1. Data protection declaration

We appreciate your interest in our website. The protection of your personal data (hereinafter also referred to as “data”) is very important to us. Therefore, we would like to inform you below what data is gathered when you visit our website and use its services and how the data is then processed or used. We also wish to inform you what accompanying security measures we have taken from a technical and organisational perspective.

Please bear in mind that this data protection declaration may be updated from time to time to take account of the implementation of new technologies and/or changes in the law. We will inform you of such by appropriate means. It goes without saying that we will always take reasonable account of your interests when making all changes.

The controller in accordance with Article 4 Paragraph 7 of the EU General Data Protection Regulation (GDPR) is:
Hohensalzburg Spielzeug- und Modell-GmbH
Hans-Peter Porsche Traumwerk
Zum Traumwerk 1
83454 Anger-Aufham
Germany
info@hanspeterporsche.com
The company is represented by the Managing Director Oliver Schwenk.

In case of queries or comments relating to this data protection declaration or data protection generally, please contact our data protection officer at the following email address: datenschutz@traumwerk.de. In addition, we wish to refer you to our information in the legal notice [link to legal notice].

Should the legal basis not be mentioned in the data protection declaration, the following applies:

• Should we obtain consent from the data subject to process personal data, the legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR.
• When processing personal data, which is necessary to fulfil a contract, the legal basis is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. This also applies to processing which is necessary to carry out pre-contractual measures.
• Should processing of personal data be necessary to fulfil a legal obligation to which our company is subject, the legal basis is Article 6 Paragraph 1 Sentence 1 Letter c) GDPR.
• In case that essential interests of the data subject or another natural person make the processing of personal data necessary, the legal basis is Article 6 Paragraph 1 Sentence 1 Letter d) GDPR.
• Should the processing be necessary to safeguard a legitimate interest of our company or of a third party, and should the interests, basic rights and basic freedoms of the data subject not outweigh the said legitimate interest, the legal basis of the processing is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.

The data processed by us is deleted in compliance with the statutory regulations, in particular under Articles 17 and 18 GDPR or its processing is restricted. Unless expressly stated in this data protection declaration, we delete the data which is saved by us, once it is no longer required for the specified purpose. Data is only retained beyond the time which is necessary for the stated purpose if this is required for other lawful purposes, or if the data must be further retained due to statutory retention periods. In these cases, the processing is restricted, ie blocked and the data is not processed for other purposes.

It is not generally necessary for you to actively enter personal data when using our website for information purposes. Rather in such a case, we only gather and use the data which your Internet browser automatically transfers to us. This includes:
Date and time one of our webpages is accessed
• Your browser type
• The browser settings
• The operating system used
• The site most recently visited by you
• The transferred data quantity and the access status (file transferred, file not found etc)
• Your IP address
The data is saved on our servers. We do not save this data together with any other than the personal data mentioned above. The temporary caching of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain saved for the duration of the session. We also create ‘logfiles’. The saving of the logfiles which have been deposited is necessary to ensure the security of our IT systems. No personal evaluation of the data, in particular for marketing purposes will take place. The processing of the above-mentioned data is absolutely necessary for technical terms to provide a website in accordance with Article 6 Paragraph 1 Sentence 1 Letters b), c) and f) GDPR to correctly display the website and to guarantee stability and security. In particular, the purpose of the creation of logfiles is to be able to prove attacks against our systems. We delete server log data from our systems after a maximum of 7 days.

Should you wish to place an order in our ticket shop or at shop.traumwerk.de, you have to give your personal data to conclude the conclude to enable us to process your order. The mandatory fields required to perform the contract are marked separately; any additional information is voluntary. We process the data you provide to process the order. We may pass your payment data to the company’s bank for this purpose. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. The legal basis for the information which is provided voluntarily is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR.

We can also process the data provided by you to inform you about other products from our portfolio which may be of interest, or to send you emails with technical information. The legal basis for this is Article 7 Paragraph 2 Number 3 UWG (German cartel and competition law) and/or on the basis of the statutory authorisation under Article 7 Paragraph 3 UWG.

