Data Privacy Policy

The Buchenwald and Mittelbau-Dora Memorials Foundation takes the protection of your personal data very seriously and respects your private sphere. This is why we pursue all of our internet activities exclusively subject to the respectively applicable data protection regulations.

In the following data privacy policy, we inform you about the extent and use of the personal data we collect and process within the framework of our website. In addition, we inform you about the purposes for which we collect and process the data, and about which rights you have in terms of data privacy in accordance with the EU General Data Protection Regulation (GDPR).

Responsible
Stiftung Gedenkstätten Buchenwald und Mittelbau-Dora
99427 Weimar
Phone:  +49 (0)3643-430-0
e-mail: sekretariat@buchenwald.de

Authorised representative:
The Buchenwald and Mittelbau-Dora Memorials Foundation is legally represented by its director, Prof. Dr. Volkhard Knigge.

1. Name and contact data of the controller and the company data protection officer

This data privacy information applies to the data processing by the controller:

Buchenwald and Mittelbau-Dora Memorials Foundation, 99427 Weimar-Buchenwald

The company data protection officer can be reached at this address or directly at the following e-mail address: datenschutz(at)buchenwald(dot)de.

2. Collection and storage of personal data as well as the type and purpose of its use

2.1. When you access our website

When you access our websites www.buchenwald.de or www.dora.de or any other URLs associated with this domain (hereinafter: the website), the browser used on your terminal automatically sends information to our website's server. This information is temporarily stored in a so-called log file. Without any action on your part, information is collected and stored until it is automatically deleted:

  • IP address of the requesting computer
  • date and time of the access
  • name and URL of the accessed file
  • website from which the access is made (referrer URL)
  • browser used and, as applicable, the operating system of your computer and the name of your access provider

The above data is processed by us for the following purposes:

  • to guarantee the trouble-free establishment of the website connection
  • to guarantee convenient use of our website
  • evaluation of the system security and stability and
  • for further administrative purposes.

The legal basis for the data processing is Art. 6 (1), sentence 1, lit. f GDPR. Our legitimate interest is based on the purposes of the data collection listed above. Under no circumstances will we use the collected data for the purpose of drawing any conclusions about your person.

In addition to this, when you visit our website, we use cookies and analysis tools.

2.1.1. Cookies

We use cookies on our website. These are small files automatically created by your browser and stored on your terminal (laptop, tablet, smartphone, etc.) when you visit our website. Cookies will not cause any damage to your device, and contain no viruses, Trojans or other malware.

The cookie stores information that arises in connection with the specifically used device. This does not mean, however, that we receive direct knowledge of your identity.

We use cookies, on the one hand, to make the use of our website more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically erased when you leave the website.

In addition, to optimize the user-friendliness of our website, we also use temporary cookies. These are stored for a specifically determined time on your device. If you visit our website again to use our services, it is automatically recognized that you were here before, and which entries and settings you made so that you do not have to make them again.

On the other hand, we also use cookies in order to analyze the use of our website statistically and to evaluate it for the purpose of optimizing our services for you (see section 5). When you visit our website again, these cookies allow us to recognize automatically that you have already visited the site. These cookies are automatically erased after a specifically defined time.

The data processed by cookies are necessary for the stated purposes to protect our legitimate interests and those of third parties for the technically flawless and optimized provision of services in accordance with Art. 6 (1), sentence 1, lit. f GDPR.

Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that you always receive a notice before a new cookie is stored. The complete deactivation of cookies can, however, mean that you will not be able to use all of the functions of our website.

2.1.2. Analysis/tracking tools

2.1.2.1. Matomo

Our website uses the open-source software Matomo (formerly Piwik). Matomo is a web analysis tool for the statistical evaluation of the use of the website. For the analysis, the usage information (including the abbreviated IP address) generated by a Matomo cookie (see subsection 2.1.1. for the definition of "cookie") is transferred to our server, where it is summarized and stored in pseudonymized usage profiles for usage analysis purposes. The information is used to evaluate the use of our website and to allow a user-friendly design of our website. The information will not be passed on to third parties.

Under no circumstances is the IP address connected with any other data concerning the user. The IP addresses are anonymized so that identification is not possible (IP masking).

Your visit to this website is recorded by the Matomo web analysis tool. Go to https://matomo.org/docs/privacy/) to stop the recording of your visit.

This measure is carried out on the basis of Art. 6 (1), sentence 1, lit. f GDPR. With the tracking measures used, we want to ensure the user-friendly design and continuous optimization of our website. We also use tracking measures to analyze the use of our website statistically and to evaluate it for the purpose of optimization. These interests can be regarded as legitimate within the meaning of the aforementioned regulation.

2.1.3. Plug-ins

Our website uses plug-ins.

2.1.3.1. Google Maps

Our website uses the product Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Your interaction with the Google Maps map on our website links you, as applicable, with the Google Maps website. You can find Google's terms of usage at: https://www.google.com/intl/en_US/help/terms_maps.html. For Google's data privacy policy, go to: https://policies.google.com/privacy?hl=en.

2.1.3.2. Facebook

A link to our subpages in the social network Facebook is integrated in our website.

Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside of the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the processing of personal data.

The data privacy regulations published by Facebook, which can be accessed at https://www.facebook.com/about/privacy/, provide information about the collection, processing and usage of personal data by Facebook. They also explain which setting options Facebook offers to protect the private sphere of the data subject. In addition, various applications are available to allow the suppression of the data transfer to Facebook.

2.1.3.3. YouTube

A link to our YouTube channel is integrated on our website. YouTube is an internet video portal that allows video publishers to post video clips free of charge and other users to view them, also free of charge.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For further information on the treatment of user data, go to the data privacy policy of YouTube at https://policies.google.com/privacy?hl=en.

