Instagram Account of the State Palaces and Gardens of Baden-WürttembergData Protection Information

As controllers of this Facebook page, we share responsibility in the sense of Article 4(7) of the General Data Protection Regulation (GDPR) with the controllers of the social network site Facebook (Meta Platforms Ireland Ltd.). Therefore, shared control as per Article 26 of the GDPR exists.


When visiting our Facebook page, personal information is processed by the controllers.


Below, we will inform you of which data is collected, in what way it is processed, and what rights you have regarding these.


As the controllers for this page, we have concluded an agreement with Meta Platforms Ireland that regulates the terms of use for the Facebook page. The Facebook terms of service are applicable as well as the other terms and guidelines included at the end of those terms of service.

A. Our contact information and general information on data processing

Name and contact information of the controller

The following entity is responsible for the collection and use of personal information in the sense of the data protection law.


Staatliche Schlösser und Gärten
Baden-Württemberg – Headquarters
Represented by Managing Director Manuel Liehr
Schlossraum 22 a
76646 Bruchsal
Phone +49(0)72 51.74 -27 27
Fax +49(0)72 51.74 -27 11
E-mail info(at)

(hereinafter referred to as “SSG” or “we”)


jointly with


Facebook Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2


Executive Board: Gareth Lambe, Shane Crehan

Registered in Ireland (Companies Registration Office)
Commercial Register Number 462932


(hereinafter referred to as “Facebook”)

Contact information for the controller’s data security officer

Our data security officer can be reached at the following address:

Official Data Security Officer
Vermögen und Bau Baden-Württemberg
General Management
Rotebühlplatz 30
70173 Stuttgart
Phone +49(0)711 / 6673-3521


Facebook's data security officer can be contacted via this link:

Kontaktaufnahme mit dem Datenschutzbeauftragten für Meta Platforms Ireland Ltd.


B. Scope of the processing of personal data on the Facebook page

Shared responsibility for data processing

As controllers of the Facebook page, we, along with Facebook, share responsibility for the data processing that takes place on the page with regard to personal information belonging to followers, fans, visitors, users.


Information on our own data processing can be found in our data privacy statement at


The additional information about how Facebook handles personal data is available in their privacy policy.


The agreement between us and Facebook regarding the shared responsibility for data processing as per Article 26 of the GDPR can be accessed here:


A separate data protection policy by Facebook regarding this Facebook page and the function of Insights (see further explanation of Insights in the following section of this policy) can be found here:


Use of Insights and cookies

As part of our control of the Facebook page, we use Facebook's Insights function to access anonymized statistical data belonging to users of our Facebook page. To this end, Facebook stores a cookie on the end device of any user who visits our page. The cookie contains a unique user code and is active for two years, insofar as it is not deleted earlier. The user code can be linked to the data of those users who are Facebook members.


The information stored in the cookies are received by Facebook, then recorded and processed by them, especially when the user uses Facebook services, the services of other members of the company's Facebook group, and services provided by other companies using Facebook services. Furthermore, others, such as Facebook partners or even third parties can use cookies on Facebook services in order to offer services to companies advertising with Facebook. More information on the use of cookies by Facebook can be found in their Cookie policy


We do not have any control over how and to what extent Facebook processes such data.

Reasons for processing

The processing of information is intended to enable Facebook to improve their system of advertising across its network. It is also intended to provide us as the Facebook page controller with statistics compiled by Facebook based on visits to our Facebook page. The purpose of this is to direct the marketing of our activity. For example, this allows us to acquire information about the profiles of users visiting, liking or using our page, so that we can provide them with relevant information and develop relevant functions that would be of greater interest to them. 

In order to improve our understanding of how we can better achieve our goals with our Facebook page, demographic and geographic assessments are also performed on the collected data and provided to us. We can use this information to toggle targeted interest-based advertisements without receiving direct information about the identity of the visitor. Insofar as visitors use Facebook on multiple end devices, the collection and assessment may also take place across all devices if they belong to a registered visitor logged into their own profile.


The visitor statistics compiled are transferred exclusively in an anonymized format. We have no access to the underlying data. Only Facebook has access to this data.

