Privacy Policy of Barmherzige Brüder gemeinnützige Träger GmbH

Welcome to our website! We appreciate your interest in our facilities. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the ecclesiastical data protection regulation (Kirchliche Datenschutzregelung der Ordensgemeinschaft päpstlichen Rechts, KDR-OG), and the General Data Protection Regulation (GDPR). With the help of this privacy policy, we inform you comprehensively about the processing of your personal data by the Barmherzige Brüder gemeinnützige Träger GmbH and the rights to which you are entitled.

For the Hospitaller Order of St. John in Bavaria, an entity of public law, and its facilities, the ecclesiastical data protection regulation (KDR-OG) applies in the currently valid version.

Should the Sections or Articles contain contradictory representations, the provisions shall apply in the following order: KDR-OG, GDPR, state law, German Unfair Competition Law (UWG) and the Telemedia Act (TMG). The standard of the GDPR must not be undercut.

Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address.

Anonymous data exists if no personal reference to the user can be made.


Responsible body and data protection officer

Barmherzige Brüder gemeinnützige Träger GmbH


Prüfeninger Straße 21
93049 Regensburg

Contact information

phone: +49 941 369-1103


Contact data protection


Competent supervisory authority for data protection issues

Data Protection Officer for the Hospitaller Order of St. John in Bavaria and its facilities


Prüfeninger Straße 86
93049 Regensburg



Your rights as a data subject

First of all, at this point we would like to inform you about your rights as a data subject:

  • The right to information
  • The right to erasure
  • The right to rectification
  • The right to data portability
  • The right to restriction of data processing
  • The right to object to data processing

To exercise these rights, please contact: The same applies if you have questions about data processing in our facilities or if you wish to revoke a consent you have given. You also have the right to lodge a complaint with the above-mentioned data protection supervisory authority.


Rights of objection

Please note the following in connection with rights of objection:

If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, preferably to:

In the event that we process your data for the protection of legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.


Purposes and legal basis of data processing

When processing your personal data, we comply with the provisions of the KDR-OG, the GDPR and all other applicable data protection regulations. Legal bases for data processing can particularly be derived from Sec. 6 KDR-OG and Art. 6 GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services, and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent also constitutes a permission requirement under data protection law. Here we will inform you about the purposes of the data processing and about your right of revocation. If the consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the request for your consent.

Processing of special categories of personal data within the meaning of Section 11 KDR-OG or Article 9(1) GDPR will only be carried out if this is required by legal provisions and if there is no reason to assume that your legitimate interest in the exclusion of the processing outweighs such processing.


Disclosure to third parties

We will only pass on your data to third parties within the framework of the legal provisions or with the corresponding consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).


Recipients of the data / categories of recipients

Within our institution, we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations.

In certain cases, service providers support our specialist departments in the fulfilment of their tasks. For example, data may be transferred to the developer (de-Agentur) as part of the maintenance of our website. The necessary contract under data protection law has been concluded with all service providers.


Third country transfer / intention to transfer data to third countries

No data is transferred to third countries (outside the European Union or the European Economic Area).


Storage period of data

We store your data as long as this is needed for the respective processing purpose. Please note that various retention periods require that data continues to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Fiscal Code, etc.). If there are no further storage obligations, the data is routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.

In the present case, your data will be deleted two months after the end of the congress.


Secure transmission of your data

In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

The exchange of data to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current SSL encryption protocols.


Obligation to provide data

Various personal data is necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarised the relevant details for you hereinabove. In certain cases, data must also be collected or made available due to legal requirements. Please note that it is not possible to process your enquiry or carry out the underlying obigatory relationship without providing this data.


Categories, sources, and origin of data

Which data we process is determined by the respective context.


When you visit our website, we collect and process the following data:

  • The IP address assigned by your internet service provider.
  • Information about the web pages you call up from us, including date and time


Automated individual case decisions

We do not use purely automated processing for decision-making.


Cookies (Sec. 6 (1) lit. b, g KDR-OG, Art. 6 (1) lit. f GDPR)

Our website does not use any cookies. Cookies are small text files that are stored on your terminal device.

These cookies can be used, for example, to analyse how users use websites. In this way, the website content can be designed in accordance with the visitor's needs. Cookies also make it possible to measure the effectiveness of a particular advertisement and to have it placed according to the thematic interests of users, for example.

We do not use cookies.


Congress registration (Sec. 6 (1) lit. b KDR-OG, Art. 6 (1) lit. a GDPR)

On our website, we give users the opportunity to register for our congress on the occasion of the 400th anniversary of the Hospitaller Order of St. John in Bavaria by providing personal data.

Here, the principle of data economy and data avoidance is observed, as only the data necessary for registration is marked as mandatory with an asterisk (*). This includes:

  • Name, first name
  • Province, country
  • E-mail address
  • Language skills

In order to provide you with the best possible service at the congress venue, we kindly ask you to also fill in the voluntary information where possible and allow us to process your data. These are the following voluntary details:

  • Salutation
  • Title
  • Contact details (telephone/mobile)
  • Information on whether you require accommodation
  • Information on which social programme you would like to take part in
  • Details of the lecture programme you would like to attend
  • Information on arrival (for planning the shuttle service)
  • Departure details (for planning the shuttle service)
  • Food preference (meat/ vegetarian/ vegan)

By registering on our website, the user's IP address, the date and the time of registration are also stored on the server (technical background data). By pressing the "Send" button, you give your consent to the processing of your data.


Guestbook (Sec. 6 (1) lit. b KDR-OG, Art. 6 (1) lit. a GDPR)

We also give our users the opportunity to make an entry in our guestbook.

In doing so, the principle of data economy and data avoidance is observed. Only your name and e-mail address are required for the entry.

The data entered in the guestbook form is processed exclusively on the basis of your consent (Sec. 6 (1) lit. b KDR-OG, Art. 6 (1) lit. a GDPR).

The data you enter in the guestbook will remain with us until you request us to delete it, until you revoke your consent to store it, or until the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.


Links to other providers

Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their content. Therefore, we cannot assume any guarantee or liability for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of an infringement. Such links will be removed immediately if infringements become known.