Data protection policy
As a general rule, you may use our website without providing any personal data. However, if a data subject wishes to make use of services of our company through our website, it might be necessary to process personal data. If this is necessary, and if there is no statutory basis for such processing, then we always obtain the consent of the data subject.
Personal data (e.g. a data subject’s name, address, email address, and phone number) are always processed in conformity with the EU General Data Protection Regulation (GDPR) and with the country-specific data protection provisions applicable to us.
With the following Data Protection Policy, we wish to inform you about the nature, scope, and purpose of the personal data that we collect, use and process. In addition, this Data Protection Policy provides data subjects with an explanation of their rights.
As the controller, we have implemented numerous technical and organisational measures in order to ensure that the personal data processed on our website are protected to the greatest possible extent. As a rule, however, there may be security gaps when data are transmitted over the internet. We therefore cannot guarantee full protection. In the alternative, data subjects may of course also transmit their personal data by telephone, for example.
1. Definitions
This Data Protection Policy is based on the definitions used by the European Parliament and the Council of the European Union when enacting the GDPR (Article 4 GDPR). This Data Protection Policy is intended to be easy for everyone to read and understand. In order to ensure this, we would first like to explain the terms used. This Data Protection Policy uses the following definitions, among others:
- "Personal data" means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- "Data subject" means any identified or identifiable natural person whose personal data are processed by the controller;
- "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- "Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future;
- "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- "Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not be regarded as recipients; the processing of those data by those public authorities is to be in compliance with the applicable data protection rules according to the purposes of the processing;
- "Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- "Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and contact data for the controller in charge of processing
These data protection notices apply to data processing by:
Wilhelma - Zoological-Botanical Garden Stuttgart
Wilhelma 13
70376 Stuttgart
Germany
Tel.: +49 (0)711 / 54 02 0
E-mail: info@wilhelma.de
Website: www.wilhelma.de
The controller's data protection officer is:
Konrad Armbruster
Wilhelma 13
70376 Stuttgart
Germany
E-mail: datenschutz@wilhelma.de
3. Collection and storage of personal data, as well as the nature and purpose of their use
a) When visiting the website
As a general rule, you may use our website without disclosing your identity. When visiting our website, information is automatically sent by your end device’s browser to our website’s server. This information is temporarily stored in a log file. In the process, the following information is collected without any action on your part and then stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of day of access
- Websites that the user calls up on the Wilhelma website
- User’s web browser with version number and operating system
These data are processed by us for the following purposes:
- Ensuring that a connection to the website can be established smoothly
- Ensuring that use of our website is convenient
- Evaluating system security and stability and
- For other administrative purposes.
The legal basis for processing the data is Article 6(1)(f) GDPR. Our legitimate interest follows from the above-listed purposes for data collection. In no event do we use the collected data for the purpose of drawing inferences about your identity. The data are not analysed in this connection for marketing purposes.
In addition, we use cookies and analysis services when our website is visited. For further explanations about this, please see Sections 5 and 7 of this Data Protection Policy.
b) When using our contact form
If you have any kind of question, you can get in touch with us by using the form provided on our website. To do so, you must provide your name and a valid email address so that we know who is making the enquiry and can respond to it. Additional information may be provided voluntarily. You are free to decide whether to enter these data on the contact form.
The processing of data for the purpose of contacting us takes places in accordance with Article 6(1)(a) GDPR on the basis of your voluntarily provided consent.
In the alternative, it is possible to contact us using the provided email address. In this case, the user's personal data that are transmitted with the email are stored. No data are disclosed to third parties in this regard. The data are used solely for processing the conversation.
The personal data collected by us for this purpose are automatically erased after your query has been handled.
c) When placing orders through our webshop
You can place orders through our webshop without registering.
The webshop is provided by:
Bauer + Kirch GmbH
Pascalstraße 57
52076 Aachen, Germany
Your personal data are entered on a form and then transmitted to us and stored. If you place an order through our website, we collect the following data:
- salutation, first name, last name
- a valid e-mail address
- postal address
- phone number (landline and/or mobile phone)
- company name, if applicable
These data are collected
- in order to be able to identify you as our customer
- in order to be able to process, fulfil and complete your order
- for corresponding with you
- for billing purposes
- for handling any liability claims, as well as asserting any claims against you
- in order to ensure the technical administration of our website
- in order to manage our customer data.
As part of the ordering process, we will obtain your consent to the processing of these data.
