e. ten years in total after the last business use – the relevant personal data will be completely and irrevocably deleted, unless legal retention obligations prevent this.

The data used to optimize our online offering, including profiling, is deleted after 14 months.

In order to preserve evidence, we store data in accordance with the statutory limitation periods pursuant to §§ 195 ff. BGB. In this context, the storage duration of your data may exceed the duration specified above. The statutory limitation periods can be up to 30 years. The regular limitation period is 3 years.

Source of the data

No data is collected from third parties.

Information about automated individual decisions

No automated individual decisions are made.

Which entities receive your data?

The following list shows which entities receive your data ("data recipients"). You can find out which specific data is involved in the corresponding sections of this notice. In some cases, your data is disclosed due to legal or contractual obligations. In other cases, we use selected agents and service providers who act as processors (in accordance with Art. 28 GDPR) on our behalf and may access your data to the extent necessary. Processors are subject to numerous contractual obligations and, in particular, may only process your personal data on our instructions and solely for the purposes specified by us.

  • Auditors
  • Data protection officer
  • Service providers for video display
  • Service providers for data carrier destruction
  • Service providers for email dispatch
  • Service providers for optimizing our website
  • Service providers for project analysis, management and production planning
  • Service providers for survey creation and evaluation
  • Service providers for managing our social media channels
  • Service providers for advertising billing and advertising optimization
  • Email providers of the recipient (when communicating by email)
  • IT service providers
  • Lawyers, law enforcement agencies, public prosecutors, courts, opposing lawyers, state or federal criminal police offices (in case of legal disputes and concrete suspicion of a criminal offense)
  • Telecommunications service providers (when we communicate by phone)
  • Postal service providers (for written communication)

Data recipients in non-EU countries

Our IT service providers in the EU have affiliated companies or subcontractors outside the EU who may have access to your data. The EU Commission determines which non-EU/EEA countries ("third countries") have an adequate level of data protection. The affiliated companies or subcontractors of our IT service providers have either submitted to the so-called Data Privacy Framework (Decision No. C(2023) 4745 final of 10.07.2023), provided they are based in the USA; otherwise, our IT service providers are responsible for applying the EU Standard Contractual Clauses pursuant to Commission Decision No. (EU) 2021/914. A template of these EU Standard Contractual Clauses can be found on the websites of the EU Commissioner for Justice and in the Official Journal of the EU.

6. Your rights

You have the legal right to:

  • Access the personal data stored about you (Art. 15 GDPR)
  • Rectification and completion of the data we have about you (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdrawal of consent (Art. 7 GDPR) with effect for the future. The lawfulness of the data processing carried out up to the point of withdrawal remains unaffected.
  • You also have the right to present your own point of view and to contest a decision based on automated processing (Art. 22 GDPR).
  • You have the right to object to the processing of your data for the purpose of safeguarding our legitimate interests or those of third parties (Art. 21 GDPR) – You have the right, at any time and for reasons arising from your particular situation, to object to such processing; this also applies to profiling based on these provisions within the meaning of Art. 4 para. 4 GDPR.
  • Objection to direct marketing – You have the right to object to the processing of your data for direct marketing purposes at any time and without stating any reasons.

To exercise these rights, you can contact us in particular using the contact details provided above.

You also have the legal right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).