Zum Inhalt (Access key c)Zur Hauptnavigation (Access key h)Zur Unternavigation (Access key u)

Privacy policy

Information in accordance with Article 13 GDPR

I. Name and address of the Controller

This website is being operated by Kreismuseum Wewelsburg, which is part of the cultural office of the Paderborn district administration. As a public body of the Ger-man state of North Rhine-Westphalia, we are, in addition to the EU General Data Protection Regulation (GDPR), also subject to the Data Protection Act of NRW (DSG NRW) in their respective amended version.

Controller within the meaning of the GDPR and the DSG NRW as well as other provisions under data protection law is:

District of Paderborn
- Chief Administrative Officer -

Aldegreverstraße 10-14
33102 Paderborn
Germany

Tel.: +49 (0)5251 308-0
Fax: +49 (0)5251 308-8888

E-mail: krsvrwltngkrs-pdrbrnd
Website: https://www.kreis-paderborn.de

II. Contact data of the data protection officer

The contact data of the official data protection officer are as follows:

District of Paderborn
- Data Protection Officer -

Aldegreverstraße 10-14
33102 Paderborn
Germany

Tel.: +49 (0)5251 308-8500
Fax: +49 (0)5251 308-89 8500

E-mail: dtnschtzkrs-pdrbrnd
Website: https://www.kreis-paderborn.de

III. General information regarding data processing

1. Scope of the processing of personal data
The district of Paderborn takes the protection of your personal data very seriously. A processing of personal data is performed only to the extent that a legal basis in the GDPR, the DSG NRW or other legal provisions provide for it or if you have expressly consented to the processing.
On principle, we collect and use the personal data only to the extent that this is nec-essary for providing a functional website as well as our contents and services. The processing of the personal data is carried out regularly only after having received the user’s consent. An exception applies in such cases in which a prior obtaining of consent is not possible for factual reasons and where the processing of the data is permitted by statutory regulations. 

2. Legal basis for the processing of personal data
To the extent that we obtain a declaration of consent of the data subject for the pro-cessing operations, Art. 6 Par. 1 Lit. a GDPR serves as legal basis.
In case of the processing of personal data that is required for the fulfilment of a contract to which the data subject is a contractual party, Art. 6 Par. 1 Lit. b GDPR serves as legal basis. This shall also apply to processing operations that are necessary for the carrying out of pre-contractual measures.
To the extent that a processing of personal data is required for the fulfilment of a contractual obligation that our district administration is subject to, Art. 6 Par. 1 Lit. c GDPR in conjunction with § 3 Par. 1 DSG NRW serves as legal basis.
In case vital interests of the data subject or of another natural person make a pro-cessing of personal data necessary, Art. 6 Par. 1 Lit. d GDPR serves as legal basis.
If the processing of personal data is needed for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

3. Data erasure and duration of storage
The personal data of the data subject will be erased or restricted as soon as the purpose of storage no longer exists. A storage can, furthermore, be performed if this is provided for by the European or national legislatures in rules, laws, or other regulations under European Union law applicable to the Controller. A restriction or erasure of the data is also performed if a storage period prescribed by the specified standards expires unless a necessity exists for further storage of the data for conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system calling it up.
During this process, the following data are collected:

  1. Information regarding the type and version of the browser used
  2. The user’s operating system
  3. The Internet service provider of the user
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user’s system reached our website 
  7. Websites that were called up by the user’s system via our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for the data processing
Legal basis for the temporary collection of the data and the log files is Art. 6 Par. 1 Lit. c) GDPR in conjunction with § 3 Par. 1 DSG NRW.

3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to make possible a delivery of the web page to the user’s computer and to retrace system disruptions. To effect this, the IP address must remain temporarily stored. The storage in log files is performed to ensure the functioning of the website. Additionally, the data serve for optimisation of the website and to ensure the security of our information technology systems. An analysis of the data for other purposes does not take place in this context. This is necessary for the fulfilment of the public task of public relations work as well as for the provision of information.

4. Duration of storage
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. This is the case after one month in the case of collection of the data for provision of the website.

This is the case no later than after one month in the case of the storage of data in log files. A storage beyond that is possible. In this case, the users’ IP addresses are erased or distorted so that an attribution to the calling-up client is no longer possible and the establishing of a correlation to a person is no longer possible.

5. Option to object and remove
The collection of the data for the provision of the website and the storage of the data in log files is mandatorily required for the operation of the website. Therefore, no option to object exists for the user.

