(1) When you contact us by email, we will collect the information you provide (such as your email address, name, and telephone number) to answer your questions. We will only retain this information for as long as necessary, or as required by law.
(2) If we engage commissioned service providers for certain functions of our website or if we use your data for advertising purposes, we will provide you with detailed information about these transactions and specify the criteria for the storage duration.
(1) You have the right to:Request information about the personal data we process about you.Request the correction of incorrect or incomplete personal data.Request the deletion of your personal data, unless we are required to retain it by law.Request the restriction of the processing of your personal data under certain circumstances.Receive your personal data in a structured, commonly used, and machine-readable format or request its transfer to another data controller.File a complaint with a supervisory authority.
Collection of personal data when visiting our website:
When you visit our website for information purposes only, i.e., without registering or otherwise providing us with information, we automatically collect certain personal data that your browser transmits to our server. This data is technically necessary for us to display our website and to ensure its stability and security, and the legal basis for its collection is Art. 6 (1) sentence 1 (f) GDPR.The data we collect includes:
Your IP address
The date and time of your request
The time zone difference to Greenwich Mean Time (GMT)
The content of your request (specific page)
Access status/HTTP status code
The amount of data transferred in each case
The website from which your request originated
Your operating system and its interface
The language and version of your browser software.
We do not use this data to draw any conclusions about you personally, and we do not merge this data with other data sources. We delete this data after seven days, unless we need to keep it for longer for the purposes of investigating identified attacks on our website.
We take data security seriously and have implemented technical and organisational measures to protect your personal data from loss, destruction, unauthorised access, alteration, or disclosure by unauthorised individuals. While we conduct regular checks and updates, we cannot guarantee complete protection against all risks. Our website also uses SSL (Secure Sockets Layer) encryption in certain areas to ensure the privacy of your personal information.
At CHOCOLATE EXPERIENCE GMBH, we use social plugins from social networks. Please note that separate data protection and liability rules apply to social networks and third-party websites. The relevant website operators may save and use your personal data beyond the extent provided for under our data protection policy. CHOCOLATE EXPERIENCE GMBH cannot influence what data an activated plugin collects and how the provider uses it. Rest assured that we do not collect any personal information ourselves through the use of social plugins.
To increase the protection of your data, we have restricted the embedding of plugins in our website. Instead, we use an HTML link (the "Shariff solution" by c’t) which does not establish a connection with the social network provider's servers when you visit a page containing such plugins. If you choose to click on one of the buttons, a new window will open in your browser and you will be redirected to the relevant service provider's website. From there, you can activate the "like" or "share" buttons after logging in. Please refer to the relevant provider's data protection policy for information about the purpose and extent of data collection and the provider's further processing and use of the data, as well as your rights and the settings you can choose to protect your privacy.We use social plugins from Facebook, Instagram, and TripAdvisor. Here is their operator, website, and data protection information:
We use social plugins from Facebook, Instagram, and TripAdvisor. Here is their operator, website, and data protection information:
Google (Universal) Analytics
or through the contact details provided in our Legal Notice.When you visit our website, the information collected by the cookie is transmitted to Google's servers in the USA and stored there. However, IP anonymization is enabled on our website, which means that your IP address is first truncated by Google within the European Union or other contracting states of the European Economic Area. In exceptional cases, the full IP address may be transmitted to a Google server in the USA and truncated there. Google has committed to complying with the Privacy Shield Agreement on the collection, use, and retention of personal data from the EU, which is published by the US Department of Commerce and has been certified under the Privacy Shield.However, it's important to note that on July 16, 2020, the European Court of Justice declared that the Privacy Shield data protection agreement between the EU and the USA is invalid.
(1) Our website uses Facebook Ireland Ltd.'s "Custom Audiences" remarketing function, which allows us to display interest-related ads to our website visitors while they browse the Facebook social network ("Facebook ads"). When you visit our website, a Facebook remarketing tag (cookie) is implemented on the site, creating a direct connection to Facebook's servers and informing the server that you have visited our website. This information is listed on your personal Facebook user account. Facebook's data protection policy provides more detailed information on the collection and use of this information, as well as your privacy rights and possible ways to protect your privacy, at:
(2) We require your express consent to use tracking and marketing cookies. You can accept or reject these cookies and learn about our company's data protection policy by using the cookie banner that appears when you first visit our website.(3) If you grant consent, the legal basis for processing personal data is Art. 6 (1) (a) GDPR. You can withdraw your consent at any time without providing any reasons. You can do this by sending an email to:
Please note that you must be registered with Facebook to use this link.
(1) We offer a newsletter subscription on our website, which requires your name and email address to send you the newsletter.
(3) You can withdraw your consent at any time by unsubscribing from the newsletter. Each newsletter contains an unsubscribe link at the bottom, which you can use to automatically delete your information.
(4) To register for our newsletter, we use a double opt-in procedure. After submitting your information, you will receive an email asking you to confirm your subscription. We store the registration and confirmation times, as well as the IP address, as proof of the registration for the newsletter.
(5) The statistical analysis and logging of the registration procedure is based on our legitimate interests (Article 6 (1) sentence 1 (f) GDPR), which include the proper and technically flawless execution of the email dispatch.
(6) We will only retain your email address for as long as you subscribe to the newsletter. Once you unsubscribe, we will delete your email address.
(7) We will not share the email address you provide us with any third parties.Regenerate response
(1) By registering for our "list of events", we collect, store, process, and use the information you provide. We do this with your consent, as required by Article 6(1)(a) of the GDPR. When you sign up for the waiting list, you agree to receive an email with information about your selected event at your specified email address.
(2) Once the next update regarding your selected event becomes available, we will send you an email to the address you provided. Your data will be deleted after this notification.
(3) If you wish to withdraw your consent to store your data, email address, and use it for sending waiting list notifications, you can do so at any time by sending an email to:
Offer forms – school classes and companies
We provide online forms on our website that allow school classes and companies to request offers for our services. To do so, we require certain information such as your name, email address, and telephone number, or, in the case of school classes, the telephone number of a chaperone. We process this data based on Article 6(1)(f) of the GDPR, as it serves our legitimate interests in providing you with additional ways to contact us before submitting an offer. We only store this data to the extent necessary for preparing the offer and executing the booked event.
Integration and linking of videos vie YouTube
To integrate and link videos, we use the social network YouTube, which is provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
To provide a personalized experience for our guests, we may process personal data such as their name, age, and information relating to special occasions such as birthdays. This information is displayed on a screen in the museum foyer.We process this data based on Article 6(1)(f) of the GDPR to safeguard our legitimate interests and those of the individual concerned. Our aim is to offer a unique and enjoyable experience for our guests by providing a personal touch and welcoming them in a special way. This aligns with our commitment to customer satisfaction and service-oriented practices.Access to this information is limited to our employees and the guests in the relevant group. Unauthorised third-party access is strictly prohibited. Once the event has concluded, we will delete the personal data unless required by law to retain it.
Advertising to us
We strictly prohibit the use of contact information that is published in the context of the legal notice obligation by third parties for sending unsolicited advertising or information materials. We reserve the right to take legal action against the unsolicited sending of advertising information, such as spam emails.
Chocolate Experience GmbH