Legal Notice Zoo Dresden
1. An overview of data protection
The following information will provide you with an easy-to-navigate overview of what will happen with your personal data when you visit this website. The term “personal data” covers all data that can be used to identify you personally. For detailed information about the subject of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data recording on this website
Who is the responsible party for the recording of data on this website (i.e., the “Controller”)?
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form.
Other data will be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.
For what purposes do we use your data?
A portion of the information is generated to guarantee the error-free provision of the website. Other data may be used to analyse your user patterns.
What rights do you have regarding your information?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data be rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which will apply to all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances, and you also have the right to log a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time if you have questions about this or any other issues related to data protection.
Analytical and third-party tools
There is a possibility of your browsing patterns being statistically analysed when your visit this website. Such analyses are performed primarily with what we refer to as “analytical programs”.
For detailed information about these analytical programs, please consult our Data Protection Declaration below.
Hosting with All-Inkl
The use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable representation of our website.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
3. General information and mandatory information
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to identify you personally. This Data Protection Declaration explains which data we collect as well as the purposes for which we use this data. It also explains how, and for what purpose, the information is collected.
We hereby advise you that the transmission of data via the Internet (i.e., via email communications) may be prone to security breaches. It is not possible to protect data completely against third-party access.
Information about the responsible party (referred to as the “Controller” in the GDPR)
The data processing Controller on this website is:
Zoo Dresden GmbH
Managing Director: Karl-Heinz Ukena
01219 Dresden, Germany
Phone: +49 351 - 4780 60
The Controller is the natural person or legal entity that makes decisions, single-handedly or jointly with others, regarding the purposes of and resources for the processing of personal data (e.g., names, email addresses, etc.).
Designation of a data protection officer
We have appointed a data protection officer for our company.
Zoo Dresden GmbH
Data Protection Officer
01219 Dresden, Germany
Phone: +49 351 - 4780 60
Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other non-EU countries that are not secure from a data protection perspective. If these tools are active, your personal data will potentially be transferred to these non-EU countries and may be processed there. We must point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For instance, US enterprises are obliged to release personal data to the security agencies, and you, as the data subject, do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that US agencies (e.g., the Secret Service) may process, analyse, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke – at any time – any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, AT ANY TIME, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR INDIVIDUAL SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS FOR THE PROCESSING OF DATA, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU REGISTER AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING AND LEGITIMATE GROUNDS FOR THE PROCESSING OF YOUR DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PURPOSE OF THE PROCESSING IS THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to register a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they have their usual domicile or place of work, or at the place where the alleged violation occurred. The right to register a complaint applies regardless of any other administrative or judicial proceedings available as legal recourses.
Right to data portability
You have the right to demand that we hand over any data that we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine-readable format. If you require the direct transfer of the data to another Controller, this will be done only if technically feasible.
SSL and/or TLS encryption
For security reasons, and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://”, as well as by the appearance of the lock icon in the browser line.
If SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If you are under an obligation to share your payment information with us (e.g. account number if you give us the authority to debit your bank account), this information is required to process payments.
Payment transactions using common modes of payment (Visa/MasterCard, debit from your bank account) are processed exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://”, as well as by the appearance of the lock icon in the browser line.
If the communication with us is encrypted, third parties will not be able to read the payment information you share with us.
Information about, rectification of, and eradication of data
Within the scope of the applicable statutory provisions, you have the right, at any time, to demand information about your archived personal data, their source and recipients, as well as the purpose for processing your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject or any other questions about personal data, please do not hesitate to contact us at any time.
Right to demand processing restrictions
You have the right to demand the imposition of restrictions regarding the processing of your personal data. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:
- If you dispute the correctness of your data archived by us, we will usually need some time to verify this claim. While this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
- If we no longer need your personal data and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
- If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. Until it has been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent, or to assert, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important reasons of public interest cited by the European Union or a member state of the EU.
Rejection of unsolicited e-mails
We hereby object to the use of contact information, published in conjunction with the information required to be provided in our Site Notice, to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, such as via spam messages.