V. Utilisation of cookies

1. Description and scope of the data processing
Our website uses cookies by etracker. Therefore, personal data are stored upon calling up a page. Cookies are small text files that are stored in and/or by the web browser on the user’s computer system. When a user calls up a website, a cookie can be stored on the user’s operating system this way. This cookie contains a characteristic sequence of character that allow for an unambiguous identification of the browser when the website is called up again.
In addition, we utilise cookies on our website that allow for an analysis of the surfing behaviour of the users. The users’ data collected in this manner are being pseudonymized via technical measures. Therefore, an attribution of the data to the user performing the call-up is no longer possible. The data are not being stored jointly with other personal data of the users.
When calling up our website, users are being informed - by an info banner - of the utilisation of cookies for analysis purposes and are referred to this privacy policy. In this context, a notification also takes place how the storing of cookies can be pre-vented in the browser settings.

2. Legal basis for the data processing
Legal basis for the processing of personal data under utilisation of cookies for analysis purposes is Art. 6 Par. 1 Lit. c) GDPR in conjunction with § 3 Par. 1 DSG NRW, since this is necessary for the analysis of the public relations effectiveness of the website for improving the offer of the Kreismuseum.

3. Purpose of the data processing
The utilisation of analysis cookies is being carried out for the purpose of improving the quality of our website and of its contents. Through analysis cookies, we find out how the website is being utilised and thusly can continuously optimise the presence of the Kreismuseum and the design of the information on the website.
These purposes also constitute our legitimate interest in the processing of the per-sonal data in accordance with Art. 6 Par. 1 Lit. c) GDPR in conjunction with § 3 Par. 1 DSG NRW.

4. Duration of storage, option to object and remove
Cookies are stored on the user’s computer and transmitted from the latter to our website. Therefore, you, as the user, also have full control over the utilisation of cookies. By modifying the settings in your web browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you deactivate cookies for our website, it is possible that not all functions of the website can be utilised to their full extent any more.

VI. Newsletter

1. Description and scope of the data processing
On our website, there is the option to subscribe to a newsletter free of charge. In the process, the data from the data entry mask is transmitted to us upon registration for the newsletter, i.e.:

  • Salutation
  • First name, last name
  • E-mail address

Your consent to the processing of the data is being collected in the course of the registration process and this data protection policy is being referred to.

No passing-on of data to third parties is taking place in connection with the data processing for the sending of newsletters. The data are being used exclusively for the sending of the newsletter.

2. Legal basis for the data processing
Legal basis for the processing of the data subsequent to the registration for the newsletter by the user is, in case of an existing declaration of consent of the user, Art. 6 Par. 1 Lit. a GDPR.

3. Purpose of the data processing
The collection of the user’s e-mail address serves for delivery of the newsletter. 

4. Duration of storage
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. As such, the data collected for the purpose of delivery of the newsletter will be stored as long as the newsletter subscription is active.

5. Option to object and remove (withdrawal and/or cancellation)
The newsletter subscription can be cancelled (withdrawn) by the affected user at any time by, Art. 7 Par. 3 GDPR. The lawfulness of the data processing up until the withdrawal of the consent will remain unaffected by this. A corresponding link for the purpose of cancellation is included in each newsletter. Furthermore, it is also possible to send a withdrawal and thus a cancellation of the newsletter, effective for the future, at any time via e-mail to nfwwlsbrgd, in writing to Kreismuseum Wewelsburg, Burgwall 19, 33142 Büren-Wewelsburg, Germany, or via fax to +49 (0)2955 7622-22. This also makes possible a withdrawal of consent to storage of the personal data collected during the registration process.

VII. Contact form and e-mail contact

1. Description and scope of the data processing
On our website, there is a contact form which can be utilised to establish contact electronically. If a user exercises this option, the data entered into the data entry mask are transmitted to us and stored. To the extent provided, these data are:

  • Salutation
  • First name, last name
  • Address (street and street address, postal code, city, country)
  • Telephone number
  • E-mail address
  • Your message to us

Your consent to the processing of the data is being collected in the course of the submission process and this data protection policy is being referred to.

Alternatively, it is possible to establish contact via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail is being stored.

No passing-on of the data to third parties takes place in connection with this. The data is exclusively being utilised for the processing of the conversation.

2. Legal basis for the data processing
Legal basis for the processing of the data, in case of an existing declaration of con-sent of the user, is Art. 6 Par. 1 Lit. a GDPR. If the e-mail contact is geared towards the conclusion of a contract, the additional legal basis for the processing is Art. 6 Par. 1 Lit. b GDPR.

3. Purpose of the data processing
The processing of the personal data from the data entry mask serves us only in the processing of the establishing of contact.