In addition, you can voluntarily set up a customer account at shop.traumwerk.com, by means of which we can save your data for subsequent purchases. When setting up an account under “My account”, the data which has been entered by you will be saved in revocable manner. You can always delete all further data, including your user account, in the customer area. During registration, we use the double-opt in procedure. This means that following your registration, an email will be sent to the email address which has been provided, where you can confirm that you wish to set up a customer account. You do this by clicking a hyperlink contained in the email. Should the confirmation not be provided via the hyperlink within a deadline of 24 hours, your information will be blocked and deleted at the end of a month. The legal basis for the creation of a customer account is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. In addition, we are entitled to hold your IP addresses used and the time of the registration and confirmation to prove your registration and, if applicable, to clarify any possible misuse of your personal data. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letters c) and f) GDPR.

For the technical operation of the online ticketing systems, we use an order processor, namely Regiondo GmbH, Grafinger Str. 6, 81671 Munich.

To prevent unauthorised third party access to your personal data, in particular financial information, the order process is encrypted using TLS technology.

The processing of your data in cases where you get in touch by email or telephone takes place on the basis of your (presumed) consent in accordance with Article 6 Paragraph 1 Letter a) GDPR or Article 6 Paragraph 1 Letter b) GDPR depending on the content of the enquiry in case of purely information-related queries, should the contact be connected to contractual fulfilment obligations. When getting in touch via our form, we only require your email address to be able to respond to you. In addition, you can provide your name voluntarily, so that we can address you by name. Your information can be saved in a customer relationship (CRM) management system.

We will immediately delete your queries after processing, unless statutory retention periods require the data to be retained for longer.

With your consent, you can subscribe to our newsletter in which we inform you about our current products and services which may be of interest.

We use the so-called double-opt in procedure for the newsletter registration. This means that following your registration, an email will be sent to the email address which has been provided, where you can confirm that you wish to receive the newsletter. Should you not confirm the registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we save your IP addresses used and the time of the registration and confirmation. The purpose of the procedure is to prove your registration and to clarify any misuse of your personal data. The only mandatory information which must be provided for the sending of the newsletter is your email address. Any other information is voluntary and will be used to be able to address you personally. Following your confirmation, we save your email address for the purpose of sending the newsletter. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR.

To cancel the newsletter, you can declare your rescission by clicking the link provided in each newsletter, by sending an email to Newsletter@hanspeterporsche.com or by sending a message to the contact data stated in the legal notice.

The sending of the newsletter takes place by using the distribution service provider “Mailchimp”, a service of the US provider The Rocket Science Group LLC, 75 Ponce de Leon Ave NE

Suite 5000 Atlanta, GA 30308, USA. Further information can be obtained from https://mailchimp.com/contact/

Mailchimp is certified under the EU-US Privacy Shield and as a result, provides a guarantee of compliance with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The sending service provider is used by us on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Letter f) GDPR and an order processing contract in accordance with Article 28 paragraph 3 Sentence 1 GDPR.

The sending service provider can use your data in the form of a pseudonym, ie without a user being able to be traced, to optimise or improve its own services, for example, for the technical optimisation of the sending and to display the newsletter or for statistical purposes. The sending service provider does not, however, use your data to get in touch or to pass the data onto third parties.

We wish to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the emails which are sent contain ‘web beacons’ and/or tracking pixels which contain single pixel files that are saved on our website. For the evaluations, we combine the data named under “server logfiles” and the web beacons with your email address and an individual ID.

Links contained in the newsletter also contain this ID.

The data is only gathered in the form of a pseudonym, ie the ID’s are not combined with other personal data belonging to you, and it is not possible to trace you directly.

In part, we use external service providers to process your data. These are subject to our instructions. These have been carefully selected and engaged by us and are regularly monitored. Order processing agreements in accordance with Article 28 GDPR form the basis of the engagements. The order processors do not unilaterally process the data for their own purposes.

