Privacy Notice

Name and address of the data controller

The data controller within the meaning of the European GDPR regulation and of other national data protection regulations of member states and of other legal data protection provisions is:

Minihaus München
Rainer Eckerl
Fürstenrieder Straße 267
81377 Munich, Germany

Phone: +49 89 41 11 49-100
E-mail: kontakt@minihaus-muenchen.de

Contacting the data protection officer

The data controller’s data protection officer can be contacted at the following address:

E-mail: datenschutz@minihaus-muenchen.de

General information about data processing

Scope of personal data processing

We only ever process our users’ personal data to the extent that this is required to deliver a working website and our content and services. Our users’ personal data is processed regularly only following the user’s consent. An exception applies in cases in which it is not possible to obtain consent beforehand for factual reasons and in which legal regulations permit processing of the data.

Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for procedures which process personal data, Art. 6(1)(a) of EU DSGVO [Datenschutz-Grundverordnung, German equivalent of GDPR] serves as the legal basis.

When processing personal data required to fulfil an agreement in which the data subject is a party to the agreement, Art. 6(1)(b) of DSGVO serves as the legal basis. This also applies to processing procedures required to complete measures in advance of the agreement.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6(1)(c) of DSGVO serves as the legal basis.

If processing is required to protect a justified interest of our company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh those of the first interest mentioned, then Art. 6(1)(f) of DSGVO serves as the legal basis for processing.

Deletion of data and duration of storage

The data subject’s personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Data can be stored beyond this point if this has been provided for by European or national legislators in ordinances, laws or other regulations in European Union law to which the data controller is subject. The data will also be blocked or deleted if a storage term specified by the standards mentioned expires, unless there is a requirement to continue storing the data in order to enter into or fulfil an agreement.

Notes about forwarding data to the USA

Our website includes tools operated by companies headquartered in the USA. When these tools are active, your personal data may be forwarded to the US servers of the companies in question. We would like to point out that the USA is not a secure third country within the meaning of EU data protection law. US companies are required to release personal data to the security services without you, the data subject, being able to proceed against them in law. It is therefore not possible to rule out the possibility of US authorities (for example the secret services) processing, analysing and permanently storing your data for monitoring purposes. We have no influence over these processing activities.

Provision of the website and creation of log files

a) Description and scope of data processing

Every time our website is called up, our system automatically records data and information about the computer system of the computer which is calling up the site.

The following data are recorded in this process:

information about browser type and the version used
the user’s operating system
the user’s Internet service provider
the user’s IP address
the date and time of the access
websites from which the user’s system reached our website
websites which the user’s system calls up via our website

The data are likewise stored in our system’s log files. These data are not stored together with the user’s other personal data.

b) Legal basis for data processing

The legal basis for temporary storage of the data and the log files is Art. 6(1)(f) of DSGVO.

c) Purpose of data processing

Temporary storage of the IP address by the system is necessary to allow the website to be delivered to the user’s computer. To this end, the user’s IP address has to be stored for the duration of the session.

Storage is effected in log files to guarantee the functionality of the website. The data furthermore help us optimize the website and guarantee the security of our information technology systems. The data are not analysed for marketing purposes in this connection.

We have a justified interest in data processing for these purposes in accordance with Art. 6(1)(f) of DSGVO.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded. In the case of data recorded to deliver the website, this is the case when the respective session comes to an end.

If the data are stored in log files, this is the case after no more than seven days. It is possible that storage will take place beyond this point. In this case, the users’ IP addresses will be deleted or anonymized so that they can no longer be assigned to the client who called up the website.

e) Option to revoke consent and delete data

Recording of data to make the website available and storage of those data in log files is essential to operate the website. The user consequently has no option to revoke consent.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters which allows the browser to be clearly identified when the website is called up again. We furthermore use cookies on our website to enable us to analyse users’ surfing behaviour.

The user data recorded in this way are anonymized by means of technical measures, so it is no longer possible to assign the data to the user calling them up. These data are not stored together with users’ other personal data.

When our website is called up, a cookie consent tool informs users that cookies are used for analysis purposes and requests their consent to this use.

b) Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6(1)(f) of DSGVO.

c) Purpose of data processing

The cookie consent tool saves the status/the consents you selected when entering the website.

d) Duration of storage

Cookies are stored on the user’s computer and transmitted to us from there. As a user, you therefore have full control over the use of cookies.

e) Option to revoke consent and delete data

You can deactivate or limit cookie transmission by changing the settings of your Internet browser. Cookies which have already been stored can be deleted at any time. This can also be effected automatically. If cookies for our website are deactivated, it is possible that you may not be able to use all the functions of the website to their full extent.