4. Duration of storage
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the data entry mask of the contact form and for the personal data sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be concluded from the circumstances that the respective matter has been clarified conclusively. 

5. Option to object and remove (withdrawal)
The user has the option to withdraw his or her consent to the processing of the per-sonal data at any time. If the user establishes contact with us via e-mail, he or she can object to the storage of the personal data at any time. However, in such a case, the conversation cannot be continued. A withdrawal is possible, in particular, via e-mail to nfwwlsbrgd, in writing to Kreismuseum Wewelsburg, Burgwall 19, 33142 Büren-Wewelsburg, Germany, or via fax to +49 (0)2955 7622-22. All personal data that was stored in the process of establishing contact will be deleted in this case.

VIII. Web analysis by etracker

1. Scope of the processing of personal data
On our website, we utilise the etracker software tool to analyse the surfing behaviour of our users. The software utilises cookies on the user’s computer (regarding cookies, see above). When individual pages of our website are called up, the following data are being stored:

  1. Two bytes of the IP address of the user’s computer system calling them up
  2. The web page called-up
  3. The website from which the user arrived at the called-up web page (referrer) including search term in case of search engines
  4. Browser, including sub-versions
  5. Operating system, including sub-versions
  6. Plug-ins utilised
  7. System language
  8. Screen resolution
  9. Provider
  10. Country of origin
  11. The sub-pages that are called up from the web page called up

Here the software is running exclusively on the servers of our website. A storage of the personal data of the user takes place only there. A passing-on of data to third parties does not take place.

The software is configured such that the IP addresses are not stored completely but rather 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). This way, an attribution of the shortened IP address to the computer performing the call up is no longer possible.

2. Legal basis for the processing of personal data
Legal basis for the processing of the personal data of the users is Art. 6 Par. 1 Lit. c) GDPR in conjunction with § 3 Par. 1 DSG NRW.

3. Purpose of the data processing
The processing of the personal data of the users enables us to analyse the surfing behaviour of our users. Through analysis of the data gained, we are able to compile information regarding the utilisation of the individual components of our website. This helps us to continuously improve our website and its usability. These purposes also constitute the necessity for fulfilment of the public task in accordance with Art. 6 Par. 1 Lit. c) GDPR in conjunction with § 3 Par. 1 DSG NRW. Through the anonymization of the IP address, the users’ interest in the protection of their personal data is being addressed sufficiently.

4. Duration of storage
The data will be deleted as soon as they are no longer needed for recording purposes.

5. Option to object and remove
Cookies are stored on the user’s computer and transmitted from the latter to our website. Therefore, you, as the user, also have full control over the utilisation of cookies. By modifying the settings in your web browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you deactivate cookies for our website, it is possible that not all functions of the website can be utilised to their full extent any more.

For more detailed information regarding the privacy settings of etracker, see the following link: https://www.etracker.com/datenschutz/#compliance.

IX. Video surveillance in the exhibition rooms

1. Description and scope of the data processing
The exhibition rooms of the Kreismuseum, are subject to video surveillance as well as video recording. The video surveillance in the affected areas of Wewelsburg castle is expressly being indicated (as per § 20 Par. 2 DSG NRW) via pictograms and signs installed there.

2. Legal basis for the data processing
Legal basis for the temporary video surveillance and video recording is Art. 6 Par. 1 Lit. e) GDPR in conjunction with § 20 Par. 1 No. 1 DSG NRW.

3. Purpose of the data processing
The temporary video surveillance and video recording serves for exercising the house rules.

4. Duration of storage
The recordings are erased immediately (no later than after 72 hours), unless the data are necessary for defence against hazards to public safety, for the persecution of crimes, or for the assertion of legal claims against the data subject (§ 20 Par. 4 DSG NRW).

5. Option to object and remove, recipient
The capturing of the data is necessary for exercising the house rules. Therefore, no option to object exists for the user. A passing-on of the recordings to a third party does not take place, unless this is required for compliance with legal obligations, e.g. towards law enforcement agencies or the judiciary.

X. Your rights

1. Right of Access, Art. 15 GDPR
You may demand from the Controller a confirmation regarding whether personal data concerning you are being processed by us. 

