Data Protection
At the Lower Oder Valley National Park, the protection of your personal data takes place in accordance with the relevant data protection regulations.

Extent of Collection and Processing of Personal Data
Personal data are only collected by us if they are necessary for the establishment, implementation or termination of the data collection for an underlying legal transaction or if we are legally obliged to do so.
Any additional data collection is voluntary and clearly marked on forms as such.

Use and Disclosure of Personal Data
We process personal data exclusively for the purposes intended during collection.
Disclosure to third parties will only be made on the basis of legal obligations, or in the context of service contracts with subcontractors, which we have concluded with third parties to fulfil our business purposes.
A deletion or blocking of personal data occurs as soon as the data is no longer required for the intended purpose.

Security
We take all necessary technical and organizational security measures to protect your personal data from loss and/or misuse.

All employees of the Lower Oder Valley National Park as well as subcontractors commissioned by us are obliged to maintain the confidentiality obligation in accordance with § 5 of the Federal Data Protection Act.

Name and Address of the Controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Lower Oder Valley National Park
National Park Director Mr Dirk Treichel
Park 2
16303 Schwedt/Oder OT Criewen
Germany
Tel: 03332 21890
E-Mail: nationalpark-unteres-odertal@nlpvuo.brandenburg.de
Website: nationalpark-unteres-odertal.eu

Right of Access
Upon written request, you will receive free information about your personal data stored with us, their origin, purpose and possible recipients.

Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored for the purpose of processing the request and in case of follow-up questions. We will not share this information without your consent.

Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type/ browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
These data cannot be assigned to specific persons. A merge of this data with other data sources will not be done. We reserve the right to check this data retrospectively, if we become aware of concrete evidence for unlawful use.

Contact
If you have any questions regarding the processing of your personal data, you can contact our Data Protection Officer, who is available to assist you in the case of requests for information, suggestions or complaints.
Dirk Treichel
Lower Oder Valley National Park – National Park Director
Data Protection Officer
Park 2
16303 Schwedt/Oder OT Criewen
nationalpark-unteres-odertal@nlpvuo.brandenburg.de

Data Processing on This Website
Every access of a user to our website is stored in a log file of the provider with the following contents:
Name of the retrieved web resource (Referrer URL)
Date and time of retrieval
Type and version of the web browser used
Host name and operating system of the accessing computer
These data are used exclusively for the purpose of technical administration.
The use of our website is usually possible without providing personal information. If personal data are collected on our site (for example name, address or e-mail addresses), the input of such data always takes place on a voluntary basis wherever possible. These data will not be disclosed to third parties without your explicit consent.
We would like to point out that Internet-based data transfer (for example, communication by e-mail) could pose security risks. It is not possible to protect such data completely against access by third parties.
Third parties using contact data published in the context of the imprint obligation for sending unsolicited advertising and information materials is hereby expressly objected to. The operators of the pages explicitly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Rights of the Data Subject
a) Right to Confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to utilise this right of confirmation, he or she may, at any time, contact our data protection officer or any other employee of the controller.
b) Right to Access
Each data subject shall have the right granted by the European legislator to obtain at any time from the controller free information about his or her personal data stored as well as a copy of this information. Furthermore, the European legislator grants the data subject access to the following information:
the purposes of the processing
the categories of personal data concerned
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
if possible, the duration planned for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request rectification or erasure of his or her personal data, or restriction of processing by the controller, or the right to object to such processing
the existence of the right to lodge a complaint with a supervisory authority
where the personal data are not collected from the data subject: any available information as to their source
the existence of automated decision-making, including profiling, according to Article 22 paragraphs 1 and 4 of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and intended effects of such processing for the data subject
Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to utilise this right of access, he or she may, at any time, contact our data protection officer or any other employee of the controller.

c) Right to Rectification
Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to utilise this right to rectification, he or she may, at any time, contact our data protection officer or any other employee of the controller.

d) Right to Erasure (Right to Be Forgotten)
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following reasons applies and as long as the processing is not necessary:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject withdraws consent to which the processing is based according to point (a) of Article 6 paragraph 1 of the GDPR, or point (a) of Article 9 paragraph 2 of the GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21 paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 paragraph 2 of the GDPR.
The personal data have been unlawfully processed.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the services provided by the information society referred to in Article 8 paragraph 1 of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Lower Oder Valley National Park, he or she may, at any time, contact our data protection officer or any other employee of the controller. The data protection officer of the Lower Oder Valley National Park or another employee shall ensure that the erasure request is complied with immediately.
Where the Lower Oder Valley National Park has made personal data public and is obliged pursuant to Article 17 paragraph 1 of the GDPR to erase the personal data, the Lower Oder Valley National Park, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, these personal data, as far as processing is not required. The data protection officer of the Lower Oder Valley National Park or any other employee will arrange the necessary measures in individual cases.

e) Right to Restriction of Processing
Each data subject shall have the right granted by the European legislator to request a restriction of processing by the controller where one of the following applies:

The accuracy of the personal data is contested by the data subject for a period of time enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject opposes the erasure of the personal data and instead requests the restriction of their use.
The controller no longer needs the personal data for processing purposes but they are required by the data subject for the assertion, exercise or defence of legal claims.
The data subject has contested the processing according to Article 21 paragraph 1 of the GDPR pending the verification whether the legitimate grounds of the controller outweigh those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the Lower Oder Valley National Park, he or she may at any time contact our data protection officer or any other employee of the controller. The data protection officer of the Lower Oder Valley National Park or another employee will arrange the restriction of the processing.

f) Right to Data Portability
Each data subject shall have the right granted by the European legislator to receive the personal data concerning him or her, which was provided to a controller by the data subject, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent according to point (a) of Article 6 paragraph 1 of the GDPR or point (a) of Article 9 paragraph 2 of the GDPR, or on a contract pursuant to point (b) of Article 6 paragraph 1 of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right of data portability according to Article 20 paragraph 1 of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact the data protection officer of the Lower Oder Valley National Park or any other employee.
g) Right to Contest
Each data subject shall have the right granted by the European legislator to contest, on grounds relating to his or her particular situation, at any time, the processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6 paragraph 1 of the GDPR. This also applies to profiling based on these provisions.