4. Recording of data on this website
Our websites and pages use what the industry refers to as “cookies”. Cookies are small text files that cause no damage to your device. They are either stored temporarily for the duration of a session (session cookies), or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.
In some cases, third-party cookies may be stored on your device when you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g., cookies for the processing of payment services).
Cookies have a variety of functions. Many cookies are technically essential, since certain website functions would not work without them (e.g., the shopping basket function or the displaying of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.
Cookies required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g., for the shopping basket function), or those that are necessary for the optimization of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically flawless and optimised provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified whenever cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general, or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
If third-party cookies are used, or if cookies are used for analytical purposes, we will notify you separately in conjunction with this Data Protection Policy and, if applicable, ask for your consent.
Features & external media
|CookieScriptConsent||zoo-dresden.de||1 month||The purpose of this cookie to manage and save your cookie settings.|
Features & external media
|c_functionality||zoo-dresden.de||1 month||The purpose of this cookie is to enable external features and content such as YouTube videos and Google Maps.|
Consent with Cookie Script
Our website uses the Cookie Script consent technology for GDPR to obtain your consent for the archiving of certain cookies on your device, or for the use of certain technologies and for the data protection-compliant documentation of the same.
Details can be found here: https://cookie-script.com/privacy-policy.html.
Server log files
The provider of this website and its pages automatically collects and stores information in so-called “server log files”, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The operating system used
- The referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically flawless presentation and the optimisation of the operator’s website. In order to achieve this, server log files must be recorded.
If you submit enquiries to us via our contact form, the information provided in the contact form, as well as any contact information provided therein, will be stored by us in order to handle your enquiry and in case we have further questions. We will not share this information without your consent.
The processing of these data is based on Art. 6(1)(b) GDPR if your request is related to the execution of a contract, or if it is necessary for carrying out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of requests sent to us (Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR) if this has been requested.
The information you have entered in the contact form will remain with us until you ask us to eradicate the data or revoke your consent to the archiving of data, or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.
Requests by email, telephone, or fax
If you contact us by e-mail, telephone, or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of enquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained.
The data sent by you to us via contact requests remain with us until you request us to delete them or revoke your consent to their storage, or the purpose for the data storage no longer exists (e.g., after completion of your request). Mandatory statutory provisions – statutory retention periods in particular – remain unaffected.
Registration on this website
You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective product or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.
To notify you of any important changes to the scope of our portfolio, or in the event of technical modifications, we shall use the email address provided during the registration process.
We shall process the data entered during the registration process on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfilment of a contract.
The data recorded during the registration process shall be stored by us for as long as you are registered on this website. Subsequently, such data will be deleted. This shall be without prejudice to mandatory statutory retention obligations.
5. Plug-ins and Tools
This site uses so-called web fonts from MyFonts Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA (hereinafter: MyFonts). These are fonts that are loaded into your browser when you open our website in order to ensure a uniform typeface for the presentation of the website.
The use of the fonts is based on our legitimate interest in a uniform presentation of our website (Art. 6(1)(f) GDPR); your personal data may potentially be transferred to non-EU countries on the legal basis of Art. 49(1)(c) GDPR. Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing and Art. 49(1)(a) is the legal basis for transferring your personal data; consent may be revoked at any time for the future.
In the context of the fundraising campaign (e.g. at https://www.zoo-dresden.de/unterstuetzen/jetzt-online-spenden/), this website uses the services of Altruja GmbH, Augustenstraße 62, 80333 Munich (hereinafter Altruja).
Altruja is a provider of online fundraising software and is certified under PCI and PCI-DSS (Payment Card Industry Data Security Standard) to ensure that credit card data is processed carefully and securely. Altruja processes the personal data requested on its donation form in accordance with Art. 6 (1) (b) of GDPR.
Commissioned data processing
We have concluded a data processing agreement with the above provider. This agreement is required under data protection law and guarantees that the provider will only process the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.