Contact form and e-mail contact

a) Description and scope of data processing

Our website includes a contact form which can be used to contact us by electronic means. If a user takes up this option, the data entered in the input screen are transmitted to us and stored. These data are:

first name
last name
company
e-mail address
phone number
street, town, postcode
your message

At the time the message is sent, the following data are also stored:

the user’s IP address
the date and time of registration

As an alternative, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail are stored.

This does not involve any forwarding of data to third parties. The data are used purely for processing the conversation.

b) Legal basis for data processing

The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 (1)(f) of DSGVO. If the intention of the e-mail contact is to enter into an agreement, then the additional legal basis for processing is Art. 6(1)(b) of DSGVO.

c) Purpose of data processing

Processing the personal data from the input screen is solely to enable us to process the contact. If contact is made via e-mail, this also forms the justified interest in processing data which is required.

The other personal data processed during the send process serve to prevent misuse of the contact form and to guarantee the security of our information technology systems.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded. For personal data from the input screen of the contact form and those sent via e-mail, this is the case when the conversation in question with the user is at an end. The conversation is at an end when it can be assumed from the circumstances that the issue in question has been conclusively clarified.

The additional personal data recorded during the send process are deleted after no more than seven days.

e) Option to revoke consent and delete data

The user has the option of revoking consent to data processing at any time.

This revocation should be addressed to kontakt@minihaus-muenchen.de

In this case, all the personal data stored in the course of contact will be deleted.

Google Analytics

The service provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called cookies. These are text files stored on your computer which allow your use of the website to be analysed. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there.

a) Scope of personal data processing

In Google Analytics, visitors’ interactions on our website are primarily recorded with the aid of cookies. If individual pages of our website are called up, the following data are stored:

two bytes of the IP address of the user’s system which calls them up
the website called up
the website from which the user reached the website called up (referrer)
the subpages called up from the website called up
the time spent on the website
the frequency with which the website is called up

The software is set so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). This means it is no longer possible to assign the abbreviated IP address to the computer which called up the website.

b) Legal basis for processing personal data

The legal basis for processing users’ personal data is Art. 6(1)(a) of DSGVO.

c) Purpose of data processing

Processing users’ personal data enables us to analyse our users’ surfing behaviour. Analysing the data acquired enables us to compile information about use of the individual components of our website. This helps us continuously to improve our website and its user-friendliness.

d) Duration of storage

The data are deleted as soon as they are no longer required for our recording processes.

e) Option to revoke consent and delete data

YouTube

a) Scope of personal data processing

Our website uses plugins from the YouTube site operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary company of Google.

If you visit one of our pages with a YouTube plugin, your browser automatically connects to the YouTube/Google servers. A variety of data is transmitted in this process (depending on settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European region. If you are logged into your YouTube account, you are enabling YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

For more information on the handling of user data, go to YouTube’s data privacy statement at: www.google.com/intl/en/policies/privacy.

b) Legal basis for processing personal data

The legal basis for processing users’ personal data is Art. 6(1)(a) of DSGVO.

c) Purpose of data processing

The use of YouTube is in the interests of presenting our online offerings in an appealing manner.

d) Duration of storage

Google stores the data recorded for different amounts of time. Much of the data can be deleted at any time, whilst other data is deleted automatically after a limited period; Google stores yet other data for an extended period.

e) Option to revoke consent and delete data

In principle, you can delete data in the Google account manually. The automatic function for the deletion of location and activity data introduced in 2019 means that, depending on the decision you make, information is stored for either 3 or 18 months and then deleted.

Facebook

a) Scope of personal data processing

Our website uses selected Facebook tools and a Facebook fan page. Facebook is a social media network belonging to Meta Platforms Inc./for the European region, to Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We can use these tools to provide the best possible offerings to you and to people interested in our products and services.

If data about you are recorded and passed on via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for them. Facebook has sole responsibility for the further processing of such data. Our joint obligations have also been enshrined in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This specifies, for example, that we must provide you with clear information that our website uses Facebook tools. We are furthermore responsible for those tools being incorporated securely in our website from a data privacy point of view. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about the way Facebook records and processes data, you can contact the company directly. If you send the question to us, we have to pass it on to Facebook.

Our website uses Facebook Pixel, as it is known. This is part of the Facebook Business suite of tools. Facebook uses these tools to expand its services and allow it to obtain information about user activities outside Facebook.

Using individual Facebook tools allows personal data (customer data) to be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address may be sent.

Facebook uses this information to compare the data to data it already holds on you (if you are a member of Facebook). Before customer data are sent to Facebook, they are subjected to so-called “hashing”. This means transforming a data set of any size into a character string which, among other things, encrypts the data.

“Event data” are transmitted in addition to contact data. “Event data” are the information we obtain about you on our website - for example, which subpages you visit or what products you purchase from us. Facebook does not share the information obtained with third parties (such as marketing organizations) unless the company has explicit approval or is legally required to do so. “Event data” may also be linked to contact data, enabling Facebook to offer more personalized advertising. Once the comparison process mentioned is complete, Facebook deletes the contact data again.