Legal right and legitimate interest

We control this Facebook page in order to present ourselves to and communicate with Facebook users as well as other interested parties who visit our Facebook page. Users' personal information is processed on the basis of our legitimate interests in an optimized and customer-oriented presentation of our activity as well as in our commercial interests in increasing our reach as per Article 6(1)(f) of the GDPR.

Data transfer

It is conceivable that personal data may be processed outside the European Union by Meta Platforms Inc., headquartered in the U.S. Our contract partner, however, is Meta Platforms Ireland Ltd., headquartered in Ireland, and thus within the European Union.

In addition, the U.S. parent company Meta Platforms, Inc. 1 Meta Way, Menlo Park, California 94025-1453, USA is certified under the EU-U.S. Data Privacy Framework (DPF), so that the transfer of data there is permitted under the European Commission's adequacy decision for the U.S.


We do not transfer any personal data ourselves.

Options to object

Facebook users can change how their user behavior is tracked on our Facebook page under their Ad preference settings. Other options are available under Facebook settings or the Managing your data contact form.

The processing of data via Facebook's cookies can also be prevented by changing your browser settings so that cookies for third-parties or for Facebook are not permitted.

C. Data subject rights

If your personal data is processed, then you are a “data subject” and are entitled to the following rights.


Because of the agreement with Facebook, including with regard to shared control, any information requests and assertions of additional data subject rights should be asserted directly with Facebook for logical reasons. As the provider of the social network and the function of integrating Facebook pages there, Facebook has sole control over the direct access to the necessary information and can further undertake any required measures and provide information.


Should you still require our support in this matter, you can always contact us using the contact information provided at the top.


Concerning your questions and your rights as a user:
If you contact us, we will answer your inquiry ourselves to the extent that we are able to do so based on our own data processing and will otherwise forward your inquiry directly to Facebook with a request for full information, since we have no insight into Facebook's data processing.

Right to request access

You have the right to obtain free confirmation from us as to whether we are processing your personal data. If this is the case, you have the right to request access to this personal data and also have the right to obtain further information as specified in Article 15 of the GDPR.

Right to rectification

You have the right to request that we immediately rectify your personal data in the event that this data is incorrect. You also have the right—taking into account the purposes of processing specified above—to request the completion of incomplete personal data—also by means of a supplemental statement.

Right to erasure

You have the right to request the immediate deletion of your personal data if one of the conditions specified in Article 17 of the GDPR applies.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data if one of the conditions specified in Article 18 of the GDPR applies.

Right to information

If you exercise your right of rectification, to erasure or to restriction of processing vis-à-vis the controller, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.


You also have the right to be informed about those recipients by the controller upon request.

Right to data portability

You have the right to receive the personal data that you have provided us with in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance by us if the conditions specified in Article 20 of the GDPR apply.

Right to object to processing for legitimate interests

If, in exceptional cases, we process personal data on the basis of Article 6(1)(f) of the GDPR (meaning for the purposes of legitimate interests), you have the right to object to the processing of your personal data by us at any time for reasons relating to your unique situation. If no compelling legitimate grounds for the further processing of your data can be demonstrated which would override your interests, rights and freedoms, or if the data in question concerning you is being processed for the purposes of direct marketing, we will no longer process your personal data (refer to Article 21 of the GDPR).

Technical mechanisms that you use such as, for example, “Do Not Track” mechanisms installed in your web browser that send us clear information regarding your preferences, are also considered an objection in this context.

Right to withdraw consent

You have the right to withdraw your consent to the collection and use of your personal data with effect for the future at any time. This does not alter the legality of the processing carried out on the basis of the consent until revocation.

Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performance of, a contract between us and you, is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.


We do not make these kinds of automated decisions.

Voluntary provision of personal data

As a rule, if the provision of personal data is a statutory or contractual requirement, we will inform you of such at the time when we obtain the personal data. Some of the data that we obtain is necessary for entering into a contract; specifically in the event that we are otherwise unable to meet or to sufficiently meet our contractual obligations to you. You are not obligated to provide us with your personal data. However, failure to provide data may result in us being unable to provide you with or offer you a desired service, action, measure, or the like, or make it impossible for us to enter into a contract with you.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other rights, you have the right to lodge a complaint with a supervisory authority for data protection at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you violates the GDPR.

Responsible for us:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstraße 10A, 70173 Stuttgart, Webseite: .  

This data protection information was last updated on: 10/05/2023