1. General
We are governed by the data protection provisions of the Diocese of Rottenburg-Stuttgart, in particular by the Church Data Protection Act (KDG), the implementing regulation for the Church Data Protection Act (KDG-DVO) and the other regulations which have been issued concerning the implementation of the Church Data Protection Act.
This data privacy statement applies to this website and to the personal data collected by means of it. Web pages of other providers, which are referenced for example via links, are subject to the data privacy statements of those pages.
2. Collection and processing of personal data
The term “personal data” means – in accordance with the definition in Article 4 No. 1 of the Church Data Protection Act – details of the personal and material circumstances of an identified or identifiable natural person. These are, for example, the name, address, e-mail address or telephone number of a relevant person, but also, for example, the IP address via which you may visit our website for purely informative purposes.
With regard to other terms, in particular the terms “processing”, “controller” and “consent”, we refer you to the statutory data protection definitions of Article 4 of the Church Data Protection Act.
3. Data controller
Bildungshäuser der Diözese Rottenburg-Stuttgart
Church-owned, independent company (Kirchlicher Eigenbetrieb)
Mr Xaver Steidle
Weggentalstr. 14
72108 Rottenburg am Neckar
Tel.: +49 (0) 7472 169 - 636
E-mail: info(at)tagungshaus.net
4. Data protection officer
Data protection department (Stabstelle Datenschutz)
Bischöfliches Ordinariat
Eugen-Bolz-Platz 1
72108 Rottenburg am Neckar
Tel.: +49 (0) 7472 169 - 890
E-mail: datenschutz(at)bo.drs.de
5. Legal bases for the processing of personal data
Insofar as we obtain consent from the relevant person for processing steps relating to personal data, Article 6 (1) (b) in conjunction with Article 8 of the Church Data Protection Act serves as the legal basis.
For personal data processing which is required in order to fulfil a contract whose contracting party is the relevant person, Article 6 (1) (c) of the Church Data Protection Act serves as the legal basis. This also applies to processing steps required for implementing pre-contractual measures.
Insofar as personal data processing is required to fulfil a legal obligation, Article 6 (1) (d) of the Church Data Protection Act serves as the legal basis.
If processing is necessary in order to safeguard a legitimate interest of the data controller or of a third party, and the interests, basic rights and basic freedoms of the relevant person do not outweigh the first-named interest, then Article 6 (1) (g) of the Church Data Protection Act serves as the legal basis for processing.
The legal bases for the processing of private and personal data using essential cookies are Article 25 (2) of the German Telecommunications Digital Services Data Protection Act (TDDDG) and Article 6 (1) (g) of the Church Data Protection Act.
6. Data collection and processing when our website is visited for purely informative purposes
If you use our website for purely informative purposes and also do not share any information with us by other means (for example by e-mail or contact form), then we only collect such data as is transmitted to our server by your browser.
When our website is viewed, it is technically necessary to collect and use a variety of data to enable error-free communication between your Internet browser and our web server. In the process the following data is collected automatically and logged in a ‘log file’ until it is automatically erased:
- Anonymised IP address (the last one to three digits are removed)
- Date and time of the enquiry
- Pages viewed
- Logs
- Access status
- Data quantity transferred
- Referer (website from which you have been directed to our website)
- User agent (web browser, operating system etc.)
As a fundamental principle, we collect this data in anonymised form only and, as a rule, store it for 60 days. This takes place for the purpose of intra-system technical processing (establishing of a connection), system security, technical administration of the system and network infrastructure, and for the optimisation of the website and for statistical purposes.
The processing of this data takes place in accordance with Article 6 (1) (g) of the Church Data Protection Act. It ensures the functioning and security of the website, assists with improvement of stability and functionality and with technically sound, failure-free presentation, and helps optimise our web presence.
External web hosting service
The content of our website is hosted with the following provider:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Conclusion of a data processing agreement
We have signed an agreement with the above-named provider for the processing of personal data on our behalf. This is an agreement stipulated under data protection law which ensures that the web hosting service processes the personal data of our website’s visitors only in line with our instructions and in compliance with the regulations of the Church Data Protection Act and the GDPR.
Since acquisition of the data is essential for the provision of the web pages, and storage of data in log files is essential for operation of our web pages, you do not have the option of objecting to this. You can only prevent this data processing by not using our services.
7. Your rights in accordance with the data protection provisions
If the legal prerequisites exist and as long as there is no legal exception, you have the following rights in respect of the controller regarding your personal data:
- Right to revocation of consent in accordance with Article 8 (6) of the Church Data Protection Act,
- Right to information in accordance with Article 17 of the Church Data Protection Act,
- Right to rectification in accordance with Article 18 of the Church Data Protection Act,
- Right to erasure in accordance with Article 19 of the Church Data Protection Act,
- Right to restriction of processing in accordance with Article 20 of the Church Data Protection Act,
- Right to data portability in accordance with Article 22 of the Church Data Protection Act,
- Right to objection in accordance with Article 23 of the Church Data Protection Act.