2.2. Using our contact form or contacting us by e-mail

If you have questions of any kind, you can contact us using the form supplied on the website or contact the controller directly by e-mail. For this purpose, you must state your first and last name, your telephone number and a valid e-mail address so that we know from whom the enquiry comes, and so that we can respond to it by either telephone or e-mail. You do not have to provide any other personal data.

The processing of data for the purpose of your contacting us or our contacting you is carried out in accordance with Art. 6 (1), sentence 1, lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically erased after your enquiry has been dealt with.

2.3. Use of e-mail for job applications and in the application procedure

In the case of job applications, the application documents can also be sent by e-mail.

We collect and process the associated personal data of job applicants exclusively for the purpose of handling the application procedure. The data is processed in these cases in accordance with Art. 6 (1), sentence 1, lit. a GDPR on the basis of your voluntarily given consent.

If the Buchenwald and Mittelbau-Dora Memorials Foundation concludes an employment con-tract with an applicant, the transferred data will be stored in accordance with the legal stipu-lations for the purpose of implementing the employment contract. If no employment contract is concluded with the applicant, the application documents will be automatically erased four months after the announcement of the rejection decision, provided the erasure does not affect any other legitimate interests of the controller. Another legitimate interest in this sense is, for example, the obligation to provide proof in proceedings subject to the General Equal Treatment Act (GETA).

2.4. Making an offer to conclude a contract via our website / Use of the shop

If you use our website to make an offer for the conclusion of a sales contract, we collect the following data:

  • first and last name as well as address data; as applicable, name and address of your company or employer
  • title, first name, last name and contact data (e-mail address, telephone number) of the persons authorized to sign for the contractual partner.

The personal data is processed on the basis of a justification pursuant to Art. 6 (1), lit. b GDPR. The personal data collected by us for the purpose of handling your order is automatically erased after your enquiry has been dealt with.

3. Transfer of data

Your personal data will not be transferred to third parties for any purposes other than those set out in the following. We pass your personal data on to third parties only if:

  • you have given your express consent to this pursuant to Art. 6 (1), sentence 1, lit. a GDPR
  • it is legally permissible and necessary in accordance with Art. 6 (1), sentence 1, lit. b GDPR for the handling of contractual relationships with you (e.g. mail/parcel services, payment transactions, e.g. via PayPal) and
  • in the case that there is a legal obligation to transfer the data pursuant to Art. 6 (1), sentence 1, lit. c GDPR or
  • the transfer is necessary pursuant to Art. 6 (1), sentence 1, lit. f GDPR for the establishment, exercise or defence of legal claims, including those against contractual partners, or the continuous analysis and improvement of our services as well as maintenance of the attractiveness of our services (e.g. updating of customer lists, analysis of databases, advertising measures, provision of modern technical solutions) and there is no reason to assume that you have an overriding, legitimate interest in the non-disclosure of your personal data.

Insofar as we use the services of third parties as processor within the meaning of the GDPR for our data processing, we shall maintain the necessary contractual relationships with such third parties within the meaning of Art. 28 GDPR.

Personal data will be transferred to third parties in countries outside of the EU (third countries) only if and to the extent that you have granted your consent, or if we have an overriding legitimate interest in doing so. If such a data transfer is made, we shall ensure contractually that the third-party processors maintain a standard of data protection corresponding to that of the European Union. 

4. Rights of the data subject

You have the right

  • pursuant to Art. 15 GDPR, to demand information about your personal data processed by us. In particular, you have the right to demand information about the purposes of processing, the category of the personal data, the categories of recipients to which your data was or is disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of the data insofar as it was not collected by us, as well as about the existence of automated decision-making, including profiling and, as applicable, meaningful informa-tion on the respective details
  • pursuant to Art. 16 GDPR, to demand the immediate rectification of incorrect or incomplete personal data stored by us
  • pursuant to Art. 17 GDPR, to demand the erasure of your personal data stored by us if the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
  • pursuant to Art. 18 GDPR, to demand the restriction of processing of your personal data insofar as you dispute the correctness of the data, the processing is unlawful but you object to its erasure and we no longer require the data, but you need it for the establishment, exercise or defence of legal claims, or you have lodged an appeal against the processing pursuant to Art. 21 GDPR
  • pursuant to Art. 20 GDPR, to receive the personal data that you have made available to us in a structured, commonly used and machine-readable format, or to demand the transfer of the data to another controller
  • pursuant to Art. 7 (3) GDPR, to revoke at any time your previously granted consent. The consequence of this is that we are no longer permitted to continue the data processing that was based on this consent.
  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. For this purpose, you can generally contact the supervisory authority at your normal place of residence or work or at the domicile of our offices.

5. Right of objection

Insofar as your personal data is processed on the basis of justified interests in accordance with Art. 6 (1), sentence 1, lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons arising from your particular situation or the objection is against direct marketing. In the latter case, you have a general right of objection that we will implement without reference to a particular situation. If you want to exercise your right of revocation or of objection, an e-mail to the following address is sufficient: datenschutz(at)buchenwald(dot)de.

6. Data security

During the website visit, we support the standard SSL (Secure Socket Layer) protocol. We also use appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss or destruction, and against unauthorized access by third parties (e.g. firewall system). Our security measures are continuously improved in accordance with technological developments.

7. Up-to-dateness and changes to this data privacy policy

This data privacy policy is currently valid as of 5 March 2019.

Due to the further development of our website and the related services, or due to changes in legal stipulations or official regulations, it may be necessary to make changes to this data privacy policy. You can access and print out the respectively valid data privacy policy at the following website: https://www.buchenwald.de/pl/1499/.