6. Payment service providers
Processing of data (customer and contract data)
We collect, process, and use personal data only to the extent necessary for the establishment, content organisation, or change of the legal relationship (data inventory). These actions are taken on the basis of Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual actions. We collect, process, and use personal data concerning the use of this website (usage data) only to the extent necessary to make it possible for users to utilise the services and to bill for them.
The customer data collected will be eradicated upon completion of the order or the termination of the business relationship. This shall be without prejudice to any statutory retention mandates.
We integrate the payment services of third-party companies into our website. When you make a purchase from us, your payment data (e.g., name, payment amount, bank account details, credit-card number) are processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply. The use of the payment-service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment transaction (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consent may be revoked at any time for the future.
We use the following payment services / payment-service providers within the scope of this website:
The provider of this payment service is the Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the US. The data transfer to the US is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and
The provider of this payment service is the Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).
Great Britain is considered a secure non-EU country as far as data protection legislation is concerned. This means that the data protection level in Great Britain is equivalent to the data protection level of the European Union.
VISA may transfer data to its parent company in the US. The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
7. Data privacy when using our social media channels
We maintain a presence on social networks and platforms in order to communicate with regular and potential customers and users and to provide them with information about our services.
Please note that this means user data may be processed outside the European Union. This could result in risks to users, since, for example, they could find it more difficult to exercise their rights.
User data is also generally processed for the purposes of market research and advertising. This means, for instance, that user profiles can be created on the basis of user behaviour and the interests deduced from it. Such user profiles can then in turn be used to run the ads most likely to reflect users' interests, both on the platforms and elsewhere. Cookies containing information on user behaviour and interests are generally stored on users’ computers for these purposes. Data can also be saved in user profiles regardless of the device being used (especially if users have accounts with the relevant platforms and are logged into them).
Users’ personal data is processed on the basis of our legitimate interest in properly informing and communicating with users pursuant to Art. 6 (1) (f) of GDPR. Where users are asked by the relevant platform providers to consent to the data processing described above, the legal basis for such processing is GDPR Art. 6 (1) (a) and Art. 7.
For a detailed description of how each provider processes data and the opt-out options they offer, please see the information provided in the links below.
If you have any questions or wish to exercise your user rights, the most effective way of pursuing these is to contact the providers directly. It is only the providers who have access to the users’ data and they are able to take the appropriate action or provide information directly. However, if you need help, please feel free to contact us.
As an Instagram account holder (https://www.instagram.com/zoodresden/) we - together with the operator of the social network Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland or Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - are data controllers within the meaning of Art. 4 (7) of the General Data Protection Regulation (GDPR). When you visit our Instagram page, the data controllers process your personal data. We describe below which data we process, how we process it and what rights you have in this regard.
The purpose of processing the data is on the one hand to enable Facebook to improve its system for running ads on its network, among other things, and on the other hand to enable us, as the holders of the Instagram account, to obtain statistics generated by Facebook on the basis of visits to our Instagram page. This enables us to control the marketing of our activities, for example, by obtaining information about the profiles of visitors who like our Instagram page or use applications on it, enabling us to provide more relevant content and develop features that could be of interest.
In order to help us better understand how to use our Instagram page to achieve our goals more effectively, demographic and geographical analyses are also generated and made available to us on the basis of the data collected. We can use this information to run selective interest-based ads without gaining any direct knowledge of the visitor’s identity. If visitors use Facebook on several devices, information can be collected and evaluated across all devices if visitors are registered users and are logged in under their own profile.
Visitor statistics created in this way are transmitted to us solely in anonymised form. We have no access to the data on which these statistics are based.
We have set up this Instagram page in order to make Instagram users and other interested parties visiting our Instagram page aware of us, and to communicate with them. Users’ personal data is processed on the basis of our legitimate interest in optimising our company profile (Art. 6 (1) (f) of GDPR).
It is possible that some of the data collected may also be processed outside the European Union by Facebook Inc, which is based in the USA. Facebook Ireland Ltd. undertakes to comply with European data protection regulations.
We do not pass on any personal data ourselves.