Right to complain to the data protection supervisory authority
You additionally have, in accordance with Article 48 of the Church Data Protection Act, the right to lodge a complaint with the competent data protection supervisory authority if you are of the view that the processing of your personal data is a breach of the stipulations of the Church Data Protection Act or other data protection regulations. The competent church data protection supervisory authority is:
Katholisches Datenschutzzentrum Frankfurt a. M.
Roßmarkt 23
60311 Frankfurt am Main
Tel.: +49 (0) 69 58 99 755 -10
E-mail: info(at)kdsz-ffm.de
Internet: https://www.kath-datenschutzzentrum-ffm.de/
8. Right to revocation and right to objection
You may, at any time and without giving reasons, revoke consent which you have granted; to do this it is sufficient to send an informal message to the controller’s address named above. In this case, we will immediately cease the processing and use of your data for the relevant purpose.
Please note that the revocation applies only to the future. Revocation of the consent does not affect the legality of the processing which has occurred on the basis of the consent up until the time of revocation.
In order to exercise your right to objection in accordance with Article 23 of the Church Data Protection Act, please likewise contact the controller using the contact data named above.
In the event of revocation or objection, we will immediately cease the processing and use of your data for the relevant purpose, providing no mandatory legal storage periods conflict with this.
9. Data erasure and storage periods
The personal data of users of our website is erased or blocked as soon as the storage purpose ceases to apply.
In particular, storage may take place if this is provided for in church, state or EU legal standards which we are subject to. These then also give rise to the safekeeping or storage periods which we are required to comply with.
Erasure or blocking of the data occurs when a storage period stipulated by the named standards elapses.
A longer storage period may arise from your explicit consent or on the basis of contractual agreements with you.
10. Making contact via the contact/enquiry form or via an e-mail enquiry
We process your personal data (e.g. name, e-mail address, address, telephone number) communicated via contact/enquiry forms or via e-mail enquiries in order to answer your enquiry.
The processing of this data takes place on the basis of Article 6 (1) (c) of the Church Data Protection Act, provided that your enquiry is connected to the fulfilment of a contract or is required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries sent to us (Article 6 (1) (g) Church Data Protection Act) or on your consent (Article 6 (1) (b) KDG) if this has been asked for; the consent may be revoked at any time.
Within the scope of the enquiry form, you have the possibility of granting your consent (Article 6 (1) (b) KDG) to be included in the customer file. Once granted, you can revoke this consent at any time.
If you wish to object to the use of your data for information and communications, or wish to revoke your relevant consent, it is sufficient at any time to send a brief message to the controller’s contact data named above and in the legal notice.
11. Data protection in applicant management
We process your application details in order to assess whether you have the suitability, skills, and specialist capacities for the job you are applying for.
The legal basis for processing within the scope of the selection process for establishing a contract of employment is Article 53 of the Church Data Protection Act (KDG) and as appropriate Article 6 (1) (c) of the KDG for the implementation of pre-contractual measures or for the fulfilment of a contract.
Insofar as we are safeguarding legitimate interests with the processing of your data, in particular if different church authorities of the Diocese of Rottenburg-Stuttgart cooperate during the assessment and processing of your application documents, the legal basis is Article 6 (1) (g) of the Church Data Protection Act.
If your application documents contain particular categories of personal data, e.g. details about health or ethnic origin, we base our processing on our legal obligations as an employer and the associated protection of your basic rights, and additionally also on Article 11 (2) (b) of the Church Data Protection Act. Over and above this, we also process your data on the basis of Article 11 (2) (h) of the Church Data Protection Act in order to assess the working capacity of potential employees and, where necessary, to take occupation health-related and preventive healthcare measures.
The recipients of the personal data contained in the application documents are the relevant competent HR managers, the employee representative committee and, as appropriate, the equal opportunities officer and the disabilities officer.
Your personal data/application documents are destroyed six months after completion of the application process, unless longer storage is required for defending legal claims or the applicant explicitly agrees to a longer storage period.
If you are appointed, you will be informed separately about the regulations which then apply to the handling of your personal data, in particular in respect of the compilation of personnel files.
12. Newsletter
If you grant your consent, which can be revoked at any time, we will collect and process your e-mail address for the dispatch of our newsletter by e-mail. If you wish to revoke the consent you have granted, you can use the unsubscribe function in the newsletter or send us a brief message by e-mail or post (see our legal notice).