Privacy Policy

Thank you for visiting our website. We are committed to protecting your privacy. This privacy policy sets out how we process personal information that we collect from you. 

1. Data protection at a glance

This policy gives a basic overview of how your personal data is used when you visit our website. Personal data is any data that identifies you as an individual. Details of our policies regarding the collection, use, and disclosure of personal data are set out below.

Data collection on our website

Who is responsible for data collection on this website?
The data collected on this website is processed by the website operator. The operator’s contact details are given in the site’s “Legal notice”.

How do we collect your data?
We collect, store and use the information you give us when you fill in forms on our website. Other primarily technical data is collected automatically by our IT systems when you visit our website (such as details of your internet browser, operating system and date and time of connection.) The website automatically logs this technical information.

What do we use your data for?
Some data is collected to ensure the proper functioning of our website. Other data is collected to help us analyse how visitors use the site.

What rights do you have regarding your data?
You have the right to request information, at any time and free of charge, about your personal data held, including its origin, its recipients and the purpose of its collection. You may also request that your data be corrected, blocked or deleted. If you wish to invoke these rights or have any other questions about data protection, you can contact us at any time at the address given in the site’s “Legal notice”. In addition, you have the right to lodge a complaint with the responsible supervisory authorities. 

Analytics and third-party tools
We use statistical analyses to evaluate site usage. This is done primarily with the help of cookies and analytics programs. In most cases, site visitor tracking is anonymous, which means that the data cannot be traced back to you. You may opt out of these analytics services or disable them by using certain tools. Further details can be found below. To find out how to opt out of this analysis, please read the information in our privacy policy.

2. General points and mandatory information

Data protection
The operators of this website are committed to protecting your privacy and personal data. We handle your data confidentially and process it in line with both data protection legislation and the terms of this privacy policy.

When you use this website, various items of your personal data will be collected. Personal data is any data that identifies you as an individual. The following privacy policy outlines what data we collect and what we use it for. It also explains how and for what purposes we collect your data. Please note that any data transmitted via the internet (for instance by e-mail communication) may be subject to security breaches. It is impossible to afford complete protection against third-party data breaches.

Responsible party
The party responsible for data processing data on this website is:

Schlossmuseum Darmstadt e. V.
Residenzschloss 1
64283 Darmstadt
06151 24035

The responsible party is the natural or legal person with sole or joint responsibility for deciding on the purposes for which, and means by which, your personal data (names, email addresses, etc.) is processed. 

Revocation of consent to the processing of your data
Many data processing transactions are possible only subject to your express consent. Any such consent may be revoked at any time by sending us an e-mail to this effect. This shall be without prejudice to the legitimacy of any data processing conducted prior to your revocation.

Right to file a complaint with the competent supervisory authority
If there has been a violation of data protection legislation, the person affected may file a complaint with the competent supervisory authority. The competent authority for matters related to data protection legislation is the Regional Commissioner for Data Protection of the federal state in which our company is domiciled. A list of the relevant commissioners and their contact details can be found at the following link:

Right to data portability
You have the right to request that the data we process electronically – based on your consent or in fulfilment of a contract – be made available to you or to a third party in a common, machine-readable format. Should you request direct transfer of the data to another responsible party, this will only be done to the extent that is technically feasible.

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons as well as to protect the transmission of confidential content, such as orders or inquiries you send us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and a lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you send us cannot be read by third parties.

Access to information, blocking, deletion
You have the right to request information on your personal data stored by us at any time and at no cost, in particular about the origin and recipients of your data as well as the purpose for which it has been processed. In addition, to the extent permitted by law, you have the right to demand that this data be rectified, blocked or erased. Should you have any questions in this respect, please write to the contact address published in the website’s “Legal notice”.

Objection to unsolicited advertising
We hereby object to the use of the contact details published on this website as part of the “Legal notice” obligation for sending unsolicited advertising or other information. The website operator expressly reserves the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.

3. Data collection on our website

Some of our web pages use cookies. Cookies do not harm your computer and do not contain viruses. Cookies help make our website more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit. You can set up your browser to alert you to the use of cookies, so that you can decide on a case-by-case basis whether to accept or reject their use. You can also set your browser to automatically reject cookies under certain conditions or at all times, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website. Cookies required to carry out the electronic communication process or to provide certain functions requested by you (such as the shopping cart function) are processed and saved pursuant to Art. 6 (1) (f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in the storage of cookies for the technically correct and optimized provision of its services. If other cookies (such as cookies for analysing your user behaviour) are stored, they will be treated separately in this privacy policy.