If such a processing is the case, you shall have the right to demand access to the following information from the Controller:

  1. the purpose for which the personal data is being processed;
  2. the categories of personal data that are being processed;
  3. the recipients and/or the categories of recipients to whom the personal data concerning you have been or still will be disclosed;
  4. the planned duration of storage of the personal data concerning you or, if specific statements regarding this are not possible, criteria for the specification of the storage period;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Controller, or a right to object to this processing; 
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. any and all available information regarding the origin of the data if the personal data were not collected from the data subject;
  8. the existence of an automated decision-making, including profiling, in accordance with Art. 22 Par. 1 and 4 GDPR, and – at least in these cases – meaningful information about the logic involved as well as the significance and the envisioned consequences of such processing for the data subject.
  9. You shall also have the right to demand information whether the personal data concerning you are transferred to a third country or to an international organisation. In connection with this, you may demand to be informed about the appropriate safe-guards in accordance with Art. 46 GDPR in connection with the transfer. However, since we do not pass any data on to a third country or to an international organisation, this claim is a moot point.

2. Right to rectification, Art. 16 GDPR
You have a right to rectification and/or completion against the Controller insofar as the personal data processed concerning you are incorrect or incomplete. The Con-troller must perform the rectification without undue delay.

3. Right to restriction of processing, Art. 18 GDPR
Subject to the following prerequisites, you may demand restriction of the processing of personal data concerning you:

  1. if you contest the accuracy of the personal data concerning you, for a period enabling the Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of pro-cessing but you still need them for the establishment, exercise or defence of legal claims, or
  4. you have objected to processing pursuant to Art. 21 Par. 1 GDPR and it has not yet been determined whether the legitimate grounds of the Controller override your grounds.

Where the processing of the personal data concerning you has been restricted, such data shall, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If the restriction of the processing was restricted pursuant to the above prerequisites, you will be informed by the Controller before the restriction is lifted.

4. Right to erasure, Art. 17 GDPR
a) Obligation to erase
You shall have the right to demand from the controller to erase the personal data concerning you without undue delay, and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing is based in accordance with Art. 6 Par. 1 Lit. a or Art. 9 Par. 2 Lit. a GDPR, and there is no other legal ground for the processing. 
  3. You object to the processing pursuant to Art. 21 Par. 1 GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 Par. 2 GDPR. 
  4. The personal data concerning you have been unlawfully processed. 
  5. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject. 
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 Par. 1 GDPR.

b) Information to third parties
Where the Controller has made the personal data concerning you public and is obliged, pursuant to Art. 17 Par. 1 GDPR, to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 

c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with Art. 9 Par. 2 Lit. h and i as well as Art. 9 Par. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 GDPR in so far as the right referred to section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

5. Right to notification, Art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the Controller, the Controller shall be obliged to communicate to each recipient to whom the respective personal data concerning you was disclosed any rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves disproportionate effort.
You shall have the right against the Controller to be informed about those recipients.
6. Right to data portability, Art. 20 GDPR
You shall have the right to receive the personal data concerning you, which you pro-vided to the Controller, in a structured, commonly used and machine-readable for-mat. In addition, you shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent pursuant to Art. 6 Par. 1 Lit. a GDPR or Art. 9 Par. 2 Lit. a GDPR or on a contract pursuant to Art. 6 Par. 1 Lit. b GDPR; and
  2. the processing is carried out by automated means.

In exercising your right to data portability, you shall, furthermore, have the right to have the respective personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to a processing of personal data that is needed for the performance of a task carried out in the public interest or in the exer-cise of official authority vested in the Controller.

7. Right to object, Art. 21 GDPR
You shall have the right, at any time, to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 Par. 1 Lit. e or f GDPR.
The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves for the establishment, exercise or defence of legal claims.
In the context of the use of information society services – and Directive 2002/58/EC notwithstanding – you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw the declaration of consent under data protection law, Art. 7 Par. 3 GDPR
You shall have the right to withdraw your declaration of consent under data protec-tion law at any time. The withdrawal of the declaration of consent will not affect the legality of the processing performed based on the declaration of consent up until the withdrawal.

9. Right to lodge a complaint with a supervisory authority, Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider the processing of personal data relating to you to be infringing on the GDPR, the DSG NRW or other regulations under data protection law.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 77 GDPR.
The supervisory authority responsible for data protection for the Controller is:

State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia (LDI NRW)
POB 20 04 44
40102 Düsseldorf
Germany

Tel.: +49 (0)211 38424 -0
Fax: +49 (0)211 38424 -10

E-mail: pststllldnrwd
Website: https://www.ldi.nrw.de

Data Protection Office

District of Paderborn

Aldegreverstraße 10-14
33102 Paderborn
Germany

Tel.: +49 (0)5251 308-0
Fax: +49 (0)5251 308-8888

Send an e-mail
Visit website

This website uses session cookies. By continuing to use the website, you agree to their use. You can close this note by clicking on the button. Data privacy