Privacy statement

The Town of Passau operates the website of the Oberhausmuseum under the domain name oberhausmuseum.de.

The Town of Passau places great importance on protecting citizens' data and telecommunication confidentiality. Your data are collected within the scope of data protection legislation. We have adopted technical and organizational measures that ensure that the regulations regarding privacy and data protection are observed by us. Our website contains links to websites of third parties. We have no influence on whether their operators act in compliance with data protection provisions.

The purpose of the following Privacy Statement is to inform you as to the nature, extent and purpose of the collection and use of personal data (e.g. name, address, e-mail address) by the website operator.

1. Name and contact data of the party responsible for distribution of information and of the Data Protection Officer

This information regarding data privacy applies to data processing by the
Town of Passau
Rathausplatz 2-3, 94032 Passau, Germany
E-mail: poststelle@passau.de
Phone: +49 851- 396 0
Fax: +49 851- 396 438

The Data Protection Officer of the Town of Passau can be contacted at the above address or at datenschutz@passau.de.

2. Collection and storage of personal data as well as nature and purpose of use

a. When accessing the website

Basically, our website is available to all users without disclosing personal data. You do not need to register in order to be able to the use the services provided by our website. Personal data are only collected for personalized services (such as newsletters). For further details, see 2. b)

When you access our website www.oberhausmuseum.de, the browser used on your terminal device automatically transmits information to our website's server. Such information is temporarily stored as a web server log. The following information is gathered and stored until manual deletion:
◦ IP address
◦ date and time the request was made
◦ time zone difference to GMT
◦ content of the request (concrete page)
◦ access status/HTTP status code
◦ respective volume of data transmitted
◦ website from which the request is made
◦ browser
◦ operating system and its interface
◦ language and version of the browser software.

The same data are also visible following login by employees of the Town of Passau who are entitled to do so for the purpose of firewall audit, however it is not logged in the case of permitted access (port 80 and 443/tcp). Only unauthorized access is logged and recorded until manual deletion. To the extent necessary, we use your access data exclusively for purposes of technical administration of the website, to respond to your requests or to provide you with access to specific information or offers. Such data are used by us for, including but not limited to, the following purposes:
◦ to ensure smooth establishment of a connection to the website,
◦ to ensure comfortable use of our website,
◦ to evaluate system security and stability and
◦ for further administrative purposes.

The legal basis of data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is a consequence of the data collection purposes listed above. In no event will we use the collected data to draw conclusions as to you as an individual.

When our website is visited, we also make use of analytics services. Please refer to items 4 and 5 of this Privacy Statement for further information.

b. When registering for our newsletter

Provided that you have expressly given your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR, we will use you e-mail address to regularly send you our newsletter. For receiving the newsletter, stating an e-mail address suffices.
The e-mail addresses for sending the newsletters to are securely stored on municipal servers, are exclusively processed by municipal staff, and are not used for any other purpose than sending newsletters.

Unsubscribing from the newsletter is always possible, for example with the unsubscribe link at the bottom of each newsletter. Alternatively, you can send an e-mail asking to unsubscribe to oberhausmuseum@passau.de. Your e-mail address will then be deleted. No comparison will be made with other existing data and it will not be forwarded to a third party, not even excerpts. You can rest assured that your data are used solely for the stated purpose. No addresses will be sold to third parties or used for any other marketing purposes.

3. Disclosure of data

Your personal data is not passed on to third parties except in the cases listed below.
We will only transmit your personal data to third parties if:
◦ you have expressly given your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR,
◦ transmission pursuant to Art. 6 (1) sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding and legitimate interest in the non-disclosure of your data,
◦ there is a statutory obligation to disclose data for transmission pursuant to Art. 6 (1) sentence 1 lit. c GDPR and
◦ it is permitted by law and necessary for processing the contractual relationship with you, e.g. for billing purposes; in this case, data are transmitted to the town treasury and the Lord Mayor's office.

4. Cookies

We use cookies on our website. These are small files which are automatically created by your browser and stored on your terminal device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not damage your terminal device, and contain no viruses, Trojan horses or other malware. Information arising in association with the specific terminal device used is stored in the cookie. This does not mean, however, that such storage gives us direct knowledge regarding your identity.

The use of cookies serves in part to make your use of our services more convenient. We use so-called session cookies to tell that you have already visited individual pages of our website. These are automatically deleted when you leave our website.

To optimise user-friendliness, we also use temporary cookies, which are stored on your terminal device for a certain established period of time. If you re-visit our website to make use of our services again, this will allow the website to know that you have visited the site before and which entries and settings you made, so you do not have re-enter them.

We also use cookies to compile statistics on the use of our website and to evaluate them with the purpose of optimising our offer (see item 5). These cookies allow us to recognise that you have visited our site before. Such cookies are automatically deleted after a defined period of time.

Such data processed by cookies for the purposes mentioned above are required to safeguard our own legitimate interests, as well as the legitimate interests of third parties, pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies will be stored on your computer, or that you will be asked for permission before cookies are created. If you deactivate cookies, however, you may not be able to use the full functionality of this website.

5. Analysis tools

This website uses MATOMO (formerly Piwik), an open source software for the statistical evaluation of visitor accesses. MATOMO uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by us.