Data are processed in response to your order, and in accordance with Article 6(1)(b) GDPR, processing is necessary for the appropriate processing of your order and for the reciprocal fulfilment of obligations under the purchase contract.
The personal data collected by us for handling your order will be stored until expiry of the statutory retention period and then erased, unless in accordance with Article 6(1)(c) GDPR, we are obligated on the basis of retention and documentation duties prescribed by tax or commercial law (the German Commercial Code (HGB), the German Criminal Code (StGB), or the German Fiscal Code (AO)) to store them for a longer period or in accordance with Article 6(1)(a) GDPR, you have consented to storage for a longer period.
As a payment processor for the webshop, we use the service TeleCash, offered by:
First Data GmbH
Marienbader Platz 1
61348 Bad Homburg v. d. Höhe, Germany
Your data relating to the respective payment method are needed in order to be able to bill you correctly. You can also find further information about the handling of the personal information collected from you at http://www.telecash.de/datenschutz/.
d) When signing up for tours, animal meetings or children's birthdays
You can register for a variety of tours through our website and enquire about dates.
Your personal data are entered on a form and then transmitted to us and stored. In the process, we collect the following data:
Free guided tours
- first name, last name
- a valid e-mail address
Exclusive guided tours
- first name, last name
- a valid e-mail address
- postal address
- company name, if any
Vouchers for animal encounters
- first name, last name
- a valid e-mail address
- postal address
- company name, if applicable
- name of the recipient
Children's birthdays:
- fpostal irst name, last name
- a valid e-mail address
- address
- company name, if applicable
Additional information may be provided voluntarily. You are free to decide whether to enter these data on the respective contact form.
These data are collected
- in order to be able to identify you as our customer
- in order to be able to process, fulfil and complete your enquiry
- for corresponding with you
- for billing purposes
- for handling any liability claims, as well as asserting any claims against you
- in order to ensure the technical administration of our website
- in order to manage our customer data
In connection with the enquiry, we will obtain your consent to the processing of these data.
Data are processed in response to your enquiry, and pursuant to Article 6(1)(b) GDPR, processing is necessary for the appropriate processing of your enquiry.
The personal data collected by us for handling your enquiry will be stored until expiry of the statutory retention period and then erased, unless in accordance with Article 6(1)(c) GDPR, we are obligated on the basis of retention and documentation duties prescribed by tax or commercial law (the German Commercial Code (HGB), the German Criminal Code (StGB), or the German Fiscal Code (AO)) to store them for a longer period or in accordance with Article 6(1)(a) GDPR, you have consented to storage for a longer period.
e) When signing up for a sponsorship
You can send an enquiry through our website to become an animal or plant sponsor.
Your personal data are entered on a form and then transmitted to us and stored. In the process, we collect the following data:
- first name, last name
- a valid email address
- postal address
- if applicable, company name
- name of the recipient
Your data are collected, processed and stored pursuant to Article 6(1) GDPR. These data will be used to create the certificate, the donation receipt and the list of sponsors at the entrance and on the website, as well as to send the invitation to Sponsors’ Day and to contact you if the Wilhelma has any questions.
If your sponsorship includes a sponsor plate, your name and company name as well as company log will be disclosed only to our graphic artist for the purpose of creating the plate. Other than that, the data will not be disclosed to third parties.
Unless an express storage duration is indicated in connection with the collection of your data, we will process your data only for as long as necessary in order to fulfil the aforementioned purposes and to manage our relationship. Otherwise, your data will be blocked from further processing and erased following expiry of any tax, commercial or other statutory retention periods.
4. Disclosure of data
Your personal data will be disclosed by us only to service partners involved in contract performance, such as the logistics companies tasked with making deliveries and the credit institutions tasked with handing payment matters. Where your data are disclosed to third parties, however, the scope of the transmitted data is kept to the necessary minimum.
In the case of payment via PayPal, credit card via PayPal, direct debit via PayPal or “buy now, pay later” via PayPal, we disclose your payment data in connection with payment processing to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter, “PayPal”). PayPal reserves the ability to perform a credit check for the payment types credit card via PayPal, direct debit via PayPal and “buy now, pay later” via PayPal. PayPal uses the result of the credit check with respect to the statistical likelihood of payment default for the purpose of deciding whether to make the respective type of payment available. The credit check may contain likelihood values (so-called score values). Where score values are included in the result of credit check, they have their basis in a scientifically recognised mathematical-statistical procedure. Among other things, address data are included in the calculation of the score values. You can find further data protection information in PayPal’s data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Your personal data will not be transferred to third parties for purposes other than those mentioned above.
