Data protection

DATA PROTECTION
The applicant consents to the processing of personal data for the purpose of issuing the culture and leisure ticket. You will find the information in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) on the following pages.

Information in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) Status: 10/2019

Controller responsible for data processing
Stadt Frankfurt am Main
Kulturamt (Amt 41)
Brückenstraße 3-7
60594 Frankfurt am Main

responsible department
Museumsadministration, -investitionen und -IT
41.11.1 Museumsadministration
Brückenstraße 3-7
60594 Frankfurt am Main
E-Mail: info.kulturamt@stadt-frankfurt.de

Contact details of the Data Protection Officer
Data Protection and IT Security Unit
Sandgasse 6,
60311 Frankfurt am Main
E-mail: datenschutz@stadt-frankfurt.de

Purposes and legal bases of data processing
Purposes:
Applying for or issuing a cultural and leisure ticket
Authorization when entering the facilities
Billing the facilities
Proof of advertising consent

Legal basis:
Your data is processed on the basis of Art. 6 para. 1 (b) GDPR: processing is necessary for the performance of a contract to which you are party.

Consequences of non-provision of data by the data subject:
The provision of personal data is required by law or contract, is necessary for the conclusion of a contract or the data subject is obliged to provide the personal data.

Categories of personal data that are processed:
The provision of personal data is required by law or contract, is necessary for the conclusion of a contract or the data subject is obliged to provide the personal data. Full name including title of the applicant.

Salutation
Street and house number
Postcode and place of residence
Date of birth
E-mail address (optional)
Telephone number (optional)
Full name(s) of the child/children
Date of birth of the children for whom a culture and leisure ticket is being applied for
School or daycare center (if not resident in Frankfurt am Main)
Card user data
Log data / usage data / billing data
Login data

If the data was not collected from the data subject – additionally:
Information on the source of the personal data and, if applicable, whether it originates from publicly accessible sources.

Log data on the use of the website kufti.de
Cookies are created each time our website is accessed and each time a file is retrieved. Cookies are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is not passed on to third parties. The IP address is anonymized immediately after processing and before it is stored. This data is not directly personal and does not allow the direct identification of Internet visitors.

We use cookies that are not used permanently. Cookies that are not used permanently are automatically deleted after a defined period of time or when the browser is closed.

These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 sentence 1 letter f EU GDPR.
You can prevent the installation of cookies by setting your browser software accordingly if you do not wish our website to use cookies. In this case, the use of KUFTI.de is not possible or only possible to a limited extent.

The following cookie is used: Cookie during the use of the website (session cookie)
The session cookie is used to provide the shopping cart function on kUFTI.order.de. KUFTI.order.de also uses this cookie to collect data relating to registration, the ordering process and any consent given. Without this cookie, the system will not function or will not function fully. You will find this cookie in the cookie settings of your browser under the name “shopsess”.
This cookie is automatically deleted 30 minutes after the user leaves the site or is inactive.

Matomo
We use the open source software Matomo (formerly Piwik) for the statistical evaluation of KUFTI.de. The software also uses cookies. Matomo stores the IP addresses in anonymized form. Anonymization is carried out by shortening the IP address by the last octet in accordance with the resolutions of the Data Protection Conference of the Federal and State Data Protection Supervisory Authorities (DSK). This means that no conclusions can be drawn about an Internet visitor. Matomo also collects certain technical information based on the data transmitted by your browser. These are Browser type and version, operating system used, device type, model and brand, screen resolution, the search engine used by your device, the websites visited on our site including the time spent, search terms and keywords, the day and time of your visit, the location of your visit (continent, country, region, city) and the browser language. We only evaluate this information for statistical purposes. The data will not be passed on to third parties.
You will find this in the cookie settings of your browser under the name: “Piwik Analytics Cookie”. If you do not want your data to be used statistically, please deactivate this cookie in the cookie settings.
The Matomo privacy policy is available at the following link: https://matomo.org/privacy-policy/

Disclosure of data
Your personal data will not be disclosed to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation to disclose the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
this is permitted by law and is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Recipients or categories of recipients of the personal data:
Within the Frankfurt City Administration, those departments that are responsible for issuing the culture and leisure ticket and checking the eligibility requirements for receiving the ticket free of charge have access to the data.
Outside the Frankfurt City Administration, our service provider has access to the data that it processes for the production of the culture and leisure ticket as part of the order from the above-mentioned responsible body in accordance with instructions.

Data storage period and the criteria for determining the storage period:
Your personal data will be stored after collection for as long as is necessary for the fulfillment of the task.
Usage data will be deleted no later than 18 months after the data is collected.
Master data will be deleted no later than 18 months after the end of the validity of the culture and leisure ticket.
Tax-relevant documents will be stored in accordance with the statutory periods.

Subscription to our newsletter
On our website, users are given the opportunity to subscribe to one or more newsletters. The kulturkurier.de system from data kulturlink ag (Berlin) is used as the newsletter system. The so-called double-opt-in procedure is used for a legally secure and data protection-compliant design. The potential recipient first receives an e-mail with a confirmation link. Only after confirmation is the address added to the mailing list. You can revoke your consent to the storage of your data and the use of your address for sending the newsletter by clicking on the “Unsubscribe link” at the end of each newsletter. Further information can be found here: https://kulturkurier.info/kulturnewsletter/ The input mask used for this purpose determines which personal data is transmitted to the controller when you subscribe to the newsletter.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a data subject’s e-mail address at a later date and therefore serves as legal protection for the controller.

The personal data collected when registering for the newsletter will be used exclusively to send our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances.

The personal data collected as part of the newsletter service will not be passed on to third parties.

To track opening and click rates, we use tracking codes in the newsletter to record the opening of the newsletter and the accessing of web links. The recording is carried out in a pseudonymized storage by replacing all personal data (e.g. the e-mail address) with a code number (pseudonym). This means that we do not store any personal data together with usage data such as opening the newsletter or accessing web links. It also ensures that this data cannot be merged at a later date. If you as a recipient wish to object to this pseudonymized tracking, you can unsubscribe from the list via the opt-out link at the end of each newsletter.

Download press images (double opt-in procedure)

A valid e-mail address is required to download press images. After entering your e-mail address, you will receive a confirmation message as part of a double opt-in procedure. The download will only be activated after confirmation of this e-mail.

The following data is processed and stored as part of this procedure:

E-mail address
Date and time of registration
Date and time of confirmation
IP address at the time of registration and confirmation

The legitimate interest is to prevent the misuse of email addresses and to be able to prove consent or the usage process in the event of a dispute.

The data is stored exclusively for the purposes of legal protection of the person responsible and for the traceability of possible misuse. The data will not be passed on to third parties.

The data will be deleted as soon as it is no longer required for the stated purpose, but at the latest after 12 months, provided that there are no statutory retention obligations to the contrary.

You have the right to information about the personal data stored by us and to rectification, erasure or restriction of processing in accordance with the statutory provisions. You also have the right to object to the processing.

Information on data subject rights
At this point, we expressly draw your attention to your rights to information, rectification, erasure, restriction of processing, data portability and objection with regard to all your processed personal data. The legal basis for this is Art. 15 to 21 GDPR.
If the processing of personal data is based on your consent, you can revoke this at any time with effect for the future.

You have the right to lodge complaints with the Hessian Data Protection Officer. Postal address: The Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, Tel.: 0611 / 1408-0 or e-mail: poststelle@datenschutz.hessen.de.