The information regarding your use of this internet offer created by the cookie is stored on the server of the Town of Passau. Immediately after it is processed and before it is stored, the IP address is anonymised. IP addresses are shortened by the two latter octets before possible use for analysis of usage behaviour. It is therefore no longer possible to identify a particular individual. Furthermore the IP address is only used in shortened form (and thus without personal reference) for approximate geo-localisation. Here the country of origin and the access provider ("internet access provider") are determined and stored.

If you do not agree with the storage and evaluation of these data from your visit, you may subsequently revoke the storage and utilisation via mouse click at any time. In this case, a so-called opt-out cookie is filed in your browser, with the result that MATOMO does not collect any session data.

Warning: If you delete your cookies, the opt-out cookie will also be deleted and might have to be reactivated by you.

The storage of MATOMO-cookies takes place in accordance with Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour to optimise their web offer.

MATOMO uses the following cookies:

The cookies "_pk_id", "_pk_ref" and "_pk_ses" provide anonymised tracking data. The information is used to improve the website by evaluating the results. All data are collected anonymously and include parameters such as page impressions of the pages you visit (system web analytics and tracking management).

The cookie "_pk_id" is deleted after 12 months, the cookie "_pk_ref" after 6 months, and the cookie "_pk_ses" after 30 minutes.

6. YouTube plug-in

Videos from the external video platform YouTube are incorporated on our website. Only images from disabled YouTube videos are embedded by default, so that there is no automated connection with the servers of YouTube. The operator thus receives no user data when the website is accessed.

You can decide yourself if you want to activate the YouTube videos. It is only when you click on "Permanent activation" to enable video playback that you give your consent to the operator to transmit necessary data (including, among other things, internet address of the current website as well as the user's IP address).

A cookie that stores the parameters is created by us to save the user's preferred settings. When setting such cookies, however, we do not save any personal data; they merely contain anonymised data for browser customisation. The videos are then activated and can be played back by the user. If you would like to deactivate the automatic loading of YouTube videos again, you can unset the checkmark below the privacy icon. This will also update the cookie settings.

YouTube is an offer of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. To obtain further information regarding the scope and purpose of data processing (also outside the European Union and outside the US) as well as information on settings options to protect your private sphere please consult the privacy statement: https://policies.google.com/privacy?hl=de&gl=de. Google processes your personal data in the US and other regions and is therefore governed by the EU-US Privacy Shield.

7. Rights of persons affected

You reserve the right:
◦ to receive information on your personal data processed by us, pursuant to Art. 15 GDPR. In particular, you are entitled to request information regarding the processing purposes, the category of personal data, the categories of recipients to whom your personal data were or are disclosed, the duration of storage of the data, the existence of a right or rectification, deletion, limitation of processing or objection, the existence of a right of complaint, the source of your data, insofar as such data were not collected by us, as well as regarding the existence of an automated decision-making including profiling and, if applicable, meaningful information regarding the details thereof;
◦ to demand correction or completion of your personal data stored with us pursuant to Art. 16 GDPR;
◦ to demand deletion of your personal data stored with us where processing is not necessary for exercising the right to freedom of expression or the right to information, for complying with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims pursuant to Art. 17 GDPR;
◦ to demand restriction of the processing of your personal data, insofar as the correctness of such data is contested by you, the processing is unlawful but you refuse deletion and we no longer need the data, but that you require such data for the establishment, exercise or defence of legal claims or have objected to processing pursuant to Art. 21 GDPR;
◦ to receive, in a structured, conventional, machine-readable format, the personal data you have provided to us or to demand its transmission to another person responsible pursuant to Art. 20 GDPR;
◦ to revoke your consent given to us at any time pursuant to Art. 7 (3) GDPR. As a result, we are not permitted to continue in the future the data processing that was based on such consent, and
◦ to complain to the Bavarian Data Protection Commissioner (supervisory authority) pursuant to Art. 77 GDPR.

8. Right of objection

Insofar as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit f GDPR, you reserve the right pursuant to Art. 21 GDPR to object to the processing of your personal data, provided that there are reasons for such an objection resulting from your particular situation or that the objection involves direct advertising. In the latter case, you have a general right of objection that is implemented by us without indication of any specific situation.

If you would like to exercise your right of revocation or objection, please send an e-mail to datenschutz@passau.de.

9. Data security

For security reasons and to protect transmission of confidential content, such as requests that you send us as site operator, this website uses SSL encryption. You can tell that a connection is encrypted when the address bar of your browser changes from "http://" to "https://" and a small lock symbol appears in the browser.

If SSL encryption is enabled, the data you transmit to us cannot be read by third parties.

Please note that if you send a non-encrypted e-mail to the Town of Passau, unauthorised access or corruption of information during data transmission cannot be ruled out. When we receive an e-mail from you, we assume that you are authorised to reply via e-mail.

We also apply appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or full loss, and unauthorised access by third parties. Our security measures are continuously improved in accordance with the development of technical standards and verified by GeoTrust (DigiCert, Inc.).

10. Validity of and alterations to this Privacy Statement

This Privacy Statement is currently valid and was last revised in May 2019.
Due to further development of our website and offers relating to it or due to changed statutory and/or government requirements, it may be necessary to change this Privacy Statement.