Holger Mörbe

Data protection & security

Privacy policy

The confidentiality and integrity of your personal data is of particular concern to us. With the help of our privacy policy in accordance with the GDPR, we explain which of your personal data is collected, processed and used.

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

Data collection on our website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the legal notice of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.

2. General notes and compulsory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Only personal data is covered by the scope of the GDPR. By this we mean any information relating to an identified (specific) or identifiable (determinable) natural person.

For a better overview, the scope of data processing is presented based on the various purposes:

- for the use of our website (see 3.)

- for making contact and communication (see 4.)

- for the fulfilment of contractual obligations (see 5.)

- for applications to our company (see 6.)

- for newsletter subscription (see 7.)

- for direct advertising (see 8.)

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The controller responsible for data processing on this website is

Festung Königstein gGmbH
01824 Königstein

Telephone: 035021 64-607
E-mail: info@festung-koenigstein.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data security using SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Right to object

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time.

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you also have the right - in accordance with Art. 21 GDPR - to object to the processing of your personal data with effect for the future, provided there are reasons for this arising from your particular situation.

In both cases, an informal notification by email to info@festung-koenigstein.de is sufficient. The legality of the data processing carried out up to the time of cancellation remains unaffected by the cancellation.

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is

The Saxon Data Protection and Transparency Officer
Devrientstraße 5
01067 Dresden

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a structured, commonly used and machine-readable format (Art. 20 GDPR). If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, blocking, erasure

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data (Art. 15, 16 and 17 GDPR). You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of personal data.

Objection to advertising mails

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Forwarding of data

Your data will be passed on to third parties:

in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR,
if this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR, and
if the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
In addition, we will only pass on your personal data to third parties if you have given your express consent in accordance with Art. 6 para. 1 lit. a)  GDPR.

In the case of transmission to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; standard contractual clauses have been concluded.

Data protection officer required by law

We have appointed a data protection officer for our company. If you have any further questions about our data protection, please contact our internal data protection officer:

Email: datenschutz@festung-koenigstein.de

Legal basis of the processing

In order to be able to offer you our website and the associated services, we process your data on the basis of the following legal bases:

Insofar as we obtain the consent of the data subject for the processing of the data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
If the processing of the data is necessary for the fulfilment of a contract, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures.
If we are subject to a legal obligation that requires the processing of data, the processing is based on Art. 6 para. 1 lit. c) GDPR.
Processing operations based on a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR are generally permitted if the processing is necessary to safeguard our legitimate interests or those of a third party and if the interests or fundamental rights and freedoms of a data subject that require the protection of personal data do not outweigh them.

In the case of an application, processing is primarily carried out on the basis of Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted.
If data is processed on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future.

If your data is processed on the basis of a balancing of interests, you have the right to object to the processing of the data, taking into account the provisions of Art. 21 GDPR. BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted.
If data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future.

If your data is processed on the basis of a balancing of interests, you have the right to object to the processing of the data, taking into account the provisions of Art. 21 GDPR.

3. Data processing for the use of our website

Data processing of access data

When using this website for information purposes only, without entering or transmitting information, only the data that your browser automatically transmits to our server is collected. This data is stored in the server's log files. In this respect, the following data is collected

- the internet protocol address (IP address)

- Date and time of access to the website

- the website visited and any files downloaded

- the amount of data transferred in each case

- Website/reference from which you access our website

- Type of browser used and its version

- Operating system used

The aforementioned data is logged on the basis of a balancing of interests. The access data is processed in order to be able to display the content of our website to you, to ensure a stable connection to the website and for reasons of system security and the functionality of our website. This data is not merged with other data sources or assigned to specific persons.

Our website is stored by the hosting service provider Mittwald CM Service GmbH & Co KG, which provides the necessary infrastructure for the operation of the website. In addition to careful monitoring and selection, an order processing contract has been concluded with the service provider in accordance with Art. 28 GDPR. Data processing is carried out for the purpose of ensuring the operational readiness of our website, in which we have a legitimate interest, Art. 6 para. 1 lit. f) GDPR.

The IP address is anonymised and stored as part of the log files on the web server for a period of 60 days and then deleted. A personal reference can then no longer be established from the remaining data.

Cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.

 

Change privacy settings

 

YouTube

Our website uses a function of the YouTube site operated by Google to embed videos. The operator of the site is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

If you activate a YouTube video on one of our pages and watch it, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offers, but exclusively on the basis of your consent (Art. 6 para. 1 lit. a) GDPR).

Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

Use of Matomo

On our website, we also use the web analysis service Matomo from the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. This enables a statistical analysis of user behaviour for optimisation and marketing purposes.