We also disclose your personal data to third parties only if:
- You have expressly given your consent to do so in accordance with Article 6(1)(a) GDPR,
- Disclosure in accordance with Article 6(1)(f) GDPR 9(2)(f) is necessary for the establishment, exercise, or defence of legal claims and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data,
- In the event that a legal obligation exists for the disclosure in accordance with Article 6(1)(c) GDPR, or
- This is legally permissible and, in accordance with Article 6(1)(b) GDPR, is necessary for performing contractual relationships with you.
As part of the ordering process, we will obtain your consent to the disclosure of these data to third parties.
5. Use of cookies
We use cookies on our site. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, or the like) when you visit our website. Cookies do not harm your end device or contain viruses, Trojan horses, or other malware.
Information is stored in the cookie that relates to the specific end device being used. However, this does not mean that we obtain direct knowledge of your identity through the cookie.
Cookies help make it more convenient for you to use our site. For instance, we use session cookies in order to recognise that you have previously visited individual pages on our website. These cookies are automatically deleted when your leave our site.
In addition, also for the purpose of optimising user-friendliness, we use temporary cookies, which are stored for a specified period of time on your end device. If you visit our site again in order to make use of our services, it is automatically recognised that you had previously visited us and which entries and settings you made so that these do not have to be entered again.
We also use cookies in order to compile statistics about the use of our website and to evaluate use for the purpose of optimising our website for you (see Section 7). These cookies enable us to automatically recognise you when you return to our site. They are automatically deleted after a specified time.
The data processed by cookies are necessary for the aforementioned purposes of the legitimate interests pursued by us and third parties in accordance with Article 6(1)(f) GDPR.
Most browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your computer or that you always are prompted before a new cookie is placed. Complete deactivation of cookies may however mean that you will be unable to use all features of our website.
6. Links to third-party websites
The links published on our website are researched and compiled by us with utmost care. However, we have no influence on the current and future design and content of the linked-to sites. We are not responsible for the content of the linked-to sites, and we expressly do not espouse the content of those sites. The provider of the linked-to site is solely liable for illegal, erroneous or incomplete content, as well as for damages incurred from the use or non-use of the information. The liability of the one who merely links to the publication is excluded. We are responsible for linked-to content only if we are actually aware of it, i.e. also of potentially unlawful or criminal content, and it technically possible and reasonable for us to prevent its use.
7. Analysis and tracking tools
The tracking measures described in the following and used by us are carried out on the basis of Article 6(1)(f) GDPR. We use these tracking measures in order to ensure that our website is designed to meet user requirements and is continually optimised. We also use tracking measures in order to compile statistics about the use of our website and to optimise our offering for you. These interests are to be considered legitimate within the meaning of the aforementioned provision.
The respective data-processing purposes and data categories can be found in the corresponding tracking tools.
Google Analytics
In order to ensure that our website is designed to meet user requirements and is continually optimised, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter, “Google”). In this regard, pseudonymised usage profiles are created and cookies are used (see Section 6). The information generated by the cookie about your use of this website, such as
- Browser type/version
- Operating system being used
- Referrer URL (the previously visited site),
- Host name of the accessing computer (IP address)
- Time of server request
is transferred to a Google server in the U.S. and stored there. The information is utilised in order to analyse the use of the website, compile reports about website activities, and provide other services associated with website use and internet use for the purposes of market research and designing this website in line with demands. In some cases, this information is also transmitted to third parties if this is required by law or these data are processed by third parties on behalf of another. In no case is your IP address combined with other data by Google. IP addresses are anonymised so that an attribution is not possible (IP masking).
You can prevent the installation of cookies by configuring the browser software accordingly. However, please be aware that in such case it may not be possible to use all features of our website to their full extent.
In addition, you can prevent the capture and processing by Google of the data generated by the cookie relating to your use of the website (including your IP address) by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, particularly with browsers on mobile end devices, you can moreover prevent the capture by Google Analytics by clicking on the above link. An opt-out cookie will be placed that prevents the future capture of your data when visiting our website. The opt-out cookie is valid only for that browser and only for our website and will be stored on your device. If you delete the cookies in that browser, you will need to set an opt-out cookie again.
