Cover

Privacy Policy

Thank you for visiting our website and for your interest in our company. We take the protection and security of your personal data seriously and would like you to feel secure when visiting our website and using our Internet services and to know which personal data is processed when using our Internet services.

Please find the information on video observation and surveillance according to Article 13 of the European General Data Protection Regulation on this page.

Please find the information obligations regarding the processing of personal data of suppliers to Gasteig München GmbH in accordance with Article 13 of the European General Data Protection Regulation on this page.

Name and contact details of the controller
Gasteig München GmbH
Represented by Managing Director Max Wagner

Address:  Rosenheimer Straße 5, 81667 Munich, Germany
E-mail: zentral@gasteig.de
Phone: +49 (0)89 48098-0

Purposes for which your personal data are processed and legal bases for their processing
The term »personal data« refers to all information relating to an identified or identifiable natural person. In the following cases, we process personal data from you relating to your use of our website for the purposes stated below and based on the legal basis mentioned:

  • Processing of personal data for contacting you:
    When you use our contact form, we process your personal data to process your request. These are your salutation, title, surname, first name, e-mail address and phone number as well as your specific request. Legal basis for processing your personal data: Consent in accordance with point (a), Article 6(1) of the European General Data Protection Regulation (GDPR).
  • Processing of personal data for marketing or advertising purposes:
    To receive our newsletter (promotional information e-mail), you must subscribe to it, for which we process your personal data. These data are your salutation, surname, first name and e-mail address. Legal basis for processing your personal data: Consent in accordance with point (a), Article 6(1) GDPR.
  • Processing of personal data for the purposes of your application:
    For submitting an unsolicited or targeted application for one of our vacancies, we provide an e-mail address on our website to which we ask you to send your application documents. For the purposes of receiving and processing your application, we process your personal data depending on the extent of the personal data that you submit. Legal basis for processing your personal data: Decision or establishment of an employment relationship in accordance with Para. 26 of the German Federal Data Protection Act (Bundesdatenschutzgesetz). You are welcome to send us your application documents in an access-protected file. In that case, please contact us and provide us with the password(s) required to open your application documents.
  • Processing of personal data for the purpose of investigating and prosecuting violations or misuse of our online offers:
    We identify and track breaches or misuse of our online offers or telecommunications services and facilities, for which we process your personal usage data. These are the IP address of the requesting computer, date and time of access, name and URL of the file accessed and the website from which access is made (referrer URL). Legal basis for processing your personal data: Legitimate interest of the controller in accordance with point (f), Article 6(1) GDPR.
  • Processing of personal data through cookies:
    Cookies are small files that allow us to store specific information relating to you on your PC or other devices while you are using our website. You can disable the use of cookies via your Internet browser, restrict their use to certain websites or set your Internet browser to notify you as soon as a cookie is set. Please note that you may not be able to use the full functionality of our website if you have deactivated the use of cookies via your Internet browser. When using our website, cookies may also be stored on your PC or other devices by third-party providers. You can also disable the use of third-party cookies via your Internet browser. We use cookies on our website for the following purposes:
  • We use cookies that are necessary for the operation of our website:
    PHPSESSID –  Preserves the visitor's session state across page requests.

You are not obliged by law to provide us with your personal data when using our website. It is only necessary for concluding a contract if this has been stated above for the respective purposes of processing your personal data. We do not use your personal data that is processed through our website for automated decision making, including profiling.

Processing of pseudonymised usage data for the demand-oriented design of our website (website analysis service Matomo)
For the purpose of designing our website to meet our customers’ needs, we use the Matomo website analysis service. Matomo processes data from your end device (e.g. browser type, resolution, language) as well as data about your use of our website (e.g. truncated IP address, called-up websites, time) and creates a pseudonymised user profile from this data. The storage period of a pseudonymised user profile is 30 minutes at most. Data from pseudonymised user profiles will not be combined with any personal data processed by Gasteig München GmbH. Access to data of pseudonymised user profiles by unauthorised third parties is not possible. Matomo does not use cookies for website analysis. We will process pseudonymised usage data via Matomo only if you have given us your consent to process pseudonymised usage data to tailor our website to your needs when you called up the website. Legal basis of processing your data: consent according to Para. 15(3) of the Telemediengesetz (German Telemedia Act).

If you gave us your consent to process pseudonymised usage data to tailor our website to your needs when you called up the website, you can revoke this consent here:

Revoke consent to the processing of pseudonymised usage data (Matomo opt-out)

Processing of personal data through embedded YouTube videos
Our website contains embedded videos that are served by YouTube (using a YouTube plug-in). The responsible party and provider of the »YouTube« service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.youtube.com/t/impressum). If you use our 2-click solution by clicking on the »Accept and view YouTube video« link to enable the YouTube plug-in and view a YouTube video, YouTube/Google may process personal data such as your IP address and other data, including for the purpose of creating usage profiles. We have integrated the YouTube plug-in with the so-called »no cookie« setting enabled, so that no cookies will be set by YouTube/Google. For further information on data protection at YouTube/Google, see to Google’s privacy policy at https://policies.google.com/privacy. Legal basis for processing your personal data: Consent in accordance with point (a), Article 6(1) GDPR.

