Download: Informationsblatt nach Artikel 13 und 14 Datenschutz-Grundverordnung (DS-GVO) - german only

Privacy policy according to the GDPR

1. Name and address of the responsible body

The responsible body within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

The City of Starnberg
Vogelanger 2
82319 Starnberg, Germany
Phone: +49 (0)8151 77 20
E-Mail: stadtverwaltung(at)

2. Name and address of the data protection officer

Please contact our data protection officer directly with any questions regarding data protection and data security:

actago GmbH
Maximilian Nuss
Straubinger Straße 7
94405 Landau a. d. Isar, Germany
Phone: +49 (0)9951 99990-20
E-Mail: datenschutz(at)

3. General Information

3.1. Purposes and legal bases for the processing of personal data

The purpose of the processing is the fulfilment of the public tasks assigned to us by the legislator, in particular the provision of information to the public.

Unless otherwise stated, the legal basis for the processing of your data results from Article 4 (1) of the Bavarian Data Protection Act (BayDSG) in conjunction with Article 6 (1) (1) (e) of the General Data Protection Regulation (DSGVO). Accordingly, we are permitted to process the data required to fulfil a task incumbent upon us.

3.2. Recipients of personal data

If necessary, your data will be transmitted to the responsible supervisory and auditing authorities for the exercise of the respective control rights.

In the event of electronic transmission, data may be forwarded to the State Office for Information Security to avert threats to information technology security and processed there based on Art. 12 et seq. of the Bavarian E-Government Act.

3.3. Duration of the storage of personal data

Your data will only be stored for as long as it’s necessary for the fulfilment of tasks, considering statutory retention periods.

3.4. Your Rights

As far as we process your personal data, you have the following rights as a data subject:

  • You have the right to information about the data stored about you (Art. 15 GDPR).
  • If incorrect personal data is processed, you have a right to rectification (Art. 16 GDPR).
  • If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17 and 18 GDPR).
  • If you have consented to the processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 GDPR).
  • If you have consented to the processing and the processing is based on this consent, you can revoke the consent at any time for the future.
  • The lawfulness of the data processing based on the consent until the revocation is not affected by this.

You have the right to object to the processing of your data at any time on grounds relating to your situation, if the processing is carried out exclusively based on Article 6 (1) (e) or (f) GDPR (Article 21 (1) sentence 1 GDPR).

3.5. Right of complaint to the supervisory authority

Furthermore, you have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can contact the Bavarian State Commissioner for Data Protection at the following address:

Postal address: P.O. Box 22 12 19, 80502 Munich, Germany
Adress: Wagmüllerstraße 18, 80538 Munich, Germany
Phone: +49 (0)89 212672-0
Fax: 089 212672-50

E-Mail: poststelle(at)

3.6. Further Information

For more information about the processing of your data and your rights, you can contact us at the above contact details.

4. Information about the internet presence

4.1. Logging

When you access this or other Internet pages, you transmit data to our webserver via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our webserver:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Amount of data transferred

For reasons of technical security, to defend against attempted attacks on our web server, we store this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to individual users. 

To avert threats to security in information technology, the data is forwarded to the State Office for Information Security and processed there based on Art. 12 et seq. of the Bavarian E-Government Act.

5. Cookies

When you access this website, we store cookies (small files) on your device.
These have a validity of:

Name: Colour
​​​​​​​Storage period: 10 hours

We use the Cookie to improve the use of the site and provide more features to visitors. Most browsers are set to accept the use of cookies, but this function can be turned off for the current session or permanently by setting the Internet browse

6. Making contact by E-Mail

6.1. Description and scope of data processing

Alternatively, it is possible to contact us via the e-mail address provided. In this case, your personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

​​​​​​​6.2. Legal basis for data processing

The legal basis for the processing of your personal data transmitted in course of sending an e-mail is Art. 6 (1) (e) GDPR in conjunction with. Art. 4 BayDSG.

If the purpose of contacting us by e-mail is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

​​​​​​​6.3. Purpose of data processing

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

​​​​​​​6.4. Duration of storage

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

​​​​​​​6.5. Possibility of objection and elimination

You have the option at any time to object to the processing of your personal data in the context of contacting by E-mail for the future. In such a case, the conversation between you and us cannot be continued. All personal data stored in course of contacting you will be deleted in this case.

7. E-Mail security

You agree to electronic communication as soon as yourself open electronic contact with the museum yourself.

You are advised that E-mails can be read or changed on the transmission path without authorization and without being noticed.

The museum uses software to filter unsolicited e-mails (spam filter). The spam filter can reject e-mails if they have been falsely identified as spam by certain characteristics.

The content of E-mails is not automatically protected unless you have taken your own measures to encrypt it. In e-mails without additional encryption, your personal data is not protected. If you have concerns about sending personal data or other sensitive data, coordinate appropriate encryption with the recipient (our staff) before sending, or use fax or letter mail.

8. Presence on Instagram

To extend our internet presence, we offer an Instagram page. This is a service of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that you use this Instagram page its functions on your own responsibility. This applies to the use of the interactive functions (e.g., commenting, sharing, rating).

When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this at the following link:

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union in the process. Instagram describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Instagram and on the settings options for advertisements. The data policies are available at the following link:[0]=Instagram-Hilfebereich&bc[1]=Privatsph%C3%A4re%20und%20Sicherheit

In what way Instagram uses data from visits to Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly stated by Instagram and is not known to us.

When accessing an Instagram page, the IP address assigned to your end device is transmitted to Instagram. According to Instagram, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (e.g. as part of the "login notification" function); if necessary, this enables Facebook to assign IP addresses to individual users.

If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is located on your end device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages.

If you want to avoid this, you should log out of Instagram or disable the "stay logged in" feature, delete the cookies present on your device, and exit and restart your browser. In this way, Instagram information through which you can be directly identified will be deleted. This will allow you to use our Instagram page without revealing your Instagram identifier. When you access interactive features of the site (like, comment, share, message, etc.), an Instagram login screen will appear. After any login, you will again be recognizable to Instagram as a specific user.

You can find information on how to manage or delete information about you on the following Facebook support pages:[0]=Instagram-Hilfebereich&bc[1]=Privatsph%C3%A4re%20und%20Sicherheit

As the provider of the information service, we also collect and process the following data from your use of our service: publicly viewable data from the user profile of the person concerned. This includes, for example, the username, profile picture, content of comments written on our posts.

For more information about Instagram, and other social networks and how you can protect your data, please also visit

9. Note on the data protection declaration

Unless otherwise specified, the use of all information we have about you is subject to this privacy policy.

The museum reserves the right to continuously adapt this data protection declaration to the necessary security measures in accordance with technological developments and will announce any changes here.

Status: November 2021

10. Further notes

10.1. Technical and organizational measures

The museum has taken technical and organizational measures to protect your data from loss, destruction, or unauthorized access.

In addition, both the employees of the museum and any service providers are obligated to maintain confidentiality and to comply with the provisions of data protection law.

​​​​​​​​​​​​​​10.2. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.