Contact details of our data protection officer
You can reach our official data protection officer at:
Behördlicher Datenschutzbeauftragter der Bayerischen Schlösserverwaltung
Schloss Nymphenburg, Eingang 16, 80638 München
Postal address: Postfach 20 20 63, 80020 München
Telephone: +49 89 17908-130
Telefax: +49 89 17908-154
When you access these or other Internet pages, you transmit data to our Web server via your Internet browser. The data recorded during an ongoing connection for communication between your internet browser and our web server can be found under "Logging". For an order / purchase transaction in our online shop, the following personal data is also collected according to the DSGVO:
First name and surname
Bank and/or credit card details
Payment processing in the online shop of the Bavarian Palace Department
Your bank and payment data (credit card data), which you enter when placing an order in the online shop, are neither collected nor processed or stored on the EDP systems of the Bavarian Palace Department. Payments are processed exclusively on computer systems and under the technical and legal responsibility of our respective payment service providers. The following payment service providers are currently used by us for processing payments by credit card and SEPA direct debit:
For payment with "MasterCard, Visa, American Express and SEPA Direct Debit" we use the service provider:
Payment institution (ZAG)
In the case of payment with "purchase on account" or "advance invoice", internal data processing is carried out by the Bavarian Palace Department. For the purpose of payment processing, your details will be transmitted to the Bavarian State Super Cash Office. Should the payment deadline not be met and a judicial assertion of the claim become necessary, the Staatoberkasse Bayern will forward your details to the State Office of Finance responsible for the judicial assertion.
Within the scope of the statutory powers, your personal data will be disclosed to the following companies within the EU:
Postal service providers, forwarding agents, shipping service providers, disposal of files/data carriers
IT service provider within the scope of maintenance and software maintenance
Service providers Credit assessment and debt collection
Novalnet AG, Feringastraße 4, 85774 Unterföhring, Germany
State Office of Finance responsible for the judicial assertion
appointed lawyer, in case of judicial assertion
Legal basis of the data processing
The legal basis for the processing of your personal data – where not otherwise stated – is article 6 paragraph 1 letter e of the General Data Protection Regulation (Datenschutz-Grundverordnung ‘DSVGO’ (in conjunction with article 4 paragraph 1 of the Bavarian Data Protection Law (Bayerisches Datenschutzgesetz ‘BayDSG’). The data can only be processed with your consent in accordance with article 6 paragraph 1 letter a DSGVO.
Recipients of personal data
Insofar as your data is processed electronically, our data processing systems are operated by the IT service centre of the State Office for Digitalization, Broadband and Measurements. Your data may be passed on to the relevant supervisory and audit authorities that have right of control.
Length of time the personal data is stored
Your data will be stored by the Bavarian Palace Administration in compliance with legal retention periods for as long as is necessary for the purpose in hand.
Your data protection rights
Your rights as a data subject are as follows:
You have the right to receive information concerning the data stored about you (article 15 DSGVO).
If data are inaccurate, you have the right to obtain rectification (article 16 DSGVO).
If there are no legitimate grounds for retaining your personal data, you can request its erasure or restriction of the processing and can also object to the processing (articles 17, 18 and 21 DSGVO).
If the processing is based on consent or a contract and if the processing is carried out by automated means, you also have the right to have your data transmitted to you (right to data portability, article 20 DSGVO).
Should you make use of the above rights, we will ascertain whether this meets the legal requirements.
Independently of the above, you have right of complaint to the relevant supervisory authority.
The relevant supervisory authority for Bavarian public bodies is the Bavarian State Data Protection Officer (Landesbeauftragte für den Datenschutz), who can be contacted as follows:
PO Box: Postfach 22 12 19, 80502 München
Address: Wagmüllerstraße 18, 80538 München
Telephone: +49 89 212672-0
Telefax: +49 89 212672-50
The relevant supervisory authority for the processing of personal data in connection with the tax code is the Federal Official for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit ‘BfDI’), who can be contacted as follows:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Address: Husarenstraße 30, 53117 Bonn
Telephone: +49 0228 997799-0
Telefax: +49 228 997799-5550
Right to withdraw consent
If you have consented to the processing of your personal data, you can withdraw this consent at any time with effect for the future. Until your consent is withdrawn, the processing remains legitimate.
Our web server is operated by the IT service centre of the State Office for Digitalization, Broadband and Measurements. The personal data passed on when you visit our website is thus processed on our behalf by this office:
Landesamt für Digitalisierung, Breitband und Vermessung
IT-Dienstleistungszentrum des Freistaats Bayern
St.-Martin-Straße 47, 81541 München
When you call up this or other Internet sites, you pass on data to the web server via your Internet browser. The following data are recorded during an active connection for communication between your Internet browser and the web server of the Bavarian Palace Administration:
Date and time of access
Name of the file requested
Page from which the file was requested
Access status (file transferred, file not found, etc)
Web browser and operating system used
Complete IP address of the computer requesting the file
Quantity of data requested
For reasons of technical security, in particular for countering attempted hacking on the web server, these data are stored by us. After seven days at the latest, the data are anonymized at domain level by abbreviation of the IP address, so that it is no longer possible to link them with individual users. These data are forwarded for information security purposes in accordance with article 12 of the Bavarian E-Government Law (Bayerisches E-Government Gesetz) to the State Office for Information Security.
Collection of further data
Personal or business data (e.g. name, addresses, e-mail addresses) can be entered on the Bavarian Palace Administration’s site. Any personal information that we receive is used only for sending requested publications or information and is not passed on to third parties. The use of the services is entirely voluntary.
The e-mail addresses for the mailing of the newsletter are stored and used only for this purpose. The newsletter can be cancelled at any time and your e-mail address will then be immediately deleted.
Electronic post (e-mail)
Information that you send unencrypted by electronic post (e-mail) to the Bavarian Palace Administration may be read en route by third parties. The Bavarian Palace Administration cannot usually check your identity and does not know whose e-mail address it is. Legally secure communication by simple e-mail is thus not guaranteed. Like many e-mail servers, the Bavarian Palace Administration uses filters to block unwanted advertising (‘spam filters’) which in isolated cases also wrongly identify normal e-mails as unwanted advertising and delete them. We always automatically delete e-mails with malicious programmes (‘viruses’).
If you want to send us an e-mail with confidential content, we recommend that you encrypt it and sign it to prevent it from being seen by unauthorized persons and falsified en route, or that you use the conventional postal services.
Encrypted e-mails can be sent to us via S/MIME. Send these to the following e-mail address: email@example.com. The certificates of the Bavarian Administration can be found in the central LDAP directory of the Bavarian authority network at ‘directory.bayern.de’. Further information about the Bavarian Administration PKI can be found on the following website: www.pki.bayern.de
Please also inform us whether and by what means the Bavarian Palace Administration can reply to you with an encrypted e-mail and whether – should this not be possible – you would accept an unencrypted e-mail. If you are unable to receive encrypted e-mails, please give us your postal address for a reply to your confidential communication.
Contact and further information
If you have any questions about data security in connection with this Internet site, please contact the official data protection officer.