Categories of recipients of personal data
Your personal data that is processed through our website will be transmitted or made accessible to other recipients only if this is necessary for us to process your request or if we have entrusted other recipients with the performance of individual tasks or services and access to these personal data is thereby necessary or cannot be excluded. The categories of recipients of personal data processed through our website are:

  • Internal departments involved in completing the respective business processes (e. g. Purchasing, Accounts, IT)
  • Service provider for hosting, maintenance and administration of our website or our databases and for website analysis. Currently this is schalk&friends GmbH, Lindwurmstraße 124, 80337 Munich, Germany
  • External service providers for direct independent support of the respective business processes (e. g. courier or delivery service providers, tax consultants, auditors)

The transmission of your personal data processed through our website to the above recipients takes place with your consent in accordance with point (b) Article 6(1) GDPR, provided this is necessary for the fulfilment of a contract or the implementation of pre-contractual measures with you in accordance with point (a) Article 6(1) GDPR, due to the legitimate interests of the controller in accordance with point (f) Article 6(1) GDPR, for order processing in accordance with Article 28(1) GDPR or, if necessary, for the decision or establishment of an employment relationship in accordance with Para. 26 of the German Federal Data Protection Act.

In addition, your personal data that are processed through our website are transmitted to state institutions or authorities if we are obliged to provide information by law or as a result of a court order. Furthermore, your personal data that are processed through our website are transmitted to government institutions or authorities if this is necessary to prosecute criminal offences against us as the injured party and to prosecute disruptions or misuse of our online offers or telecommunications services and systems or to assert, exercise or defend civil law claims (legal basis for processing your personal data: legitimate interest of the controller in accordance with point (f) Article 6(1) GDPR, processing for other purposes by non-public bodies in accordance with Para. 24(1) of the German Federal Data Protection Act).

Data transmission to recipients in a third country or to an international organisation
We do not transfer your personal data processed via our website to a recipient in a third country or to an international organisation.

Duration of storage of personal data
Your personal data processed through our website will only be stored for as long as is necessary to fulfil the purposes for which they were processed. Deviating from this, personal usage data processed through our website will be stored for a maximum of 24 hours and then deleted. We store cookies for a period of no more than 24 hours. In addition, your personal data processed through our website will be stored if required by law, the articles of association or contractual retention periods. For example, personal data relevant to tax law are usually stored for a period of 10 years; other personal data are usually stored for a period of 6 years in accordance with commercial law regulations.

Information about your rights as a data subject
In general, and with respect to your personal data processed through our website, you may exercise the rights set out below:

  • Right of access in accordance with Article 15 GDPR:
    You have the right to request information from the controller about the personal data stored about you and other information relating to this personal data.
  • Right to rectification in accordance with Article 16 GDPR:
    You have the right to obtain from the controller rectification of inaccurate personal data concerning you.
  • Right to erasure in accordance with Article 17 GDPR:
    You have the right to obtain from the controller the erasure of personal data concerning you.
  • Right to restrict processing in accordance with Article 18 GDPR:
    You have the right to request the controller to restrict the processing of personal data concerning you.
  • Right to data portability in accordance with Article 20 GDPR:
    You have the right to receive your personal data from the controller in a structured, commonly used and machine-readable format.
  • Right of revocation in accordance with Article 7(3) GDPR:
    You have the right to withdraw your consent given in accordance with point (a) Article 6(1) to the processing of your personal data at any time. Your withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal.
  • Right to object in accordance with Article 21(1) GDPR:
    You have the right to object at any time to the processing of your personal data in accordance with point (e) or (f) Article 6(1) GDPR.
  • Right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR:
    If, as data subject, you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Competent supervisory authority: Bavarian Data Protection Authority, Promenade 27 (Schloss), 91522 Ansbach, Germany; Phone: +49 (0) 981-531300, Fax: +49 (0) 981-53981300, E-mail: poststelle@lda.bayern.de.

The exercise of your rights to cancellation, restriction of processing, revocation or objection may mean that you can use our website or other services that we provide only to a limited extent.

You can address your above rights directly to the contact details provided under »Name and contact details of the controller« in this Privacy Policy.

Secure transmission of personal data through SSL encryption, links to other websites
Personal information that you submit via our website and the Internet is encrypted using the Secure Socket Layer (SSL) encryption technology. SSL technology encrypts and protects your personal data when it is transmitted via our website and the Internet. Our website may contain links to other websites. If you use such links, you will automatically be taken to another website for whose privacy policies we assume no responsibility. For your own safety, you should carefully read the privacy policies of the websites concerned.

Contact details of the Data Protection Officer
Data Protection Officer Gasteig München GmbH
℅ TÜV SÜD Sec-IT GmbH
Ridlerstraße 57
80339 München
Germany
E-mail: dsb.gasteig@tuev-sued.de

Further questions
If this Privacy Policy leaves any questions regarding your personal data processed through our website unanswered, you may address your questions directly to the contact details provided in this Privacy Policy under »Name and contact details of the controller« or »Contact details of the Data Protection Officer«.

Version: December 2020