Instagram users may control the extent to which their user behaviour is recorded in the context of visits to our Instagram page by changing their ad preferences settings. Other options for Facebook and Instagram settings can be found at:
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/ or the right to object form at:
Users can also prevent the processing of information obtained by the cookies set by Facebook by blocking Facebook or third-party provider cookies in their own browser settings.
The agreements with Facebook - including in respect of joint responsibility - essentially recommend contacting Facebook directly with any requests for information or to assert further rights. As the provider of the social network and the opportunity to create Facebook pages, only Facebook can directly access the required data and take any necessary action or provide information. However, if you need our assistance, please feel free to contact us at any time.
Our company profile on Facebook https://de-de.facebook.com/ZooDresden/ (fan page) serves as a platform that enables us to address a wider audience and appeal directly to visitors who might be interested. We only process data to the extent that it is specifically provided to us by you through your use of interactive features. Please note that when you use our Facebook page and its features, you do so voluntarily and on your own responsibility. This applies in particular to the use of interactive features (e.g. commenting, sharing, rating).
Data processing by Facebook
We also have a Facebook page. We have no influence over the data privacy settings of this third-party platform. However, the European Court of Justice has determined in one case (ruling dated 05/06/2018 – C-210/16) that operators of Facebook fan pages are (jointly) responsible with Facebook for data processing. In accordance with the EU General Data Protection Regulation (GDPR), we are thus informing you here about data processing in relation to Facebook, to the extent that we are aware of and have any influence over such processing.
When you visit our company Facebook page, Facebook collects data including your IP address and other information available in the form of cookies on your computer. This data is used to provide us, as the operator of the page, with statistical information about how it is being used.
Facebook provides us, as the operator, with the following data (anonymised and compiled by group) for the purposes of evaluation:
- place of residence (country and region or city)
The following data relating to overall usage is recorded in anonymous form:
- time of usage
- interaction with posts (e.g. reactions, comments, click rates, views, shares)
- duration of video views
- devices used, operating systems, software
- usage history (referral sites)
- place of usage
Facebook provides more detailed information about this at the following link: https://de-de.facebook.com/help/pages/insights
The data are processed on the basis of Art. 6 (1) (1) (f) of GDPR.
Data relating to you that are collected in this context are processed by Facebook and may be transmitted to countries outside the EU. The Facebook data use policy describes in general terms which data Facebook obtains and what use it makes of such data. Facebook’s contact details and information about ad settings can also be found there. The data policy is available at the following link: https://de-de.facebook.com/about/privacy or https://de-de.facebook.com/full_data_use_policy.
Facebook does not clearly and conclusively specify how it uses data obtained from visits to Facebook pages for its own purposes, to what extent activity on Facebook pages can be linked to individual users, for how long Facebook stores such data and whether data obtained from visiting the company Facebook page is shared with third parties; we do not have any information about the above.
When you access a company Facebook page, the IP address of your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (in the case of “German” IP addresses) and deleted after 90 days. Facebook also stores information about its users' devices (e.g. by means of the “Login Notifications” feature). This means that Facebook may be able to link IP addresses to individual users.
When you are logged into Facebook, there will be a cookie containing your Facebook ID on your device. Facebook is then able to see that you visited this page and how you used it. The same applies for all other Facebook pages.
If you wish to prevent this, you should either log out of Facebook or disable the “Keep me logged in” feature, delete the cookies on your device, and close and restart your browser. This deletes any information on Facebook that could be used to identify you individually and allows you to visit our company Facebook page without revealing your Facebook ID.
To the extent that circumstances warrant, GDPR provides you with the right to rectification under Art. 16, the right to erasure under Art. 17, the right to restriction of processing under Art. 18, the right to object to processing under Art. 21, and the right to lodge a complaint with a supervisory authority under Art. 77.
Please note, however, that we only process purely statistical data, and not any personal data relating directly to you. If necessary, please contact the operator of the third-party platform. Information on how to manage or delete data relating to you can be found in the data policy referred to above(https://de-de.facebook.com/about/privacy or https://de-de.facebook.com/full_data_use_policy).