You can find further information about data protection in connection with Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de.
8. Instagram & Facebook
Wilhelma operates an Instagram (www.instagram.com/wilhelma_stuttgart) and Facebook (www.facebook.com/wilhelma) page and for this purpose makes use of the technical platform and services of
Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
Please check carefully which personal data you share with us via Instagram and Facebook. Both platforms a part of the Meta consortium and shares infrastructure, systems and technology with Facebook and other Meta companies.
We make you expressly aware that Meta stores the data of the users of its services (e.g. personal information, IP address, etc.) and may also use them for commercial purposes. You can find detailed information about data processing by Meta at Instagram in the Instagram Privacy Policy (http://instagram.com/legal/privacy/) and in the Instagram Terms of Use (https://help.instagram.com/581066165581870/?helpref=hc_fnav).
We have no influence on the collection and further processing of data by Meta. Furthermore, we do not know in what scope, at what place and for what duration data are stored, to what extent Meta fulfils existing erasure obligations, what analyses and linkages are performed on the data, and to whom the data are disclosed. If you would like to prevent Meta from processing personal data transmitted by you to us, please contact us in a different manner.
We will use your data that were provided when making contact or at the time of an interaction or that are publicly viewable in your profile only for the purpose of processing your enquiry. We will process your data only for as long as necessary in order to fulfil the aforementioned purposes and to manage our relationship. Otherwise, your data will be blocked from further processing and erased following expiry of any tax, commercial or other statutory retention periods.
The data collected about you in this regard will likewise be processed by Meta Platforms Ireland Limited and possibly transferred to countries outside of the European Union.
You can find Facebook’s data usage policy at https://de-de.facebook.com/privacy/policy. Facebook makes an online contact form available for data protection questions: https://de-de.facebook.com/privacy/policy/?section_id=13-HowToContactMeta.
9. Rights of the data subject
You have the following rights:
- Pursuant to Article 15 GDPR, to obtain information about your personal data processed by us. In particular, you can obtain information about the purposes of the processing, the category of the personal data, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged storage period, the existence of the right to rectification, erasure, restriction of processing and to object, the right to lodge a complaint, and the source of your data where they are not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about it;
- Pursuant to Article 16 GDPR, to obtain without undue delay the rectification of inaccurate personal data stored by us or, where they are incomplete, to have them completed;
- Pursuant to Article 17 GDPR, to obtain the erasure of personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
- Pursuant to Article 18 GDPR, to obtain restriction of the processing of your personal data where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose their erasure, we no longer need the data but they are required by you for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
- Pursuant to Article 20 GDPR, to receive the personal data that you provided to us in a structured, commonly used, and machine-readable format or to obtain transmission to another controller;
- Pursuant to Article 7(3) GDPR, to withdraw at any time the consent that you granted to us. This means that we may no longer continue with the data processing on which such consent was based; and
- Pursuant to Article 77 GDPR, to lodge a complaint with a supervisory authority. To do so, you can normally write to the supervisory authority responsible for your customary place of residence, for your workplace, or for the registered office of our company.
10. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, then pursuant to Article 21 GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation or where the objection relates to direct marketing. In the latter case, you have a general right to object, which we must implement without a particular situation needing to be specified.
If you would like to make use of your right to withdraw your consent or your right to object, please send an email to datenschutz@wilhelma.de.
11. Data security
During website visits, we use the widespread SSL (secure socket layer) procedure in conjunction with the highest level of encryption that your browser supports. Normally, this is 265-bit encryption. If your browser does not support 256-bit encryption, we instead employ 128-bit v3 technology. You can tell whether individual pages on our website are being transmitted in encrypted form by the locked depiction of the key or lock symbol in the bottom status bar of your browser.
In addition, we make use of appropriate technical and organisational security measures in order to protect your data against accidental or intentional manipulation, total or partial loss or destruction, and unauthorised access by third parties. Our security measures are continuously improved in keeping with technological developments.
12. Version and amendment of this Data Protection Policy
This Data Protection Policy is currently valid (most recently updated: July 2022).
If our website or offers on it are enhanced, or if statutory or regulatory requirements should change, it may become necessary to amend this Data Protection Policy. The current version of this Data Protection Policy can be viewed and printed out at any time by visiting www.wilhelma.de/datenschutz.
Data protection officer
Konrad Armbruster
Wilhelma 13
70376 Stuttgart
Germany
datenschutz@wilhelma.de