In order to deliver optimized advertising material, Facebook uses event data only when it has been combined with other data (recorded by Facebook by other means). Facebook also uses these event data for security, privacy, research and development purposes. Many of these data are transmitted to Facebook by means of cookies. Cookies are small text files used to save data/information in browsers. Different numbers of cookies will be placed in your browser depending on the tools used and on whether you are a member of Facebook. We go into more detail about individual Facebook cookies in our descriptions of the individual Facebook tools. For general information about the use of Facebook cookies, you can also look at https://www.facebook.com/policies/cookies.

b) Legal basis for processing personal data

If you have consented to integrated Facebook business tools processing and storing your data, this consent is considered the legal basis for the processing of data (Art. 6(1)(a) of DSGVO). Your data are essentially also stored and processed on the basis of our legitimate interest (Art. 6 (1)(f) of DSGVO) in rapid, high-quality communication with you or other customers and business partners. However, we only use the tools to the extent that you have consented to this. Most social media platforms also place cookies in your browser to store data, so we recommend that you read our data privacy text relating to cookies carefully and look at Facebook’s data privacy statement or cookie guidelines.

Facebook processes your data in the USA, among other places. We draw your attention to the fact that the European Court believes that the level of protection for data transfer to the USA is currently inadequate. This may entail various risks for the legality and security of data processing.

Facebook uses so-called standard contractual clauses (Art. 46 (2) & (3) of DSGVO) as the basis for the processing of data for recipients resident in third-party states or for the passing on of data to such places. Standard contractual clauses are templates provided by the EU Commission intended to ensure that your data comply with European data privacy standards even if they are transferred to third-party countries (such as the USA) and stored there. These clauses mean that Facebook undertakes to observe the European standard of data privacy when processing your personal data, even if those data are stored, processed and managed in the USA.

Facebook’s data processing condition which corresponds to the standard contractual clauses can be found at https://www.facebook.com/legal/terms/dataprocessing.

c) Purpose of data processing

We only wish to show our services and products to people who are actually interested in them. We can reach just such people with the aid of advertisements (Facebook ads). In order for us to show users appropriate advertising, however, Facebook needs information about what those people want and need. As a result, the company will be provided with information about user behaviour (and contact details) on our website, enabling Facebook to collect improved user data and display the right advertising about our products/services to interested people. The tools thus facilitate customized advertising campaigns on Facebook.

Facebook calls data about your behaviour on our website “event data”. These are also used for measurement and analysis services, enabling Facebook to create “campaign reports” on our behalf about the effectiveness of our advertising campaigns. Analyses furthermore give us a better insight into how you use our services, website or products. This enables us to use some of these tools to optimize your user experience on our website. For example, you can use social plug-ins to share content on our website directly on Facebook.

d) Duration of storage

Facebook essentially stores data only as long as required for its own services and Facebook products. Facebook has servers all over the world where it stores its data. However, once customer data have been compared with its own user data, they are deleted within 48 hours.

e) Option to revoke consent and delete data

Data will only be deleted in full if you delete your Facebook account completely.

The data which Facebook obtains via our site is stored among other means by cookies (e.g. in the case of social plug-ins). You can deactivate, delete or manage individual cookies or all cookies in your browser.

TikTok data privacy statement

We also use TikTok, a social media and video channel. The service provider is Chinese company Beijing Bytedance Technology Ltd., whilst Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible for the European region.

TikTok processes your data in the USA, among other places. We draw your attention to the fact that the European Court believes that the level of protection for data transfer to the USA is currently inadequate. This may entail various risks for the legality and security of data processing.

TikTok uses so-called standard contractual clauses (Art. 46 (2) & (3) of DSGVO) as the basis for the processing of data for recipients resident in third-party states or for the passing on of data to such places. Standard contractual clauses are templates provided by the EU Commission intended to ensure that your data comply with European data privacy standards even if they are transferred to third-party countries (such as the USA) and stored there. These clauses mean that TikTok undertakes to observe the European standard of data privacy when processing your personal data, even if those data are stored, processed and managed in the USA.

You can find out more about standard contractual clauses and data which are processed when TikTok Pixel is used by viewing the privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/en and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of DSGVO and you have the following rights with the data controller:

the right to information
the right to correction
the right to restriction of processing
the right to deletion
the right to being informed about processing
the right to data portability
the right to revoke consent

Right to complain to a responsible supervisory authority

IIn the event of breaches of data privacy law, the data subject has the right to complain to a supervisory authority. The supervisory authority with responsibility for us in terms of data privacy issues is the Landesdatenschutzbeauftragter [Regional Data Protection Officer] of the Federal German region where our company is headquartered.

You can find a list of Data Protection Officers and their contact details using the link below:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html [in German]