Data protection regulations of the stuttgart rail project-ulm
With the following data protection provisions, we comply with the information obligations arising from the General Data Protection Regulation (GDPR).
Who is responsible for data processing responsible ?
Person responsible is:
Bahnprojekt Stuttgart-Ulm e.V.
Legally represented by the chairman of the association: Bernhard Bauer
Am Schlossplatz 15/1
70173 Stuttgart
Tel. 0711 184 217 0 or by e-mail to hallo@its-projekt.de
How can I contact the data protection officer?
Privacy Officer:
Bahnprojekt Stuttgart-Ulm e.V.
Am Schlossplatz 15/1
70173 Stuttgart
Email to datenschutz@its-projekt.de
Which data is processed for which purposes?
1. basics of data processing
Purpose and scope of the processing of personal data
We process the personal data of our users exclusively in order to provide a functional website in connection with our content and services. Alternatively, the user has expressly consented to the processing. The processing of our users' personal data generally only takes place with the user's consent. An exception is made in situations where it is not possible to obtain consent in advance and data processing is permitted by law.
2. legal bases
If we obtain the consent of the data subject for the processing of personal data, this serves as the legal basis in accordance with Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR).
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. Our legitimate interest in the processing lies in the operation of the website, the dispatch of orders and advertising purposes. Some functions of our website cannot be offered without the use of cookies.
3. revocation of your consent to data processing
4. data deletion and storage
5. provision of the website / creation of log files
5.1 Description and scope of data processing
5.2 Legal basis for data processing
5.3 Purpose of data processing
5.4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
6. use of cookies
6.1 Description and scope of data processing
Our website uses cookies. We use cookies to make our website more user-friendly. The user data collected in this way is pseudonymized by technical precautions. The data processed by cookies, which are required for the proper functioning of the website, are necessary to safeguard the legitimate interests of the organizer and third parties in accordance with Art. 6 para. 1 lit. f GDPR.
For all other cookies, you have given your consent to this via our opt-in cookie banner within the meaning of Art. 6 para. 1 lit. a GDPR.
When accessing the website, users are informed by a cookie banner about the use of cookies for analysis purposes and referred to this privacy policy. This cookie banner also enables the user to prevent this type of cookie directly. These cookies are not stored until the user has given their explicit consent.
6.2 Use of data
6.3 Place of data processing
6.4 Rights
You have the right to information about the personal data we process about you. You also have the right to rectification, erasure or restriction of processing, insofar as you are legally entitled to do so.
Furthermore, you have the right to object to the processing within the framework of the legal requirements. The same applies to the right to data portability.
In particular, you have the right to object to the processing of your data in accordance with Art. 21 (1) and (2) GDPR if this is based on a balancing of interests.
Finally, you have the right to lodge a complaint with a supervisory authority responsible for data protection.
7. third party providers
7.1 Sale of tickets / other services / products
We use the ticket system on our website ditix.io diginights GmbH, Ferdinand-Braun-Straße 17, 74074 Heilbronn, to sell tickets, etc. for our events.
To enable ticket sales and dispatch via ditix.io the data entered during the ordering process is transferred to the servers of the ticket software and stored there.
This data is only used to fulfill the contract and is deleted after the statutory retention periods have expired.
7.2 Subscribing to the newsletter
When purchasing tickets, etc., you can optionally use ditix.io you can subscribe to a newsletter. If this option is activated when purchasing a ticket, this information is also transmitted to the ticket software servers and stored there.
In addition, a confirmation email will be sent to the email address provided in the order process, asking you to confirm your subscription to the newsletter. Newsletters will only be sent after confirmation by clicking on the link provided in the confirmation email.
After confirmation, we use the e-mail addresses obtained in this way for marketing and information campaigns relating to the event for which tickets were purchased and other similar events.
You can unsubscribe from the newsletter at any time via a link provided in the newsletter ("Unsubscribe").
If you unsubscribe from the newsletter, the data stored for the purpose of sending the newsletter will be deleted automatically.
7.3 Further functions of the website
8. contact form and e-mail contact
8.1 Description and scope of data processing
There are several contact forms on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. This includes the name entered, the email address, the subject and the message.
This data is not stored. This website processes the data provided directly and sends it as an e-mail to an internal mailbox of the site operator.
This enables the website operator to contact you via the email address provided. In this case, the personal data of the user transmitted with the email will be used by the website operator for the purpose of establishing contact.
No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.
8.2 Legal basis
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
8.3 Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
8.4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
9 Rights of the data subject
9.1 Right to information, correction, blocking, deletion
9.2 Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of your personal data:
- if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
- if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
9.3 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
9.4 Right to data portability
9.5 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html