The Lower Oder Valley National Park shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.

If the Lower Oder Valley National Park processes personal data for direct marketing purposes, the data subject shall have the right to contest the processing of personal data for such marketing at any time. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject contacts the Lower Oder Valley National Park to contest the processing for direct marketing purposes, the Lower Oder Valley National Park will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to contest the processing of personal data concerning him or her by the Lower Oder Valley National Park for scientific or historical research purposes, or for statistical purposes according to Article 89 paragraph 1 of the GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to contest, the data subject may directly contact the data protection officer of the Lower Oder Valley National Park or any other employee. Furthermore, the data subject is free, in the context of the use of information society services and notwithstanding Directive 2002/58/EC, to exercise his or her right to contest by automated means using technical specifications.

h) Automated Decisions in Individual Cases, Including Profiling
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not permitted by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, the Lower Oder Valley National Park shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and challenge the decision.
If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact our data protection officer or another employee of the controller.

i) Right to Withdraw Data Protection Consent
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact our data protection officer or another employee of the controller.

Provision of Personal Data as Statutory or Contractual Requirement; Requirement Necessary to Enter into a Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Failure to Provide Such Data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). In order to conclude a contract, sometimes it may be necessary that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. Failure to provide the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, he or she must contact our data protection officer. The data protection officer clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and about the consequences of failing to provide the personal data.

Privacy Policy for the Use of Google Analytics
This website uses functions of the web analytics service, Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
In case IP anonymisation is activated on this website, your IP address will be abbreviated by Google beforehand within member states of the European Union or other contracting states to the treaty regarding the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and abbreviated there. On behalf of the website’s operator, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services related to website and Internet usage to the website operator. The IP address transmitted from your browser by Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by activating the relevant setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. Furthermore, you may prevent Google’s collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

6. Data protection provisions about the application and use of Facebook
On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

Data protection provisions about the application and use of Instagram
On this website, the controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks.

The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data.

Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made.

Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388/ and https://www.instagram.com/about/legal/privacy/.

Data protection provisions about the application and use of Pinterest
On this website, the controller has integrated components of Pinterest Inc. Pinterest is a so-called social network. A social network is an Internet social meeting place, an online community that allows users to communicate and interact with each other in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or allow the Internet community to provide personal or company-related information. Pinterest enables the users of the social network to publish, inter alia, picture collections and individual pictures as well as descriptions on virtual pinboards (so-called pins), which can then be shared by other user’s (so-called re-pins) or commented on.

The operating company of Pinterest is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Pinterest component (Pinterest plug-in) was integrated, the Internet browser on the information technology system of the data subject automatically prompted to download through the respective Pinterest component a display of the corresponding Pinterest component. Further information on Pinterest is available under https://pinterest.com/. During the course of this technical procedure, Pinterest gains knowledge of what specific sub-page of our website is visited by the data subject.

If the data subject is logged in at the same time on Pinterest, Pinterest detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Pinterest component and associated with the respective Pinterest account of the data subject. If the data subject clicks on one of the Pinterest buttons, integrated on our website, then Pinterest assigns this information to the personal Pinterest user account of the data subject and stores the personal data.

Pinterest receives information via the Pinterest component that the data subject has visited our website, provided that the data subject is logged in at Pinterest at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Pinterest component or not. If such a transmission of information to Pinterest is not desirable for the data subject, then he or she may prevent this by logging off from their Pinterest account before a call-up to our website is made.

The data protection guideline published by Pinterest, which is available under https://about.pinterest.com/privacy-policy, provides information on the collection, processing and use of personal data by Pinterest.

Data protection provisions about the application and use of Twitter
On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.

Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.

Privacy Policy for Google Maps
This website uses the Google Maps product from Google Inc. By using this site, you consent to the collection, processing and use of the data automatically collected by Google Inc., its representatives and third parties. You can find Google Maps’ terms of service under “Terms of Use of Google Maps”.

Use of Web Fonts
On these websites, external fonts from Google Fonts are used. Google Fonts is a service of Google Inc. (“Google”). The integration of these web fonts is done by a server call, usually a Google server in the USA. Hereby, the information on which of our websites you have visited will be transmitted to the server. Also, Google stores the IP address of the visitor’s computer browser viewing these websites. For more information, see the Google Privacy Policy, which can be found here: www.google.com/fonts#AboutPlace:about www.google.com/policies/privacy/
Cookie Pegelonline.wsv.de

Each time you access the PEGELONLINE server, the following data is stored for statistical and security purposes for a maximum of 59 days:
Name of the retrieved file (Referrer URL)
Date and time of the retrieval
Transferred amount of data
Message if the retrieval was successful
Browser type and version
Operating system used
Pseudonymised IP address of the accessing host system
These data are used exclusively to improve the Internet service and are not evaluated in a way that is traceable back to individuals. This data will not be merged with other data sources. An exception is the input of personal or business data (e-mail address, name) for the registration to a subscription of hydrological data. This information provided by the user is expressly voluntary.
The pseudonymised IP address will only be evaluated in the case of serious violations of our Terms of Use and in the event of unauthorized access or attempts to access our servers. Thus, the right is reserved to initiate the derivation of personal data with the help of individual data records.
After 60 days, the pseudonymised access data are anonymised and the log files deleted. Tracing back to a specific person is then no longer possible.