Matomo has been configured by us so that your IP address is only recorded in abbreviated form. Pseudonymous user profiles can also be created and analysed and cookies can be used. The data collected with Matomo (including your pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonymised user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym.

Further information on Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/.

If you do not agree to the storage and analysis of this data from your visit, you can object to its storage and use at any time by clicking below. If you decide against the use of Matomo or revoke your previously given consent, a Matomo deactivation cookie will be stored in your browser ("opt-out" cookie). Please note that your browser must accept cookies in order to store this cookie. If you delete the opt-out cookie, you may have to decide again here.

Matomo is used for the aforementioned purposes on the basis of Art. 6 para. 1 lit. f) GDPR.

Social media plugins

We do not use any social media plugins on our websites. If our websites contain symbols from social media providers (e.g. Facebook, Instagram, Twitter, YouTube), we only use these to passively link to the pages of the respective providers.

4. Data processing for contact and communication

You can contact us using the contact form or the e-mail address provided. The voluntary data transmitted, such as your e-mail address, address, telephone number and name, will only be used for the purpose of processing your enquiry and for follow-up questions.

We would like to point out that communication by e-mail can have security gaps. It only guarantees limited confidentiality.

Your data will be processed for the purpose of dealing with your enquiry and providing the services you have requested. The legal basis for data processing is Art. 6 Para. 1 lit. b) GDPR, insofar as it concerns the initiation and, if applicable, fulfilment of a contract. Otherwise, Art. 6 para. 1 lit. a) and/or Art. 6 para. 1 lit. f) GDPR is the legal basis. Our legitimate interest lies in responding to and processing your enquiry.

In addition to hosting the website, our hosting service provider Mittwald CM Service GmbH & Co KG also ensures the sending, receipt and storage of emails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of emails (e.g. the providers involved) and the content data are processed. The legal basis for this is our legitimate interest, Art. 6 para. 1 lit. f) GDPR.

Contact data will be deleted after final processing of your or our enquiry. Beyond this, data will only be stored if this is necessary to comply with legal obligations, in particular retention obligations or for the assertion, exercise and defence of possible legal claims in connection with our services within the applicable limitation periods or if you have given us your consent to do so.

5. Data processing when using our social media channels

We use well-known social media platforms such as Facebook, YouTube, LinkedIn and Instagram. If you are a user of these platforms, you can gain access via the links displayed on our website and communicate with us via the channels if necessary. The platforms process personal data in accordance with their own conditions of participation and data protection rules, over which we have no influence.

This is initially data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the information collected about the user's specific visit to the user's personal account. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and published if necessary. If the user wishes to prevent the information collected from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

We would like to point out that there is also the possibility that user data may be processed outside the European Union, in particular in the USA. The USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, analyse and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
The following social networks are integrated into our website through links:

YouTube

We maintain an online presence on YouTube to present ourselves to the public and to communicate with you. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Data protection information: https://policies.google.com/privacy

Facebook

We operate an online presence on the Facebook platform to advertise our products and services and to communicate with you. On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, in accordance with a judgement of the European Court of Justice. However, it cannot be ruled out that the processing by Facebook Ireland Ltd. is also carried out by Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA. Facebook's data protection officer can be contacted via a contact form: https://www.facebook.com/help/contact/540977946302970
Facebook is aware of the joint responsibility and has published the content of an agreement from which the mutual obligations arise under the following link: https://www.facebook.com/legal/terms/page_controller_addendum

When our online presence is accessed on the Facebook platform, user data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU. Our legitimate interest lies in the analysis, communication, sales and advertising of our products and services, which are made available to us by Facebook in anonymised form. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Facebook based on their interests. If the user is logged into their Facebook account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the personal data entered by the user on this occasion will be used to process the enquiry. The user's data will be deleted by us if the user's enquiry has been conclusively answered and there are no statutory retention obligations to the contrary, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data. If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent. Further information on processing activities, their prevention and the deletion of data processed by Facebook can be found in Facebook's data policy: https://www.facebook.com/privacy/explanation