To operate this website, we use a hosting provider that processes inventory data, contact data, content data, contract data, usage data, meta and communication data of visitors or customers of this website on our behalf and on the basis of our legitimate interests in an efficient and secure provision of this online service in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) and Section 28 GDPR.

In accordance with the statutory regulations, you can claim the following rights against the data processing controller free-of-charge:

• Right of information (Article 15 GDPR)
• Right of rectification or erasure (Articles 16 and 17 GDPR)
• Right to have the processing restricted (Article 18 GDPR)
• Right of data portability (Article 20 GDPR)
• Right to object to the processing (Article 21 GDPR)

You also have the right to complain to a data protection supervisory authority associated with processing of your personal data by the controller.

We maintain a social media presence to communicate with and inform customers and potential customers. When accessing the respective networks, the terms and conditions of the operators apply.

2. Cookies and integrated third party services

We use cookie technology for our website. Cookies are small text files which are sent to your browser by our web server when you visit our websites and which are cached on your computer for subsequent retrieval. You can decide yourself in your browser settings whether cookies can be set and retrieved. In your browser, you can fully deactivate the saving of cookies, limit the saving of cookies to specific websites or configure your browser in such a way that it automatically informs you if a cookie is going to be set and requests a response from you. Other, permanent cookies can be saved on your computer following your visit and our website can recognise you each time you visit our website again in the future ( “ID cookies”). Certain cookies which are saved when you visit our websites can be saved and accessed by another company. Cookies cannot start any programs or transfer viruses onto your computer. 

We use ‘session cookies’ (also referred to a temporary cookies), ie cookies which are only saved temporarily for the duration of your use of our websites. So that our website can be fully functional, it is necessary to permit the named session cookies for technical reasons. The purpose of these cookies is the continued recognition of your computer when you visit our website and move from one of our websites to another of our websites and to recognise the end of your visit. 
Permanent cookies are automatically deleted following a stated period of time, which can vary from cookie to cookie. You can delete the cookies at any time in your browser’s security settings.

The legal basis for the use of cookies is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, unless stated otherwise.

You can configure your browser settings in accordance with your preferences and, for example, you can reject the acceptance of third party cookies or all cookies. Please observe the notices concerning third party cookies which are listed below.

Google Analytics
Google Analytics is a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google uses cookies during this process. The information concerning the use of the online service by the user which is generated by the cookies is generally transferred to a Google server in the USA and saved there.
Google is certified under the EU-US Privacy Shield and as a result, provides a guarantee that the European level of data protection will be complied with (www.privacyshield.gov).
We wish to inform you that Google Analytics has been extended on this website by the “anonymizeIp“ code, to guarantee an anonymous recording of IP addresses (so-called IP masking). By means of the activation of IP anonymisation on our website, your IP address will be shortened first by Google within Member States of the European Union or in other Member States of the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports concerning the website activities and to provide further services connected with the use of the websites and the use of the Internet for the operator of the websites. The IP address transferred within the framework of Google Analytics will not be combined with other data by Google. During this process, user profiles of the users can be created from the processed data in the form of a pseudonym. The IP address transferred by your browser will not be combined with other data by Google.
You can prevent the recording by Google of the data which is generated by the cookie and which relates to your use of the online service, as well as the processing of this data by Google by downloading and installing the browser plugin which can be obtained using the following link: www.tools.google.com.
Further information concerning the use of data by Google and your settings and objection options can be found on the websites of Google at: www.policies.google.com/partner, www.policies.google.com/werbung and www.google.de/settings/ads

3. Data security

We also use technical and organisational measures to protect and personal data which is provided or gathered, in particular against any accidental or intentional manipulation, loss or destruction or against attacks by unauthorised persons. Our security measures are continually improved in accordance with technical developments.
For this purpose, SSL encryption is used on this site together with other technologies to ensure a secure transfer of data. The secure socket layer is used together with the respective highest level of encryption that is supported by your browser. This is generally 256-bit encryption. Should your browser not support 256 bit encryption, we use 128 bit v3 technology instead. You can recognise whether an individual site of our Internet presence is transferred in encrypted from the closed picture of a key or the lock symbol underneath your browser’s status bar.