Server log files
The website operator automatically collects and saves information are automatically transmitted to us by your browser in so-called server log files. This information comprises:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Host name of the requesting computer
  • Time of server request
  • IP address

This data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (b) GDPR, which allows data processing if it is necessary for the performance of a contract with the data subject or for taking preparatory steps in this respect.

4. Processing personal data

Your personal data will only be used for the specific purpose for which it was collected (for instance to answer inquiries, book guided tours or send you requested information). If you contact us by e-mail or telephone, the data you furnish (such as your e-mail address, name or telephone number) will be stored by us for the purpose of processing your request or answering your questions. The relevant data will be deleted as soon as there is no viable reason to store the data any longer. Insofar as statutory data retention periods apply, data processing will be kept to a minimum. This also applies in the case of bookings of guided tours in our museum made in writing or by telephone. We do not pass this data on to third parties without your express consent. All persons in our employ are obliged to maintain strict data secrecy.

5. Newsletter

Newsletter data
Should you wish to subscribe to our newsletter informing you of the latest events and offers, you must send us a request to this effect in writing. We will need your email address to send you the newsletter. The address will be used exclusively for sending you the newsletter; it will be treated with strict confidentiality and will not be shared with third parties. You may unsubscribe from the newsletter at any time without giving reasons. Simply send an e-mail requesting that the service be discontinued to:

6. Hyperlinks

The homepage of Darmstadt Palace Museum contains hyperlinks to other websites (for instance “Freunde des Schlossmuseum e.V.”) All external sites referenced by hyperlinks were checked when the links were created. However, Darmstadt Palace Museum is not responsible for the contents of these external sites, since it has not initiated the transfer of information, and has neither chosen the recipients of the information transferred nor selected or modified it. The external websites referenced by links generally have their own data protection regulations, over which we have no influence. Darmstadt Palace Museum therefore assumes no responsibility or liability for the data protection provisions of these websites.

7. Video surveillance at Darmstadt Palace Museum

Information on the collection of personal data

Purposes of processing
To protect visitors, employees and property of the museum from assaults, vandalism and other criminal acts; to help law enforcement agencies identify the perpetrators and assist their investigation of criminal offenses, bodily harm inflicted and any damage caused, including accidental damage; to serve as defence against legal claims. 

Controller as defined by Art. 4 (7) of the EU General Data Protection Regulation (GDPR)

Schlossmuseum Darmstadt e. V.
Residenzschloss 1
64283 Darmstadt

The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
65021 Wiesbaden

Recipients of transferred data
Records will be released or made available for inspection to law enforcement agencies (police, public prosecutor’s office, court) and courts in civil disputes if this serves to fulfil the above-mentioned processing purposes.

Your rights
You have the following rights with respect to your personal data:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

You also have the right to lodge a complaint regarding the processing of your personal data by our company with the data protection supervisory authority concerned.

Your right to erasure or rectification
If you have provided us with personal data, you have the right to have it erased without undue delay. (Art. 17 GDPR). To do so, please send an e-mail to or address a letter to Schlossmuseum Darmstadt e.V., Residenzschloss 1, 64283 Darmstadt.

Right of access to personal information
At your request, Darmstadt Palace Museum will furnish you with information regarding your stored personal data free of charge. The information can be provided in writing or by e-mail, as requested. Your request for information must be sent to Darmstadt Palace Museum in writing or by e-mail and must include proof of identity (for instance by attaching a copy of your ID). Please note that, for identification purposes, we only need your name, address, date of birth, photo, and the ID’s expiry date. You may black out all other data (such as ID card number, personal features, nationality). The copy of your ID is used only to verify your identity and is subsequently destroyed.

Objection or withdrawal of consent to the processing of your data
You may object to the processing of your personal data inasmuch as it is based on a careful assessment of legitimate interests. This applies above all if the processing of personal data is not necessary for the performance of a contract with you. When raising an objection, please give reasons why you want us to stop processing your personal data in the current manner. In the event of your justified objection, we will review the situation and either discontinue or restrict our data processing or explain to you our compelling reasons for continuing to process your personal data as before.

Data storage period 7 days (circular buffer method) provided that no incident has occurred. In the event of an incident, the relevant video recording may be stored separately. Video recordings saved as evidence for criminal or civil prosecution will be erased in accordance with the statute of limitations. Due to the museum’s irregular opening hours, this is the shortest period for which data can be stored.

This privacy notice was last updated on 01 August 2022.