Instagram

We operate an online presence on the Instagram platform to advertise our products and services and to communicate with interested parties or customers. On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. It cannot be ruled out that processing by Facebook Ireland Ltd. also takes place via Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.
Instagram's data protection officer can be contacted via a contact form: https://www.facebook.com/help/contact/540977946302970
When our online presence on the Instagram platform is accessed, Facebook Ireland Ltd. as the operator of the platform in the EU processes user data (e.g. personal information, IP address, etc.).
We have a legitimate interest in analysing, communicating, selling and advertising our products and services. This user data is used for statistical information about the utilisation of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Instagram based on their interests. If the user is logged into their Instagram account at the time of accessing our website, Facebook Ireland Ltd. can also link the data to the respective user account. If the user contacts us via Instagram, the personal data entered by the user on this occasion will be used to process the enquiry. The user's data will be deleted by us if the user's enquiry has been conclusively answered and there are no statutory retention obligations to the contrary, e.g. in the case of subsequent contract processing.
Facebook Ireland Ltd. may also set cookies to process the data. If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent. Further information on the processing activities, their prevention and the deletion of the data processed by Instagram can be found in Instagram's data policy: https://help.instagram.com/519522125107875

LinkedIn

We maintain an online presence on LinkedIn to present ourselves to the public and communicate with you. LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn PrivacyPolicy

6. Data processing to fulfill contractual obligations

We also process contractual data from contractual partners, interested parties and customers to fulfill contractual obligations. In these cases, in addition to the master data (name, address), contact data (e-mail, telephone number) we also collect contract data (names of contact persons, contract contents, payment data).

The data is processed

  • for identification.
  • to correspond with you.
  • to submit an offer.
  • for contract fulfillment.
  • for invoicing.
  • to assert, exercise and defend legal claims in accordance with Article 6 Paragraph 1 Letter f) GDPR.

The data processing of the contract data is required in accordance with Art. 6 Para. 1 lit. b) GDPR for the purposes mentioned for processing the offer/order and for the mutual fulfillment of obligations arising from the order. Failure to provide this data may result in the contract not being concluded.

The personal data we collect for processing and carrying out the order will be stored until the statutory retention period expires and will then be deleted, unless we do so in accordance with Article 6 Para. 1 lit. c) GDPR due to tax and commercial retention requirements. and documentation obligations (from HGB, UStG or AO) are obliged to store it for a longer period of time or are authorized to protect our legitimate interests or you have consented to further storage in accordance with Art. 6 Para. 1 lit. a) GDPR.

We only process personal data from publicly accessible sources (e.g. authorities, internet, commercial register) to the extent that this is legally permissible and necessary for the provision of our services or if you have consented to this. If you have concluded a contract with us, we will treat you as an existing customer. In this case, we process your contact details outside of the existence of specific consent in order to send you information or invitations in this way. If you give us your consent to data processing for specific purposes (e.g. evaluation for marketing purposes or advertising via email), the legality is given in accordance with Art. 6 Para. 1 lit. a) GDPR. Within our company, only employees who need it to fulfill contractual/legal obligations and for legitimate interests receive your personal data.

We may transfer your data to companies affiliated with us to the extent this is permitted within the scope of the purposes and legal bases set out. If necessary, your data will be processed on our behalf in accordance with Art. 28 GDPR (e.g. internet services, customer management systems/software) and in accordance with the provisions of the GDPR. Otherwise, data will only be passed on to recipients outside the company on the basis of legal provisions, to process and fulfill the contract or, at your request, to carry out pre-contractual measures, based on your consent or our authority to provide information.

Recipients of your data can e.g. E.g.: External tax advisors, public bodies and institutions (public prosecutor's office, police, supervisory authorities, tax office), logistics partners, other data recipients for whom you have given us your consent to data transfer. A transfer of data to countries outside the EU or the EEA (so-called third countries) is not intended.

7. Job application

If you send us an unsolicited application or apply on the basis of a job advertisement, we will process the data you provide (e.g. name, address, date of birth, certificates, notes taken during interviews, CV).

The purpose of data processing is to enable us to select applicants and subsequently conclude an employment relationship. The legal basis for data processing is primarily § 26 BDSG and, if you have given your consent, Art. 6 para. 1 lit. a) GDPR.

If we reject your application, we are unable to make you a job offer or you reject a job offer, we will delete your data 6 months after the end of the application process. If you have been accepted for a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

If the data is required for legal prosecution after completion of the application process, data processing may be carried out to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion or defence of claims. Further storage may also be justified after expiry of the 6-month period in the event of an expected or already pending legal dispute in accordance with Art. 6 para. 1 lit. f) GDPR. Deletion will then only take place when the purpose for further storage no longer applies.

Once your application has been received (by e-mail or post), your application data will be viewed exclusively by the HR department. Suitable applications will then be forwarded internally to the department managers responsible for the respective vacant position (in the form of an e-mail or as a printout). The next steps are then agreed. Within the company, only those employees have access to your data who need it for the application process to run smoothly.

The data is processed and stored exclusively on dedicated IT systems in our server room. In addition to the administrators of IT-Service Stephan & Friedrich GmbH (there is an order processing contract), only those responsible for HR and the company management have access to these IT systems and to the application software used to process your data. The technical and organisational measures to protect your data are implemented accordingly.

8. Newsletter subscription

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

9. Direct marketing

In certain cases, we also send out mailshots to provide you with information about our offers. The following data is processed for this purpose: Company name and address. The legal basis for the described data processing for advertising purposes is Art. 6 para. 1 lit. f) GDPR.

The data processed by you originates from the publicly accessible source "Das Telefonbuch", which is provided by the provider DTM Deutsche Tele Medien GmbH.

Your data will be stored by us for a period of 6 months and then deleted.

If you no longer wish to receive mail advertising, you can object to the further use of your data for advertising purposes at any time. To do so, please send an informal message by e-mail to info@festung-koenigstein.de .

10. Payment methods and providers

10.1 Payment at the ticket offices

EC- and giro cards

We offer payment via EC and giro cards at our ticket offices. The provider of these payment services is Telecash GmbH & Co KG, Konrad-Adenauer-Allee 1, 61118 Bad Vilbel as the intermediary for your data. The contractual partner for billing is Volksbank in der Ortenau eG, Okenstraße 7, 77652 Offenburg. If you select payment via EC and giro cards, the data you enter (via PIN or signature) will be transmitted to the providers for the payment process. This is done on the basis of Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the fulfilment of a contract).

Mastercard, Maestro, JCB, Vpay, Diners, Union Pay

At our ticket offices we offer payment via Mastercard, Maestro, JCB, Vpay, Diners and Union Pay, among others. The provider of these payment services is Concardis GmbH, Helfmann-Park 7, 65760 Eschborn. If you choose to pay by credit card, the data you enter will be transmitted to the provider for the payment process and billing. This is done on the basis of Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the fulfilment of a contract).

Visa

We offer payment via Visa at our ticket offices. The provider of these payment services is BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main. If you select payment via Visa, the data you enter will be transmitted to the provider for the payment process and billing. This is done on the basis of Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the fulfilment of a contract).

American Express

We offer payment via American Express at our ticket offices. The provider of these payment services is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main. If you select payment via American Express, the data you enter will be transmitted to the provider for the payment process and billing. This is done on the basis of Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the fulfilment of a contract).

10.2 Payment at the information office and museum shop

EC- and giro cards

In the information office and in the museum shop, we offer payment via EC and giro cards. The provider of these payment services is Telecash GmbH & Co KG, Konrad-Adenauer-Allee 1, 61118 Bad Vilbel. In the museum shop, we also use Ingenico Payment Services GmbH, Daniel-Goldbach-Str. 17-19, 40880 Ratingen as payment provider and contractual partner for billing. If you choose to pay by debit or giro card, the data you enter (via PIN or signature) will be transmitted to the providers for the payment process. This is done on the basis of Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the fulfilment of a contract).

Visa

In the information office and museum shop, we offer payment via Visa, among others. The provider of these payment services is BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main. If you select payment via Visa, the data you enter will be transmitted to the provider for the payment process and billing. This is done on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract).

Advance payment

When ordering by e-mail from the Festung Königstein gGmbH museum shop, you will receive an invoice for the selected goods in advance. For this purpose, the data you provide (first and last name, address, e-mail address) will be transmitted to us, Festung Königstein gGmbH, for the ordering and payment process. After transferring the invoice amount to our bank Ostsächsische Sparkasse Dresden, Sparkassenhaus, Güntzplatz 5, 01305 Dresden, you will receive the consignment of goods. The data transfer takes place on the basis of Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the fulfilment of a contract).

Revocation

For all payment methods, you have the option of revoking your consent to data processing at any time. However, a revocation does not affect the effectiveness of data processing operations that took place in the past.

 

10.3. Sale of tickets via third-party providers

We use the services of the third-party provider Vivenu for the service-orientated online sale of tickets. The data protection regulations of Vivenu apply. https://vivenu.com/de/dataprivacy

 

11. Amendment of the data protection information

This data protection notice was last updated in January 2024.

Changes to legal or technical requirements and the adaptation of our range of services on the website may make it necessary to amend this data protection notice. In any case, the currently valid data protection information can be accessed on this website.

Festung Königstein gGmbH
01824 Königstein

Phone: +49 (0)35021 64 607
info@festung-koenigstein.de

Opening hours

April - October 9 a.m. - 6 p.m.
November - March 9 a.m. - 5 p.m.
Last admission 1 hour before closing time